Wednesday, April 15, 2015

A very strange thing to say – unless of course it's budget time.
US Military Not Ready to Wage Digital Attack: Official
The US military is well equipped to defend the country against cyberattacks but is not yet ready to wage digital warfare, a senior defense official told lawmakers on Tuesday.
The military's cyber command, created in 2009, lacks the means to lead an offensive campaign in a fast-moving digital conflict, said Eric Rosenbach, the Pentagon's principal adviser on cyber security.
His comments were unusual because officials previously have suggested the military was ready to lead an offensive digital campaign if necessary.
Rosenbach told senators there was no shortage of resources or funding for cyber command but there were technical and manpower problems that had to be tackled.


Trust no one! (Can millions of PowerBall, MegaMillions, etc. losers sue to recover the cost of their tickets?) As I tell my Computer Security students, conversion (getting the cash) is the hardest part of computer thefts.
US lottery security boss charged with fixing draw
Eddie Raymond Tipton was the security director for the Multi-State Lottery Association when he was arrested in January by the Iowa Division of Criminal Investigations.
Prosecutors said he had been caught on CCTV buying the winning ticket. The $14.3m (£9.5m) prize was never claimed.
… The offline computer is housed in a glass room and in theory can only be accessed by two people at the same time. It is also constantly monitored by a video camera.
It is alleged Mr Tipton used his position as security director to change the video camera settings and record only one second in every minute. This would have given him enough time to enter the room and plug a thumb drive into the computer.
… The court filings suggest there was an attempt to claim the prize just hours before it was scheduled to expire by a company incorporated in Belize.


Emails are expensive. They may cost you your job.
Email Phishing Attacks Take Just Minutes to Hook Recipients
If you work in IT security, you’ve got one minute and 20 seconds to save your company from being hacked. This is not a drill. It’s the median time it takes for an employee to open a phishing email that lands on a company’s network and in their inbox, setting in motion a race to prevent data from leaking. That’s according to the new Verizon Breach Investigations Report,
… Verizon noted that 23 percent of recipients open phishing messages. But simply opening an email won’t necessarily install malware on a machine. More dangerous are the 11 percent of recipients who go so far as to click on malicious attachments.
… “Unfortunately, the proportion of breaches discovered within days still falls well below that of time to compromise,” Verizon notes in the report.
Typically, it takes months if not years to uncover a breach. In 2012, for example, FireEye reported that the average cyberespionage attack continued unabated for 458 days before the victim discovered the hack. Prior to this, it was normal to find attackers had been in a network two or three years before discovery.


Another security report.
Report Explores Evolution of Targeted Attack Tactics in 2014
As user habits evolve, so do the tactics of attackers. It should come as little surprise then that as enterprises upgraded to newer versions of Windows in 2014, the amount of 64-bit Windows malware being used in attack campaigns increased as well.
According to researchers at Trend Micro, this is just one example of how targeted attacks are evolving with the times.
"Government agencies remained the most favored attack targets in 2014," Trend Micro blogged. "In the second half of the year, we saw a spike in the number of attacks that targeted hardware/software companies, consumer electronics manufacturers, and health care providers."
The full report can be read here.


Coming soon to a law school near me?
Pablo Palazzi writes that providing data protection courses in law school is a growing trend in Latin America. Of note,
In Chile there is a seminar taking place on April 22 and 23 in the School of Law of University of Chile, in Santiago (Chile).
This year I will be teaching for the first time a data protection seminar in San Andres University. It is an eight week course designed to cover the general principles of privacy and data protection plus some special sectors like telecom, internet, credit reporting and marketing. The course is part of a Program of Internet law that we are unveiling this year in the School of Law of San Andres University and that will cover also other courses.


The medium is the message but not the person? Perhaps a bit more legal research is indicated? (Digest Item 1)
Judge Rules Against Content Owners
A District Court Judge in Florida has dealt a serious blow to content owners going after people pirating their movies. These filmmakers and movie studios have long argued that an IP address is evidence enough that someone has pirated a movie. But Judge Ursula Ungaro fundamentally disagrees with this assumption.
According to TorrentFreak, Judge Ungaro refused to issue a subpoena against someone accused of pirating action flick Manny based on nothing other than their IP address. When she asked the company bringing the claim to explain their thinking, they argued that doing anything other than granting a subpoena would set a “dangerous precedent.” They also suggested that “all other courts” have accepted the notion that an IP address equates to a person.
In response to these assertions, Judge Ungaro referenced other cases where courts have ruled against IP addresses being sufficient evidence, and dismissed the case against one particular IP address. Which is a small but significant victory against copyright trolls who maintain you’re guilty until proven innocent.


Perspective. My students have never known otherwise (even if they don't know who Moore is)
Report – 50 Years of Moore’s Law
by Sabrina I. Pacifici on Apr 14, 2015
SPECIAL REPORT: 50 Years of Moore’s Law The glorious history and inevitable decline of one of technology’s greatest winning streaks, IEEE Spectrum – “Fifty years ago this month, Gordon Moore forecast a bright future for electronics. His ideas were later distilled into a single organizing principle—Moore’s Law—that has driven technology forward at a staggering clip. We have all benefited from this miraculous development, which has forcefully shaped our modern world. In this special report, we find that the end won’t be sudden and apocalyptic but rather gradual and complicated. Moore’s Law truly is the gift that keeps on giving—and surprising, as well.”


I found this on Google News.
This is the most brutal quote from the EU investigation into Google's alleged monopoly
If you want to get an idea of just how negatively the European Commission on competition sees Google right now, then skip to this section of its statement on how it believes Google handles online shopping search results.

(Related)
There's no way Google is going to pay Europe a $6 billion fine
… The EU probably wants Google to make a simple change
Margrethe Vestager, the member of the European Commission who issued its statement of objection, said that the Commission doesn't want to interfere with Google's design or search algorithm. Instead, it just wants the company to put the relevant shopping results at the top of its search pages — whether they're from Google or not.


I guess we can't have nice things!
Segway bought by Chinese rival Ninebot


For all my students. Should everyone have this App on their phones for emergencies?
FireChat: How to Chat Without Wifi or a Signal
Slow connection? Can’t find Wi-Fi? No problem! The FireChat app allows users to stay connected off the grid.
… Traditionally, users sent messages to each other through data or Wi-Fi networks. The messages are sent through a mobile network to a hotspot or cell phone tower. The data sent through to these data towers or Wi-Fi hotspots are then relayed through a centralized network and eventually the messages or data is received. During all of this data transfer period, your VPN is tracked. Though you can use a VPN service to protect your mobile data, information about your network can be tracked.
If you’re not sure how it works, read this excellent article on how to add security to your connection with a VPN.
Unlike most chatting apps, the FireChat app doesn’t rely solely on Wi-Fi or data – it doesn’t even need a hotspot or centralized mobile network to relay data. Instead, the app relies on peer-to-peer connections through wireless mesh networking via Bluetooth or Wi-Fi, technology built in the phone. As long as the FireChat users are within 100 feet of each other, they can connect and share massages.
Additionally, the ability to receive and request data without a centralized mobile network allows users of the FireChat app to stay “off the grid” and remain anonymous.
[Available for bot iOS and Android: http://opengarden.com/FireChat/


Tools for my students.
5 Minimalist RSS Readers Still in the News Feed Game
… the numbers show that RSS is still alive and will remain that way for years to come.
Plenty of alternatives to Google Reader have sprung up since its demise, but many of them are packed with too many features. Others, like Feedly, are still popular despite some shady history. But what if you want something simpler? A reader that delivers news without any distractions?
That’s when we turn to minimalistic RSS readers, which may not be so popular but are definitely worth trying. Here are a few that might work well for you.


Just because... (Digest Item6)
Stephen Hawking Does Monty Python
And finally, it’s not every day you see a theoretical physicist singing a Monty Python song. But today is that day. The theoretical physicist in question is none other than Stephen Hawking, and the Monty Python song he’s singing is Galaxy Song from The Meaning of Life.
Hawking has a close association with Python, having appeared in their live shows in London last year. But it’s still surprising to see and hear him performing Galaxy Song. This cover version is being released on digital and vinyl this weekend. Why? Why not?!


No comments: