Something my Computer Security students should be
talking about.
Ashley
Madison data breach Q&A
This was always going to be a huge incident given
not just the
scale of the number of accounts impacted by the Ashley Madison breach
(well over 30M), but the sensitivity of the data within it. However
the interest has surprised even me – I loaded the breached data
into Have I been pwned?
(HIBP) about 8 hours ago and I’m
presently seeing about 30k visitors an hour to the site.
I’ve had a commensurate number of media and support queries such
that I just can’t respond to them all individually so I’m putting
together this Q&A instead.
(Related) Do you think they will be treated as
fairly as any other company that suffered a breach?
… The apparent
release last night of personal information for 32 million
registered users of AshleyMadison.com, a website for connecting
people who want to have affairs, is likely to have much more profound
consequences. Impact Team, the group of anonymous hackers who are
taking credit for the breach, sought to have Ashley Madison’s
website taken down in
protest of the company’s business practices and its
encouragement of adultery. But the practical impact of the breach is
likely to be much broader. There are a lot of threads here, and it’s
worth sorting them out.
The consequences for Ashley Madison are likely to
be catastrophic. A CEO who routinely
bragged about the company’s privacy features now seems likely
to face a barrage of lawsuits from members who have found their
information exposed. And a site that depends on privacy and security
to earn members’ trust may find it impossible to win it back.
You should try hard to learn from bad management
so you don't need to make the same mistake.
How Victims
Can Regain Control Mitigate Threats in Wake of OPM Breach
by Sabrina
I. Pacifici on Aug 19, 2015
“In June 2015, the Nation learned that the
personnel records of 21.5 million United States citizens had been
exfiltrated by an unknown adversary from the Office of Personnel
Management, one of the largest known breaches in the history of the
U.S. Government. The immediate public outcry included congressional
hearings attributing the breach to OPM administrators and nation
states and a nationwide media frenzy consumed with criticizing the
government’s cybersecurity posture. Noticeably absent from the
response however has been sustained and meaningful support for the
victims of the breach. In ICIT’s most recent legislative brief
entitled “Moving
Forward: How Victims Can Regain Control & Mitigate Threats in the
Wake of the OPM Breach“, the Institute for Critical
Infrastructure Technology (ICIT) Fellows discuss the short-term (6-12
months), medium-term (1-5 years) and long-term (5-10+ years) threats
faced by federal agencies and victims of the OPM breach. The brief
also provides recommendations on how agencies and victims can
mitigate these risks through a combination of vigilance, governance,
and technology. This brief will be distributed and presented to
members of the House and Senate, federal agency technology leaders
and members of the critical infrastructure community.”
For my IT Governance students who might have
thought really big companies never made mistakes.
Google lost
data after lightning hit Belgian data center
Despite the popular saying, lightning does strike
twice, or even four times — as it did at a Google data center in
Belgium last Thursday, causing problems for the next several days and
leading
to permanent data loss for a small percentage of unlucky users.
The problem began when the facility lost power
briefly during one of the late-summer thunderstorms common in the
area. That caused problems with reading or writing data for about
five percent of disks in the data center. Most were fixed but data
on .000001% of the center’s total disk space was lost. “In these
cases, full recovery is not possible,” the company said in a
statement.
Google accepts full responsibility for the
incident and says it is making upgrades to prevent something like
this from happening again.
In retaliation, detect the Ad Blockers and require
a Captcha to prove the user is human? Add a very obvious watermark?
The great
philosopher Homer Simpson once memorably
described alcohol as “the cause of and solution to all of
life’s problems.” Internet advertising is a bit like that —
the funder of and terrible nuisance baked into everything you do
online.
… Now, more and more web users are escaping
the daily bombardment of online advertising by installing an ad
blocker. This simple, free software lets you roam the web without
encountering any ads that shunt themselves between you and the
content you want to read or watch. With an ad blocker, your web
browser will generally run faster, you’ll waste less bandwidth
downloading ads, and you’ll suffer fewer annoyances when navigating
the Internet.
Ad blocking has been around for years, but
adoption
is now rising steeply, at a pace that some in the ad industry say
could prove catastrophic for the economic structure underlying the
web. That has spurred a debate
about the ethic of ad blocking. Some publishers and advertisers
say ad blocking violates the implicit contract that girds the
Internet — the idea that in return for free content, we all
tolerate a constant barrage of ads.
An interesting application of the Internet of
Things and some wise advice.
Meet Ring,
the connected door bell company that just scored Richard Branson as
an investor
… The doorbell attaches to the side of the
house and can connect to existing wiring or work off a battery. When
someone rings the doorbell it opens an app that runs on the user’s
mobile phone. The user can see and communicate with the person at
the door through the app, which comes in handy for home security, or
if you’d simply like to tell the FedEx carrier where to drop a
package.
That last use case is how Branson found the
company. A visitor to his island spoke with a delivery person who
rang his doorbell, all while thousands of miles away. Branson was
intrigued enough to ask questions—immediately—of Siminoff over
email. Later Branson offered to invest. “When Richard Branson
asks if he can invest in your company, I think there’s only one
answer you can give,” Siminoff says.
The “gig economy” keeps expanding.
Popular ride-hailing company Uber is expanding its
food delivery service, UberEats, to San Francisco.
… Uber has touted its food service as an
"ultrafast" alternative to traditional delivery and online
competitors such as GrubHub and TakeoutTaxi.
… It’s same cashless payment as an Uber
ride. So just tap the app, meet your driver outside, and enjoy."
Perspective.
Mobile
Messaging and Social Media 2015
… 2015
marks the first time Pew Research Center has asked specifically about
mobile messaging apps as a separate kind of mobile activity apart
from cell phone texting. And already, according to a new survey, 36%
of smartphone owners report using messaging apps such as WhatsApp,
Kik or iMessage, and 17%
use apps that automatically delete sent messages such as Snapchat or
Wickr.
… The results in this report reflect the
noteworthy and rapid emergence of different kinds of communications
tools serving different social needs.
… Overall, this survey
found that 85%
of adults are internet users and 67% are smartphone users.
Interesting. Is Australia the cheapest place to
sell bonds?
Apple
launches iBonds in Australia
US technology giant Apple has formally launched a
"benchmark"-sized Australian dollar
corporate bond issue, its first ever sale in the currency, with
order books swelling to
$1.2 billion within two hours.
… The company said the intended use of
proceeds are for 'general corporate purposes' including share
buy-backs, dividend payments and to fund working capital, capital
expenditure, acquisitions and debt repayments.
Apple which has so far raised $US50 billion ($68
billion) of debt since May 2013 has a cash balance of over $US200
billion, but since most of the funds are in offshore jurisdictions it
borrows money to return funds to shareholders to avoid paying a large
tax bill.
Yep, the Democrats are distancing themselves
because they think she's going to tank. Small players so far, but I
expect it will grow.
http://www.msn.com/en-us/news/politics/clinton-comes-under-friendly-fire/ar-BBlRIir?ocid=mailsignout
Clinton
comes under friendly fire
… Martin O’Malley (D), the former governor
of Maryland who remains mired in low single digits in most polls,
said during an appearance on CBS’s “Face the Nation” on Sunday
that Clinton faced “a legitimate question” over her use of the
server.
O’Malley also pointedly
asserted that such a question could be answered
by “Secretary Clinton and her lawyers,” a clear reference to the
choppy legal waters into which Clinton appears to be sailing.
On Monday, Eugene Robinson, the Pulitzer
Prize-winning liberal opinion-writer for the Washington Post,
published a column
excoriating the Democratic frontrunner, under the headline, “Hillary
Clinton is her own worst enemy.”
… Before her latest comments, Dan Pfeiffer, a
former senior adviser to President Obama, offered a backhanded
compliment in an interview with the Washington
Post while seeking to defend Clinton.
“She isn’t as natural a politician as Barack
Obama or Bill Clinton, but that’s like saying Scottie Pippen isn’t
as talented as Michael Jordan or Magic Johnson,” Pfeiffer said.
Given the comparison, and Clinton’s new stumbles
on Tuesday, Pfeiffer’s comments only seemed to underline Hillary
Clinton’s perceived political deficiencies to both her husband and
Obama.
… Julie Roginsky, a former aide to Sen. Frank
Lautenberg (D-N.J.), told Fox News’s “Media Buzz” over the
weekend that the criticism Clinton had received was “deserved and
it is entirely self-inflicted by Hillary Clinton…
You don't need to actually meet anyone, just use
your App to find the skills you need, then email them.
LinkedIn's
New Employee Directory App 'Lookup' Could Boost Daily Activity On Its
Network
On Wednesday, the Mountain View, Calif.-based
professional social network launched
Lookup, an employee directory app aimed at letting users easily
find, learn about and contact their coworkers, through in-app
messaging or by email. Lookup is available on Apple iOS and will
reach Android soon, the company said.
… LinkedIn also says the app doesn’t compete
with office chatroom services like Slack
or Hipchat. Instead, it’s intended to spark just enough dialogue
to lead to a phone call, meeting or email exchange. The standalone
app is free and currently isn’t monetized.
… Lookup is part of a larger plan by LinkedIn
to make more products that satisfy companies’ internal needs.
The next Big Thing? Probably not, but definitely
a trend.
5 Best
Practices for Fast Data
As vendors and users testified at last month's
In-Memory Computing Summit, the relatively low cost of flash memory
is driving databases and apps toward leveraging Fast Data – mobile
and sensor cloud data – using systems whose storage is
predominantly or even entirely composed of main and flash memory.
One use case cited by a presenter employed one terabyte of main
memory and one petabyte of flash.
What is driving this shift in databases and the
applications that use them?
Increasingly, enterprises are realizing that
"almost-real-time" handling of massive streams of data from
cars, cell phones, GPS and the like is the new frontier -- not only
of analytics but also of operational systems that handle the Internet
of Things (IoT). As one participant noted, this kind of real-time
data-chewing not only allows your car to warn of traffic ahead, but
also to detect another car parked around the corner in a dangerous
position.
(Related) How to make fast, faster.
… Today, at the ACM
SIGCOMM conference, we are presenting a paper
with the technical details on five generations of our in-house data
center network architecture. This paper presents the technical
details behind a talk
we presented at Open
Network Summit a few months ago.
From relatively humble beginnings, and after a
misstep or two, we’ve built and deployed five generations of
datacenter network infrastructure. Our latest-generation Jupiter
network has improved capacity by more than 100x relative to our first
generation network, delivering more than 1
petabit/sec of total bisection
bandwidth. This means that each of 100,000 servers
can communicate with one another in an arbitrary pattern at 10Gb/s.
For my Python programming students (and my Math
students). Download the free ebook!
This
company is using insanely complicated math to save its customers tons
of cash
Analysts estimate that the market for data
analytics — the industry term for sifting through mountains of data
until you actually learn something useful from it — will hit $125
billion this year.
… To get all of your data nice and tidy for
analysis, it has to go through a process called "ETL,"
which stands for "extract, transform, load." It can be a
costly, time-consuming, and error-prone process.
ETL software can cost big enterprises hundreds of
thousands of dollars in licensing; hiring consultants to put it all
into place can drive the price tag into the millions.
Enter Algebraix
Data, a California-based data analytics startup that's changing
the equation with what it calls "data algebra."
… For the first five years of the company's
existence, Algebraix played its cards close to the chest and kept
data algebra as a company secret.
But just recently, the company has started to open
the door a little bit: It's published a book by two of its in-house
mathematicians called "The
Algebra of Data," and it's made the core data algebra
algorithms available for any programmer anywhere to download.
The gist is that Algebraix is hoping to force data
algebra into the spotlight, placing itself into the center of what it
hopes becomes the next wave of analytics. Other programmers can use
Algebraix's technology, but as the inventors, and the holders of the
patents, the company stands to profit most.
…
The
Algebraix Technology Core Library is available as a Python library at
http://algebraixlib.readthedocs.org/en/latest/
More arrows in Cable's back?
Cut the
Cord Forever With These 15 TV Streaming Channels
Tools for students. Make following easier.
How to Turn
Any Website into an RSS Feed
No comments:
Post a Comment