For my
Ethical Hackers. “How to Attack, Method 704”
Hackers
Hit Yahoo Mail With Mass Account Checker Attack
“
Recently,
we identified a coordinated effort to gain unauthorized access to
Yahoo Mail accounts,” Jay Rossiter, SVP, Platforms and
Personalization Products at Yahoo, wrote
in a blog post Thursday. “
… According
to Rossiter, the list of usernames and passwords that was used to
execute the attack was likely obtained from hacking another site and
stealing the list of login credentials.
… “
Hackers
will use brute force attacks to test stolen usernames and passwords
from one source to gain access to another say, bank accounts,
Facebook pages, Gmail, you name it,” Juniper Networks’ Michael
Callahan wrote in a recent
SecurityWeek column.
For my
student veterans.
They
served their country but now the card that’s supposed to help
veterans may be putting them at risk for identity theft and it’s a
problem the Department of Veteran Affairs has known about for at
least two years.
When
the VA first issued new medical cards in 2004, they claimed the cards
protected the vet’s identity. Fast-forward ten years and we found
out, that’s not necessarily the case anymore.
WINK
News Call for Action found that a crook only needs a
smart phone and a free barcode scanner app, and then any
vet with one of these so-called protective cards is vulnerable.
It
took us all of ten seconds to get veteran Jim Murphy’s social
security number.
Read more on
WINK
News, where they posted a detailed response from the VA on its
plans to address the vulnerability with a rollout of new cards using
a different system that does not embed Social Security numbers.
[From
the article:
In December of 2011 the
VA published a report and at the top the VA claimed the I.D. cards
protected the veteran's identity because it doesn't publish the
social security number. Buried at the bottom of the page, you'll
find a warning which admits the bar code can easily be scanned,
revealing private information.
Since we discovered
that the VA has known about this issue for more than two years, we
wanted to know when it would be fixed.
A spokesperson with the
VA sent us this statement:
…
At time of receiving the card, Veterans have always been advised to
safeguard it as they would a Social Security card or a credit card,
to protect their identity information.
VA
has begun to move to the next generation of identification. The new
card, the Veteran Health Identification Card (VHIC), provides a more
secure means of identification for Veterans because the Social
Security number and birth date will no longer be contained on either
the magnetic strip or the bar code.
…
Once necessary software changes have been made so applications used
in VA health care facilities can read the VHIC bar code and magnetic
stripe, VA will begin issuing the VHIC this year and replacing
enrolled Veterans' old cards.
Verrrrry
interesting. I wonder what the judge is suggesting?
Spencer Ackerman
reports:
A
representative of a criminal defendant has for the first time been
granted permission to view evidence gathered against him under the
Foreign Intelligence Surveillance Act, one of the wellsprings of
authority for terrorism surveillance.
Judge
Sharon Coleman, a federal district judge in Illinois, issued an order
on Wednesday permitting a lawyer for Adel Daoud, who is accused of
attempting to detonate a car bomb near a Chicago bar, to learn the
origins of the information the FBI or other US authorities collected
about him under an order from a secret court that permits
surveillance on terrorists or “agents of a foreign power”.
[From
the article:
“While this court is
mindful of the fact that no court has ever allowed the disclosure of
Fisa materials to the defense, in this case, the court finds that the
disclosure may be necessary,” Coleman wrote, in an order first
reported by
New
York Times journalist Charlie Savage on Twitter.
“This finding is not
made lightly, and follows a thorough and careful
review of the Fisa application and related materials. The
court finds however that an accurate determination of the legality of
the surveillance is best made in this case as part of an adversarial
proceeding.”
(Related)
Another legal challenge.
The consensus is clear
that spying on innocent Americans section 215 of the Patriot Act is
flatly illegal. The Center for Democracy and Technology
said
it, Christopher Sprigman and I
said
it, Laura Donohue
said
it, Judge Richard Leon
said
it, the Privacy and Civil Liberties Oversight Board (PCLOB)
said
it, Sprigman and I
said
it again.
So far, less attention
has been paid to the legality—and wisdom—of mass surveillance
under section 702 of the FISA Amendments Act (FAA), codified at 50
USC 1881a. Section 702 is the statutory authority for the PRISM
program, which involves warrantless collection of communications
contents via targeting non-U.S. individuals or entities reasonably
believed to be located abroad.
(Related) Everything
is illegal and evil until something happens and we say, “How could
you have failed to prevent this?”
… a leading lawyer
in the UK has submitted
legal
advice to a parliamentary group concluding that mass surveillance
programs conducted by the British intelligence agency, the GCHQ, are
likely illegal (see
The Guardian’s report
here).
The
All
Party Parliamentary (APPG) on Drones, an informal parliamentary
group with members drawn from all parties, asked
Jemima
Stratford QC to provide expert evidence on the legality of the
alleged GCHQ surveillance.
So, how does all that
“NSA/GCHQ/CSEC is evil” stuff impact the average citizen? Not at
all, apparently.
TRUSTe
2014 US Consumer Confidence Privacy Report
“Privacy concerns are
growing with 74% more concerned about their online privacy than a
year ago. Despite the constant media coverage of government
surveillance programs such as NSA’s PRISM, this is not the main
driver of online privacy concerns.
People are far more concerned
about businesses sharing personal information with other companies
and tracking their online behavior to show targeted ads and
content than anything the government is doing. The
report
reveals:
Consumer online
privacy concerns remain extremely high with 92% of US internet users
worrying about their privacy online compared with 89% in January
2013.
Consumers are far
more concerned about about companies tracking their activities (58%)
than the government (38%).
Consumer trust is
falling. 54% of consumers (down from 57% in 2013) say they do not
trust businesses with their personal information online.
Online privacy
concerns mean consumers are less likely to click on ads (83%),
download apps (80%), enable location tracking (74%)
Interesting
that head of the NSA has been downgraded from 4 stars to 3 stars.
This must be deliberate, but I don't see a good reason for it.
Vice
Admiral Michael Rogers Named New NSA Chief
President Barack Obama
has nominated a US Navy officer, Vice Admiral Michael Rogers, to take
over as head of the embattled National Security Agency.
… If
confirmed by lawmakers, Rogers would also take over as head of the
military's cyber warfare command.
Are we truly
coming to the conclusion that we need to plan for cyber-security?
Report
– Risk and Responsibility in a Hyperconnected World
“Many leaders in
business, civil society and government realize that for the world’s
economy to fully derive the value inherent in technological
innovation, a robust, coordinated system of global cyber resilience
is essential to effectively mitigate the risk of cyberattacks. This
view is beginning to permeate discussions among senior leaders in the
private and public sectors, and across different industries, as
concerns related to cyber resilience shift from awareness to action.
The critical questions today are: what needs to be done, and how can
it be achieved?
Risk
and Responsibility in a Hyperconnected World, a joint effort
between the World Economic Forum and McKinsey & Company, assesses
the necessary action areas, and examines the impact of cyberattacks
and response readiness. The report sets these against three
alternative scenarios in which economic value from technological
innovations is realized or lost depending on models of cyber
resilience. It draws on knowledge and opinions derived from a series
of interviews, workshops and dialogues with global executives and
thought leaders to estimate the potential value to be created through
2020 by technological innovations. It examines the value that could
be put at risk if the adoption of such innovations is delayed because
more frequent, intense cyberattacks are not met with more robust
cyber resilience. Finally, the report draws conclusions from the
analysis and research, and offers a 14-point roadmap for
collaboration.”
“We don't
need no stinking parents!” This kind of thinking leads to
multi-generational debtors prisons.
Reports:
Lunches seized from Utah schoolkids because of unpaid bills
Dozens of children at a
Utah school had their lunches seized and thrown away because they did
not have enough money in their accounts, prompting an angry response
from parents, it was reported.
… Isom's mom Erica
Lukes called the move “traumatic and humiliating” and told the
Salt
Lake Tribune she was all paid up.
"I think it’s
despicable," she said. "These are young children that
shouldn’t be punished or humiliated for something the parents
obviously need to clear up."
Salt Lake City District
Spokesperson Jason Olsen told the
Tribune
that parents had been notified about negative balances on Monday and
a child nutrition manager had decided to withhold lunches to deal
with the issue. They were thrown away because once food is served to
one student it can’t be served to another, he explained.
Act like a
brat, get deported? Works for me!
White
House Must Address Petition to Deport Justin Bieber
After topping more than
100,000 signatures on "
We
the People," the White House is now
obligated to respond to a petition to "Deport Justin Bieber and
revoke his green card."
As of this afternoon,
the petition had 104,700 signatures and climbing.
Perspective. A huge
and error prone infographic. (To start with, Google should always be
written “go ogle”)
Exactly
How Big IS Google?
The Canadian
Prime Minister (what's his name) on Justin Beiber...