For
my Ethical Hackers. Twice the potential for attacks, but one
solution works for both?
http://www.securityweek.com/chinese-attack-groups-operate-parallel-cyber-espionage-campaigns-fireeye
Chinese
Attack Groups Operate in Parallel in Cyber Espionage Campaigns:
FireEye
Researchers
at FireEye have
discovered two attack campaigns being orchestrated by different
groups in separate regions of China that appear to be operating in
parallel.
The attack campaigns are
focused on different targets. According to a team of FireEye
researchers, the first group - which has been named Moafee - appears
to operate from the Guangdong Province and is targeting military and
government organizations in countries with interests in the South
China Sea. This includes targets within the defense industry in the
United States.
The second group, known as
DragonOK, is focused on high-tech and manufacturing companies in
Japan and Taiwan with the likely goal of economic espionage,
according to the researchers.
Retailers: you should
be paranoid; they are out to get you.
Report Puts PoS Malware Under
the Microscope
If
you think there has been a rise in point-of-sale malware lately, you
are not imagining things.
In
a new paper
released today, Trend Micro examines the continued growth of
point-of-sale (PoS) malware.
…
Businesses
in the United States have been the biggest targets of PoS
malware. According to Trend Micro, roughly 74 percent of PoS malware
detections between April and June have been in the U.S.
…
The
report recommends PoS system operators follow
best practices
for security, including the use of multitier firewalls to protect
networks and restricting access to the Internet on PoS systems.
(Related)
Where does “Best Practice” stop and “Excessive” begin?
Alden
Abbott writes:
Abstract
Over the past decade, the Federal Trade Commission, the federal
government’s primary consumer protection agency, has pursued over
50 enforcement actions against companies that it deemed had
“inadequate” data security practices. However, data security
costs due to FTC actions will be passed on at least in part to
consumers [Cost
per consumer should be negligible. Bob]
and should be weighed against the benefits in reduced data breaches.
The FTC should carefully consider whether its current policies in
this area are cost-beneficial and whether specific reforms would
advance the public interest in enhancing data protection in a less
burdensome, more welfare-enhancing fashion. The focus should be on
punishing data thieves, not on imposing excessive regulatory burdens
on legitimate businesses—burdens that could weaken the private
sector and impose unwarranted
[???
Bob] costs on consumers.
Read
more on Heritage
Foundation.
A
Privacy lesson for my Computer Security class.
Metadata
– The Information About Your Information
… What if someone could
tell that you were going to have credit problems before you knew?
Could they deny your loan or quote you higher interest rates? What
if someone knew that you were having medical problems even before you
knew? Could they use that to deny you insurance? What if you’ve
been talking with someone who DOES have something to hide? Could you
get lumped in with them if they get arrested?
…
You know the answers to those questions. It’s yes.
Now you’re wondering, “How could anyone possible know that
about me without searching through my mail, e-mail, or phone calls?
They need a warrant for that!”
You
are correct, they do need a warrant. But
they don’t need a warrant to get information, or metadata, about
your mail, e-mail, or phone calls. You WILL be surprised
what someone can tell you about you just from something as seemingly
insignificant as who sent you an e-mail, to whom you sent an e-mail,
when the e-mails were sent and how many e-mails there are between you
and your contact. All that information is available without a
warrant.
…
If you don’t believe that someone can tell intimate details about
you from simple metadata, test it out for yourself. MIT has
developed a program called Immersion
that, only with your permission, gathers metadata about your e-mail
account. The metadata is pretty limited too; there’s more that
could be collected.
I don't think these are
related, other than by an “everyone is doing it” meme. What can
Mom & Dad do to prevent it?
Jim
Holt reports:
Two Saugus High School students were arrested for posting
“inappropriate photos” on social media, a spokeswoman for the
William S. Hart Union School District said Thursday.
The ages and identities of the suspects arrested Wednesday were not
disclosed, said district spokeswoman Gail Pinsker, citing student
privacy laws.
[...]
Sheriff’s Special Victims Bureau detectives have investigated
reports about Santa Clarita Valley teens posting nude photographs of
each other on social media since July.
In mid-July, Hudson said some Santa Clarita Valley teens were
identified in nude photographs posted on a Twitter account. The
investigation centered around a Twitter account called SCV Purge.
Read
more on SIGNALscv.com
[From
the article:
“Anytime
we have pictures of children that are nude, it’s child porn,”
Hudson said. [Really? Bob]
(Related)
Evan
Lambert reports:
Two teens were cited for sexting after police said they shared a nude
photo of a girl while in class at West Port High School in Marion
County.
The boys, 14 and 15, were cited under Florida’s sexting statute,
which makes a first-time offense a civil infraction and not a crime
for minors.
Read
more on ClickOrlando.
The
girl whose picture was involved reportedly told police that it had
been edited via Photoshop. So what are the police doing about the
fact that a minor’s nude photo was on Instagram, edited? Is this
harassment or “revenge porn?” Is this child porn?
And
is 8 hours of community service really a deterrent compared to
teenage curiosity and hormones?
I’m
glad that children’s lives won’t be ruined by criminal charges on
their records for somewhat normal teen curiosity/behavior, but is
this approach likely to be effective? I tend to doubt it.
[From
the article:
The boys, 14 and 15, were
cited under Florida's sexting statute, which makes a first-time
offense a civil infraction and not a crime for minors.
… The first teen was cited
for possessing and distributing the nude photo, while the second was
cited for distributing it. Police said since the photo was sent to
his mother's phone he wasn't charged with possession.
I can't wait for the
government to take over health care records and make it absolutely
impossible for this to happen. (Yes, that was sarcasm.) I should
have my Computer Security students read this.
If
you read only one thing today, read this.
Shannon
Pettypiece and Jordan Robertson report:
Dan Abate doesn’t have diabetes nor is he aware of any obvious link
to the disease. Try telling that to data miners.
The 42-year-old information technology worker’s name recently
showed up in a database of millions of people with “diabetes
interest” sold by Acxiom
Corp. (ACXM), one of the world’s biggest data brokers. One
buyer, data reseller Exact Data, posted
Abate’s name and address online, along with 100 others,
under the header Sample Diabetes Mailing List. It’s just one of
hundreds of medical databases up for sale to marketers.
Read
more on Bloomberg.
Should
be interesting. My first reaction was that the answer would be along
the lines of: “Hey, I not in buying mode.” That may be a bit
simplistic. I hope they release the results.
Facebook
wants your feedback about ads it delivers. So that it can deliver
more ads
Facebook
wants users to weigh in on the ads shown on their news feeds, which
is why the social network has rolled out a new tool that lets users
provide specific feedback on why they hide ads.
The
tool builds upon an earlier feature that allows Facebook users to
hide specific ads on their news feeds. But with more than 1.5
million advertisers on Facebook's advertising network, it is
important for the social network to come up with more ways to let
them deliver more relevant ads to users. Thus, it came up with a new
feedback-generating tool that prompts users to choose from a list of
reasons why they opted a certain ad.
(Related)
Interesting question? Could be viewed as a “psych profile.”
Would that make it a medical record?
Éloïse
Gratton writes:
The Economist
published a great piece on behavioral advertising today: “Getting
to know you: Everything people do online is avidly followed by
advertisers and third-party trackers”. The article discusses
the fact that gathering information about users and grouping them
into sellable “segments” has become important for the $120
billion online advertising economy.
The article raises an interesting point: industry players often take
the position that since
they do not know the users’ names, what they are collecting is not
in fact “personal information”. They identify users
by numbers, and build up detailed profiles about them. In Canada,
the Office of the
Privacy Commissioner has closed the door on the issue in its 2012
Policy
Position on Online Behavioural Advertising and usually considers
profiles created for behavioral marketing as “personal
information”:
Read
more on Éloïse
Gratton.
1500
pages doesn't sound like much in a world of billions of searches per
day...
Yahoo
Faced Big U.S. Fines Over User Data
A
secret legal battle between the U.S. government and Yahoo Inc. over
requests for customer data became so acrimonious in 2008 that the
government wanted to charge the Internet company $250,000 a day if it
didn't comply.
Yahoo
made the threat public Thursday after a special federal court
unsealed 1,500 pages of legal
documents from a once-classified court battle over the scope of
National Security Agency surveillance programs. The documents shed
new light on tensions between American technology companies and the
intelligence community long before former NSA contractor Edward
Snowden began leaking in 2013.
…
Court documents don't reveal exactly what the government wanted from
Yahoo. In one brief, Yahoo states the main issue of the case is
whether the Constitution protects the communications of U.S. citizens
or legal residents believed to be outside the U.S.
I
always ask, “What strategy would you adopt for intelligence?” If
the response is a variation of, “Gentlemen do not read another
gentleman's mail.” I label them idiots and stop listening.
Glyn
Moody writes:
Although the scale of the surveillance being carried out by the NSA
and GCHQ is daunting, digital rights groups are starting to fight
back using the various legal options available to them. That’s
particularly the case for the UK, where activists are trying to
penetrate the obsessive secrecy that surrounds GCHQ’s spying
activities. Back in December, we wrote
about three groups bringing an action against GCHQ in the European
Court of Human Rights (ECHR), and how Amnesty International is using
the UK’s Investigatory Powers Tribunal (IPT) to challenge the
spying.
Another organization that filed a complaint against the UK government
at the IPT is Privacy
International. But not content with that, it has now taken
further legal action, this time in order to obtain information
about GCHQ’s role in the “Five Eyes” system, the global
surveillance club made up of the US, UK, Canada, Australia and New
Zealand:
Read
more on TechDirt.
For
my students. New features creates a need for new Apps.
The
Next Great Gold Rush: Apps and Accessories for the Apple Watch
Every
time Apple modifies a connector, changes a form factor, or launches a
new gadget, it impacts countless companies. There’s a robust
third-party market for anything and everything that attaches to or
wraps around the iPhone, one that’s constantly adapting to the
evolving shapes, sizes, and specs of new handsets.
Now
that the Apple Watch is official, we’re going to see an entirely
new frontier of accessories and apps.
It’s
fitting that even as Apple announced the Watch, it killed the iPod
Classic. The iPod was the device that created the initial wave of
third-party iAccessories, from alarm clocks to speaker docks and, of
course, protective cases.
…
Sure, it has Siri and heart rate and motion sensors. And a really
cool UI. But it doesn’t have a camera, it doesn’t have a
headphone jack and there aren’t any connectivity options. In fact,
beyond its magnetic induction-charging surface, it doesn’t appear
to have any physical I/O ports at all.
…
But the main appeal of the Apple Watch likely will come through its
built-in accelerometer and bite-sized third-party apps. Though the
watch will have its own suite of fitness apps, Apple
will share workout data with other apps. The
accelerometer will be used to do more than track fitness, too: Apple
hinted you’ll be able to control the Apple TV with it. Down the
line, that kind of wrist-mounted motion sensor might be used for
everything from Leap Motion-like iPad or Mac navigation to a means of
moving through Oculus Rift games.
(Related)
How popular is the new iPhone?
Hit
for 6: iPhone 6 pre-order demand crashes networks
…
At the time of writing, Vodafone's
is the only network with a working pre-order page. O2's
online shop is down under the demand for the new phone, while EE's
entire website is offline. EE has yet to confirm whether that's a
result of increased traffic from customers interested in buying the
iPhone from the network with the widest 4G coverage.
Meanwhile
Three
will open pre-orders this afternoon. Virgin
Mobile is also selling the new phones, but pre-orders aren't open
yet and no expected time has been given.
(Related)
If you can only make “millions,” lots of companies won't be
interested.
Jasper
Hamill reports:
Tech firms are set to experience a biometric bonanza – as long as
they can persuade ordinary folk to give up worrying about their
privacy.
That’s the claim in a briefing note from “growth consulting firm”
Frost & Sullivan, which suggested the number of smartphones
equipped with biometric gubbins will soar from 43 million to 471
million by 2017.
This, according to the beancounters, means the biometric revenue from
smart phones will soar from increase from $53.6m in 2313 to $396.2m
in 2019, amounting to an
annual growth rate of 39.6 per cent.
Read
more on The
Register.
Another
great talk for my Statistics class.
Hans
and Ola Rosling: How not to be ignorant about the world
If
the iPad can do this, imagine what the iPhone6 can do! (Yes, I am
easily amused.)
iPad
Magician Blows Kids’ Minds With LEGO
Also
amusing, but much geekier.
Bach’s
Music on a Moebius Strip
No comments:
Post a Comment