Sunday, August 23, 2015

What? You expected a high level of integrity from a site devoted to cheating?
Mikael Thalen reports:
Leaked emails from Avid Life Media CEO Noel Biderman reveal that a disgruntled user of the online cheating service Ashley Madison hacked hundreds of the site’s user accounts in 2012.
[…]
One such email from Biderman in October of 2012 details how one Ashley Madison user “hacked” multiple accounts and attempted to extort the company.
Yesterday a user of our site ‘hacked’ a number of accounts on Ashleymadison.com by running a script that would guess at their password,” Biderman wrote. “He then contacted us and attempted to extort free ‘credits/membership’ from us.”
Retaliating against Ashley Madison for allegedly creating fake female profiles, the hacker, who specifically targeted fellow users in Brazil, used the script to breach any account with the password “123456.”
Read more on InfoWars.


(Related) I guess we'll see a lot of this kind of “Fraud.”
It could be very dirty (clever) politics to create Ashley Madison accounts for people you might want to discredit politically – particularly when the site doesn’t verify email addresses.
And that’s what a UK Islamist preacher, Hamza Tzortzis, claimed happened to him. When he learned his name was in the leaked database, he took to his Facebook page to explain that it was an “obvious case of fraud.”
The main problem he’s having is that not everyone believes his claims because although some information about him would be publicly available, the Ashley Madison site had his credit card number, and the account went on for months.
In response, Tzortzis allegedly deleted the snarky or skeptical comments from his Facebook page and further clarified that some of the activities on Ashley Madison are permissible under Islam (even though he didn’t partake of them).
He currently continues to deny the account was his and claims to have filed a police report.
Read about it on Breitbart.




I'm teaching my students to govern their IT departments when they become CIOs. Nothing teaches like a bad example and there are plenty to choose from.
Administrative Investigation, Improper Use of Web-based Collaboration Technology, VA Office of Info Tech
by Sabrina I. Pacifici on Aug 22, 2015
“VA employees improperly used Yammer.com, a Web-based collaboration technology, which was not approved or monitored as required by VA policy. Further, the website had vulnerable security features, recurring website malfunctions, and users engaged in a misuse of time and resources. Although One VA Technical Reference Model (TRM) approved, with constraints, the installation of Yammer’s Notifier, a Windows desktop application, use of the Yammer social network was not VA-approved for employee use. Further, it was not only promoted by VA employees, but it was used and showcased in June 2013 by the former Executive in Charge of Information Technology (IT) and Chief Information Officer (CIO), for an open chat forum, as well as in a June 2014 CIO Message reminding employees to comply with VA Directive 6515 when using Yammer, giving the false impression that VA approved the use of Yammer.com. The Yammer website did not have an administrator or system set in place to ensure removal of former VA or contractor employees and the relatively simple process to post to Yammer not only made VA vulnerable from user uploading, on purpose or accidentally, personally identifiable information (PII), protected health information (PHI), or VA sensitive information, of which any current or former employee remaining active on the site would have access. Yammer users violated VA policy when they downloaded and shared files, videos, and images, risking malware or viruses spreading quickly from the site. Further, Yammer regularly spammed and excessively emailed users, as well as VA employees who had no interest in joining the site, and users were unable to remove the Online Now instant messaging feature, resulting in every user violating VA policy simply by logging onto the site. There were numerous user posts that were non-VA related, unprofessional, or had disparaging content that reflected a broad misuse of time and resources. Moreover, the continuous data streams, instant messaging, video, audio, large files and attachments, and other uploaded non-VA content to the site may cause congestion, delay, or disruption of service and degrade the performance of VA’s network.”




You didn't think the US was the only target, did you?
Chinese Hackers Most Likely Targeting India: Experts
Cyber spies most probably based in China have been snooping on Indian government bodies and universities since 2012 for sensitive material on its rival neighbor, Internet security company FireEye said Friday.
FireEye said the hackers seemed particularly interested in India's border dispute with neighbouing giant China as well as information on Tibetan activists.
"It's also well resourced and works around the clock. We found indicators in their malware that the group behind it may speak Chinese."
The hackers sent phishing emails with attachments containing a script called watermain which when opened allowed them to infect and access computers.
Experts have questioned India's cyber defenses in recent years for reasons including the fact that many government officials still use Hotmail and Gmail in their official communications.




“Why can't we all just get along?” A phrase that has never been uttered by a lawyer?
Microsoft files antitrust suit against InterDigital in patent feud
InterDigital Inc has violated U.S. antitrust law by failing to keep its promise to fairly license its technology considered essential to mobile phone communications, Microsoft Corp said in a lawsuit on Thursday.
The complaint against InterDigital, filed in federal court in Wilmington, Delaware, deepens a long-standing fight over patent licensing between the two companies.
It comes as the U.S. International Trade Commission is set to rule this month on whether Microsoft smartphones should be banned from being imported into the United States for infringing two of InterDigital's patents.
Wilmington is the home base of InterDigital, which makes money through the licensing of patents.




How not to do that lawyer thing.
At long last, Prenda mastermind hit with state bar complaint
The Illinois Attorney Registration and Disciplinary Commission (ARDC) has filed a complaint against John Steele, one of two lawyers believed to be the masterminds behind the Prenda Law copyright-trolling scheme.
… This amended complaint has become public more than two years after US District Judge Otis Wright blasted Steele and his Prenda colleagues, referring them to state bar investigators (as well as the IRS and Department of Justice.)
… Steele is charged with repeatedly defrauding courts, charging ahead with discovery against Internet users when he shouldn't have, and blocking legitimate discovery efforts against him. He filed frivolous lawsuits and sent "shakedown letters... for purposes of extracting settlements," the Illinois ARDC contends.
The document explains how mystery LLCs were set up as St. Nevis-based owners of porn movie copyrights, then sued more than 15,000 defendants over the course of a course of eighteen months, between fall 2010 and February 2012. By 2012, none of the defendants had been served with process. Rather, Prenda just went far enough to get discovery against large numbers of Internet users, then threatened them by phone and mail. Demands ranged from $2,500 to $4,000 to avoid a lawsuit. "If you act promptly you will avoid being named as a Defendant," a typical letter concluded.
By late 2012, about 5,000 of the accused had paid up to Steele and his colleague Paul Hansmeier. It's unclear how much money they made, but the complaint states it's in the millions.




Lots of stuff to quote. Some things just jump out at me.
Searching for Computer Science Access and Barriers in U.S. K-12 Education
by Sabrina I. Pacifici on Aug 22, 2015
Principals and superintendents from schools and districts that do not offer computer science learning opportunities are most likely to say the main reason their schools do not offer computer science is the limited time they have to devote to classes that are not tied to testing requirements




It could be worse, we could be blaring political stump speeches.
With Force Deployments, North Korea Raises Stakes of Talks With South
North Korea had deployed twice as many artillery pieces as usual along the border with South Korea on Sunday, and most of its submarines had departed from their bases, as the two Koreas held a second day of talks to try to break a tense military standoff, officials said.
Negotiators from both sides resumed talks in the border village of Panmunjom on Sunday afternoon after a marathon overnight meeting failed to reach a compromise over the terms under which South Korea would withdraw 11 batteries of propaganda loudspeakers from the border. The North calls the broadcasts by the speakers, which include criticism of its political system and its leader, Kim Jong-un, an “act of war.”




I like the (Free) Microsoft Mathematics calculator, but some people swear by these. (The process is a bit complicated.)
How to Download the TI-84 Calculator on Your Computer




No doubt my geeky students will jump on these.
PhD APIs (Or, How to Get the Benefit of a Data Scientist without Hiring One)
By now, most IT professionals and line-of-business managers “get” APIs. They know that application programming interfaces enable them to quickly and easily add capabilities to their own products and services, and that offering APIs is a terrific opportunity to expand audience and gain mindshare. But now comes a new generation of APIs--ones that are faster, smarter, better. Think of them as graduate-level interfaces—heck, with some of the capabilities these APIs now provide, you could call them the “PhDs of programming.”
ProgrammableWeb has more than 13,000 APIs in its database, a figure that has doubled since 2012 and continues to increase. What’s also increasing is the level of sophistication of APIs.
While many of us are familiar with APIs that add straightforward features and capabilities such as maps, calendars, logins and the like—none of which should be sneezed at – PhD APIs pack the power of a team of doctoral students and researchers. And, just as leveraging a mapping API means you don’t have to have the wherewithal to build a mapping API yourself, making use of PhD-level APIs means you can add highly sophisticated (and often expensive) features that will benefit the business and the business’s customers.




Dilbert illustrates the power of an APP.


No comments: