I am not a “world class” expert on encryption,
but I know of no way to create “3 key” encryption. It may be
possible. Ask the NSA. I can't think of any reason why they would
employ such a system, but then it's been a while since I worked in
that field.
If I thought that the FBI could read my encrypted
files, I would no longer encrypt – I would encode. Sending, “Blue
baby buggy bumpers” would convey exactly the same message as,
“&7GDA PQPQ7 BLX8S GR4OK PWVUC” but would not be
decipherable. (Neither would a “one time pad” but that is
another story.)
Encryption:
if this is the best his opponents can do, maybe Jim Comey has a point
… Behind
the opponents’ demand for “concrete technical requirements” is
the argument that any method of guaranteeing government access to
encrypted communications should be treated as a security flaw that
inevitably puts everyone’s data at risk. In principle, of course,
adding a mechanism for government access introduces a risk that the
mechanism will not work as intended.
“We gotta do something!” True, but shuffling
the deck does not eliminate marked cards.
… Reps. Ted Lieu (D-Calif.) and Steve Russell
(R-Okla.), who both likely had their security clearance details taken
in the breach, are prepping a bill that would move the security
clearance database away from the OPM, perhaps back to the Defense
Department (DOD), where it was housed until 2004.
“OPM was never designed to deal with national
security,” Lieu told The Hill. [So
which idiots moved it there? Bob]
But several senators backing a bill to boost
oversight of those holding security clearances, told The Hill that
it’s more audits, not
necessarily a new agency, that the review process needs. [They
ignored the audits that pointed out weak security, why would they
stop ignoring them now? Bob]
(Related) Again, shuffling isn't the answer.
Chris Strohm, Michael Riley, and Jordan Robertson
report:
The vast cyber-attack in Washington began with, of all things, travel reservations.
More than two years ago, troves of personal data were stolen from U.S. travel companies. Hackers subsequently made off with health records at big insurance companies and infiltrated federal computers where they stole personnel records on 21.5 million people — in what apparently is the largest such theft of U.S. government records in history.
Those individual attacks, once believed to be unconnected, now appear to be part of a coordinated campaign by Chinese hackers to collect sensitive details on key people that went on far longer — and burrowed far deeper — than initially thought.
Read more on Bloomberg.
[From
the article:
“China
is building the Facebook of human intelligence capabilities,”
said Adam Meyers, vice president of intelligence for cybersecurity
company CrowdStrike Inc. “This appears to be a real maturity in
the way they are using cyber to enable broader intelligence goals.”
“Old data never dies” 2008 breach, 2014
discovery of the breach? Organizations say they have improved
(suggesting “Fixed”) their security after every breach.
Herald Scotland reports:
Barclays is paying around half a million pounds in compensation to 2,000 customers, including many in Scotland, after their personal data was found on a USB stick at a flat on the south coast of England.
The electronic device was found by police with a copy of information originally lost last year in the latest problem to hit the banking industry.
The bank has written to around the customers offering them £250 compensation each.
Read more on Herald
Scotland.
[From
the article:
A source said the information on the USB stick
would have been encrypted and almost impossible for it to be read
without specialist technology.
The letter stated: "The data taken included
information you provided in meetings with a Barclays Financial
Planning adviser prior to 2009.
"It includes details taken during the
meeting...and the subsequent letter Barclays sent you containing our
investment recommendations." It added that it may 'take some
time' to establish how the theft happened.
… In
February last year it was revealed that thousands of files
containing financial and personal data had been stolen from Barclay's
internal data bases.
… The files run to 20 pages per person and
contain information on customer's investment plans and capabilities
and personal information such as health issues and passport number.
Barclays say there is no
evidence it had been opened
The information taken was provided by customers to
Barclay's now closed Financial Planning service prior to 2009.
Since
2014, the company has drastically increased its cyber security
capabilities. [Barn
doors and missing horses Bob]
… A Barclays spokesman said: "This is not
a new theft of data from Barclays. Every indication is that the data
here was part of the same theft of data that was reported
last year, relating to data stolen in 2008.
For my Ethical Hacking students. Why protecting
your identity is important.
Elhanan Miller reports:
Computer hackers likely working for the Syrian regime and Hezbollah have managed to penetrate the computers of Israeli and American activists working with the Syrian opposition, exposing sensitive contacts between the sides.
Al-Akhbar, a newspaper serving as Hezbollah’s mouthpiece in Lebanon, published a series of articles over the weekend purporting to divulge correspondence between Mendi Safadi, a Druze Israeli and former political adviser to Deputy Regional Cooperation Minister Ayoub Kara, with members of the Syrian opposition around the world, taken from taken from Safadi’s computer.
[…]
Though Al-Akhbar’s articles contain dozens of names, nicknames and telephone numbers of Syrians and others who were in touch with Safadi, he maintained they face no real danger of reprisal.
Read more on Times
of Israel.
Always surveilling?
EPIC Urges
Investigation of “Always On” Consumer Devices
by Sabrina
I. Pacifici on Jul 12, 2015
“EPIC has
asked the Federal Trade Commission and the Department of Justice
to conduct a workshop on ‘Always-On’ Consumer Devices. EPIC
described the increasing
presence of internet-connected
devices in consumer’s homes, such as TVs, toys, and
thermostats, that routinely record and store private communications.
EPIC urged the agencies to conduct a comprehensive investigation to
determine whether “always on” devices violate the Wiretap
Act, state privacy laws, or the FTC Act. Earlier this year, EPIC
filed a formal
complaint with the FTC concerning Samsung TV, arguing that the
recording of private communications in the home is an unfair and
deceptive trade practice.”
Not a new type of intrusion, but one greatly
facilitated by the Internet.
AP reports:
Someone else’s sex tape is proving to be costly for 50 Cent: A jury ordered the rapper-actor Friday to pay $5 million to a woman who said he acquired a video she made with her boyfriend, added himself as a crude commentator and posted it online without her permission.
And the Manhattan jurors are set to continue deliberating next week on possible further, punitive damages in Lastonia Leviston’s invasion-of-privacy lawsuit against the multiplatinum-selling “Get Rich or Die Tryin'” artist.
Read more on Fox
News.
(Related) See? This one didn't even need the
Internet.
Kathryn Schroeder writes:
A medical reality show used footage of a woman’s husband dying without her knowledge or permission and she only found out because she tuned in to watch the program.
Mark Chanko was struck and killed by a New York City sanitation truck. He is survived by his wife, Anita Chanko, who counts “NY Med” as one of her favorite television shows.
About 16 months after Mark’s death, Anita sat down to watch the program and, to her horror, her husband’s final moments in the hospital were being shown, reports PIX 11.
“I actually watched my husband die in front of my eyes and the worst thing is not only did I hear him moan and groan in pain but I heard him say, ‘Does my wife know I’m here?’” Anita said.
Read more on Opposing
Views.
Okay, this definitely has a poor taste aspect to
it, but have any privacy laws been broken? How
was the airing of this not a HIPAA violation of her
husband’s privacy? Public curiosity does not make this man’s
care newsworthy, in my opinion. I realize that what happens out in
public – on the street – may result in reduced privacy
expectations, but filming him in the hospital?
How the heck was this found legal?
Might be a few government agencies in the email
address list.
32k email
addresses from the Hacking Team breach are now in “Have I Been
pwned?”
… What I decided to do was just load the email
addresses that appear in the PSTs. This may be a sender or a
recipient or even a mention of the email in the body or in an address
book, but they’re all just from the PSTs. Of the 32k addresses in
there, some of them are completely inconsequential; password reset
links, support queues, spam etc. But the vast majority are
of consequence and the question of establishing context was solved
once Wikileaks
published the PSTs. They’re all now searchable which means
that given a single email address that appears in HIBP against the
Hacking Team breach, a Wikileaks search can establish the context.
(Related) Everyone wants to name a “state
sponsor” for their hack. It makes it seems like they are less at
fault if their “opponent” is an entire country!
Oh ho. Kelly Fiveash reports that Hacking Team
claims it was the victim of a state actor:
The boss of Italian spyware vendor Hacking Team has spoken for the first time about the mass hack on the beleaguered company’s data – which has exposed severe software security holes and gifted terrorists with zero-day exploits.
David Vincenzetti, in an interview with La Stampa newspaper, claimed his firm would recover from the attack and alleged that an unnamed government or organisation with “considerable funds” had infiltrated its data servers and leaked the information.
Read more on The
Register.
Perspective. You don't have to sell the most
phones...
Apple Inc.
Clinches 92% Of Overall Smartphone Industry Profits In Q1 2015
… Apple received 92% of the combined operating
income of the top eight smartphone manufacturers in
the first quarter of 2015, up from 65% last year. This number is
even more surprising when you consider the fact that Apple only sells
less than 20% of smartphones globally.
Something for my Intro to IT class!
History of
the internet – 40 maps and key resources
by Sabrina
I. Pacifici on Jul 12, 2015
For all those who do not recollect or may not know
how the internet evolved from ARPANET in 1969 to the web of 2015 with
its data analytics, e-commerce profiling and of course, global
surveillance, I recommend 40
maps that explain the internet by Timothy
B. Lee via Vox, posted on June 2, 2014: “The internet
increasingly pervades our lives, delivering information to us no
matter where we are. It takes a complex system of cables, servers,
towers, and other infrastructure, developed over decades, to allow us
to stay in touch with our friends and family so effortlessly. Here
are 40 maps that will help you better understand the internet —
where it came from, how it works, and how it’s used by people
around the world.”
I need to try this. We might use it in our
Business classes.
Microsoft's
Business Intelligence Service Gets a Power Boost
An updated version of Microsoft’s Power BI
service will be released July 24, the company announced Friday. The
goal of the updated service is to enable business users to benefit
from business intelligence Relevant Products/Services and analytics
without requiring sophisticated help from analysts, data
Relevant Products/Services scientists, or other tech staff.
… "We believe Power BI is, by a very wide
margin, the most powerful business analytics SaaS service," said
James Phillips, corporate VP for Microsoft's Business Intelligence
Products Group. "And yet, even the most non-technical of
business users can sign up in five seconds, and gain insights from
their business data in less than five minutes with no assistance,
from anyone."
Microsoft offers two levels of the upgraded Power
BI service: a free version
and another that’s $9.99 per month/per user. The differences
between the two tiers have mostly to do with data-refresh rates and
collaboration capabilities.
No comments:
Post a Comment