Thursday, June 25, 2015

I'm thinking of writing a book titled: “Chinese Hackers's Best Practices.” Nothing new or innovative, just pointing out all the existing security holes every hacker knows. The ones we teach our Ethical Hacking students.
Government Credentials on the Open Web
by Sabrina I. Pacifici on Jun 24, 2015
Follow up to Massive hack of federal personnel files included security-clearance database – related news – “Recorded Future identified the possible exposures of login credentials for 47 United States government agencies across 89 unique domains. As of early 2015, 12 of these agencies allowed some of their users access to computer networks with no form of two-factor authentication. This scenario heightens the risk of cyber espionage, crime, or attack for these agencies. This data was identified through open source intelligence (OSINT) collection and analysis of 17 paste sites including Pastebin.com over a one year period ending in November 2014. Recorded Future shared this information with the majority of affected agencies in late 2014 and early 2015. At the time of our analysis, the Department of Energy had the widest exposure, with email/password combinations for nine different domains identified on the open Web. The Department of Commerce was the second hardest hit with seven domains suffering exposures.”




For my Computer Security students.
UK: Information Security Breaches Survey 2015
by Sabrina I. Pacifici on Jun 24, 2015
PWC: “We have been commissioned by the Department for Business, Innovation and Skills (BIS) to survey companies across the UK on cyber security incidents and emerging trends… The key observations from the 2015 survey were:
  • The number of security breaches has increased, the scale and cost has nearly doubled. Eleven percent of respondents changed the nature of their business as a result of their worst breach.
  • Nearly 9 out of 10 large organisations surveyed now suffer some form of security breach – suggesting that these incidents are now a near certainty. Businesses should ensure they are managing the risk accordingly.




Fortunately, they can learn from the IRS. (See next article)
Michael Hardy reports:
The government stores personal information on millions of Americans who have used the Healthcare.gov system, a situation which is raising privacy concerns as the recent successful attack that compromised Office of Personnel Management data makes plain the damage that hackers can do.
Called the Multidimensional Insurance Data Analytics System, or MIDAS, the system stories names, Social Security numbers, financial accounts and other sensitive personal information. But according to an Associated Press report, there is no plan in place to destroy old records, raising eyebrows among cybersecurity experts.
Read more on Federal Times.




Yet another article for my IT Governance class. We will discuss “legal holds” and Best Practice procedures that ensure that data is retained as long as needed and deleted when no longer required. In this case it is very unlikely that the “employees” made a mistake. They deleted the emails as required by their data retention policy.
Watchdog: IRS erased backups after loss of tea party emails
IRS employees erased computer backup tapes a month after officials discovered that thousands of emails related to the tax agency's tea party scandal had been lost, according to government investigators.
The investigators, however, concluded that employees erased the tapes by mistake, not as part of an attempt to destroy evidence.
As many as 24,000 emails were lost because 422 backup tapes were erased, according to J. Russell George, the Treasury inspector general for tax administration.
The revelation is likely to fuel conspiracy theories among conservatives who say the IRS has obstructed congressional investigations into the scandal.
George says the workers were unaware of a 2013 directive from the agency's chief technology officer to halt the destruction of email backup tapes.




This seems high to me, even after seeing all those subpoena reports from Google, Facebook, etc.
Justin Davenport reports:
Scotland Yard is making more than 120 requests a day to access private phone calls, texts and emails, new figures reveal.
Statistics revealed to the Evening Standard show that last year the Met made 45,249 requests to obtain communications data under the Regulation of Investigatory Powers Act, or Ripa.
The legislation allows officers to access people’s phone use, emails and web searches — provided they do not view the content.
Read more on the London Evening Standard.




Keeping up...
Dan Cooper writes:
On June 18, 2015, the Canadian Parliament passed the Digital Privacy Act (DPA), Senate Bill S-4, into law. The DPA amends Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA) in important respects, including introducing a new data breach notification requirement (which is not yet in force) and making other material changes to PIPEDA. This post summarizes key changes to PIPEDA brought about by the DPA.
Read more on Covington & Burling Inside Privacy.




Free texting?
Messaging will be Facebook's 'next major wave of innovation and financial windfall'
When Facebook purchased WhatsApp last year for $19 billion, many were shocked by the astronomical price paid for a little-known company with only 55 employees.
… In a note to clients on Tuesday, Deutsche Bank estimated that WhatsApp, along with Facebook’s Messenger app, will have more than 2 billion active users and generate between $9 and $10 billion in revenues in 2020.
Deutsche Bank is predicting an enormous monetization of Messenger and WhatsApp, which currently provide $0 and $49 million in revenues, respectively. By 2020, they expect those numbers to jump to $4.224 billion and $4.827 billion, representing about 17% of Facebook’s total ad revenues.
Messaging apps are becoming immensely popular around the world, with mobile-first apps like WhatsApp being "always on" replacements for SMS.
"The value of sending fast, reliable and free messaging vs. the previous onerous SMS fees charged by carriers (especially for international SMS), is clear as day and a big reason why these services took off initially on a global scale," the report said.
Facebook’s two apps have grown globally too, especially in emerging markets. WhatsApp has 800 million users, with 80% from emerging markets while Messenger has 700 million users, with 75% from these markets.
WhatsApp has penetrated an impressive 88% of the mobile market in Brazil and 81% of the mobile market in Argentina.




Perspective. (And perhaps to inspire a new business model?)
Apple Music will pay labels just $0.002 per stream during its free trial — before tax
… Spotify says it pays labels and publishers between $0.006 and $0.0084 per stream. A Guardian report suggests that the average payment a signed artist gets after their label takes its share is a mere $0.001128.
… Apple will pay music owners 71.5% of Apple Music's revenue in the US. Outside the US this could fluctuate, but will average out at around 73%.
… Apple's revenue split is only a few percentage points more than the industry average of 70%, which Spotify also says it pays.




Interesting. Is this enabled by any technology beyond the connection?
Ford takes on Uber with car-sharing program
Ford is launching a pilot car-sharing program, according to multiple reports.
Under the program, people who have financed their vehicles through Ford’s credit arm will be able to rent it out for short periods of time, according to the Associated Press. U.S. based owners will do so through a program created by Getaround, a California-based startup that allows people to rent out their cars.
… It’s a sign that the car manufacturer is looking to confront the way that short-term car sharing services like Zipcar and ridesharing platforms like Uber have changed the American public's relationships with cars.
"We are seeing a lot of folks that don't want to own a vehicle, and we as a company want to make sure we are listening to customers and see if we can help in that regard," Ford CEO Mark Fields told CNBC. "Customers, particularly in urban areas want access versus ownership."




Another technology I'll probably never use. BUT, it might increase the number of students who “read” the textbook...
The Rise of ‘Speed-Listening’
… speed-listening represents yet another step away from the curled-in-bed ideal. It suggests that a book exists not primarily for pleasure, but rather for being sucked of its precious information as efficiently as possible. It suggests that digital advances can help make an extremely old activity—reading—newly transactional.
… personalized, sped-up audio playback, for its part, has been around since 2004, Brian Feldman notes, when Apple introduced variable playback speeds into its iPod software. In 2007, the “Getting Things Done” blog recommended “adjusting the playback speed of your audiobook or video to a maximum of 150 percent” to complete the book more quickly. In 2010, the tech blog GigaOm suggested “speed-listening to podcasts” as an overall time-saving technique. Software titled, straightforwardly, FasterAudio promises to “cut your audio learning time in half.”




This is just showing off, but I'll add it to my next Excel class.
How to See All Your PC Information Using a Simple Excel VBA Script
Have you ever needed to know your computer’s CPU or memory details, serial or model number, or installed software versions, but weren’t sure where to look? With just a bit of simple code in Excel, you can extract a whole library of your Windows PC information.




I may have a use for this too.
Create Interactive Videos on Wideo
Wideo is a nice tool for creating Common Craft-style videos. You can create animated videos on Wideo by dragging and dropping clipart and text in storyboard frames. You set the position and animation sequence for each element in each storyboard frame. When you have completed your storyboards Wideo generates a video for you.
This week Wideo added a new feature that allows you to build interactive buttons into each frame of your video. The buttons can be hyperlinked to any webpage that you like. When people are watching your video they can click the buttons to be taken to the webpage you want them to land on.
… The free version of Wideo limits video length to 45 seconds. 45 seconds is long enough for a lot of video projects. Discounts are given to educators who want to purchase the capability to produce longer videos.




How to Tweet better than your students.
Send Tweets with Rich-Text Formatting using TallTweets
A new release of TallTweets has just been rolled out and it includes several new features and enhancements. The interesting additions are:
  1. TallTweets now supports rich-text formatting so you can use bold text, write in italics or even mark words with the yellow highlighter. See image tweet.
  2. You can compose Tweetstorms (numbered tweets, sent sequentially) and TallTweets will offer a live preview as you type so you know exactly how the tweets will look like in your timeline. See Tweetstorm
  3. TallTweets has gone international and now supports all languages including Hindi, Arabic, Malay, Chinese and more. In fact, if you use the “tweet as image” option, you can even send tweets in languages that are not officially supported by Twitter yet.




According to this, I'm writing my Blog all wrong. But perhaps it will help my students...
How to Write a Piece of Content From Conception to Publication
Are you trying to write something, either for work or just for your own enjoyment? Sitting down in front of a computer and delivering a piece of content can be a stressful experience.
You need a roadmap that will guide you through the process, and that’s just what the infographic below provides you with. It breaks everything down into small steps that anyone can accomplish. By the time you’re done, you’ll have created a finished piece of written work that you can be proud of!


No comments: