Won't Sony be pleased. It's not bad enough that
the hackers have your data, now consider the risk if everyone
has your data.
Wikileaks
has published the complete Sony leaks in a searchable database
Today, Wikileaks published
a database of all of the data leaked from Sony Pictures in last
year's hack, comprising 173,132 emails and 30,287 separate documents.
The documents contain private legal opinions as well as sensitive
conversations between executives, many of which were
the subject of reports in the wake of the hack. "This
archive shows the inner workings of an influential multinational
corporation," WikiLeaks founder Julian Assange said in a
statement. "It is newsworthy and at
the centre of a geo-political conflict. [Did
I miss something? I'd categorize the North Korea kerfuffle as
business as usual. Bob] It belongs in the public domain.
WikiLeaks will ensure it stays there."
For my Computer Security students. Plan, to avoid
being caught in this trap!
The Rise of
Cyber Extortion
… Cyber
extortions have taken on multiple forms, all focused on data –
encrypting data and holding it hostage, stealing data and threatening
exposure, and denying access to data:
• Ransomware
• Denial-of-service
attacks
• Holding
sensitive data hostage
• Holding
AWS accounts hostage
… As
long as companies continue
to pay ransoms when attacked, we should expect cyber extortion to
continue in 2015.
Any country could pose a threat. The trick is
knowing if you can handle it.
Iran Poses
Growing Cyber Threat to US: Study
Iran
poses a growing threat to America's computer networks and has
launched increasingly sophisticated digital attacks and spying on US
targets, according to a new report released Thursday.
Iran's
far-reaching hacking efforts indicate the regime is searching for
vulnerable infrastructure that could be hit in future cyber assaults,
said the study by private cyber security company Norse
and the American Enterprise Institute think tank.
… The
study cited data from a network of millions of sensors set up by
Norse. The sensors are designed to look like real websites or other
computer systems -- for banks or power plants -- that might attract
the interest of a hacker.
The
data showed Iran was staging cyber assaults and probes from inside
Iran as well as outside the country.
[The
report will be released later today:
https://www.aei.org/events/honeypots-and-sticky-fingers-the-electronic-trap-to-reveal-irans-illicit-cyber-network/
For
my Ethical Hacking students. A downside of the Internet
of Things You Don't Actually Own Yet.
Troy Wilde reports:
Nevada lawmakers are considering legislation that would allow lenders to remotely shut off a person’s vehicle if he or she is a borrower late with their loan payment.
Assembly Bill 228 authorizes a person who finances the sale or lease of a motor vehicle to install a device which can be used to remotely locate or disable it.
Read more on Public
News Service. The bill already passed committee and will likely
be voted on by the full Assembly in the next few days.
And yeah, what could possibly go wrong?
Another example of “Think before you Tweet!”
Not everyone shares your sense of humor.
Really, FBI, I know you’re under heavy criticism
and all, but you need to lighten up sometimes.
Within 5 minutes of security expert Chris Roberts
(@sidragon1) lightheartedly tweeting on a plane:
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ?
Rafał Łoś (@RafalLos) jokingly responded:
…aaaaaand you’re in jail.
Nine hours later, we learned that Rafal Los’s
prediction was amazingly close to what happened, as Chris tweeted:
and you are right….. 4 hours of discussions and I now no longer have any electronics
Not surprisingly, Chris declined to provide his
decryption keys. As of this morning, he is still without his
electronics and the feds have yet to provide a warrant.
Fox News has a write-up on the incident, here.
[From
the article:
Chris Roberts of the Colorado-based
One World Labs, a security intelligence firm that identifies
risks before they're exploited, said two FBI agents and two uniformed
police officers pulled him off a United Airlines Boeing 737-800
commercial flight Wednesday night just after it landed in Syracuse,
and spent the next four hours questioning him about cyberhacking of
planes.
… Wednesday night, FBI agents confiscated
Roberts’ numerous electronic devices and computer files including
his laptop and thumb drives and demanded he give them access to his
data. They wanted to forensically image his laptop, but it is a
company-owned asset with client information, research and
intellectual property, some of which is sensitive in nature and
encrypted.
So after consulting with his CEO, Roberts told the
agents they would need a warrant, something they still have not
presented.
… “You have one element in the FBI reaching
out to people like me for help, but another element doing a hell of a
job burning those bridges,” Roberts said.
For my Ethical Hacking students.
Andy Greenberg reports:
Hackers have for years bought and sold their secrets in a de facto gray market for zero-day exploits—intrusion techniques for which no software patch exists. Now a new marketplace hopes to formalize that digital arms trade in a setting where it could flourish: under the cover of the Dark Web’s anonymity protections.
Over the last month, a darknet marketplace calling itself TheRealDeal Market has emerged; it focuses on brokering hackers’ zero-day attack methods. Like the Silk Road and its online black market successors, TheRealDeal uses the anonymity software Tor and the digital currency bitcoin to hide the identities of its buyers, sellers, and administrators. But while some other sites have sold only basic, low-level hacking tools and stolen financial details, TheRealDeal’s creators say they’re looking to broker premium hacker data like highly sought-after zero-days, source code, and hacking services. In some cases, these are offered on an exclusive, one-time sale basis.
Read more on Wired.
The debate continues. So, when should a
smartphone search be allowed?
Johanna Miller, the advocacy director for the New
York Civil Liberties Union, writes:
A student’s cell phone isn’t a wallet or hairbrush. Its contents can be as personal as a diary.
In a Texas school district, for example, a teacher seized a student’s phone and searched her text-message history, discovering a private nude photograph she had sent to a friend. The teacher then shared the phone with the school district police officer.
And to make matters worse, the student got in trouble — she was suspended for 30 days because of “incorrigible behavior.”
In New York City, it’s a relief that the Michael Bloomberg-era ban on cell phones in city schools is over. For nearly a decade, the ban imposed needless burdens on kids and parents and served as an unnecessary flashpoint for confrontation between students and school staff.
But now that Mayor de Blasio is finally allowing city schools to catch up to the reality of the digital age, horror stories like the one in Texas show privacy protections for students must catch up in tandem.
Read more on the NY
Daily News. Miller outlines some good suggests for setting
standards and policies. Significantly,
she rightly points out that constitutional rights do not vary from
school to school and it should not be up to individual schools to
decide under what conditions they can search a student’s cellphone.
(Related) A change of tune... (“It is wrong”
would be sufficient.)
Dave Madsen reports:
WILBRAHAM, Mass (WGGB) — Protecting a student’s right to privacy. The Hampden Wilbraham Regional School Committee saying no to giving the company that oversees PARCC testing access to student’s (sic) social media accounts.
School committee members taking a stand for student’s rights to privacy. In a letter to the Massachusetts department of elementary and secondary education, Marc Ducey, chair of the regional school committee says, “It violated their privacy and is a slap in the face to our test proctors who are diligent in ensuring the test environment is protected. It is wrong.”
Read more on WGGB.
For my Disaster Recovery students.
RUMOUR: the
Bloomberg outage was caused by a spilled can of Coke
Bloomberg terminals went
down for nearly two and half hours on Friday and the cause is yet
to be officially confirmed.
However, a source that works in the markets told
Business Insider that the current rumour circulating around
Bloomberg's London newsroom and television studio is that it was
caused by "someone spilling a can of coke on a server
somewhere."
A little light reading for my Data Management
students. You know haw to gather data, how do you push it back out?
10 Tactics
for Launching a Product Using Social Media
Should
I be using this? I think it would just be redundant but it might be
a fun way to spring “Pop Homework” on my students: “Read this
article and write a short paper describing how their security failed.
See you tomorrow!”
WhatsDue -
Schedule and Send Reminders to Students
WhatsDue
is a free service (available for Android and iOS) that enables
teachers to create and send due date reminders to their students.
Students receive the reminders as push notifications on their iOS and
or Android devices.
Here's how WhatsDue
works. First, the teacher registers for a free account on the
WhatsDue website and creates a class or classes. Each class is
assigned its own unique join code. Teachers then invite students and
parents to join the class through the join code. Once students have
joined the class they will begin receiving due date reminders on
their mobile devices.
Teachers can create multiple classes and schedule
multiple reminders for each class from one dashboard on the WhatsDue
website. Students opening WhatsDue on their iPhones or Android
phones will see reminders of approaching due dates and past due
dates.
If you have been leery of using other reminder
systems because of privacy concerns with phone numbers or two-way
communication, WhatsDue
might be for you. It doesn't require phone numbers and it doesn't
have two-way communication. It also allows students to be reminded
of assignments on a schedule that works for them. For example, they
can set the app to remind them of assignments a day before or a
couple of hours before an assignment is due.
No comments:
Post a Comment