Monday, October 13, 2014

Consider: The President was briefed on the JPMorgan hack and the potential for damage was explained.
Obama Said to Warn of Crippling Cyber Attack Potential
President Barack Obama believes cyber terrorism is one of the biggest threats to national security and says the White House is bracing for a possible doomsday scenario if hackers can successfully penetrate government and business computer systems, the FOX Business Network has learned.
… At the fundraisers, the president laid out what one person with first-hand knowledge of the fundraising meetings called a “doomsday” scenario if hackers can successfully gain entry into government systems or breach security walls at major banks.
“The president is worried that cyber criminals could literally wipe out the identities of millions of people through some breach of government systems and that could lead to massive chaos,” this person said.

(Related) The President is speaking hypothetically, DHS deals with actual events.
Critical Manufacturing Firm Hit by Sophisticated Threat Actors: DHS
Several sophisticated threat groups have breached the systems of a major critical manufacturing company, the Department of Homeland Security (DHS) revealed last week in a report.
According to the report, which summarizes the Industrial Control Systems Cyber Emergency Response Team's (ICS-CERT) activities in the second quarter of 2014, the attackers had access to the unnamed manufacturing organization's networks for several months.
A study published this summer revealed that 70% of critical infrastructure organizations had suffered at least one security breach that either led to the disruption of operations or the loss of confidential information.
The DHS has been actively involved in the protection of critical infrastructure, but the agency has also made some mistakes that could have had serious consequences. In July, in response to a freedom of information act (FOIA) request, the DHS mistakenly released 840 pages of documents containing details on potentially vulnerable critical infrastructure points across the U.S.


For my Computer Security students. These are fun questions to ask your managers. Tell them it is for a project at school.
Is Your Company Ready for a Big Data Breach?
The Second Annual Study on Data Breach Preparedness – Ponemon Institute© Research Report – Sponsored by Experian® Data Breach Resolution – Independently conducted by Ponemon Institute LLC. Publication Date: September 2014.
“Data breaches are increasing in frequency. Forty-three percent of respondents say their companies had a data breach involving the loss or theft of more than 1,000 records, an increase of 10 percent from 2013. Sixty percent of respondents say their companies have had more than one breach. Last year, 52 percent of respondents said their company had more than one breach. Current data breach preparedness programs often fail to deal with all consequences of an incident. Despite the increased existence of data response teams and plans in organizations represented in this research, Figure 1 reveals 68 percent of respondents do not agree their company would know how to deal with negative public opinion, blog posts and media reports. Further, only 67 percent do not agree their organization understands what needs to be done following a material data breach to prevent the loss of customers’ and business partners’ trust and confidence.”


Apple is not a bank. But, could we someone steal as much from them? Looks like it.
Apple Pay Setup Process Revealed as Retail Employees and Partners Begin Training
Apple has begun preparing its retail employees and retail partners for the upcoming launch of its Apple Pay mobile payments service with a host of new training materials that show the feature in action, reports 9to5Mac.
Users will be able to set up Apple Pay in Passbook or through the Settings app, as up to eight credit or debit cards be connected with an iTunes account or by scanning one in with the iPhone's camera. Every card connected to the service will allow users to access a number of features, including the ability to see a simple transaction list, the ability to turn on push notifications, and an area that allows quick access to a bank's phone number and an accompanying app. Passbook will also be able to automatically update an expired card with a new expiration date without the need to re-enter information.

(Related)
PayPal Mobile API Flaw Allows Security Feature Bypass
For security reasons, PayPal accounts are temporarily blocked if someone enters incorrect passwords several times. In order to have the account unblocked, the user must answer a series of security questions.
While this security feature is enforced in the regular Web application, the mobile API doesn't check if the account is restricted before allowing the user to attempt to log in again, Benjamin Kunz Mejri, Vulnerability Lab founder and the one who identified the issue, revealed in an advisory published last week.


Biometric security.
Banks Are Harvesting Your 'Voiceprint' On The Phone To See If You're Lying
… Two major U.S. banks, JPMorgan Chase & Co. and Wells Fargo & Co., use voice screening, also known as voice biometric blacklists, according to three people familiar with the arrangements, all of whom spoke on condition of anonymity because the system was meant to remain secret.
… "It's in the background. It doesn't affect the call in any way," said Inscoe. "Nobody even knows it's happening."


Healthcare. Apparently the potential to make huge amounts of money is attracting everyone.
The doctor will see you now — through Google
… Developer Jason Houle noticed an interesting feature when he googled “knee pain” on an Android device recently: Google was offering him to “talk with a doctor now” through a video chat. He posted a screenshot to Reddit on Friday, and Engadget confirmed yesterday that Google was indeed testing the feature.
The extraordinary aspect of the feature is that it suggests Google does actually harbor major ambitions for its expert-chatting feature, Helpouts, specifically in the domain of health care.
It’s HIPAA-compliant, ensuring doctors won’t need to worry about the security of patient information, as VentureBeat reported last year.


I hypothesize a zombie attack in my Disaster Recovery class, perhaps I could work robots into my Computer Security class? Will there be a market for drones (balloons?) I can fly to establish that I do use the air over my property and that drones could interfere with that use?
Self-Defense Against Robots
A. Michael Froomkin and Zak Colangelo on “Self-Defense Against Robots”
“Deployment of robots in the air, the home, the office, and the street inevitably means their interactions with both property and living things will become more common and more complex. This paper examines when, under U.S. law, humans may use force against robots to protect themselves, their property, and their privacy. In the real world where Asimov’s Laws of Robotics do not exist, robots can pose—or can appear to pose—a threat to life, property, and privacy. May a landowner legally shoot down a trespassing drone? [Make my day! Bob] Can she hold a trespassing autonomous car as security against damage done or further torts? Is the fear that a drone may be operated by a paparazzo or a peeping Tom sufficient grounds to disable or interfere with it? How hard may you shove if the office robot rolls over your foot? This paper addresses all those issues and one more: what rules and standards we could put into place to make the resolution of those questions fairer to all concerned. The default common-law legal rules governing each of these perceived threats are somewhat different, although reasonableness always plays an important role in defining legal rights and options. In certain cases—drone overflights, autonomous cars—national, state, and even local regulation may trump the common law. Because it is in most cases obvious that humans can use force to protect themselves against actual physical attack, the paper concentrates on the more interesting cases of
(1) robot (and especially drone) trespass,
(2) robot (and especially drone) spying, and
(3) responses to perceived threats by robots—perceptions which may not always be justified, but which sometimes may nonetheless be considered reasonable in law.
We argue that the scope of permissible self-help in defending one’s privacy should be quite broad. We also identify seven problems in current law relating to human-robot interaction, all of which involve some kind of uncertainty — usually about what a robot can or will do — and suggest ways of solving or at least ameliorating them, either by making robots less potentially dangerous (banning the arming of robots) or by requiring robots to give clearer notice of their capabilities. We conclude by looking at what the law on human self-defense against robots might tell us about a robot’s right to not be harmed by a human.”


Could this be how we get Russia to back off the Ukraine when “sanctions” don't work? Does Saudi Arabia owe us a favor this big?
Saudi Arabia's Oil Price 'Manipulation' Could Sink The Russian Economy
The vice-president of Russia's state-owned oil behemoth Rosneft has accused Saudi Arabia of manipulating the oil price for political reasons. Mikhail Leontyev was quoted in Russian media as saying:
Prices can be manipulative. First of all, Saudi Arabia has begun making big discounts on oil. This is political manipulation, and Saudi Arabia is being manipulated, which could end badly.
The news comes as Reuters reports Saudi officials have been privately admitting to oil market participants that they are comfortable with lower oil prices. According to the news service, the Organization of the Petroleum Exporting Countries (OPEC) is willing to accept prices as low as $80 a barrel for as much as the next two years.
Falling prices are of particular concern to Russia. Russia needs high oil prices to buoy its economy. The country has seen its economic performance slow under the weight of sanctions over Ukraine and weakening domestic demand.


One desktop per course. It reduces the clutter...
Don’t Wait for Windows 10: How to Use Virtual Desktops in Windows XP and Up
One of the big new features Microsoft is touting in Windows 10 is virtual desktops, something that OS X and Linux users have long enjoyed. But while virtual desktops might be getting some tweaks for its public debut in Windows 10, the core technology required for the feature has been available in Windows for years — it’s just been hidden.
Starting way back in Windows XP, Microsoft built a hidden Windows architecture called “desktop objects,” which let Windows launch separate Explorer processes to create up to four virtual desktops. The company now provides a free utility called Desktops that lets users access this hidden Windows feature with a clean and simple Taskbar-based user interface.


Gaming was not a large share of GDP 100 years ago. Now, one game can pull in $1 Billion.
League of Legends to Hit $1 Billion in Revenue
Despite the fact that the game is free, revenue is made from the in-game purchases that users make in order to enhance the game. The company has now suggested that by the end of the year, they would have reached the $1 Billion mark.


For my students who insist on chattering in class! Android App.
– take over the entire production of your own podcast or radio show with Spreaker Studio. It transforms your device into a fully-equipped radio studio, allowing you to broadcast live or pre-record podcasts while adding tracks and sound effects. Start an active relationship with your listeners by interacting with them directly.

(Related)
How To Run Android Apps in Chrome on Mac / Linux / Windows
It’s now possible to run Android apps in the Chrome browser — it just takes a little bit of work.
Google has officially brought four Android apps to Chromebooks, so it would seem that it’s only a matter of time before more and more Android apps become officially available on the Chrome browser. If you can’t wait, however, let’s run through a few options for running Android apps in Chrome right now.


99 cent Apple App. Formats as well as lists.
– is an app plus an iOS 8 Safari extension that makes it easy to do one key web developer task: view the HTML, JavaScript and CSS source of any web page, with beautiful and customisable syntax highlighting. As an app, you can enter a URL and immediately see the source code behind it. As an extension, it’s even easier.

No comments: