Thursday, July 09, 2015

Even people you would expect to be somewhat knowledgeable about Computer Security surprise (and disappoint) you.
Jeremy Kirk reports:
Hacking Team has warned that a devastating data breach it suffered will allow its spying tools to be used by criminals and terrorists.
The Milan-based security company, which develops surveillance tools for mostly government clients, saw more than 400GB of internal data released on Sunday, including emails, clients lists, financial information and source code.
“Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so,” wrote Hacking Team spokesman Eric Rabe in a news release on Wednesday. “We believe this is an extremely dangerous situation.”
Read more on PC Advisor. See also The Register.
So… maybe they should have secured their intellectual property and files better? And if they didn’t know that 400GB had been exfiltrated, is it possible that their files had already been raided by state actors for other governments who have been using their technology? What will a real forensic investigation reveal?
[From the PC Advisor article:
Almost all of the company's clients have suspended use of RCS now, he wrote.
[From the Register article:
"Hacking Team's investigation has determined that sufficient code was released to permit anyone to deploy the software against any target of their choice.
"Before the attack, Hacking Team could control who had access to the technology which was sold exclusively to governments and government agencies. Now, because of the work of criminals, that ability to control who uses the technology has been lost.




It's not a cyber attack. It's not a cyber attack. It's not a cyber attack.
Glitch perfect
THE timing was poor. At 11:32am on July 8th, at a time when market turmoil in China and fiscal turmoil in Greece were already causing concerns, trading was halted on the New York Stock Exchange (NYSE), once the epicentre of America’s financial markets, on which almost all other trading hinged.
For a moment, the stoppage seemed like grounds for panic. It did not help that a mysterious computer glitch had caused United, one of America’s biggest airlines, to ground all its flights shortly beforehand. The excitable speculated that a coordinated cyber-attack was under way. The president was being briefed, the White House solemnly declared. Happily, it soon became clear that the problem was an internal failure, not an external assault. United’s troubles were unrelated, it turned out. At 3:10pm trading resumed.


(Related)
New York Stock Exchange Blames Shutdown on 'Configuration Issue' as Dow Falls
The Dow Jones Industrial Average took a triple digit hit today after trading on the New York Stock Exchange (NYSE) was halted for three and a half hours.
Exchange officials blamed the shutdown on a "configuration issue" with their systems, according to a statement, and not a "cyber breach," according to a NYSE tweet. The configuration issue pertained to how the exchange's systems interact with one another, a source said.
At the end of trading in New York at 4 p.m., the index closed down 261 points or 1.5 percent to 17,515, while the S&P 500 fell 34 points, about 1.7 percent. The tech-heavy Nasdaq was down 1.8 percent.


(Related) It's merely a coincidence. It's merely a coincidence. It's merely a coincidence.
Anonymous issued cryptic tweet on eve of NYSE suspension
International hacking group Anonymous wished Wall Street ill the night before the New York Stock Exchange temporarily suspended trading on all securities.
The activist group tweeted late Tuesday:
Wonder if tomorrow is going to be bad for Wall Street.... we can only hope.
… The message could also be seen as an allusion to economic unrest in China and Greece, which has contributed to global market turmoil in recent days. U.S. stocks saw modest losses in the early hours of trading Wednesday.




No redundancy? How strange.
Malfunctioning pump shuts down Indian Point reactor
A malfunctioning water pump forced the shutdown of Indian Point's Unit 3 nuclear reactor on Wednesday.
Control room operators shut down the reactor around 2:30 p.m. after they found that one of the unit's condensate pumps automatically stopped while the unit was operating at full power, causing the steam generator's water levels to fluctuate, according to Entergy, which runs the power plant in Buchanan.




Another clear indication that someone is cooking the books. According to the 2014 Wiretap Report, only 3 federal and 22 state wiretaps encountered encryption in all of 2014. So are they lying to congress or are they lying to us?
Andy Greenberg reports:
The debate over encryption and backdoors for law enforcement has long had a surplus of opinions and a deficit of data. On Wednesday, however, New York district attorney Cyrus Vance offered one actual number into the mix: The Manhattan DA’s office has encountered 74 iPhones whose full-disk encryption stymied a law enforcement investigation.
Read more on Wired.




Speaking of Crypto... What group of idiots does Comey think he can convince? Perhaps the same people who think we should pass a law making Pi exactly 3?
Mike Masnick has a recap of yesterday’s Senate hearings on encryption. The hearings offered no surprises in terms of FBI Director James Comey’s claims and arguments. You can read his write-up on TechDirt.
Meanwhile, over on EFF, Jeremy Gillula and Nadia Kayyali write:
Despite all of the evidence to the contrary, FBI Director Comey wants you to know that he doesn’t want another crypto war. As he said today in hearings before the Senate Judiciary Committee and Senate Select Committee on Intelligence (SSCI), he just wants a discussion. Of course, it’s hard to have a discussion when you’re not listening to anyone else. And in this case, Comey and those who support weakening encryption simply aren’t listening to the experts telling them that backdoors or golden keys just won’t keep us safe.
Read more on EFF.




Be careful what you wish for...
http://www.cnbc.com/id/102817366?__source=google|editorspicks|&par=google&google_editors_picks=true
Stolen financial info worse than leaked nude pics: Survey
A MasterCard survey released Thursday found that 55 percent of people would rather have nude pictures of them leaked online than have their financial information stolen.
The research also found that more people would rather have their email accounts hacked—or even have their homes robbed.




I never have to worry about finding articles for my IT Governance class.
JPMorgan to Pay $136 Million to Settle Debt Collection Case
JPMorgan Chase will pay $136 million to settle charges that it used illegal tactics to pursue delinquent credit card borrowers, the Consumer Financial Protection Bureau announced on Wednesday.
The bureau said the bank had illegally relied on robo-signing — signing mass quantities of documents without verifying the data in those accounts — and provided inaccurate information to third-party debt collectors when it sold the accounts. The bureau also said that Chase filed misleading lawsuits using inaccurate information to obtain debt collection judgments on accounts that had been paid off, were discharged in bankruptcy or otherwise were uncollectable.


(Related) Now if we can only agree on the amount...
JPMorgan to Pay $166 Million Over Debt-Collection Abuses


(Related) Perhaps the papers could use some professional accountants too.
Chase settles many debt collection abuse cases -- but not California's
JPMorgan Chase & Co. will pay more than $200 million to settle allegations that it sold faulty credit card debts to third-party collectors, including accounts with legally flawed judgments and inaccurate and paid-off balances and debts owed by borrowers who had died.




...and no one noticed?
Time Warner Cable Forced To Pay $230k For Robocalling Woman 153 Times
… there's a big difference between receiving the odd call once in a while to receiving it all the time, such as what Araceli King had to deal with. In less than a year, Time Warner Cable called her a total of 153 times, all automated, and all meant for someone else. Making matters worse, King had a 7-minute discussion with a customer service rep about the mix-up and still continued to receive such calls.
TWC believed that it had done no wrong, because it "thought" that it was contacting Perez. A US District Judge saw things differently, and jacked the damages to $1,500 per call, resulting in King soon to receive a nice check totaling $229,500.
The judge, Alvin Hellerstein, said that "a responsible business" would have tried harder [A well managed company would never fail like this. Bob] to find the actual person it was seeking. It's hard to dispute that.




Economics according to Mao? Find someone appropriate to blame.
Losing $1 Billion Each Minute, China Blames the Wrong Group
Rumor-spreading short sellers and foreign investors with a hidden agenda.
If you believe China’s state-run media, those are some of the key culprits for a stock-market rout that erased $3.2 trillion of value in three weeks -- or almost $1 billion for each minute of trading on mainland exchanges. The underlying message, that market manipulation is fueling the selloff, was reinforced by securities regulators last week as they pledged to crack down on “vicious” short selling.




How not to enter the US market. Getting it wrong by the numbers.
Why Chinese e-commerce giant Alibaba stumbled with its U.S. shopping site




I'll mention this to my students.
What’s Bing Rewards, How It Works, And What’s New?
… Microsoft is confident that you’ll like Bing as long as you give it an honest try. That’s where the Bing Rewards Program comes into play.
The premise of Bing Rewards is that you can earn credits for searching with Bing. These credits accumulate on your account and can be redeemed for rewards




Something I need to explore.
Realtime Board Offers Collaborative Brainstorming Tools on Your Laptop and Tablet
Realtime Board is a platform for hosting online, collaborative brainstorming sessions. I've been using it off and on since it launched a few years ago. Recently, Realtime Board shifted to using HTML5 which means that it now works equally well on your laptop and on your iPad or Android tablet.
Realtime Board provides a blank canvas on which you can type, draw, and post pictures. You can connect elements on your boards through a simple linking tool. The boards that you create on Realtime Board can be shared publicly or privately. To help you communicate with your collaborators Realtime Board has a chat function built into every board.
Realtime Board's switch to using HTML5 makes it a good platform for hosting online collaborative brainstorming sessions in classrooms that have BYOD programs or any classroom that has a mix of tablets, Chromebooks, and laptops.
Realtime Board grants teachers and students access to all premium features for free. In order to get the premium features for free you do need to complete the form here.




An App for hyping a movie? Sure, there's an App for that! (Digest Item #1)
This IS the App You’re Looking For
Disney and Lucasfilm have teamed up to release a new Star Wars app on Android and on iOS. The free app has more than enough to keep Star Wars fans entertained in the run-up to the release of Star Wars: The Force Awakens on December 18, 2015. A date which has its own countdown timer built right into the app.
There is breaking news from across the Star Wars universe, fun facts from the series, a weather feature linking real-life conditions to those on Star Wars planets, videos, GIFs, selfies, and a sound board. Best of all are the augmented reality elements, which let you use your phone like a lightsaber and add virtual stormtroopers to your homescreen.
People who don’t like Star Wars should obviously avoid the official Star Wars app like the plague. Meanwhile, the rest of us right-thinking, well-adjusted individuals can live out our fantasies of being Luke Skywalker or Han Solo. Geeks rule.




Wally again illustrates how my (clearly not brainwashed) students view the world!


No comments: