Yep, low hanging fruit.
After a period of relative quiet, it appears that
the hacker known as “JM511″ is back and busy.
According to some tweets last night, the
University of Illinois
has been hacked via SQL injection:
What’s happening? #JM511 I got #SqL_injection#blind On: http://t.co/qeD2Z3o8HN I’m Ur #nightmare @Illinois_Alma
pic.twitter.com/wtIVjSzlt8
— JM511 Hacker☠ (@JM511) May 5, 2015
A screencap from the video shows 133 tables and
other details:
DataBreaches.net did send a courtesy notification
to U. of Illinois, even though @JM511 alerted them himself via his
tweets to their Twitter account.
How long is your compromised data at risk? Until
it no longer is useful. Did you change your password, get a new
credit card, do anything?
Motherboard reports:
Back in March, Motherboard revealed that fully functioning Uber accounts were for sale on the dark web for as cheap as $1 each. At the time, it appeared that the victims of those hacks were based in the United Kingdom. Now, Uber customers from all over the United States have taken to Twitter to complain that their account has been charged for trips they never took, sometimes half way across the world.
In response to Motherboard’s coverage, Uber
issued a statement saying that they basically have no new statement
since their last one. Note that all these are newly reported
charges. And in at least one case, the account was a new one –
created after the reported breach that led to reports of Uber account
information for sale. The
customer admits that she used the same login for her new Uber account
that she’s used for other accounts, so it’s not
compelling proof, but the rash of new fraudulent charges is certainly
concerning.
Read more on Motherboard.
Just consider it “Notice” that the FBI is
watching you.
Remember back in October, 2010 when a student,
Yasir Afifi, found
a GPS device attached to his car and he filed
a lawsuit against the FBI in 2011? Not surprisingly, the DOJ
sought dismissal of the lawsuit in July, 2011.
I lost track of the lawsuit, but thankfully,
Courthouse News didn’t. Today, they report that a federal judge
has thrown out his lawsuit:
Finding that the FBI agents are entitled to qualified immunity, Howell said that “neither the Fourth Amendment nor First Amendment rights he [Afifi] seeks to vindicate in this suit were clearly established at the time and in the place where the challenge conduct occurred.”
The Privacy Act claim meanwhile fails because the records about Afifi’s First Amendment represent “an authorized law enforcement activity,” an exception to the law.
Read more on Courthouse
News.
This is unlikely to “clear things up.”
Joe Cadillic sends along this article by Tim
Cushing:
MuckRock has obtained a whole stack of Stingray-related documents from the FBI. As is to be expected, there’s not much leftunsaid by the agency, which is at least as protective of its own Stingray secrecy as it is with that of law enforcement agencies all over the US.
There’s nearly 5,000 pages of “material” here, most of which contains only some intriguing words and phrases surrounded by page after page of redactions.
Read more on TechDirt.
Interesting. I wonder if I'm in the “terorist”
half of the country?
The Department of Homeland Security is scaling
back its request to hire an outside company to keep track of people’s
license plates, now saying
it only needs half the country.
While the department had originally announced that
it wanted a company to keep tabs on license plates throughout the
nation, it now claims to only want data from “at least 25 states”
and 24 of the 30 most populated metropolitan areas.
Additionally, instead of requiring that the
service make at least 30 million license plate records available each
month, now the department says that it only needs at least 6 million.
U.S. Immigration and Customs Enforcement (ICE) —
the division of DHS looking for the contract — said that the
changes were merely alterations to attract more solicitations from
contractors. [“Once in
place, we can increase it to 100%” Maybe. Bob]
… The new DHS effort comes a year after it
abandoned a previous attempt to build its own license plate reading
system in the face of opposition about its impact on Americans’
privacy.
Cute. But are they kidding?
1 appearance
Former Secretary of State Hillary Clinton has
offered to appear one time and one time only before a congressional
committee convened to investigate the attack in Benghazi, her lawyer
said. I’m going to go out on a limb here and presume CSPAN will be
charging $100 to watch the fight, $90 in standard definition, one
side will have repeatedly voted against gay rights in congress, many
will tune in expecting an all-out brawl, but it will be mostly be
defined by defense, leaving many disappointed in the state of the
sport in general. [The
New York Times]
An application of Big Data Analytics.
Algorithmic
Trading Briefing Note
by Sabrina
I. Pacifici on May 4, 2015
New York Fed: “High-frequency trading (“HFT”),
or high-speed trading (“HST”), a type of algorithmic (or “algo”)
trading, is now a well-known feature of the global market landscape.
In many markets, a small number of firms may account for a large
proportion of trading volume. Although it has been argued that HFT
has lowered investors’ trading costs by reducing bid-ask spreads,
the risk that HFT activity specifically, and algorithmic trading more
generally, poses to firms and the financial markets has sparked
debate and raised concern among market participants and regulatory
agencies globally. This is, in part, owing to the speed of trading
and, therefore, the pace at which exposures may accumulate intraday
at financial institutions. Indeed, unexpected events linked to
algorithmic and high- frequency trading have caused significant
volatility and market disruption, leading to heightened debate around
the risks these activities pose to the functioning of global markets.
The complexity of market interactions among HFT firms and other
market participants increases the potential for systemic risk to
propagate across venues and asset classes over very short periods of
time. This
briefing note focuses on how risks associated with algorithmic
trading are monitored and controlled at large financial institutions
during the trading day. While market structure and trading rules
differ by jurisdiction and asset class, we seek to identify risks
common to algorithmic trading and to suggest questions that
supervisors might consider as they monitor or examine this activity.
Further, by setting forth risk-based principles and questions that
firms already engaged in algorithmic trading can use to assess their
controls over this activity, we aim to facilitate an informed
conversation about sound risk management practices and renew market
participants’ focus on improving risk management of this activity.
Key supervisory concerns center on whether the risks associated with
algorithmic trading have outpaced control improvements. The extent
to which algorithmic trading activity, including HFT, is adequately
captured in banks’ risk management frameworks, and whether standard
risk management tools are effective for monitoring the risks
associated with this activity, are areas of inquiry that all
supervisors need to explore. Further, algorithmic trading activity
has expanded beyond the U.S. equity markets to other markets and
asset classes, including futures, foreign exchange, and fixed-income
markets. Thus, our supervisory approach needs to remain flexible and
adaptable to address growth and evolution of this activity.”
For my students. Know how companies hire! “Game
the system?”
Simple
Online Tools to Make Hiring Easier
Running an open recruitment process – one where
the position is openly advertised – can be overwhelming, especially
if you don’t have at your disposal an HR department that’s
organized to handle the process. This is often the case in small
businesses, volunteer organizations, and some government branches.
I’ve often seen recruitment calls receiving too little interest,
or, worse, paper CVs piling up on a desk, with no clear plan on how
to deal with them.
No wonder so many managers choose to avoid
advertizing openings. An extensively cited 2010
study found that 42% of hires happened at companies that didn’t
report a vacancy. But hiring like this, by word of mouth, is a
mistake.
… Fortunately, time-strapped managers can use
freely available tools to publicize your call, gather applications,
and collaborate with your team for evaluating the candidates.
For my students. Yeah, we'll probably block
this...
Microsoft
is first to let you flip the middle finger emoji
These are times when our
means of self-expression are expanding beyond our means of thought.
We can take one simple sentiment and decide to
text it, e-mail it or to communicate it with a symbol designed by a
4-year-old on a partly cloudy Tuesday.
… as part of Windows
10, it's offering you the chance to emit the one symbol that your
mind telepathically ejects at least once a day. Yes, the middle
finger. That simple, direct digit that says: "Please, I don't
like you very much at all."
The deliriously named Emojipedia
noticed this joyous development and noted that this finger was
actually approved as part of Unicode
7 (which isn't a planet far, far away) in 2014.
Another assignment for my Data Management
students.
5 Ways to
Get People to Use Enterprise Social Software
Companies
are spending more on enterprise social software, but that doesn't
mean employees will use it. What can companies do to boost adoption
and improve their ROI?
Investment in
enterprise social software appears to be picking up. Frost &
Sullivan recently reported that subscriptions for such software grew
nearly 30 percent from 2012 to 2013 and predicted the number of
enterprise
social subscriptions would hit 535 million by 2018.
But actual use
of enterprise social software appears to be lagging investment. A
Dachis Group study published in 2012 found that only
10 to 20 percent of eligible workers actively used their
employer's social business software. Tom
Petrocelli, research director, enterprise social, mobile and
cloud applications, for Neuralytix,
doesn't believe that number has budged much.
Vendors, especially those that bundle social
software with other enterprise applications, tout high adoption
rates,
For my Math students.
Hundreds
of Combinatorics Video Lectures
If you are taking mathematics courses related to
combinatorics or probability, I found a page
from UCLA containing hundreds of video lectures on the said
subjects. It is a collection of lectures from 1993 up to the present
and includes lectures from famous mathematicians such as Terence Tao.
For more free video lectures, visit the All
for Free page of Math
and Multimedia. It also contains posts which links
to hundreds of free ebooks and software.
No comments:
Post a Comment