Every
employee needs to hear this.
IBM
discovers new cyberscam
IBM has uncovered a sophisticated fraud scheme run by a well-funded
Eastern European gang of cybercriminals that uses a combination of
phishing, malware and phone calls that the technology company says
has netted more than $1 million from large and medium-sized US
companies.
The
scheme, which IBM security researchers have dubbed 'The Dyre Wolf,'
is small in comparison with more recent widespread online fraud
schemes but represents a new level of sophistication.
According
to IBM, since last year the attackers have been targeting people
working in companies by sending spam email with unsafe attachments to
get a variant of the malware known as Dyre into as many computers as
possible.
If
installed, the malware
waits until it recognizes that the user is navigating to a bank
website and instantly creates a fake screen telling the
user that the bank's site is having problems and to call a certain
number.
If
users call that number, they get through to an English-speaking
operator who already knows what bank the users think they are
contacting. The operator then elicits the users' banking details and
immediately starts a large wire transfer to take money out of the
relevant account.
For
my Ethical Hackers: How would you detect someone copying data to a
thimbdrive? Only list your top five suggestions.
It’s
still too easy for bad actors and others to download ePHI onto thumb
drives. And do most
covered entities even realize it has happened or is happening?
WDAM
in Mississippi reports
that Hattiesburg
Clinic has been notifying patients of unauthorized
access to their records by a former optometry provider who allegedly
accessed their records to send letters notifying patients about his
new employer.
The
clinic states they first became aware of the breach, which occurred
between December 11 and December 31, 2014 on January 23rd. They
do not say how they learned of the breach, other than that they were
made aware of it.
Notification
letters, dated March 20th, explained that the doctor had copied
patients’ contact information onto a thumb drive that he took with
him to his new employer to enable him to send out letters
notifying patients of his new employment. The clinic recovered
the thumb drive and received assurances that neither the doctor nor
the Hattiesburg Eye Clinic, his new employer, retained any
information.
Although
the clinic indicates it reported the incident to HHS, the incident
does not yet appear on HHS’s public breach tool, so either it
should appear shortly, or the breach impacted less than 500 patients.
This
post will be updated if the incident appears on the public breach
tool.
What
is Cyber-war? Do my Computer Security students need a clear
definition to counter an attack? Of course not. However, it would
help them predict “what comes next.”
CRS
– Cyberwarfare and Cyberterrorism
by
Sabrina
I. Pacifici on Apr 2, 2015
Cyberwarfare
and Cyberterrorism: In Brief, Catherine A. Theohary, Specialist
in National Security, Policy and Information Operations. John W.
Rollins, Specialist in Terrorism and National Security. March 27,
2015.
“Recent
incidents have highlighted the lack of consensus internationally on
what defines a cyberattack, an act of war in cyberspace, or
cyberterrorism.
Cyberwar is typically conceptualized as state-on-state action
equivalent to an armed attack or use of force in cyberspace that may
trigger a military response with a proportional kinetic use of force.
Cyberterrorism can be considered “the premeditated use of
disruptive activities, or the threat thereof, against computers
and/or networks, with the intention to cause harm or further social,
ideological, religious, political or similar objectives, or to
intimidate any person in furtherance of such objectives.”
Cybercrime includes unauthorized network breaches and theft of
intellectual property and other data; it can be financially
motivated, and response is typically the jurisdiction of law
enforcement agencies.
Within
each of these categories, different motivations as well as
overlapping intent and methods of various actors can complicate
response options. Criminals, terrorists, and spies rely heavily on
cyber-based technologies to support organizational objectives.
Cyberterrorists are state-sponsored and non-state actors who engage
in cyberattacks to pursue their objectives. Cyberspies are
individuals who steal classified or proprietary information used by
governments or private corporations to gain a competitive strategic,
security, financial, or political advantage. Cyberthieves are
individuals who engage in illegal cyberattacks for monetary gain.
Cyberwarriors are agents or quasi-agents of nation-states who develop
capabilities and undertake cyberattacks in support of a country’s
strategic objectives. Cyberactivists are individuals who perform
cyberattacks for pleasure, philosophical, political, or other
nonmonetary reasons. There
are no clear criteria yet for determining whether a cyberattack is
criminal, an act of hactivism, terrorism, or a nation-state’s use
of force equivalent to an armed attack. Likewise, no
international, legally binding instruments have yet been drafted
explicitly to regulate inter-state relations in cyberspace. The
current domestic legal framework surrounding cyberwarfare and
cyberterrorism is equally complicated. Authorizations for military
activity in cyberspace contain broad and undefined terms. There is
no legal definition for cyberterrorism. The USA PATRIOT Act’s
definition of terrorism and references to the Computer Fraud and
Abuse Act appear to be the only applicable working construct.
Lingering ambiguities in cyberattack categorization and response
policy have caused some to question whether the United States has an
effective deterrent strategy in place with respect to malicious
activity in cyberspace.”
“If
we do it, it might violate privacy so we want to contract with a
private entity to do exactly the same thing.”
The
Department of Homeland Security (DHS) is offering up a contract for
companies to keep track of people’s license plates.
The
department’s Immigration and Customs Enforcement (ICE) posted a
draft
solicitation on Thursday, slightly more than a year after the
department scuttled a previous attempt to create a license plate
tracking system over fears it could infringe on people’s privacy.
The
new request, which was first
reported by The Washington Post, makes clear that the
department “is neither seeking to build nor contribute to a
national” license plate reading system. Instead, it wants to use a
preexisting commercial service to help track down people suspected of
violating the country’s immigration and other laws.
Facebook
does not do “secretly.” You just have to look at their privacy
policy on page 2471, paragraph 57, sub-paragraph 401, line 12 and
there, plain as day it says “and anything else we want to do.”
Tony
Briscoe reports:
A Cook County man is suing Facebook, alleging that the social media
giant has violated Illinois privacy laws with facial recognition
software that “secretly amassed the
world’s largest privately held database of consumer biometrics
data.”
Carlo Licata claims in a lawsuit filed Wednesday in Cook County
Circuit Court that Facebook has violated state law by not informing
him in writing that his biometric data was being collected or stored,
or when it would be destroyed.
Read
more on The
Chicago Tribune.
Just
because it seems to disappear doesn't mean it's gone.
Snapchat
Shows Data Requests in Transparency Report
Snapchat,
the social network known for its disappearing messages, released its
first transparency report Thursday showing hundreds of requests from
US and foreign law enforcement agencies.
Between
November 1 and February 28, Snapchat said it received 375 requests
from US law enforcement officials, and produced at least some data in
92 percent of those cases.
"While
the vast majority of Snapchatters use Snapchat for fun, it's
important that law enforcement is able to investigate illegal
activity," Snapchat said in a blog
post.
"We
want to be clear that we comply with valid legal requests."
The
requests were mostly in the form of subpoenas, warrants or court
orders, along with a smaller number of emergency requests.
Outside
the US, Snapchat received 28 requests and produced data in six of
those cases. The requests came from Britain, Belgium, France, Canada,
Ireland, Hungary and Norway.
Are
we reacting to sensational news stories rather than researching the
facts? Sure looks that way to me.
Eyes
in the Sky: The Domestic Use of Unmanned Aerial Systems, House
Judiciary Committee
by
Sabrina
I. Pacifici on Apr 2, 2015
Eyes
in the Sky: The Domestic Use of Unmanned Aerial Systems, House
Judiciary Committee, May 17, 2013. Serial No. 113–40.
…
Within the last few years, high powered computers and data networks
have been combined with aircraft, allowing them to be piloted
remotely. [“Remote
Piloting” does not rely on computers or networks. Think model
airplanes – we've been doing this for decades! Bob]
…
Law enforcement and public safety are increasingly becoming the most
prevalent uses for UAS. [Somehow,
I doubt that. Bob]
…
The ability to fly a small, unmanned aircraft with cameras and
sensors can also profoundly affect privacy and civil liberties in
this country. No longer restricted to the high cost and short flight
time of manned flight, UAS can hover outside a home or office. Using
face recognition software and fast computer chips, a UAS may soon be
able to recognize someone and follow them down the street. These new
surveillance capabilities, in the hands of the police, may be
intrusive to our concepts of individual liberty. That is why I have
cosponsored the ‘Preserving
American Privacy Act of 2013, a bill sponsored by Representative
Ted Poe of Texas and Representative Zoe Lofgren of California.
...because
they are our (Taxpayers) employees?
AP
reports:
The Washington Supreme Court says public employees don’t have a
right to privacy about the fact that they’re being investigated.
Two workers with the Spokane School District, who have
been on paid administrative leave for years, sought to
have their names redacted on documents released under a public
records request.
In a 5-4 decision, the court said the documents — which didn’t
detail the substance of the allegations against them — could be
released with their identities.
Read
more on Houston
Chronicle.
Europe
doesn't think like the US Congress. Perhaps if Google et. al.
Started “euro PACs” they would find themselves loved by the EU?
The
European antitrust investigation into Google appears to be heating
up. More European countries are looking into Facebook’s privacy
settings.
And
Apple,
which already is under scrutiny for its low corporate tax
arrangements in Ireland, is now facing potential antitrust questions
from the European Commission about the company’s new music
streaming service expected this year.
The
downside is that I won't have the terrorist “user guides” freely
available for my Criminal Justice or Homeland Security students.
Perspective.
This happened because XP was “good enough.”
14-Year-Old
Windows XP Still Has More Users Than Windows 8.x
For
my Students. There's an App for Apps.
Arc
Welder Adds Android Apps to Chrome
Android
apps will soon be compatible with any desktop operating system
capable of running Chrome. This means that anyone using Chrome OS,
Windows, Mac, or Linux will gain access to the thousands of Android
apps currently available on Google Play.
This
is thanks to ARC Welder, a new Chrome app Google has initially
released
as a developer preview. ARC
Welder converts any Android app into a Chrome app, meaning they can
be used on a host of other operating systems. Only a
handful of apps have so far been ported to ARC, but the release of
ARC Welder means that number is sure to increase exponentially.
ARC
Welder is at a very early beta stage, so it’s far
from perfect. Some of the Google Play Services are still
missing, meaning apps which use them will simply crash. However,
it’s clear that Google is working towards making Android and Chrome
act as one, which should be a boon for users of the tech giant’s
products and services.
For
my students who shop Amazon (and perhaps a few of us adjuncts)
6
Amazon Prime Benefits You Might Be Ignoring Right Now
Free
Months of Prime
If
you’re currently enrolled in a college or university and you have a
valid .edu email address, you can register as part of the Amazon
Student program which grants you a six-month free trial
for Prime. When the trial ends, you can upgrade to a full
Amazon Prime membership for 50% off.
Note:
This free trial only includes free shipping, free 2-day delivery, and
unlimited photo storage with Prime Photos.
Prime
Instant Video, Prime Music, Kindle Owners Lending Library, and
membership sharing are only available to those with a full Amazon
Prime membership.
Believe
it or not, I have students interested in poetry.
5
Resources for National Poetry Month
April
is National Poetry Month in the U.S. Writing and or understanding
poetry can be a challenge for those of who don't consider ourselves
the creative writing type. Surely we have students who feel that way
too. Here are five resources that can help us understand and create
poetry.
ReadWorks
has a new selection
of famous poems available on their website. The selection is
organized by grade level. As with every passage on ReadWorks, each
poem is accompanied by a set of guided reading questions.
BoomWriter
has put together new vocabulary sheets for Poetry Month. The poetry
vocabulary is part of a larger poetry lesson plan for elementary and
middle school students. You can download the vocabulary words and
lesson plans as PDFs. (Disclosure: BoomWriter advertises on
FreeTech4Teachers.com).
The
Poetry
Foundation offers some helpful resources for teachers and
students. One of the resources that immediately jumped out at me
when I visited the Poetry
Foundation's Learning Lab was the glossary
of poetry terms. Students can search the glossary
alphabetically, by form & type of poem, by rhyme & meter, by
schools & projects, by technique, and by theory or criticism.
The Poetry Foundation offers a free
mobile app for iOS and Android. The app allows users to search
for poems, save poems, and share favorite poems with their friends.
You can search for poems by poet, by title, or by entering a line or
two of a favorite poem.
Word
Mover is a free iPad
app and web
app from Read Write Think. The app is designed to help students
develop poems and short stories. When students open the Word Mover
app they are shown a selection of words that they can drag onto a
canvas to construct a poem or story. Word Mover provides students
with eight canvas backgrounds on which they can construct their
poems. If the word bank provided by Word Mover doesn’t offer
enough words they can add their own words to the word bank.
Scholastic
has assembled a big
list of lesson resources for teaching poetry this month. One of
the resources that I really like is the Poetry
Idea Engine. The Poetry Idea Engine is a simple, interactive
tool that helps students create four types of poems; haiku, limerick,
cinquain, and free verse. To create poem on Poetry Idea Engine
students select one of the four formats. If they pick one of the
first three format students will be given a short explanation of the
pattern before completing the template to create their poems.
No comments:
Post a Comment