This
can't be true. The FBI concluded that North Korea was the culprit
(it made sense from a movie promotion point of view) and the
President claimed “secret intelligence” that confirmed it. Don't
bother us with facts to the contrary!
Russian
Hackers Breached Sony's Network: Report
A
group of Russian hackers had — and
possibly still has
— unauthorized access to the network of Sony Pictures
Entertainment, according to a report published on Wednesday by Taia
Global.
The
Russian team allegedly breached the entertainment company’s network
by sending spear phishing emails containing a remote access Trojan
(RAT) to Sony employees in India, Russia and other Asian countries.
Once they had access to the computers of these employees, the
attackers leveraged advanced pivoting techniques to make their way to
Sony’s network in Culver City, California, the report
said.
…
Yama
Tough claims to have been in contact with a member of a Russian group
that has had access to Sony’s network since last fall and until at
least late January 2015. The unnamed Russian blackhat, who is said
to have worked occasionally with Russia’s Federal Security Service
(FSB), provided Yama Tough with a large number of files allegedly
stolen from Sony, the report said.
Yama
Tough sent some of the files to Taia Global, including seven
Microsoft Excel spreadsheets, five of which are dated from November
30 through December 10, and six emails, two of which are dated
January 14 and January 23. Taia Global says the information is not
included in the previously dumped Sony files, and the company has
received confirmation regarding the authenticity of one of the
documents from its author.
…
North
Korea denied any involvement in the attack and many experts
questioned the findings of US authorities, especially since they
haven’t provided any concrete evidence to back their claims.
In
late December, Taia Global conducted a linguistic
analysis of the messages written by GOP and concluded that the
hackers were most likely Russian, not Korean.
If
Taia Global’s reports are accurate, it’s possible that Sony was
breached not by North Koreans, but by a Russian group. Another
possibility, according to the company, is that Sony’s network was
penetrated simultaneously by both Russian and North Korean threat
actors.
…
The
attack launched against Sony by a Russian group will be discussed
today by Taia Global President Jeffrey Carr in a 25 minute talk at
the Suits
and Spooks security conference in Washington, DC.
Not
untypical, I'm afraid. Note that this has moved from a small breach
hardly worth posting to my blog, to a Very Significant “Go away
boy, stop bothering us.” The longer it takes them to take some
visible action, the worse they will look when their victims start the
lawsuits. Can't they see that?
On
January 24, this blog reported that Carbonic had claimed to have
hacked
the University of Chicago. The U. of Chicago never responded to a
notification and inquiry this blog sent via e-mail on January 22nd.
Yesterday,
SLC Security reported that the university is still
leaking information and is still vulnerable:
During a recent receive (sic) of some incidents being covered by
databreaches.net I was able to do some additional research and
confirm that even as recent as an hour ago that information is still
being offered in the underground community. In addition server IP
addresses owned by the organization are attacking other colleges and
universities in the US and elsewhere.
Well,
that’s not good. DataBreaches.net will send a second notification
to U. of Chicago and hope that this time, they respond and take
action to address any compromises they may have been – or may still
be – experiencing. If I get a response from them, I will update
this post.
SLC
Security also notes that both the Illinois
Institute of Technology and Northwestern
University are also compromised, although I haven’t
found anything through routine searches about their situations, other
than Northwestern being reportedly
hacked on January 20 by @AnonGhost (mirror of defacement here).
Update:
I received the following email from the U. of Chicago’s Associate
Vice President for Safety, Security and Civic Affairs & Chief of
Police:
Both of your messages have been received and shared with our
information technology services staff. Thank you for your concern.
Well,
that doesn’t answer my question about what they’re actually doing
and why the site is reportedly still leaking information, but at
least we now know that they got my notifications.
(Related)
Too common.
SLC
Security reports
that they are
seeing indicators that this entity has been breached for over a month
and does not realize it. It appears as though their infrastructure
is being used to launch farther attacks on other educational
institutions.
They also appear on Emerging Threats for malicious activity since at
lease the 11th of December, 2014. You would think these large
organizations would do something to get themselves off the blacklist
but as of today we are still detecting malicious activity.
Food
for thought.
Web-Borne
Malware Breaches Cost $3.2M to Remediate: Survey
A
new survey from the Ponemon Institute calls web-borne malware not
only a growing threat to enterprise data security, but a costly one.
According
to the report, which surveyed 645 IT pros and IT security
practitioners and was sponsored by security firm Spike Security,
web-borne malware attacks cost the organizations in the survey an
average of $3.2 million to remediate. The organizations surveyed had
an average of 14,000 employees.
…
While
all of the companies surveyed utilized a multilayered,
defense-in-depth approach, they still dealt with an average of 51
security breaches during the past year tied to the failure of malware
detection technology. According to the findings, the cost to respond
to and remediate a single breach resulting from these detection
failures was roughly $62,000 per incident.
…
"What
many organizations forget is that the browser is the only application
that is permitted to download and execute code from a 3rd party
location -- any external web site. Every time you allow unknown code
into your network, you put yourself and your business at risk. This
is why browser isolation outside the network is so important. It is
the only way to prevent this problem."
I
get the impression that even the Kim Dotcom haters are shocked by
this ruling. They seem to think New Zealand just did whatever the US
asked without bothering to consider the consequences.
Our
Supreme Court has handed down a chilling ruling about the state's
right to invade individual privacy - particularly when it's
contained, as
it is so often these days, on computers or mobile phones.
…
The case was at the heart of our Supreme Court ruling which found,
four to one, that the authority to ransack Kim Dotcom's Coatesville
home on 20 January 2012 was perfectly legal. It was a ruling that
excused shoddy police work and shoddy court work - a ruling that said
warrants sanctioned by the court can be scant and meaningless and
they are still OK. It established everyone's home is not their
castle, even if your home looks more like a castle than others.
…
In other words that they can't be general in nature and worded to
allow police to freely rummage about and seize whatever they like.
Yet that's exactly what happened in the Coatesville raid when police
took away a staggering 150 terabytes of data, accessed through more
than 135 computers and electronic devices.
They
even took away the system that opened and closed the mansion's doors.
"It is now acknowledged that a substantial amount of this data,
perhaps as much as 40 per cent, was irrelevant to the offences
charged. Some of it was personal and private," says Elias in
her judgement.
The
deeply concerning issue here is that while elsewhere in the world
Supreme Courts are recognising computers and mobile phones are
containers of individual lives and souls, our Supreme
Court seems oblivious to the fact. It found that the warrant
allowing holus-bolus searching of Dotcom's vast collection of
computers and other devices with no provision for sorting out what
was irrelevant or private was perfectly OK.
The
court saw no miscarriage of justice despite Dotcom being unable to
get access his seized information for more than two years. Not to
mention that if Dotcom's legal team hadn't initiated a judicial
review, all of this material would have been whisked away to the
United States never to be seen again.
…
Elias was alone in saying
a warrant should be right when it's issued and it was
wrong to treat a fundamentally flawed warrant as valid on the basis
of what happened after the event.
For
my Ethical Hackers.
Nearly
half of young people say they would be more likely to vote in the
2016 presidential election if they could cast their ballot online,
according to poll released Tuesday.
The
Fusion
poll, which surveyed 18-to-34 year olds, found that 49
percent said an online system could encourage them to vote. A large
portion, 42 percent, said voting online would make no real
difference. Another 8 percent said they would be less likely to vote
if it was made available online.
Thirty-eight
percent said they would be more likely to vote if they could do it
over their mobile phone.
Background
for my Business Intelligence students.
Demographics
of Key Social Networking Platforms
Pew
Report – “Fully 71% of online adults use Facebook, a
proportion unchanged from August 2013. Usage among seniors continues
to increase. Some 56% of internet users ages 65 and older now use
Facebook, up from 45% who did so in late 2013 and 35% who did so in
late 2012. Women are also particularly likely to use Facebook
compared with men, a trend that continues from prior years. Facebook
users were asked additional questions about their friend networks.
Among Facebook users, the
median number of Facebook friends is 155. When asked to
approximate how many of their Facebook friends they consider “actual”
friends, the median number reported was 50…
Some
23% of online adults currently use Twitter, a statistically
significant increase compared with the 18% who did so in August 2013.
Twitter is particularly popular among those under 50 and the
college-educated. Compared with late 2013, the service has seen
significant increases among a number of demographic groups: men,
whites, those ages 65 and older, those who live in households with an
annual household income of $50,000 or more, college graduates, and
urbanites…
Some
26% of online adults use Instagram, up from 17% in late 2013. Almost
every demographic group saw a significant increase in the proportion
of users. Most notably, 53% of young adults ages 18-29 now use the
service, compared with 37% who did so in 2013. Besides young adults,
women are particularly likely to be on Instagram, along with
Hispanics and African-Americans, and those who live in urban or
suburban environments…
Some
28% of online adults use Pinterest, up from the 21% who did so in
August 2013. Women continue to dominate the site, as they did in
2013: fully 42% of online women are Pinterest users, compared with
just 13% of men (although men did see a significant increase in
usership from 8% in 2013). While Pinterest remains popular among
younger users, there was an 11-point increase between 2013 and 2014
in the proportion of those 50 and older who use the site. Other
demographic groups that saw a notable increase in usership include
whites, those living in the lowest- and highest-income households,
those with at least some college experience, and suburban and rural
residents.”
Business
tool or buzzword? Analysis of Big Data is being talked about, but
not in as much depth as my students see.
Using
Data to Call the Shots
Daryl
Morey loves good data, and lots of it. As general manager of the
Houston Rockets, he has made a name for himself with his devotion to
using data analytics to make team decision—on everything shot
selection to whom to acquire in a mid-season trade. Morey talks with
Kellogg Insight about the importance of assembling a staff that
understands analytics, how to ensure you are using the data wisely,
and the need to always keep your eye on the prize when crunching the
numbers.
See?
I'm not the only one!
Morgan
Stanley thinks Russia’s doomed
And now Morgan Stanley is out with a pretty scary forecast, too.
“We
downgrade 2015 growth from -1.7%Y to -5.6%Y and revise our 2016
growth from a mild (0.8%Y) recovery to a 2.5%Y recession,”
writes Morgan Stanley’s Alina Slyusarchuk.
I
think we have some students who do this...
123D
Circuits - Design and Test Electric Circuits Online
123D
Circuits is a free tool from Autodesk for collaboratively
designing electronic circuits online. On 123D Circuits you can
design your circuits and test them on the simulator in your browser.
You can create circuits from scratch or use and modify templates and
other publicly shared projects.
Autodesk
recently published a short playlist of videos containing
demonstrations of how to use 123D Circuits for various tasks. Short
engineering lessons are included in the second half of the videos.
…
Click
here for seven other resources you can use to teach students
about electricity and circuits.
For
my International students. (There are even more in the article)
…
learning grammar is easier than ever now — with the right apps, of
course.
And
they are not just for people learning English; they’re also good
for those of us who already speak it.
The
free app Practice English Grammar from Cleverlize is among the most
polished, and is easy to use for improving your grammar skills. It’s
available for both iOS
and Android
and covers the whole gamut of grammatical details from conjunctions
through tenses to using the passive voice.
…
Another option is the LearnEnglish Grammar app from the British
Council.
…
This app is free for both iOS
and Android,
but you must pay for the complete range of content. Packs cover
grammatical topics at different levels, from Beginner Pack 1 to
Intermediate Pack 2 for more advanced lessons, and each costs $1.
Interestingly, there’s both a British English edition (free on iOS
and Android)
and an American English one (free on iOS
and Android)
…
A free alternative to these apps on Android
is English Grammar Ultimate from Maxlogic.
Can't
find the book you want to read in electronic format? Could my
students divide a textbook and merge the electronic versions? Uses
Windows 7 or 8, stores images on Amazon. (Article 3)
Kindle
Convert Turns Paper Into E-Ink
Amazon
has released Kindle Convert, a Windows program which lets you
turn
printed book into digital books. Currently priced at $19 (but
with a list price of $49), Kindle Convert requires you to scan each
page of the book you want to convert into the Kindle format. Which
will require a lot of time and patience.
While
this is likely to put most people off, it’s still good to have this
option, especially for those who want to digitize rare or
out-of-print books. Unfortunately, Kindle
Convert is only available in the U.S. for the time being, though
that’s likely to change in the future.
Global
Warming! Global Warming! Another prediction they got wrong?
Accelerated
Ice Melt Causing Iceland to Rise
No comments:
Post a Comment