Monday, August 24, 2015

Oh, now you get serious about security... (Rutgers is actually better than that.)
Speaking of universities getting hacked, Kelly Heyboer reports that multiple attacks on Rutgers University that have resulted in the university investing seriously in preventing the next attack.
Heyboer reports, in part:
It is unclear if one cyber attacker was responsible for the series of disruptions that knocked Rutgers’ vast computer network offline four times during the 2014-2015 school year. But, school officials said the attacks appeared to be related.
An alleged hacker who goes by the name Exfocus claimed responsibility for the attacks, boasting he or she was paid $500 an hour in Bitcoin by a client with a grudge against Rutgers to disrupt the university’s computer systems.
Exfocus taunted Rutgers officials and students on Reddit, Twitter and other social media sites last spring.
“Honestly, I am sitting here dumbfounded at the amount of incompetence displayed once again by the Rutgers IT department. I’m fairly certain I could run circles around all of you with my eyes closed, and one leg amputated,” Exfocus said in an April 29 post on the website Pastebin.
The hacker also allegedly gave a brief interview to a local tech blogger, who released a transcript of their conversation.
Read more on NJ.com,
Most schools do not have someone allegedly arranging to DDoS them because of some grudge, but at any point in time, any university may be fighting off numerous attacks as well as phishing attempts. Given the wealth of data universities collect and retain on students, investing in data security and training is not only reasonable, but downright necessary.




Are these low-hanging fruit or is this hacker better than average?
Well, they can’t say they weren’t warned. The hacker who uses the nick “JM511” has been busy hacking more universities and has dumped some data from the University of California at Los Angeles. In a tweet last night, @JM511 noted that they had been warned twice:
JM511 Hacker☠
‏@JM511
You've bEEn #warned #2times
@UCLA
2:37 AM - 23 Aug 2015
According to JM511, he warned them via email more than one week before the attack. Minutes ago, he tweeted a link to the data dump.
In the paste, JM511 included sample data from UCLA tables that include userids, usernames, and passwords. Other tables include university email addresses, first and last names, usernames, and passwords. Most of the passwords dumped were not plain-text, although one table does appear to have plain-text passwords.
As he has done in other cases, JM511 posted information about the system:
web application technology: Apache 2.2.2, PHP 5.2.5
back-end DBMS: MySQL 5.0.12
banner: ‘5.0.22-log’
[04:42:18] [INFO] fetching current user
current user: ‘celf@localhost’
[04:42:18] [INFO] fetching current database
current database: ‘celf’
UCLA is not the only university JM511 reports attacking via SQLinjection and XSS, however. In other tweets overnight, he also notified Western Governor’s University in Utah, the University of Minnesota, DePaul University, and Northern Illinois University that he had hacked them. His tweets provide links showing the vulnerable urls that he used.
JM511 does not appear to have dumped any personal data from those additional universities, but of concern, in another tweet, he suggests that he may soon be dumping data from Southern Illinois University, a university whose infosecurity was found concerning in a 2014 audit.
Whether the universities’ social media teams will understand his tweets to them and contact their university’s IT security immediately remains to be seen.




A human perspective.
Here’s what Ashley Madison members have told me




This would explain why politicians listen to Google.
Researcher claims Google can manipulate election results
by Sabrina I. Pacifici on Aug 23, 2015
Politico.com,Robert Epstein: “America’s next president could be eased into office not just by TV ads or speeches, but by Google’s secret decisions, and no one—except for me and perhaps a few other obscure researchers—would know how this was accomplished. Research I have been directing in recent years suggests that Google, Inc., has amassed far more power to control elections—indeed, to control a wide variety of opinions and beliefs—than any company in history has ever had. Google’s search algorithm can easily shift the voting preferences of undecided voters by 20 percent or more—up to 80 percent in some demographic groups—with virtually no one knowing they are being manipulated, according to experiments I conducted recently with Ronald E. Robertson. Given that many elections are won by small margins, this gives Google the power, right now, to flip upwards of 25 percent of the national elections worldwide. In the United States, half of our presidential elections have been won by margins under 7.6 percent, and the 2012 election was won by a margin of only 3.9 percent—well within Google’s control…”




Holding data is not a privacy violation. It's all about how you use that data.
Katitza Rodriguez writes:
In March 2015, the United Nations Human Rights Council endorsed the creation of a special rapporteur on privacy. The landmark resolution, spearheaded by Brazil and Germany and cosponsored by 46 states, including 10 other Latin American countries, gives the right to privacy the international recognition and protection it deserves.
For Latin America, this resolution couldn’t have come at a better time. An alarming legislative trend is unfolding in several countries in the region, aimed at passing data retention laws that compel telecommunications companies to retain the details of customers’ activities for future review by government agencies. Such details include whom they communicate with, for how long and from where. No one is exempt from this data collection, which is kept available for law enforcement (and other government bodies) to examine in the future.
Read more on Americas Quarterly.
Gee, it would be nice if the U.S. recognized a right to privacy as a human right not to be trampled by government agencies…




What world do school administrators live in?
Huh? Schools Think Kids Don’t Want to Learn Computer Science
Times have never been better for computer science workers. Jobs in computing are growing at twice the national rate of other types of jobs. By 2020, according to the Bureau of Labor Statistics, there will be 1 million more computer science-related jobs than graduating students qualified to fill them.
If any company has a vested interest in cultivating a strong talent pool of computer scientists, it’s Google. So the search giant set out to learn why students in the US aren’t being prepared to bridge the talent deficit. In a big survey conducted with Gallup and released today, Google found a range of dysfunctional reasons more K-12 students aren’t learning computer science skills. Perhaps the most surprising: schools don’t think the demand from parents and students is there.
… A full nine in ten parents surveyed viewed computer science education as a good use of school resources. It’s the gap between actual and perceived demand that appears to be the problem.




Hey! I like those Chrome extensions, let me copy them to Firefox!
Mozilla Bringing Chrome Extensions To Firefox: Here's The Good And The Bad
In a major announcement, Mozilla has announced that Firefox will be implementing a new extension API that will be compatible with the one used by Chrome and Opera. Basically, many Chrome extensions could soon be coming to Firefox.
The API, called WebExtensions API, will mean that developers will only need to make a few small changes to their code in order to bring their extensions to Firefox. So, while users won't be able to install Chrome extensions themselves to Firefox, many developers will likely make the small alterations in order to cater to Firefox users.




For the next time I teach statistics. (My students need to look outside the US)
Eurostat – Your key to European statistics
by Sabrina I. Pacifici on Aug 23, 2015
Eurostat’s mission: to be the leading provider of high quality statistics on Europe. Eurostat is the statistical office of the European Union situated in Luxembourg. Its task is to provide the European Union with statistics at European level that enable comparisons between countries and regions. This is a key task. Democratic societies do not function properly without a solid basis of reliable and objective statistics. On one hand, decision-makers at EU level, in Member States, in local government and in business need statistics to make those decisions. On the other hand, the public and media need statistics for an accurate picture of contemporary society and to evaluate the performance of politicians and others. Of course, national statistics are still important for national purposes in Member States whereas EU statistics are essential for decisions and evaluation at European level. Statistics can answer many questions. Is society heading in the direction promised by politicians? Is unemployment up or down? Are there more CO2 emissions compared to ten years ago? How many women go to work? How is your country’s economy performing compared to other EU Member States? International statistics are a way of getting to know your neighbours in Member States and countries outside the EU. They are an important, objective and down-to-earth way of measuring how we all live.”




For my science fiction reading students.
2015 Hugo Award Winners Announced




Dilbert predicts future technology law?


No comments: