Tuesday, January 27, 2015

Perhaps we could look at this short list of “Best Practices” and check off Sony's failures. Turns out there were a lot of failures.
NSA Releases Defensive Strategies for Fighting Malware Targeting Corporate Data
The NSA's Information Assurance Directorate (IAD) issued a report this month laying out best practices for combating malware designed to steal or destroy corporate data.
The report, entitled 'Defensive Best Practices for Destructive Malware', seems in part aimed at dealing with the type of data-wiping malware at the center of the recent attack on Sony Pictures Entertainment.
"Once a malicious actor achieves privileged control of an organization's network, the actor has the ability to steal or destroy all the data that is on the network," report continues. "While there may be some tools that can, in limited circumstances, prevent the wholesale destruction of data at that point, the better defense for both industry and government networks is to proactively prevent from gaining that much control over the organization's network."

(Related)
Enterprises Overly Reliant on Perimeter-based Defenses: Survey
Organizations are increasing investment in IT security, but even after a string of high profile data breaches in 2014, they aren't thinking beyond perimeter-based defenses, according to the latest Ponemon Institute survey.
The mega-breach at Target and other retailers served as a “wake up call” for senior managers at organizations to realize they needed better security. About 13 percent of senior management expressed extreme concern about their security posture before the Target breach was publicized, according to the survey. The number rose to 55 percent after the breach.
The recent attack at Sony where attackers dumped files containing “millions of instances of Social Security numbers” is an example of the kind of damage that can result when attackers get on the network and the information is not properly protected. “Organizations shouldn't be solely focusing on how to block the attack and they need to understand how vulnerable they are if the attackers get past the perimeter defenses,” Feinman said.


Oh, the horror!
Facebook was Down, Albeit Briefly
Facebook suffered an outage of around 40 minutes on Monday night (Jan 26), and the Internet immediately lost its head. Instagram, Tinder, Hipchat, Pinterest and others all seemed to be suffering similar fates at around the same time.
Lizard Squad (the hackers who took down Xbox Live and PSN over Christmas, and the Malaysia Airlines website this past weekend) claimed credit for the outage. However, Facebook blamed itself, stating, “This was not the result of a third-party attack but instead occurred after we introduced a change that affected our configuration systems.
Whoever was ultimately to blame, the panic that ensued online shows just how important Facebook is to many people. And for those still not convinced by the power of Twitter, the alternative social network proved its worth by allowing people to vent about Facebook’s temporary downtime.


An interesting question. Where besides Al Jazeera is it being asked?
Nathan Freed Wessler of the ACLU writes:
Cell site simulators, secret surveillance gear that tricks cellphones into transmitting their identifying information and location, have become a preferred method for law enforcement to track people’s whereabouts. Better known as stingrays, the devices mimic legitimate cell towers and induce cellphones in the area to transmit data to the government without ever alerting users. Even when police are looking for a particular suspect, the technology captures information about dozens, hundreds or even thousands of bystanders’ phones. Walls offer no protection, as the stingray’s signals pierce through the walls of homes and other private spaces, revealing otherwise private details about those inside.
Read more Al Jazeera America.


Police privacy – do they see this as being treated as second class citizens? (i.e. like everyone else?)
AP reports:
Sheriffs are campaigning to pressure Google Inc. to turn off a feature on its Waze traffic software that warns drivers when police are nearby. They say one of the technology industry’s most popular mobile apps could put officers’ lives in danger from would-be police killers who can find where their targets are parked.
Read more on NBC.


Imagine the security nightmare this creates. It's hard to tackle drones and you have no idea what their payload might be. Perhaps a giant plastic bubble?
Device, possibly aerial drone, found on White House grounds
… A device, possibly an unmanned aerial drone, was found on the White House grounds during the middle of the night while President Barack Obama and the first lady were in India, but his spokesman said Monday that it posed no threat.


Computer Security: “Things” are attaching to our networks far faster than security solutions become available.
Internet of Things Security Challenging Enterprise Networks: Survey
While there have increasingly been many predictions about the impact the Internet of Things (IoT) will have on organizations in the future, it appears that the number of non-traditional devices connected to corporate networks is already challenging enterprises.
According to a study by Atomik Research and security firm Tripwire, employed people working from home have an average of 11 IoT devices on their home networks, and nearly one in four have connected one of these devices to their enterprise networks. The devices run the gamut, with printers (27 percent), routers (22 percent), video equipment (20 percent) and video gaming consoles (14 percent) the most popular. Twenty-four percent of them admitted to connecting a personal smart device – other than laptops and cell phones – to a corporate network, and most said they are only "somewhat" concerned with the security of these devices.


I'm trying to make this point to my Data Management students. The uses for Big Data are limited only by your imagination. Each use suggests reasons for gathering more data.
DOJ spied on millions of cars to build real-time tracking database
The Justice Department has been secretly building a massive database to help federal law enforcement track the movements of millions of vehicles across the U.S. in real time, [Easy to do, but no reason to track “millions of vehicles” all the time. Bob] according to a report Monday in the Wall Street Journal.
The program is run by the Drug Enforcement Administration and tracks license-plate information from cameras placed on highways. The information gathered includes time, location and directional data.
… Officials had previously admitted that they track vehicles near the U.S. border with Mexico but had not disclosed that the program also tracks vehicles "throughout the United States," according to an email obtained by the Journal.

(Related) Know your baseline to know when things change.
Startup Uses Changes in Power Consumption to Detect Industrial Cyber Threats
Forget signatures, heuristics and sandbox analysis. PFP Cybersecurity, a Washington, D.C.-based cybersecurity startup, is taking a unique approach to detecting malware and threats within the IT supply chain as well as critical infrastructure such as industrial control systems.
According to the company, its anomaly-based detection technology uses changes in the pattern of power consumption or RF radiation, in order to detect a potential a security breach. By first creating a baseline by reading power fluctuations of a system under normal usage, and then through continuous monitoring, the startup claims that it can detect threats in milliseconds.


Does the RIAA know about this? Should they be offering incentives to achieve the same thing here?
Norway Has Figured Out How To Solve The Problem Of Music Piracy
New data from Norway reveals that music piracy has completely collapsed in the country. Music Business Worldwide is reporting that the country has hit upon a way to rely on streaming to encourage residents to enjoy music legally.
… In five years, the number of people admitting to illegally downloading files online has gone from 80% of survey respondents to just 4%. The survey also revealed that less than 1% of young people in Norway said that illegal downloads were their main source of music.
The IFPI says that income from streaming sites in Norway increased 60% from 2012 to 2013, and streaming accounts for 65% of Norway's music market. That's a big difference from other countries. The IFPI estimates that 27% of global digital music revenue comes from streaming services.
Streaming services like Spotify, Tidal and WiMP are big business in Norway, and it's these companies that the IFPI credits with reducing piracy. "We are now offering services that are both better and more user-friendly than illegal platforms," Thorge said.


Eventually, Putin's approval rating will fall. Won't it?
One-Fifth Of Russian Banks Could Collapse In 2015
The Russian banking sector is facing an annus horribilis with as many as 20% at risk of folding as the country's economic crisis takes its toll.
The Center for Macroeconomic Analysis and Short-Term Forecasting estimates that as many as 200 banks face collapse this year as a combination of bad loans and falls in the value of the ruble punish small- and mid-sized firms, Russian business daily Vedomosti reports.
Yesterday Russia's sovereign debt rating was downgraded to junk in a move that is likely to raise the cost of refinancing for these companies. To compound the problem, the move sent the ruble tumbling again to below 67 rubles to the dollar.

(Related) The joys of a managed economy? I thought that had been totally debunked years ago. An article well worth reading.
When Do Regulators Become More Important than Customers?


For my Big Data collection. A perfect dataset for my students to run through Gapminder?
IMF Offers Free Access to Its Online Economic Data
“The International Monetary Fund has launched a new platform to support its move to free data and to improve online global statistical dissemination. The new portal enables bulk data downloads and introduces dynamic visualization to showcase datasets that became available free-of-charge on January 1, 2015. The platform will help users better query, visualize, download, and share data. The databases include International Financial Statistics, Balance of Payment Statistics, Government Finance Statistics, and Direction of Trade Statistics. These will complement other free datasets available on the new platform. The data platform provides greater flexibility to perform dynamic data visualizations, including across time series and countries. The platform strengthens the narrative and analysis of any data and allows users to customize their data experience. The IMF will run its existing data portal located at www.elibrary-data.imf.org alongside the new portal located at data.imf.org in parallel for three months to help transition existing users to the new platform. Users will be guided through the change via self-help tools, including training materials and a new self-service online knowledge repository with data and methodology, frequently asked questions, and technical details.”


For my Risk management students, but some interesting Data Visualization too.
Global Risks 2015 – World Economic Forum
“The 2015 edition of the Global Risks report completes a decade of highlighting the most significant long-term risks worldwide, drawing on the perspectives of experts and global decision-makers. Over that time, analysis has moved from risk identification to thinking through risk interconnections and the potentially cascading effects that result. Taking this effort one step further, this year’s report underscores potential causes as well as solutions to global risks. Not only do we set out a view on 28 global risks in the report’s traditional categories (economic, environmental, societal, geopolitical and technological) but also we consider the drivers of those risks in the form of 13 trends. In addition, we have selected initiatives for addressing significant challenges, which we hope will inspire collaboration among business, government and civil society communities.”


For my next Spreadsheet class. Things my students should not waste their time replicating!
7 Fun & Weird Things You Can Create With Microsoft Excel


For my students. Imagine what could happen if you could learn how this worked?
How to Become an Online Celebrity---and Get Paid for It
Some top bloggers can rake in an income of $100,000 a year from advertising that appears on their blog. On Twitter, an influential name can command $100 for writing a tweet mentioning a sponsor’s product, while a YouTube sensation can get $25,000 for making a video that talks about an advertiser.

(Related) Maybe my students will get rich this way...
The App Economy Is Now 'Bigger Than Hollywood'
… While reading a self-laudatory Apple press release, the technology business analyst Horace Deidu found something remarkable: The iOS App Store distributed $10 billion to developers in 2014, which, Deidu points out, is just about as much as Hollywood earned off U.S. box office revenues the same year.
Working from that data, Deidu makes a startling provocation:
Although the totals for Domestic (U.S.) Box Office are not the complete Hollywood revenues picture, Apple’s App Store billings is not the complete App revenue picture either. The Apps economy includes Android and ads and service businesses and custom development. Including all revenues, apps are still likely to be bigger than Hollywood.

No comments: