I
wonder if the vendor contract has an “If you do anything stupid...”
clause. Why would anyone set up password only access to their
systems?
Carly
Q. Romalino reports:
A weak network password allowed hackers to infiltrate a Gloucester
County school district’s network last week, holding its files
hostage for more than $125,000, according to Educational Information
and Resource Center experts.
A ransomware attack on Swedesboro-Woolwich
Elementary School District’s network last week
interrupted state-mandated testing and locked down network files last
week. The attackers demanded 500 bitcoins — a hard-to-trace
digital currency.
Read
more on Courier-Post.
Of note, the weak password was used by an unnamed vendor doing work
for the school. The vendor reportedly used the account name
“breaker” with a weak password for all of its work on clients’
systems.
[From
the article:
The
“brute force attack” originated outside of the United States, he
added.
Hackers
identified a potential open port in the Swedesboro-Woolwich system,
then assaulted the servers thousands of times per minute with various
password and username combinations until one worked, Procopio
explained.
Why
is this data in a computer at all? Wouldn't a file on a CD/DVD
(locked in a safe) be adequate?
From
the locker-numbers-today-grades-tomorrow dept.:
Krista
Brick reports:
Information technology professionals are trying to determine today
how students were able to access a secured computer file at
Bethesda’s Westland
Middle School and distribute the names, locker
numbers and locker combinations for that school’s 1,400 lockers.
Montgomery County Public School’s Westland Principal Alison Serino
told MyMCMedia Wednesday that a substitute teacher saw the students
making copies of the list on Tuesday and the administration was made
aware of what happened this morning.
Read
more on mymcmedia.com.
[From
the article:
“I’m
not sure how this happened,” she said, adding that the locker file
is kept on a password
protected file on an office computer.
No
other student data was accessed from that computer she said. [Ever?
The computer is never used or there is no record of activity? Bob]
Very
interesting. Does this suggest that management thinks it is cheaper
to pay the hackers than to provide adequate backups and security in
the first place? Or do they have no faith in their Security people?
30
Percent of Companies Would Negotiate Data Ransom With Cybercriminals:
Survey
In
a survey from ThreatTrack Security, 30 percent of the 250
organizations pooled said they would negotiate with a cyber-criminal
to get their data back. Though that means 70 percent would not
support negotiating, the survey also found that 86 percent of
security pros believe their peers at other organizations have done
so.
The
percentage of those willing to negotiate was even higher among
organizations that had already been hit by a cyber-extortion scheme.
Nearly 40 percent of security professionals said they are employed at
an organization that has been targeted in that kind of
attack, and 55 percent of them are willing to negotiate.
Security professionals within the healthcare and financial services
sectors were least likely to recommend negotiating with
cyber-extortionists with 92 percent and 80 percent, respectively,
saying "no."
The
next step up (down) from sexting? (The sex was legal, recording it
was legal, only posting it was illegal?)
WLS
reports:
Four Joliet teenagers were charged with child pornography after a
group sex video was posted to Twitter.
The three males – ages 14, 15 and 16 – and one female, 15, all
attend Joliet Central High School. They were arrested after the
girl’s mother saw the video and called police. The sex was
consensual, according to the Joliet police chief, but distributing it
online is considered child pornography.
Read
more on ABC
News.
Is
this one of those “Hey look! We did something!” actions?
Hackers who have investments in the US are probably rather rare. Or
is this just a polite way to target China?
Obama:
Groups That Launch Cyberattacks Against U.S. Companies To Face
Economic Sanctions
President
Obama signed an executive
order today that declares cyberattacks from foreign soil to be a
national emergency and gives the United States new powers for
defending against them. The executive order, titled “Blocking The
Property Of Certain Persons Engaging In Significant Malicious
Cyber-Enabled Activities” gives the federal government the power to
hit foreign hackers with freezes on their U.S. funds and property.
…
Prime targets will be foreign officials who the U.S. government
suspects of serious hacking activity, such as the officers
in the Chinese People’s Liberation Army (PLA) who were blamed
for attacking major American businesses in 2014.
A
debate that should be coming here soon.
Professor
Nils Hoppe has an article in BioNews that I recommend you read. It
begins:
One of the legally and ethically problematic issues regularly debated
in the context of biobanks and tissue repositories is that of its
potential for forensic use. When Anna Lindh (the Swedish foreign
minister) was murdered
in 2003, her killer was subsequently identified by way of
matching DNA
traces found at the crime scene with data contained on the killer’s
Guthrie card (an archived heel blood test done on every child born in
Sweden). This was an elegant and inspired forensic move by the
prosecuting authorities in Stockholm, but it led to frantic debate in
the relevant scientific communities about whether mechanisms ought to
be developed that restricted such use in the future.
The rationale for this discussion was not what one might first
suspect it to be: it was not driven by a desire to strengthen
individuals’ informational self-determination, or a sign that
genetic information was in some way instantly recognised as
particularly volatile and needing additional protection (though the
jury is still out on that particular question). The driver behind
this discussion is essentially the same as that in the context of
medical confidentiality taken by the Court in X v Y [1988],
succinctly summarised in that judgment by Rose J:
[i]n the long run, preservation
of confidentiality is the only way of securing public health;
otherwise doctors will be discredited as a source of education, for
future individual patients ‘will not come forward if doctors are
going to squeal on them‘. (my emphasis). (1)
This is, in essence, a consequentialist public health argument. It
is not about protecting the privacy or augmenting informational
self-control of individuals, but about providing stability and
coherence in the system. If
the information is not safe in the system, I will not give my
information to the system. This would have disastrous
consequences for the provision of clinical care to the benefit of
everyone.
Read
the full article on BioNews.
He raises a lot of really important questions that do need to be
debated and addressed.
Perspective.
One-Fifth
Of Americans Use Smartphones As Their Primary Onramp To Internet
…
The biggest takeaway from the results is that nearly 20% of
Americans access the Internet primarily on their mobile
phones. That means they don't use a desktop or notebook
for Internet access - only their phone. Perhaps for the younger
generation, this shouldn't come as too much of a surprise, but even
so, 20% is a huge share.
… In households where less than $30,000 is earned each year, 13%
of people will rely on their phone entirely; for households where
$75,000 or more each year is earned, only 1% rely solely on their
smartphones.
…
There are some other interesting bits, however. In total (of those
who completed the survey), 62% of people have used their smartphones
to look up health information, while 57% have conducted online
banking. Here's one that impresses me: 18% have used their
smartphone to submit a job application.
Suspicious?
Google has been parking the corporate jets at Moffett for years. I
wonder who they out bid for the lease? Why 60 years? (April 1st?)
Google
Takes Over Giant Airship Hangars at Moffett Field
There
was no ceremony, no party, just a quiet transfer. Google is now the
custodian of the giant airship hangars at Moffett Field.
The
tech company will lease the historic buildings and 1,000 surrounding
acres for the next 60 years.
The
deal calls for Google to restore the hangers.
Timely.
My Data Management students will learn how to do some of this...
What
is data-driven marketing?
In
words tinged with somber acceptance, today's digital marketers
proclaim customer data as their new master. No marketing decision
shall be made without closely consulting the data-analytics tea
leaves. Marketing's black art has just become quantifiable, but what
does data-driven marketing really mean?
"Arguably,
the most important evolution in the history of marketing
is the ability to understand what data you have, what data you can
get, how to organize and, ultimately, how to activate the data,"
says Mark Flaharty, executive vice president of advertising at
SundaySky, a tech vendor leveraging customer data to create and
deliver one-to-one marketing videos.
…
Then there are external data providers such as Avention, formerly
OneSource, which offers business-to-business data about customers and
prospects, which a company blends with internal data and feeds into
an analytics engine to spit out marketing insights. Avention data
helps companies better target prospect and manage the customer
purchasing lifecycle.
Something
for Big Data students to try?
International
Statistical Agencies
Via
Census – International
Statistical Agencies – links to data from around the world.
“The U.S. Census Bureau conducts demographic, economic, and
geographic studies of other countries and strengthens statistical
development around the world through technical assistance, training,
and software products. For over 60 years, the Census Bureau has
performed international analytical work and assisted in the
collection, processing, analysis, dissemination, and use of
statistics with counterpart governments in over 100 countries.”
No comments:
Post a Comment