This
will continue in the news until everyone has copies of the pictures.
Apple
Patches Vulnerability Possibly Linked to Celebrity Picture Leaks
Apple
has patched a flaw that may be linked to the leak
of salacious celebrity photos on the Web.
The
flaw existed in the 'Find My iPhone' service. In order to use it,
hackers would need to know the username of the account they are
targeting. The vulnerability allowed attackers to guess passwords
repeatedly without being locked out and without notifying the account
owner. If the password was successfully guessed, the attacker could
then access the iCloud account.
A
tool for brute forcing the accounts was
posted on GitHub.
… "There
have been claims that iCloud may be involved, but it’s tricky to
confirm even if all of the celebrities affected use Apple devices,"
blogged security researcher Graham Cluley. "Many folks are
blissfully unaware about
iPhone photos being automatically sent to an Apple iCloud
internet server after it is taken.
…
The
tool posted to GitHub was developed by HackApp, which also posted
slides and a presentation about iCloud security online. [Just
like someone was teaching Ethical Hacking... Bob]
Completely
unrelated to the article above, but you have to consider how secure
your lawyer's data will be in the cloud.
New
on LLRX – How to choose Web-based legal software
by
Sabrina I.
Pacifici on Sep 1, 2014
Via
LLRX.com
- How
to choose Web-based legal software: More and more lawyers
are moving to Web-based legal software because
it’s convenient, provides 24/7 on-the-go-access to
case-related information, and is affordable. Lawyer and legal tech
expert Nicole
Black says the good news is now that cloud computing is
becoming more familiar and accepted, new platforms are being
introduced into the legal marketplace at record speed. She explains
how to make effective business choices when determining how and what
cloud based applications to use.
For
my Computer Security students and for my Ethical Hacker's “How to”
guide. (Apparently, this reporter thinks Seoul is the capital of
North Korea or perhaps he can't spell Pyongyang.)
North
Korea's Cyber Warfare Capabilities Detailed in New Report
...
the fact that the Web is strictly controlled by the regime means
that independent hacker groups can't operate, so all cyber activity
originating in the country can be assumed to be sponsored by the
government. North Korea is well aware that any cyber activity traced
back to its territory is automatically associated with the government
so many attacks sponsored by the regime are launched from cells in
China, the United States, South Asia, Europe and even South Korea.
…
"While
North Korea’s cyber warfare capabilities pale in comparison to
those of wealthier nations, the regime has made significant progress
in developing its infrastructure and in establishing cyber
operations. The rate of this progress warrants a closer look at
North Korea’s motivations, TTPs, and capabilities," HP said.
…
The
complete report
on North Korea's cyber threat landscape is available online.
Not
a very strong argument.
The
Brattleboro Reformer posted this editorial that appeared in
The Kennebec Journal of Augusta (Maine) on Aug. 28:
If the federal government can’t get states to sign on to the Real
ID law, it has only itself to blame.
All the darkest nightmares of privacy advocates who warned in the
early 2000s of an Orwellian state in which everyone is under
surveillance all the time have turned out to be true.
Read
more on Brattleboro
Reformer.
Apparently,
there is money to be made in the “privacy lawsuit bidness”
Catherine
Baksi writes:
The
number of privacy cases fought in UK courts has doubled
in the last five years, amid an explosion in the amount of
personal data held and shared by government agencies, and retained by
businesses.
In
the year to 31 May 2014, there were 56 cases in the High Court, up
from 28 five years ago, according to figures from legal information
provider Thomson Reuters.
[...]
Thomson
Reuters said a high proportion of the cases this year involve claims
against public institutions, particularly the police. These have
included stop and search complaints.
In one high-profile
example of the police’s invasion of privacy, it was revealed that
undercover police officers secretly gathered intelligence over two
decades on Doreen Laurence and 18 families fighting to get justice
from the police over deaths in custody and other matters.
Read
more on Law
Society Gazette.
(Related)
Meanwhile,
Canada is also seeing a rise in privacy cases, as Arshy Mann reports:
With the certification of Evans
v. The Bank of Nova Scotia, the newly introduced tort of
intrusion upon seclusion has become another weapon in the arsenal for
the class action plaintiffs’ bar.
But while Evans has gotten the lion’s share of attention,
other developments in privacy law are also portending an increase in
privacy class actions. The tort of intrusion upon seclusion emerged
in Ontario in Jones
v. Tsige, a 2012 case involving a bank employee who accessed
a colleague’s personal information for her own purposes.
Read
more on Law
Times.
“DARPA's
like a box of chocolates. You never know what you're gonna get.”
F. Gump
DARPA
Open Catalog
by
Sabrina I.
Pacifici on Sep 1, 2014
“Welcome
to the DARPA
Open Catalog, which contains a
curated list of DARPA-sponsored software and peer-reviewed
publications. DARPA sponsors fundamental and applied research in a
variety of areas including data science, cyber, anomaly detection,
etc., that may lead to experimental results and reusable technology
designed to benefit multiple government domains. The DARPA Open
Catalog organizes publicly releasable material from DARPA programs.
DARPA has an open strategy to help increase the impact of government
investments. DARPA is interested in building communities around
government-funded research. DARPA plans to continue to make
available information generated by DARPA programs, including
software, publications, data, and experimental results. The table on
this page lists the programs currently participating in the catalog.”
No comments:
Post a Comment