Saturday, June 06, 2015

Because the government keeps data longer than the Internet (which keeps it forever)?
Andrea Shalal and Matt Spetalnick report:
Data stolen from U.S. government computers by suspected Chinese hackers included security clearance information and background checks dating back three decades, U.S. officials said on Friday, underlining the scope of one of the largest known cyber attacks on federal networks.
Of the four million federal employees whose data were caught up in the breach, 2.1 million are reportedly current government employees, and the fear is that their information could be used for spear-phishing and to obtain even more sensitive information.
Read more on Reuters.
Ellen Nakashima of the Washington Post reports that according to unnamed agency officials, the information obtained in the hack included employees’ Social Security numbers, job assignments, performance ratings and training information but
OPM officials declined to comment on whether payroll data was exposed other than to say that no direct-deposit information was compromised. They could not say for certain what data was taken, only what the hackers gained access to.
And of course, the finger-pointing has begun. As the New York Times reports, an audit of the government’s computer security had as recently as November pointed out the serious security shortcomings.
But watch out for those who attempt to use this hack to support irrelevant or harmful legislation. Any legislation proposed should seriously consider the opinions of actual infosecurity and technology experts. So far, the government’s ridiculous claims that we can have strong encryption but the government should be able to break it makes many of us wonder what color the sky is in Washington these days.


(Related)
Michael A Riley and John Walcott report:
The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from health-care companies.
Forensic evidence indicates that the group of hackers responsible for the U.S. government breach announced Thursday likely carried out attacks on health-insurance providers Anthem Inc. and Premera Blue Cross that were reported earlier this year, said John Hultquist of iSight Partners Inc., a cyber-intelligence company that works with federal investigators.
Read more on Bloomberg.




State sponsored hacking, without actually hacking. (Apple and Microsoft have already greased this slope.) Probably simpler to use Chinese software in China and keep the domestic software secret.
http://www.cnbc.com/id/102734535?__source=google|editorspicks|&par=google&google_editors_picks=true
China may try to force US tech firms to give up code
While U.S. officials investigate whether Chinese hackers breached data for millions of federal employees, Beijing is working on a series of rules to protect itself from foreign cyber incursions—or maybe to get its hands on American tech secrets, or maybe both.
Beijing wants foreign technology firms to give up their source code in exchange for Chinese business, and new rules are set to make that happen, focusing first on the banking sector, and then moving to other important markets.
The first set of rules, from earlier this year, mandated that domestic banks move to "safe and controllable" technology—meaning any tech firm interested in doing business with most Chinese financial institutions would need to hand over its relevant source code and encryption keys. [Would you trust a bank that did that? Bob]




We could use this!
Ann Bednarz reports:
Payday didn’t go as planned on January 2, 2014, for some Boston University employees. On that day, about a dozen faculty members discovered their paychecks hadn’t been deposited into their bank accounts. Thieves had changed the victims’ direct deposit information and rerouted their pay. BU’s IT security team traced the attack to a phishing email sent to 160 people at the university. The email – which prompted BU faculty to click on a link and confirm their log-in details – led to the compromise of 33 accounts. Thirteen faculty members had their paychecks stolen.
[…]
After BU warned faculty and staff of the paycheck heist, the attackers send another phishing attempt that played off BU’s warning and directed recipients to another bogus site. “The folks who sent the original message were actively watching us,” Shamblin said. “They coopted my authority for a second attack on my people.”
[…]
Meanwhile, 1,200 miles away, University of Iowa experienced similar attacks.
Read more on Network World if you have an Insider account. I refuse to sign up because they require that you enable third-party cookies and javascript.




For my Computer Security students.
A Look at Some of the Worst Computer Viruses in History
When you get a virus on your computer, the results can be devastating to you, personally. Some viruses, however, take the destruction and devastation far beyond a few people. Some computer viruses have caused million in damages the world over.
Which computer viruses have been the most destructive throughout history? Check out the infographic below for an extremely detailed look and prepare to be surprised, because some of the damage caused by these viruses is truly hard to comprehend.




Like those devices that monitor your “safe driving,” insurance companies will likely be all over these devices. Perhaps this is the one where they switch from “discounts for users” to “penalties for non-users.” Or governments could require them on all new cars.
Feds And Carmakers Unveil Systems To Disable Your Car If You've Been Drinking
… The National Highway Traffic Safety Administration unveiled a prototype vehicle with an advanced alcohol detection system that could ultimately prevent vehicles from being operated by a drunken driver.
The Driver Alcohol Detection System for Safety — known as “DADSS” — is a noninvasive system aimed at detecting when a driver is above the legal alcohol limit by instantly measuring the driver’s breath or skin. If your blood alcohol level is above 0.08 percent — the legal limit in all 50 states — the car will be disabled.




If increased revenue is greater than legal fees, then: Give the users what they want and let the lawyers figure it out?
As Facebook Video Swells, YouTube Creators Cry Foul Over Copyright Infringement
As Facebook has briskly emerged as YouTube’s first forbidding challenger in online video, racking up 4 billion views per day, the social network may have a mounting copyright issue on its hands -- one that smacks of a similar conflict YouTube faced in its early days.
Increasingly, YouTube creators are alleging that their popular videos are being pilfered from the platform and uploaded to Facebook. A new term has even been coined for this practice: ‘freebooting.’
Because Facebook doesn’t offer adequate copyright protection or give creators the ability to monetize their videos just yet, argues George Strompolos, CEO of leading YouTube network Fullscreen, freebooting is detracting from ever-valuable YouTube views.




From a culture that honors age (and success) this makes perfect sense. Still, Warren isn't likely to buy them.
Chinese online gaming company wins Buffett lunch for $2.3M




Time to start planning.
Microsoft Office 2016 Updated With Collaborative Real Time Presence, Contextual Insights
Microsoft is planning to release a new version of its Office productivity suite, Office 2016, sometime later this year. In the meantime, Microsoft has made available an Office 2016 Public Preview, which is also available for Mac users, and there are a few new features that were just added.




Plan for this too since it's the path to Skye's real time translation service.
You Can Now Use Skype For Web (Beta) If You're In The U.S. Or UK
Skype's web-based client is now available to all U.S. and UK users in open beta, no longer requiring any invites.




For my Business Intelligence students.
The Internet of Things Is Changing How We Manage Customer Relationships
… But now that Big Data and the Internet of Things have come along, we can go beyond the transaction to every little detail of the customer’s actual experience. You can know when customers enter your store, how long they are there, what products they look at, and for how long. When they buy something, you can know how long that item had been on the shelf and whether that shelf is in an area of things that usually sell fast or slowly. And then you can view that data by shoppers’ age, gender, average spend, brand loyalty, and so on.


(Related)
Data Collection From Consumers Continues Without Transparency
by Sabrina I. Pacifici on Jun 5, 2015
National Journal – “Don’t be fooled: Congress may have finally passed the bill reining in the National Security Agency’s bulk-surveillance programs [USA Freedom Act of 2015], but your data is still being collected on the Internet. Lost in the debate over the NSA is the fact that companies like Google and Facebook continue to vacuum up vast troves of consumer data and use it for marketing. The private-sector tech companies that run the social networks and email services Americans use every day are relatively opaque when it comes to their data-collection and retention policies, which are engineered not to preserve national security but to bolster the companies’ bottom lines. Critics say the consumer data that private companies collect can paint as detailed a picture of an individual as the metadata that got caught up in the NSA’s dragnets. Companies like Google and Facebook comb through customers’ usage statistics in order to precisely tailor marketing to their users, a valuable service that advertisers pay the companies dearly to access. “What both types of information collection show is that metadata—data about data—can in many cases be more revelatory than content,” said Gabe Rottman, legislative counsel at the American Civil Liberties Union. “You see that given the granularity with which private data collection can discern very intimate details about your life… For their part, various tech companies are paying attention to the trend. Google on Monday unveiled a frequently asked questions page to address users’ privacy concerns, answering questions like “Does Google sell my personal information?” and “How does Google keep my information safe?” It also revamped its account settings page, offering privacy and security “checkups” to walk users through steps to keep their data safe. On the same day, Facebook announced it will offer the option to send sensitive information, like password reset links, in encrypted emails. (“New Facebook feature shows actual respect for your privacy,” read a Wired headline on an article about the announcement.) Facebook already encrypts traffic to and from its site, and offers privacy fanatics—or those who fear government retribution for their actions on the social network—access to its services via the Tor browser, widely regarded as the most secure and private way to access the Internet.”




I've been thinking about re-writing my handouts. “Captain Math!” “SecurityMan”
The Best Apps for Reading Comics on Your iPad




Dilbert has some ideas for responding to my students!


No comments: