What? You expected a high level of integrity from
a site devoted to cheating?
Mikael Thalen reports:
Leaked emails from Avid Life Media CEO Noel Biderman reveal that a disgruntled user of the online cheating service Ashley Madison hacked hundreds of the site’s user accounts in 2012.
[…]
One such email from Biderman in October of 2012 details how one Ashley Madison user “hacked” multiple accounts and attempted to extort the company.
Yesterday a user of our site ‘hacked’ a number of accounts on Ashleymadison.com by running a script that would guess at their password,” Biderman wrote. “He then contacted us and attempted to extort free ‘credits/membership’ from us.”
Retaliating against Ashley Madison for allegedly creating fake female profiles, the hacker, who specifically targeted fellow users in Brazil, used the script to breach any account with the password “123456.”
Read more on InfoWars.
(Related) I guess we'll see a lot of this kind of
“Fraud.”
It could be very dirty (clever) politics to create
Ashley Madison accounts for people you might want to discredit
politically – particularly when the site doesn’t verify email
addresses.
And that’s what a UK Islamist preacher, Hamza
Tzortzis, claimed happened to him. When he learned his name was in
the leaked database, he took to his Facebook page to explain that it
was an “obvious case of fraud.”
The main problem he’s having is that not
everyone believes his claims because although some information about
him would be publicly available, the
Ashley Madison site had his credit card number, and the account went
on for months.
In response, Tzortzis allegedly deleted the snarky
or skeptical comments from his Facebook page and further clarified
that some of the activities on Ashley Madison are permissible under
Islam (even though he didn’t partake of them).
He currently continues to deny the account was his
and claims to have filed a police report.
Read about it on Breitbart.
I'm teaching my students to govern their IT
departments when they become CIOs. Nothing teaches like a bad
example and there are plenty to choose from.
Administrative
Investigation, Improper Use of Web-based Collaboration Technology, VA
Office of Info Tech
by Sabrina
I. Pacifici on Aug 22, 2015
“VA employees improperly used Yammer.com, a
Web-based collaboration technology, which was not
approved or monitored as required by VA policy. Further,
the website had vulnerable security features, recurring website
malfunctions, and users engaged in a misuse of time and resources.
Although One VA Technical Reference Model (TRM) approved, with
constraints, the installation of Yammer’s Notifier, a Windows
desktop application, use of the Yammer social network was not
VA-approved for employee use. Further, it
was not only promoted by VA employees, but it was used and showcased
in June 2013 by the former Executive in Charge of Information
Technology (IT) and Chief Information Officer (CIO), for
an open chat forum, as well as in a June 2014 CIO Message reminding
employees to comply with VA Directive 6515 when using Yammer, giving
the false impression that VA approved the use of Yammer.com. The
Yammer website did not have an administrator or system set in place
to ensure removal of former VA or contractor employees and the
relatively simple process to post to Yammer not only made VA
vulnerable from user uploading, on purpose or accidentally,
personally identifiable information (PII), protected health
information (PHI), or VA sensitive information, of which any current
or former employee remaining active on the site would have access.
Yammer users violated VA policy when they downloaded and shared
files, videos, and images, risking malware or viruses spreading
quickly from the site. Further, Yammer regularly spammed and
excessively emailed users, as well as VA employees who had no
interest in joining the site, and users
were unable to remove the Online Now instant messaging feature,
resulting in every user violating VA policy simply by logging onto
the site. There were numerous user posts that were non-VA
related, unprofessional, or had disparaging content that reflected a
broad misuse of time and resources. Moreover, the continuous data
streams, instant messaging, video, audio, large files and
attachments, and other uploaded non-VA content to the site may cause
congestion, delay, or disruption of service and degrade the
performance of VA’s network.”
You didn't think the US was the only target, did
you?
Chinese
Hackers Most Likely Targeting India: Experts
Cyber spies most probably based in China have been
snooping on Indian government bodies and universities since 2012 for
sensitive material on its rival neighbor, Internet security company
FireEye said Friday.
FireEye said the hackers seemed particularly
interested in India's border dispute with neighbouing giant China as
well as information on Tibetan activists.
… "It's
also well resourced and works around the clock. We found indicators
in their malware that the group behind it may speak Chinese."
The
hackers sent phishing emails with attachments containing a script
called watermain which when opened allowed them to infect and access
computers.
… Experts
have questioned India's cyber defenses in recent years for reasons
including the fact that many government officials still use Hotmail
and Gmail in their official communications.
“Why can't we all just get along?” A phrase
that has never been uttered by a lawyer?
Microsoft
files antitrust suit against InterDigital in patent feud
InterDigital Inc has
violated U.S. antitrust law by failing to keep its promise to fairly
license its technology considered essential to mobile phone
communications, Microsoft Corp said in a lawsuit on Thursday.
The complaint against
InterDigital, filed in federal court in Wilmington, Delaware, deepens
a long-standing fight over patent licensing between the two
companies.
It comes as the U.S.
International Trade Commission is set to rule this month on whether
Microsoft smartphones should be banned from being imported into the
United States for infringing two of InterDigital's patents.
How not to do that lawyer thing.
At long
last, Prenda mastermind hit with state bar complaint
The Illinois Attorney Registration and
Disciplinary Commission (ARDC) has filed a complaint
against John Steele, one of two lawyers believed to be the
masterminds behind the Prenda Law copyright-trolling scheme.
… This amended complaint has become public
more than two years after US
District Judge Otis Wright blasted Steele and his Prenda colleagues,
referring
them to state bar investigators (as well as the IRS and
Department of Justice.)
… Steele is charged with repeatedly defrauding
courts, charging ahead with discovery against Internet users when he
shouldn't have, and blocking legitimate discovery efforts against
him. He filed frivolous lawsuits and sent "shakedown letters...
for purposes of extracting settlements," the Illinois ARDC
contends.
The document explains how mystery LLCs were set up
as St. Nevis-based owners of porn movie copyrights, then sued more
than 15,000 defendants over the course of a course of eighteen
months, between fall 2010 and February 2012. By 2012, none of the
defendants had been served with process. Rather, Prenda just went
far enough to get discovery against large numbers of Internet users,
then threatened them by phone and mail. Demands
ranged from $2,500 to $4,000 to avoid a lawsuit. "If
you act promptly you will avoid being named as a Defendant," a
typical letter concluded.
By late 2012, about 5,000
of the accused had paid up to Steele and his colleague
Paul Hansmeier. It's unclear how much money they made, but the
complaint states it's in the millions.
Lots of stuff to quote. Some things just jump out
at me.
Searching
for Computer Science Access and Barriers in U.S. K-12 Education
by Sabrina
I. Pacifici on Aug 22, 2015
Google Report, released August 20, 2015 –
Searching
for Computer Science Access and Barriers in U.S. K-12 Education
Principals and superintendents from schools and
districts that do not offer computer science learning opportunities
are most likely to say the main reason their schools do not offer
computer science is the limited time they have to devote to classes
that are not tied to testing requirements
It could be worse, we could be blaring political
stump speeches.
North Korea had deployed twice as many artillery
pieces as usual along the border with South Korea on Sunday, and most
of its submarines had departed from their bases, as the two Koreas
held a second day of talks to try to break a tense military standoff,
officials said.
Negotiators from both sides resumed talks in the
border village of Panmunjom on Sunday afternoon after a marathon
overnight meeting failed to reach a compromise over the terms under
which South Korea would withdraw 11 batteries of propaganda
loudspeakers from the border. The North calls the broadcasts by the
speakers, which include criticism of its political system and its
leader, Kim Jong-un, an “act of war.”
I like the (Free) Microsoft Mathematics
calculator, but some people swear by these. (The process is a bit
complicated.)
How to
Download the TI-84 Calculator on Your Computer
No doubt my geeky students will jump on these.
PhD APIs
(Or, How to Get the Benefit of a Data Scientist without Hiring One)
By now, most IT professionals and line-of-business
managers “get” APIs. They know that application programming
interfaces enable them to quickly and easily add capabilities to
their own products and services, and that offering APIs is a terrific
opportunity to expand audience and gain mindshare. But now comes a
new generation of APIs--ones that are faster, smarter, better. Think
of them as graduate-level interfaces—heck, with some of the
capabilities these APIs now provide, you could call them the “PhDs
of programming.”
ProgrammableWeb
has more than 13,000 APIs in its database, a figure that has doubled
since 2012 and continues to increase. What’s also increasing is
the level of sophistication of APIs.
While many of us are familiar with APIs that add
straightforward features and capabilities such as maps, calendars,
logins and the like—none of which should be sneezed at – PhD APIs
pack the power of a team of doctoral students and researchers. And,
just as leveraging a mapping API means you don’t have to have the
wherewithal to build a mapping API yourself, making use of PhD-level
APIs means you can add highly sophisticated (and often expensive)
features that will benefit the business and the business’s
customers.
Dilbert illustrates the power of an APP.
No comments:
Post a Comment