Interesting that a judge had to explain
attorney-client privilege to lawyers in his courtroom. If this turns
out to be widespread, I think even Warren Buffet will be impressed
with the cost. (I would never recommend this type of hacking to my
Ethical Hacking students.)
Mike Heuer reports:
Major worker’s compensation insurers, including a Berkshire Hathaway company, hacked into thousands of confidential legal files to save money on judgments and settlements, an Angeleno claims in a federal class action.
Hector Casillas claims the insurers “hacked into privileged and confidential litigation files of thousands of individuals litigating worker’s compensation cases against them. The defendants stole these files from servers used by law firms representing the individual litigants and used the illegally obtained information to obtain a litigation advantage.”
[…]
Casillas claims the insurers hacked into tens of thousands legal files, including about 5,000 from Reyes & Barsoum, a prominent worker’s compensation law firm in California.
Read more on Courthouse
News.
Courthouse News was unable to reach counsel for
the parties to obtain any statements about this lawsuit, but it’s
certainly one to watch.
[From
the article:
He claims that attorneys for Reyes & Barsoum
first suspected the hacking during an April 20, 2014 hearing when
attorneys Ching and Mendoza revealed they had Casillas'
"attorney-privileged intake packet" that bore
Rony M. Barsoum's name at the top of the first page and
contained the retainer agreement Casillas had signed.
When the judge asked how Ching and Mendoza had
obtained the confidential file, they gave several explanations before
saying they didn't know, Casillas says.
The judge declared the documents to be protected
by attorney-client privilege and ordered Ching and Mendoza to turn
them over to Reyes & Barsoum, along with any others that might
turn up after a "diligent search," the complaint states.
Does Harvard teach Computer Security?
Melanie Y. Fu reports:
Harvard is investigating a security breach to its Faculty of Arts and Sciences and central administration information technology networks that administrators say may have compromised email login information.
The breach was discovered on June 19, according to a joint statement from Provost Alan M. Garber ’76 and Executive Vice President Katie N. Lapp released Wednesday, and the University is working with federal law enforcement officials and security experts on an investigation.
Garber and Lapp’s statement maintained that officials currently “have no indication that personal data or research data have been exposed,” [Translation: “We asked the security guys to keep us in the dark.” Bob] but administrators are urging affiliates of several University schools to change their Harvard email passwords in response to the incident.
Read more on Harvard
Crimson.
The breach had previously been noted
on Vulnerable Disclosures on June 24:
Probably not related to “Trump the
Presidential candidate.”
Donald
Trump's hotel chain is likely victim of credit card data breach
Donald Trump’s hotel chain appears to be the
latest victim of a credit card data breach, according to
cybersecurity blog Krebs
on Security.
Sources at major banks say they’ve traced
patterns of fraudulent debit and credit card charges to accounts that
have been used at Trump Hotel Collection resorts since at least
February. Affected locations include Chicago, Honolulu, Las Vegas,
Los Angeles, Miami, and New York.
Something for my Computer Security students to
play with in the Security lab.
Deutsche
Telekom, Intel Partner to Develop IoT Honey Pots
German
telecom giant Deutsche Telekom has teamed up with Intel Security on a
joint research project to develop and deploy honey pots that can be
embedded in any device, including smartphones and other connected
(IoT) devices.
Deutsche
Telekom's honeypot project was started in 2010, and currently runs
about 180
honeypot sensors as part of its early warning system, which
identifies upwards of 600,000 attacks per day.
… Under
the alliance, the network will be expanded by adding new sensors,
which will “attract criminals looking for open ports or systems
that do not have the latest security software.”
For
those interested in deploying their own honey pot, Deutsche Telekom's
Community
Honey Pot Project offers a number of different
honey pot options, along with resources, including ISO Images for
Ubuntu, Scripts, and documentation.
A
good article for my Risk management students. Best Practices?
Defending
Against the Insider - Strategies From the Field
… The threat from insiders is very real, and
in many cases an insider has significantly greater potential to harm
an organization than an external attacker does.
Role-Based
Access – It may sound like advice from 1997, but role-based
access is one of the most overlooked and under-developed pieces of
many enterprise IT strategies. As companies grow, expand and add
employees, roles and responsibilities tend to shift. Coupled with the
cumbersome processes of provisioning and de-provisioning access which
takes time and resources, many companies simply opt for an
“all-access” strategy. This generally means that the
administrator who is watching the front desk has access to the same
human resources files containing salary information as the vice
president of the human resources department.
Privileged
Access Management (PAM) – Every enterprise needs administrators
and those with ‘root’ access to critical resources. These people
are the watchers, and a higher level of trust is placed in them to do
what is right and be good corporate stewards. But whether
unintentionally or otherwise, those with privileged access can make
mistakes. ... They should not use built-in ‘administrator’ or
‘root’ accounts in lieu of personal accounts tied to a specific
person. In the event something goes wrong, the organization has a
way of determining who is doing something questionable, rather than
trying to understand who was using the root account.
Privileged-Role
Separation – One organization not only has user and privileged
accounts for each of their system administrator users, but they also
have separate physical computers (now moving to virtual machines) for
administrative and non-administrative activity.
Honeypots – Where allowed by local and
corporate laws, honeypots can be a valuable indicator of malicious
activity.
I think it's more likely to be “Social Media
Attention Deficit Disorder.”
Snapchat
Debuts Tap To View And Nearby Friends Tool, Boosts Security Features
A few months ago, Snapchat’s CEO Evan
Spiegel hinted that the app’s hold-to-watch feature was on its
way out. As of Wednesday, users no longer need to keep a finger on
their screens to view a snap or story. Users can now tap to view
content instead.
The new feature is one of several product updates
Snapchat announced on Wednesday in
a post. ‘Tap to view’ could dismay some advertisers who
liked that users needed to actively touch their screens to view an ad
on the service. However, the feature should please avid users with
restless fingers and could encourage them to watch even longer
videos, including ads.
“This
means no more tired thumbs while watching a
several-hundred-second Story… and a little getting used to for
anyone who has been Snapchatting for a while,” the company said.
Perspective. Who is in the “four comma” club?
If the limit is roughly $2.2 Trillion, how many possible mergers
would be “forbidden?”
Federal
Reserve Board releases first determination of aggregate consolidated
liabilities of all financial companies
by Sabrina
I. Pacifici on Jul 1, 2015
“The Federal Reserve Board on [July 1, 2015]
released its first determination of the aggregate consolidated
liabilities of all financial companies in accordance with section 622
of the Dodd-Frank Act, which prohibits
any financial company from combining with another company if the
resulting company’s liabilities exceed 10 percent of the aggregate
consolidated liabilities of all financial companies. As
of December 31, 2014, aggregate financial sector liabilities was
equal to $21,632,232,035,000. This number will be the measure of
aggregate consolidated liabilities for the purposes of section
622 of the Dodd-Frank Act from July 1, 2015 through June 30,
2016. Aggregate financial sector liabilities generally equal the sum
of the financial sector liabilities of all financial companies.
Perspective.
IE falls
below 55% market share as Chrome and Firefox gain
In June 2015, we saw Microsoft Edge branding
finally
show up in Windows 10, as well as the first full month of Chrome
43 and Firefox
38 availability. Now we’re learning that Microsoft’s current
browser, Internet Explorer, has finally fallen below the 55 percent
market share mark.
The news is a stark reminder that for many months
to come, we’ll be watching Edge slowly but surely steal share from
IE. It will take years before IE becomes completely irrelevant on
the Web.
Suggests an area of specialization my students
might want to explore.
5 facets of
the coming Internet of Things boom
Predictions that the Internet of Things (IoT) will
usher in a new
era of prosperity get some backing in a new
study by consulting firm McKinsey & Company.
The study estimates that the annual value of IoT
applications may be equivalent – in the best case – to about 11%
of the world's economy in 2025. That's based on a number of
assumptions, including the willingness of governments and vendors to
enable interoperability through policies and technologies.
[From
the study:
Currently, most IoT data are not used. For
example, on an oil rig that has 30,000 sensors, only 1 percent of the
data are examined. That’s because this information is used mostly
to detect and control anomalies—not for optimization and
prediction, which provide the greatest value.
Perspective. Is this because we talk (and text)
only with “Friends” as defined by Facebook.
Pew –
Americans, Politics and Science Issues
by Sabrina
I. Pacifici on Jul 1, 2015
“One of the key trends in public opinion over
the past few decades has been a growing divide among Republicans and
Democrats into ideologically
uniform “silos. A larger share of the American public
expresses issue positions that are either consistently liberal or
conservative today than did so two decades ago, and there is more
alignment between ideological orientation and party leanings.
Against this broader backdrop, some have come to worry that many –
if not all – the issues connected to science are viewed by the
public through a political lens. However, the Pew
Research Center finds in a new analysis of public opinion on a broad
set of science-related topics that the role of party and
ideological differences is not uniform. Americans’ political
leanings are a strong factor in their views about issues such as
climate change and energy policy, but much less of a factor when it
comes to issues such as food safety, space travel and biomedicine.
At the same time, there are factors other than political party and
ideology that shape the public’s often-complex views on science
matters. For instance there are notable issues on which racial and
generational differences are pronounced, separate and apart from
politics.
Will “in my Smartphone” replace “under my
mattress” as the world-wide bank of choice? (Digest Item #3)
PayPal
Transfers Money to Xoom
PayPal
has acquired Xoom for around $900 million (or $25 per share).
The two companies are a natural fit, with money transfer service Xoom
allowing people to send
money to themselves or others online or on mobile devices.
This acquisition augments PayPal’s payments
service. However, the real reason PayPal is buying Xoom is to gain a
foothold in countries such as Mexico, India, the Philippines, China,
and Brazil, where Xoom has a significant presence.
(Related) Upgrade your distracted driving from
texting to video phone calls.
Best
Smartphone Apps for Free Cross-Platform Video Calls
… As the leader in this area, Microsoft’s
Skype is the app by which we compare all others. With versions
for all three major desktop platforms, and for the main three mobile
platforms, Skype is the big player. It’s easy to pickup your
mobile and make a video
call to a friend on their PC, smartphone or tablet. The Xbox
One, PlayStation Vita, and various Smart TVs also have Skype
apps.
I'm guessing that Facebook has noticed that their
users have ears and they want to pull money out of them.
Facebook is
in talks with major music labels — but nobody knows why
Apple Music has only just launched, but the music
streaming business could be about to get even more crowded:
Facebook is apparently in talks with multiple major labels.
The
Verge's Micah Singleton reports that the social network is talks
with Sony Music Entertainment, Universal Music Group, and Warner
Music Group about "getting into music," according to
"multiple sources." It plans to do something "unique,"
that may tie into video — but it's all still early days.
(Related) See what I mean?
Facebook
tests a new way to show video - and make money from it
No comments:
Post a Comment