It
has been a few years (Okay, decades) since I worked the “Russian
Problem” but this seems very familiar. Think of this as a military
strategy and ask yourself how significant sanctions can be.
Ukraine:
Vladimir Putin's military action reveals a wider plan
Alarm
is growing in Kiev and the West over Russia's role in eastern
Ukraine. But what is
Russian President Vladimir Putin trying to achieve? [Annexation
of the Ukraine. Bob]
The
indications are clear that Russia is being more confident and less
discreet about the presence of its troops and equipment in eastern
Ukraine.
As
well as sightings of Russian tanks, and reports of Russian
paratroopers not only captured by Ukraine but also killed "while
carrying out their duties", statements by separatist leaders
have changed too.
After
months of calling for assistance from Russia, separatist leaders now
say that they can "do without outside help".
All
this could indicate that Russian planners felt the military situation
of Russian-backed separatists was severe enough to need more direct
assistance.
Equally,
it could be that Russia is
simply less concerned at this stage about discretion and deniability.
(Related)
Is retaliation for sanctions an act of war? Perhaps JPMorgan should
conduct their “routine checks” more frequently?
JPMorgan
Hack Said to Span Months Via Multiple Flaws
Hackers
burrowed into the databanks of JPMorgan Chase & Co. (JPM) and
deftly dodged one of the world’s largest arrays of sophisticated
detection systems for months.
The
attack, an outline of which was provided by two people familiar with
the firm’s investigation, started in June at the digital equivalent
of JPMorgan’s front door, an overlooked flaw in one of the bank’s
websites. From there, it quickly developed into any security team’s
worst nightmare.
The
hackers unleashed malicious programs that had been designed
specifically to penetrate JPMorgan’s corporate network. Using
these sophisticated tools, the intruders reached deep into the bank’s
infrastructure, silently siphoning off gigabytes of information,
including customer-account data -- uninterrupted until mid-August.
Only
then did a JPMorgan team conducting a routine scan trigger an alarm.
They discovered a breach, now being traced and evaluated, which
investigators believe originated in Russia.
Evidence
of advanced planning and the access to elaborate resources, as well
as information provided by the FBI, led some members of the bank’s
security team to tell outside consultants that they believed the
hackers had been aided by the hidden hand of the Russ ian government,
possibly as retribution for U.S.- imposed sanctions.
A
case study for my Computer Security students.
Report
Examines Unanswered Questions Around Target Attack
Cybersecurity
startup Aorato has published a report around the data breach suffered
in 2013 by Target, which investigates some of the techniques used by
the attackers to gain access to the company's networks.
…
based
on publicly available information, Aorato has reviewed the steps
taken by the attackers, from the HVAC (heating, ventilation, and air
conditioning) contractor breach up to the theft of sensitive
information from the retailer's networks.
…
Researchers highlight the fact that in such credit card-oriented
attacks, cybercriminals
don't invest too much in infrastructure and automation.
As in the case of Target, many operations are carried out manually
with the aid of various tools; the only automated tasks are performed
by the piece of malware used in the attack. In this particular
attack, unlike many other APT attacks, the cybercrooks had not
created a command and control (C&C) infrastructure, and instead
operated everything manually from within the network.
This
should be part of your security budget calculation.
2014
Cost of Data Breach: Global Analysis
News
release: “Throughout the world, companies are finding
that data breaches have become as
common
as a cold but far more expensive to treat. With the
exception of Germany, companies had to spend more on their
investigations, notification and response when their sensitive and
confidential information was lost or stolen. As revealed in the
2014
Cost of Data Breach Study: Global Analysis, sponsored by
IBM,
the average cost to a
company was $3.5 million in US dollars and
15
percent more than what it cost last year. Will these
costs continue to escalate? Are there preventive measures and
controls that will make a company more resilient and effective in
reducing the costs? Nine years of research about data breaches has
made us smarter about solutions. Critical to controlling costs is
keeping customers from leaving.
The
research reveals that reputation and the loss of customer loyalty
does the most damage to the bottom line. In the aftermath
of a breach, companies find they must spend heavily to regain their
brand image and acquire new customers. Our report also shows that
certain industries, such as pharmaceutical companies, financial
services and healthcare, experience a high customer turnover. In the
aftermath of a data breach, these companies need to be especially
focused on the concerns of their customers. As a preventive measure,
companies should consider having an incident response and crisis
management plan in place. Efficient response to the breach and
containment of the damage has been shown to reduce the cost of breach
significantly. Other measures include having a CISO in charge and
involving the company’s business continuity management team in
dealing with the breach. In most countries, the primary root cause
of the data breach is a malicious insider or criminal attack. It is
also the most costly. In this year’s study, we asked companies
represented in this research what worries them most about security
incidents, what investments they are making in security and the
existence of a security strategy.”
As
long as your “Thing” only monitors your vitals, you are safe from
hackers. If your pacemaker is connected to the Internet, hackers
could turn you off.
Doctors
and nurses need to take their Internet of Things pills
THE
INTERNET OF THINGS (IoT) has the potential to reshape a number of
industries, none more so than the healthcare sector.
According
to the results of a recent survey we ran, questioning IT
professionals on their attitudes to the IoT, healthcare is the
biggest potential market for connected devices and technology.
Fifty-four percent of readers said that tools like heart-rate
monitors were a top benefit of the Internet of Things.
The
results show a clear interest among users in how their health, and
healthcare in general can be improved by the IoT. This is reflected
in recent research, which has indicated that remote patient
monitoring is predicted to save an average of $12,000 per patient in
the US and significantly reduce hospital-acquired diseases, a figure
likely to be achievable in the UK and across Europe too.
Reasonable?
Doesn't leave me warm and fuzzy.
The
Foreign Intelligence Surveillance Court declassified
an
opinion today which, although highly redacted, illuminates the
way at least one Judge is interpreting his mandate to protect the
First Amendment activities of Americans who the FBI seeks to
investigate under USA PATRIOT Act Section 215, codified at
50
USC 1861.
Essentially,
the question the judge,
John
D. Bates, confronts is when are international terrorism
investigations involving Americans based “solely upon activities
protected by the first amendment to the Constitution.” Judge Bates
concludes that so long as a international terrorism investigation is
premised on some unprotected activity, the FBI can nevertheless
investigate law-abiding US persons.
Worthy
of a quick read.
From
Out-Law.com:
The pace of technological change and rise of social media “may make
it inevitable” that UK privacy laws need to be revised and updated,
the country’s most senior judge has said.
Is
Apple reserving the right to sell your data to their Apps only?
Kevin
Rawlinson reports:
Apple has tightened its privacy rules relating to health apps ahead
of next month’s product launch, which is expected to see the
unveiling of an updated iPhone and could include new wearable
technology.
The technology firm has told developers that their apps, which would
use Apple’s
“HealthKit”
platform on the forthcoming products, must not sell any personal
data they gather to advertisers. The move could stave off concerns
users might have around privacy as Apple seeks to move into the
health data business.
I
suppose this could work with any online document, but flagging
changes to policies is a worthwhile start.
–
is a free service that allows you to track changes made to online
documents that affect your privacy or your personal information, like
Privacy Policies, Terms and Conditions or User Agreements. Pick the
websites you’re interested in, and the site will notify you when an
update has been made and show you exactly what has changed.
Soon,
drones will be armed to shoot down competitor's drones. At minimum,
they will have cameras for real time updating of Google maps.
Google
reveals the drones that will battle Amazon for control of our skies
…
The hope is to one day use these drones for delivering goods to our
homes. And if this all sounds familiar, it's because Amazon is doing
the same with its
Prime
Air delivery drones, also in the development phase.
Cars
can be drones too.
Terence
P. Jeffrey reports:
The National Highway Traffic Safety Administration, part of the
Department of Transportation, published last week an ”
advanced
notice of proposed rulemaking on “vehicle-to-vehicle
communications.”
What NHTSA is proposing could begin a transformation in the American
transportation system that makes our lives better and freer — or
gives government more power over where we go and when.
Apparently
this was not elementary.
Judge
Posner Solves Sherlock Holmes Copyright Case
Rita
Yoon, McDermott Will & Emery: “The original
character of the famous detective Sherlock Holmes, along with his
sidekick, Dr. John H. Watson, are no longer subject to copyright
protection. In an opinion by Judge Richard A. Posner, the U.S. Court
of Appeals for the Seventh Circuit held that copyright protection in
these century-old literary characters cannot be extended simply by
changing their features in later stories. When the original story
expires, the characters covered by the expired copyright are “fair
game” for follow-on authors.
Klinger
v. Conan Doyle Estate, Ltd., Case
No. 14-1128 (7th Cir., Jun. 16, 2014) (Posner, J.).”
Curious.
Does each lawyer add these to their Kindle or does the firm's
librarian keep all the copies?
Free
Federal Rules books from LII and CALI
Via
Sarah Glassmeyer, Center for
Computer-Assisted Legal Instruction:
“The 2015 versions of the Federal Rules of Evidence,
Criminal Procedure and Civil Procedure are now available. These
books are powered by the Legal Information Institute at Cornell
University Law School and distributed by the Center for
Computer-Assisted Legal Instruction’s eLangdell Press. The books
come in .epub format, which is compatible with iPads, Nooks, Android
devices and basically everything but kindles. These editions of the
books include:
The complete rules as of December 1, 2014 (for the 2015 edition).
All notes of the Advisory Committee following each rule.
Internal links to rules referenced within the rules.
External links to the LII website’s version of the US Code.
And
yes, all totally free.
You are more than welcome to download as many copies as you’d like
and add to digital collections. Here are the direct links to the
books:
For
the Computer Security lab.
Netflix
Releases Internally Developed Security Tools
Netflix
has released two applications used by the company's security team to
monitor the Web for potential threats.
…
Two of the security-related applications used by Netflix's security
team are Scumblr and Sketchy, which the company released on Monday as
open source.
Scumblr,
a Web app developed in Ruby on Rails, enables users to search the
Internet for content of interest. Its built-in plugins are designed
for searches on seven popular websites, including Google, Facebook
and Twitter. However, new plugins can easily be created for manual
or automatic searches on other sites, the company said.
…
Sketchy … is capable of saving HTML, capturing screenshots and
scraping text, all of which can be stored locally or in the cloud
(AWS S3 bucket).
…
Scumblr,
Sketchy and Workflowable are available on Netflix's page on GitHub.
(Ditto)
Skyfence
Launches Free Cloud App Usage Visibility Tool
…
Cloud-based
applications can be highly useful for an organization, but monitoring
them could prove challenging for IT departments. According to
Skyfence, enterprise IT teams can use Skyfence Cloud Discovery to
monitor Software-as-a-Service (SaaS) applications and services, and
determine, based on risk information generated by the tool, which of
them could pose a security threat.
…
Skyfence
Cloud Discovery, which is part of the Skyfence Cloud Gateway
product suite, can be downloaded for free and used to generate an
unlimited number of reports.
Well,
I find it amusing.
Pinging
The Whole Internet
The
image included in the tweet above shows what happens when you ping
“all devices on the Internet.” Or at least the devices
that answered when a company called Shodan, which bills
itself as the “world’s first search engine for
internet-connected devices,” attempted the feat.
There
are no real surprises in terms of hot-spots but it is, nonetheless, a
beautiful visualization of how
we
are all connected to each other by this series of tubes we call
the Internet.
For
my students. What can you make better?
The
Coolest Cooler breaks Kickstarter records
A
beachside drinks and food cooler for the digital generation is now
officially the most successful Kickstarter campaign of all time,
raising an incredible US$10.36mil (RM32.63mil) in pledges, and the
campaign is yet to close.
…
What makes the Coolest Cooler so cool? After all, the concept of
the cooler predates the refrigerator.
Its
creator, Ryan Grepper, will point to the fact that it's a cooler
for the 21st century so as well as insulating perishables from
the elements, it has an integrated battery-powered blender for
smoothies and cocktails, a water-resistant Bluetooth speaker, a
built-in chopping board, a USB charger for keeping smartphones
powered up and chunky tires for easy rolling over the sand.