Interesting.
I look forward to seeing what failed. Unless
Sony is really, really bad at security, this could have serious and
widespread implications. Note: A lot of the Ethical Hacking
community seems to find this “suspicious.” Could anyone be this
bad at securing their systems?
Sony
Comes To A Screeching Halt Targeted By Massive Ransomware Hack
It
appears that Sony
has become the victim of a massive ransomware
hack which has resulted in
the company shutting down. An unnamed source spoke to
Business 2 Community claiming that the company shut down after its
computers in New York and around the nation were infiltrated.
The source, according to the website, is an ex-employee of Sony
Pictures who has a friend that still works for the company.
According to the source’s friend, allegedly, every computer in
Sony’s New York Office, and every Sony Pictures’ office across
the nation, bears an image from the hacker
with the headline “Hacked By #GOP” which is then followed by a
warning.
… [Update]
Another unnamed source has surfaced and, speaking to Variety,
claims that Sony's IT department told employees to disable the WiFi
on their mobile devices
and turn off their computers. That same source went on to say that
the
company has told its workers that the situation will take anywhere
from one day to three weeks to be resolved.
(Related)
On the other hand.
Ransom
is the new black – the increasing trend of online extortion
…
Brian
Krebs reported on this a few months ago and it’s about as
brazen as you’d expect online criminals to get; give us money or
we’ll mess up your stuff. It’s the mob protection racket of the
digital era only more random with less chance of getting caught and
not as many gold necklaces (I assume). That one bitcoin is about
$400 American dollars today so enough for a tidy little return but
not enough that it makes for an unachievable ransom for most small
businesses.
The
worrying thing is though, this is just part of a larger trend that’s
drawing online criminals into the very lucrative world of extortion
and we’re seeing many new precedents in all sorts of different
areas of the online world. Let me show you what I mean.
For
my Computer Security and Risk management classes.
Why
Vendor Risk Management is Critical to Your Business
You’ve heard the trite expression “A chain is only as strong as
its weakest link.” Well, it’s true, and when it comes to
enterprise security, the weakest link might be outside your own
organization.
Every
since it came to light that the Target data breach originated through
compromised credentials belonging to a third party vendor, there has
been a renewed focus on vendor risk management (VRM), and especially
on computer security risks.
There's
money in Privacy!
Investors
are dumping money into a nascent anonymous messaging app that allows
users to post comments to people within a 1.5 mile-radius of their
phone.
The
app, Yik Yak, revealed Monday it had received $62 million in venture
funding, just months after it raised $11.5 million.
In
just one year, Yik Yak has quickly gained popularity on high school
and college campuses, but has yet to get a significant foothold in
the adult market.
…
WhatsApp, which rose to prominence as a privacy-focused text
messaging service, now has more than 600 million users worldwide.
But
privacy groups were appalled when Facebook purchased the app for
$22 billion earlier this year, worried the social networking
giant would misuse WhatsApp's user data.
Last
week, WhatsApp announced it would be rolling
out end-to-end encryption for its users, meaning only the sender
and receiver can read the message.
Snapchat
also rapidly gained a massive following in 2013, promising a way to
send self-erasing messages. The company later settled Federal Trade
Commission charges that those messages were not necessarily deleted
permanently.
Still,
Snapchat has been valued at $10 billion, according to multiple
media reports.
The
Wall Street Journal reported Yik Yak is
now valued in the low nine figures.
Other
anonymous messaging apps like Secret and Whisper have attracted more
limited, yet passionate, audiences.
“We
think you were wrong (and perhaps evil) to capture that data, but
don't destroy it because it might be useful.”
Aliya
Sternstein reports:
The Department of Homeland Security is poised to ditch all records
from a controversial network monitoring system called Einstein that
are at least three years old, but not for security reasons.
DHS reasons the files — which include data about traffic to
government websites, agency network intrusions and general
vulnerabilities — have no research significance.
But some security experts
say, to the contrary, DHS would be deleting a treasure chest of
historical threat data. And privacy experts, who wish the metadata
wasn’t collected at all, say destroying it could eliminate evidence
that the governmentwide surveillance system does not perform as
intended.
Read
more on NextGov.
Also
has implications for the Kim Dotcoms around the world?
Law
Enforcement Without Borders
CDT
– “A critical
case is now working its way through the US courts—one that
raises important questions for users and providers of cloud services
in both the US and Europe. As part of a US criminal investigation, a
US federal court has ordered Microsoft to hand over a customer’s
files that the company holds in its Ireland data centre. Microsoft
has refused to comply with this order, arguing among other things
that a warrant issued by a
US court is not sufficient to reach content stored outside US
territory, and that the US government must obtain the
assistance of the Irish authorities. The
crucial question here is: what rules apply when one country demands
that a service provider with a physical presence on its territory
give its authorities access to communications stored in another
country? Because larger policy questions are at stake,
CDT and other public interest groups are filing briefs in the case on
15 December. And recently, Dara Murphy, the Irish Minister for
European Affairs and Data Protection, asked
the European Commission to file its observations. The Commission
is now
considering adding its voice to the conversation. CDT believes
that the European Commission’s views would be helpful in shaping
the outcome.”
Free
is good.
Law
Review Commons
“Over
200 open-access law reviews · Over 150,000 articles · Free current
issues & archives from 1852.”
For
my iPhone using students.
The
5 Most Frequently Used Free Apps on My iPad
A
couple of weeks ago I published a list of my most
frequently used browser and desktop apps. I created a similar
list on iPadApps4School.com. That list is now included below.
When
I am reading a blog post that I want to save for later, I
share it to my Evernote
account.
Skitch
is the tool that I use on my iPad when I want to create an
annotated screenshot.
Penultimate
provides a place for you to hand-write notes on your iPad.
The app allows you to create multiple notebooks with multiple
pages in each.
I
check this app at 12pm Eastern Time for new apps that are free for a
limited time.
Google
Drive
I
use Drive for reviewing Documents that have been shared with me. I
also use Drive for storing videos that I have created on my iPad.
I'm
thinking about changing the final exam in my Spreadsheet class...
How
to Create a Jeopardy-style Game in Google Spreadsheets
Around
this time last year I shared a neat Google Spreadsheets script called
Flippity.
Flippity was originally designed to help you create
flashcards through Google Spreadsheets. This morning Steve
Fortna informed me that you can now use Flippity
to create Jeopardy-style gameboards through Google Spreadsheets. In
the video embedded I demonstrate how to use Flippity to create a
Jeopardy-style gameboard.
No comments:
Post a Comment