Always
attack the weakest link.
There's
a massive new leak of confidential spy files from MI6, Mossad and the
FSB
Al-Jazeera
has obtained hundreds of confidential "spy cables" from
some of the world's top intelligence agencies, in what the
news channel is calling "the largest intelligence leak since
Snowden."
Documents
from Britain's MI6 and Israel's Mossad are included, along with the
Russian FSB, South African SSA and the Australian ASIO. (No American
intelligence agencies appear to be included.) Al-Jazeera is
publishing the leaks over the coming days in conjunction with the
Guardian, promising
that they will provide "an unprecedented insight into
operational dealings of the shadowy and highly politicised realm of
global espionage."
The
documents date from 2006 to December 2014.
…
The
source for the documents appears to be a leak in South Africa's SSA
agency, including "detailed briefings and internal analyses
written by operatives of South Africa's State Security Agency (SSA)",
as well as "secret correspondence with the US intelligence
agency, the CIA, Britain's MI6, Israel's Mossad, Russia's FSB and
Iran's operatives, as well as dozens of other services from Asia to
the Middle East and Africa."
A
really bad precedent. If they did this to track the hacker, that's
one thing. If not, what could possibly be on only one computer
(without clean backups) that is irreplaceble?
Midlothian
cops pay ransom to retrieve data from hacker
A
south suburban police department paid a $500 ransom to an
unidentified hacker to regain access to data from a police computer
the hacker managed to disable, records show.
…
"It didn't encrypt everything in the police department. It was
just that computer and specific files," not the entire system,
Harden said.
The
hacker didn't access the information on the computer [How
do they know that? Bob] but merely shut it down and made
it inaccessible, Harden said.
…
At the Midlothian Police Department, someone opened an email that
contained the virus, allowing the virus to lock down the computer,
Harden said.
…
Village officials released a copy of the town's invoice in response
to an open records request by the Tribune. The invoice, "for
MPD virus," shows the village sent a $606 money order to a
bitcoin cafe in New York to transmit the money to the hacker. The
payment included bank fees and surcharges.
Officials
tried to wire the money through Bank of America, Harden said, but
couldn't.
…
"Because the backups were also infected, the option was to pay
the hacker and get the files unencrypted," Harden said, "which
is what we decided to do."
Harden
said he believes the hacker's actions are criminal, [Gosh
Sherlock, what was your first clue? Bob] which is why the
hacker requested "pretty much untraceable" bitcoin as
payment.
It's
not just on Lenovo's laptops. (Article 1)
Lenovo
& Microsoft Remove Superfish
In
case you missed the news last week, Lenovo laptops were found to be
infected by a particularly nasty piece of adware that makes computers
vulnerable to man-in-the-middle attacks. Shockingly, Superfish was
pre-installed on Lenovo machines. We shared news
of the discovery on Thursday (Feb. 19), and detailed
the Superfish issue in full on Friday (Feb. 20).
Since
then, Lenovo has released a patch which automatically
removes Superfish and its certificates from affected machines.
The company has also detailed how to remove Superfish manually, for
those who don’t trust running an executable from the manufacturer
who created this problem in the first place. Microsoft has also
updated Windows
Defender so that it detects
and removes all traces of Superfish.
For
my Ethical Hackers. Subscription or purchase required. (Probably
free access through the library.)
Roy
Wenzl reports:
Kevin Steinmetz, a criminologist at Kansas State University, has
studied and met a lot of hackers and he sees value in them. Hacker
culture is far more diverse, more interesting, more valuable and more
sophisticated than most of us realize, he said.
[…]
His latest work, “An Ethnographic Study of Hacking,” has been
published in the British Journal of Criminology, according
to a statement from Kansas State University. In his work, he defines
what a hacker is (and is not) and what it means to “hack.”
Read
more on The
Witchita Eagle.
Here’s
the Abstract of Steinmetz’s article, “Craft(y)ness: An
Ethnographic Study of Hacking:”
The idea of the ‘hacker’ is a contested concept both inside and
outside the hacker community, including academia. Addressing such
contestation the current study uses ethnographic field research and
content analysis to create a grounded understanding of ‘the
hacker’. In doing so, hacking is revealed to parallel features
found in craftwork, often sharing (1) a particular mentality, (2) an
emphasis on skill, (3) a sense of ownership over tools and objects of
labour, (4) guild-like social and learning structures, (5) a deep
sense of commitment, (6) an emphasis on process over result, (7) a
common phenomenological experience, and (8) tendencies towards
transgression. The final result is that hacking is identified as a
kind of transgressive craft or craft(y).
[In
the January issue:
http://bjc.oxfordjournals.org/content/55/1.toc
Another
couple of reports worth reading.
Financial
Industry Regulatory Authority Report on Cybersecurity Practices
FINRA
Report on Cybersecurity Practices, February 2015 – Executive
Summary –
“Like
many organizations in the financial services and other sectors,
broker-dealers (firms) are the target of cyberattacks. The frequency
and sophistication of these attacks is increasing and individual
broker-dealers, and the industry as a whole, must make responding to
these threats a high priority. This report is intended to assist
firms in that effort. Based on FINRA’s 2014 targeted examination
of firms and other related initiatives, the report presents FINRA’s
latest work in this critical area. Given the rapidly evolving nature
and pervasiveness of cyberattacks, it is unlikely to be our last. A
variety of factors are driving firms’ exposure to cybersecurity
threats. The interplay between advances in technology, changes in
firms’ business models, and changes in how firms and their
customers use technology create vulnerabilities in firms’
information technology systems. For example, firms’ Web-based
activities can create opportunities for attackers to disrupt or gain
access to firm and customer information. Similarly, employees and
customers are using mobile devices to access information at
broker-dealers that create a variety of new avenues for attack. The
landscape of threat actors includes cybercriminals whose objective
may be to steal money or information for commercial gain, nation
states that may acquire information to advance national objectives,
and hacktivists whose objectives may be to disrupt and embarrass an
entity. Attackers, and the tools available to them, are increasingly
sophisticated. Insiders, too, can pose significant threats. This
report presents an approach to cybersecurity grounded in risk
management to address these threats. It identifies principles and
effective practices for firms to consider, while recognizing that
there is no one-size-fits-all approach to cybersecurity.”
"When
in trouble or in doubt, run
in circles, scream and
shout"
The
Minsk Ceasefire Has Failed. What Now For Ukraine?
…
The Minsk
agreement imposed an “immediate and full” bilateral ceasefire
across the whole of Donetsk and Luhansk from 15th
February. But the ceasefire was immediately breached. In fact
fighting never stopped. It is a ceasefire on paper only.
The
European Union is losing patience. Gone are the carefully-worded
missives, calculated to avoid upsetting anyone: it is resorting to
plain language, which for the EU amounts to the “ultimate weapon”.
(Related)
“No more McDonald's for you!”
Kerry
Raises Prospect of More Sanctions Against Russia Over Ukraine
…
Washington has expressed alarm over the past week about Russia’s
role in supporting the separatists in eastern Ukraine.
Last
week, the State Department said
Russia was not only providing the separatists with weapons but also
using its own forces to fire shells and rockets at Debaltseve, a
strategically important town that Ukrainian troops were forced to
abandon.
With
Ukraine’s loss of Debaltseve, there is growing concern in Western
countries that Mariupol, a port city in eastern Ukraine, could be the
separatists’ next objective. Mr. Kerry echoed those concerns on
Saturday, warning that Russia had been involved in “land grabbing.”
The outrage in Western capitals, however, has yet to lead to a
package of tough, new measures like economic sanctions or the
shipment of defensive arms to the Ukrainian military. And it remains
to be seen whether the United States and its allies can forge an
effective response to Russia’s support of the separatists.
Big
data keeps getting bigger. At least this is another source of
copyright free images. Maybe.
Denmark’s
largest digital archive launched
The
Copenhagen Post – “Denmark’s largest digital photo album
with nearly two million images…open[ed] to the general public
[February 20, 2015]. Danes will have access to the online database
at Arkiv.dk,
which includes 1,841,254 documents such as photos, diaries, letters,
and sound and video recordings. Since the late 1980s, all items from
the country’s more than 550 archives have been recorded
electronically, and today a large portion of them becomes freely
available to the public. The Association of Local Archives estimates
that Danish archives contain some 50 million images and more than 100
kilometres of shelves with original documents. Every month, 25,000
new photos will be added to the database… All
documents in the digital archive are covered by the general rules of
copyright, the oldest of them dates back to the 1600s.”
My
students do this already and I have to tell you, it doesn't work.
Humorous infographic.
10
Tricks to Make You Seem Like The Smartest Person in a Meeting
The
10 tricks outlined below will make you look the smartest
person in the room. Sure, you won’t have any idea what you’re
actually doing, but at least people will think you’re a genius.
(Note:
In case reading the infographic didn’t make it obvious, this isn’t
actual advice, and you should prepare for your meetings. In fact,
following this advice might lead you to lose your job. Use at your
own risk.)
For
my librarians. Perhaps we can use some of this?
22
ideas win Knight News Challenge: Libraries
In
September we launched the 12th
Knight News Challenge, on libraries, asking the question, “How
might we leverage libraries as a platform to build more knowledgeable
communities?” Today we’re announcing 22 winners of that
challenge, awarding the recipients a share of $3 million for their
ideas. Building on previous experience working with libraries, this
challenge has helped us learn a great deal about libraries and the
challenges they face while serving the information needs of their
communities. Several themes emerged among the winners, including
focusing on digital rights and privacy; history and digital
preservation; the maker movement and open data. We look forward to
learning more as the projects develop and to applying that knowledge
to our work more broadly. Additionally, we have experienced
firsthand the enthusiasm inside and outside of libraries for making
them vibrant civic institutions in a digital age. The
winners of the Knight News Challenge…”
Maybe
we don't need to teach our students to code? Interesting article on
taking advantage of a few loopholes.
How
a 25-year-old dev made 600 apps without being able to code
John
Hayward-Mayhew is one of the most prolific iOS developers ever to
peddle a blackjack game. Over the past four years, the 25-year-old
entrepreneur flooded the App
Store with an astonishing 600 separate apps — everything from
endless runners such as Dangerous
Caveman Bum Runner
to dentistry games like Emergency
Dentist Race
— raking in close to $1 million in the process.
The
most miraculous part of all? He can’t even code.
Just
in case they do want to learn something... List of resources!
Learning
Vim for Beginners
Vim,
or Vi Improved, is an extremely powerful text editor that
lets you do almost everything using keyboard shortcuts. You can
replace text in a document, move or delete lines, automate edits and
more without ever reaching for the mouse. Vim is the favorite source
code editor of programmers
but there’s no reason why you cannot use the editor for your
regular text-editing tasks from writing down ideas to composing long
emails.
No comments:
Post a Comment