How
simple! Don't connect computers to the Internet!
South
Korea Accuses North of Cyber-attacks on Nuclear Plants
South
Korea's government accused North Korea Tuesday of carrying out
cyber-attacks last
December on its nuclear power plant operator, describing them as
a provocation which threatened people's lives and safety.
…
The
team on Tuesday said the hackers intended to cause a malfunction at
atomic reactors, but failed to break into their control system.
…
KHNP
officials have said the 23 nuclear reactors, which supply about 30
percent of the country's electricity, were safe because their
control system was separated from external networks.
Perspective
David
Morrison writes:
Almost half of all American consumers (45%) said data security
breaches have compromised their personal payment information or that
of a household member, according Verizon’s 2015 PCI Compliance
Report.
The document suggested credit unions and other card issuers might
suffer damage from card security breaches until consumers start using
payment cards with embedded EMV chips.
Verizon Enterprise Solutions, a subsidiary of the communication firm,
published the report March 12. It was the fourth year Verizon has
published the report, which looks into how firms comply with the
Payment
Card Industry Data Security Standard.
Read
more on Credit
Union Times.
(Related)
WDWK (What does Watson know?)
Malware
and DDoS Were the Most Common Attack Types in 2014: IBM
IBM
today released the 2015 IBM X-Force Threat Intelligence Quarterly, a
report that details the security incidents, financial malware trends,
risky Android apps, and vulnerability disclosures seen in 2014.
According
to IBM, malware and distributed denial-of-service (DDoS) attacks took
the lead last year in terms of volume. SQL injection attacks are
still efficient when it comes to extracting valuable information from
Web servers and applications, but point-of-sale (PoS) malware has
also helped cybercriminals steal a lot of records in the last year.
In
2014, the most commonly attacked industries were computer services
(28.7%), retail (13%), government (10.7%), education (8%), and
financial markets (7.3%).
…
The
complete 2015
IBM X-Force Threat Intelligence Quarterly is available online.
(Related)
Yet another breach (attack) summary.
Over
Half of ICS Security Incidents Reported in 2014 Involved APTs:
ICS-CERT
According
to the “ICS-CERT Monitor” newsletter for the period between
September 2014 and February 2015, a total of 245 incidents were
reported to the organization in the fiscal year 2014.
The
report
revealed that well over half of the incidents affected the energy
(32%) and the critical manufacturing (27%) sectors. Communications,
water, transportation, healthcare, and government facilities sectors
each accounted for 5-6% of the total number of ICS incidents.
Roughly
55% of the incidents involved APTs.
A
small but rather big change?
Dustin
Volz reports:
A judicial advisory panel
Monday quietly approved a rule change that will broaden
the FBI’s hacking authority despite fears raised by Google that the
amended language represents a “monumental” constitutional
concern.
The Judicial Conference Advisory Committee on Criminal Rules voted
11-1 to modify an arcane federal rule to allow judges more
flexibility in how they approve search warrants for electronic data,
according to a Justice Department spokesman.
Read
more on National
Journal.
[From
the article:
Known
as Rule 41, the existing provision generally allows judges to approve
search warrants only for material within the geographic bounds of
their judicial district.
But
the rule change, as requested by the department, would
allow judges to grant warrants for remote searches of computers
located outside their district or when the location is unknown.
The
government has defended the maneuver as a necessary update of
protocol intended to modernize criminal procedure to address the
increasingly complex digital realities of the 21st century. The
FBI wants the expanded authority, which would allow it to more easily
infiltrate computer networks to install malicious tracking software.
This way, investigators can better monitor suspected
criminals who use technology to conceal their identity.
…
Google weighed in last month with public comments that warned
that the tweak "raises a number of monumental and highly complex
constitutional, legal and geopolitical concerns that should be left
to Congress to decide."
In
an unusual move, Justice Department lawyers rebutted
Google's concerns, saying the search giant was misreading the
proposal and that it would not result in any search or seizures not
"already permitted under current law."
Better
than I thought!
Survey:
Surveillance Is Fine as Long as It's Not on Me
Growing
concern over surveillance in cyberspace has people changing their
online behavior, according to a report released Monday by the Pew
Research Center.
Nearly
90 percent of the 475 adults surveyed said they were aware of
government surveillance programs targeting Internet users.
"That's
a very high number," said Omar Tene, vice president of research
and education at the International
Association of Privacy Professionals.
…
Moreover, of those aware of the programs, more than a third (34
percent) had taken at least one measure to hide or shield their
information from the government.
Among
the measures taken in response to government surveillance were
changing social media settings (17 percent), avoiding certain apps
(15 percent), reducing social media use (15 percent), increasing
face-to-face conversations (14 percent), uninstalling certain apps
(13 percent), avoiding certain terms in online communication (13
percent), and deleting social media accounts (8 percent).
…
"Most of the steps mentioned are really not effective for
avoiding government surveillance," said Robert Neivert, COO of
Private.me.
…
Large numbers of adults supported monitoring programs aimed at
suspected terrorists (82 percent), foreign leaders (60 percent),
foreign citizens (54 percent) and even American leaders (60 percent),
the Pew study found. However, 57 percent opposed monitoring of U.S.
citizens.
I'm
for it! Except for the parts where I'm not.
Leslie
R. Caldwell, Assistant Attorney General for the Criminal Division of
DOJ writes:
In a series of recent posts,
we’ve been discussing the need for the Administration’s current
cybersecurity proposals and discussing how they have been drafted in
a careful and targeted way to enable us to protect privacy and
security without ensnaring harmless or legitimate conduct. Reaching
this balance is important in many parts of the criminal law, but it
is particularly important in the law that protects the privacy and
security of computer owners and users — the Computer
Fraud and Abuse Act (CFAA). This law applies both to the
hackers who gain access to victim computers without authorization
from halfway around the world, and to those who have some
authorization to access a computer — like company employees
entitled to access a sensitive database for specified work purposes —
but who intentionally abuse that access. Yet the CFAA needs to be
updated to make sure that the statute continues to appropriately
deter privacy and security violations. The Administration has
proposed an amendment
that maintains the law’s key privacy-protecting function while
ensuring that trivial violations of things like a website’s terms
of service do not constitute federal crimes.
Read
more on the Department
of Justice to see how they try to sell their proposed amendment.
[From
the DoJ:
For
example, a federal
court feared that the statute could be construed to permit
prosecution of a person who accesses the internet to check baseball
scores at lunchtime in violation of her employer’s strict
business-only internet use policy. Or, similarly, where a member of
the public accesses a dating website but lies about his physical
fitness in violation of the site’s terms of service that require
users to provide only accurate information.
We
understand these concerns. The
Department of Justice has no interest in prosecuting harmless
violations of use restrictions like these. [This
is not a “get out of jail free” card for Ethical Hackers Bob]
That’s why we’ve crafted proposed amendments to the CFAA to
address these concerns — while still preserving the law’s
application to those who commit serious thefts and privacy invasions.
(Related)
Perhaps this is the model the FBI wants to follow?
Intelligence
and Security Committee of Parliament published its Report ‘Privacy
and Security: A modern and transparent legal framework’
“The
Intelligence and Security Committee of Parliament has today published
its Report ‘Privacy
and Security: A modern and transparent legal framework‘. This
Report includes, for the first time in a single document, a
comprehensive review of the full range of intrusive capabilities
available to the UK intelligence Agencies. It contains an
unprecedented amount of information about those capabilities, the
legal framework governing their use, and the privacy protections and
safeguards that apply. The Report also reveals the use of certain
capabilities – such as Bulk Personal Datasets and Directions under
the Telecommunications Act 1984 – for the first time. The Report
represents a landmark in terms of the openness and transparency
surrounding the Agencies’ work. The Committee has also released a
press
statement on the report, and the opening
statement from this morning’s press conference.”
...and
just because this won't die.
Might
be worth comparing to what we're teaching our students.
Advanced
digital technologies are swiftly changing the kinds of skills that
jobs require
…
The researchers found that there were significant changes in skill
requirements over the 2006-2014 time period. For example, as
machines’ capabilities have increased in areas such as visual
perception and voice perception — think Google Inc.’s
self-driving car project or Apple Inc.’s Siri — jobs in the U.S.
have started requiring those skills less. And as computers take over
more routine work, jobs involve less supervision of people (since
more and more people are, in effect, supervising machines rather than
humans). For instance, the researchers note that in the past, an
architect might have supervised draftsmen; today’s architects
instead work with CAD software.
By
contrast, some job skills have grown in importance — in particular,
the ability to work with equipment such as computers. Demand also
grew for skills in some areas in which machines haven’t made many
inroads. The average occupation in the U.S. in 2014 more heavily
emphasized interpersonal skills — an area where computers can’t
yet compete with humans — than a comparable job in 2006.
For
my students writing papers on Social Networking?
How
To Respond To Fallacious Arguments On The Internet [Stuff to Watch]
…
how often is your (naturally well-worded and kind-mannered) argument
rebutted with an attack on your character, or a seemingly nonsensical
comparison? Wouldn’t it be great if you could deflect these
fallacious arguments while enlightening your detractors as to why
their challenge falls short?
Well,
with the help of these eight videos addressing common fallacies
online, you can!
For
my students who don't ask questions in class?
How
to Google Something You Don't Know How to Describe
…
There was something so satisfying about a simple exchange that
answered a question I'd wondered quietly for years. Which helps
explain why a site like What
Is This Thing Called is so delightful. It's a simple
Tumblr, made in the spirit of a
similar Reddit thread, that features photos of obscure,
forgotten, or otherwise ambiguous technologies. Anybody can comment
on the photos to help clarify what the thing is.
A
lot of the mystery things are of commonplace items. There's the
plastic pamphlet that a restaurant bill arrives in (a check
presenter) and those
stumpy cylindrical posts that prevent cars from driving onto
pedestrian spaces (bollards). Others are things that happen,
phenomena rather than physical objects themselves—like the
kink in a landline cord.
...
Then there's Superfish,
which promises that it can "find everything that words can't
possibly describe" by using an algorithm to comb through
millions of image matches to the photos you upload, then comparing
and ranking the results. The company has a series of
category-specific apps called Like That that help people identify the
kinds of flowers, breeds of puppies, and styles of furniture that
matches what they see in the world.
Something
to add next to our Windows 10 preview?
You
Can Now Preview Office 2016 and Skype for Business
…
Previously launched as a private preview, Office 2016 is now
available for commercial Office 365 users. This gives IT teams and
developers a chance to test the product and provide feedback. They
can also be the first to try new features that are issued via monthly
updates.
…
To learn more about and download the Office 2016 Preview program,
visit the Office 2016 Preview section at Microsoft
Connect.
No comments:
Post a Comment