Thursday, October 29, 2015

Unfortunately, a common story. Something for my Computer Security students to consider: Security didn't prevent the breach – it even failed to detect it.
13 Million Passwords Leaked From Free Hosting Service
Hackers have stolen more than 13 million user records from the systems of free web hosting service 000webhost, a security expert reported on Wednesday.
Troy Hunt, the owner of the Have I Been Pwned service, which allows users to learn if and where their personal data has been compromised, was contacted by someone claiming that names, email addresses, and plaintext passwords associated with 13 million 000webhost accounts had been leaked online several months ago. The expert later learned that the breach might have occurred as early as March.
After analyzing the data and speaking to several 000webhost.com account owners, Hunt determined that the leak is most likely genuine. The expert also analyzed the website and identified poor security practices, including the storing of passwords in plain text, and the lack of a secure connection when logging in to accounts.
Hunt attempted to contact the breached company many times over a period of several days, but he didn’t manage to get his message through. The owners of 000webhost only admitted being hacked after Hunt published a blog post describing his experience and the story was picked up by the media.




Strange. Nice to see they found this themselves. Strange that they deny it is from their systems even though you can logon to their systems using the passwords. Aren't they even a bit suspicious?
Barry Cooper reports:
More than two thousand British Gas customers have had their personal details posted online after a security breach.
The energy firm has moved to reassure the 2,200 customers affected that despite email addresses and account passwords being placed online, their bank account information has not been put at risk.
While no credit card information was visible, anybody choosing to log in would have been able to see previous statements, user addresses and other information relating to the customer’s energy account.
The data was made available on file sharing website Pastebin, but was removed and only impacted upon a relatively small number of British Gas’ 17 million customers.
To their credit, British Gas discovered the paste themselves through routine checks. But as significantly, they report that the data posted online does not appear to come from their databases. BBC reports:
It says, however, that it does not think its own systems were breached.
[…]
An email sent to affected customers states: “I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk.
“As you’d expect, we encrypt and store this information securely.
“From our investigations, we are confident that the information which appeared online did not come from British Gas.”




Note that this does not mean they are transparent about the data they collect.
ODNI – The Principles of Intelligence Transparency
by Sabrina I. Pacifici on Oct 28, 2015
“The Principles of Intelligence Transparency – In February 2015, the Director of National Intelligence (DNI) published the Principles of Intelligence Transparency for the Intelligence Community (Principles). These Principles are intended to facilitate Intelligence Community (IC) decisions on making information publicly available in a manner that enhances public understanding of intelligence activities, while continuing to protect information when disclosure would harm national security.




Are we narrowing in on a definition of Privacy?
Regulating Real-World Surveillance
by Sabrina I. Pacifici on Oct 28, 2015
Kaminski, Margot E., Regulating Real-World Surveillance (October 27, 2015). Washington Law Review, Vol. 9, No. 113, 2015; Ohio State Public Law Working Paper No. 316. Available for download at SSRN: http://ssrn.com/abstract=2681128
“A number of laws govern information gathering, or surveillance, by private parties in the physical world. But we lack a compelling theory of privacy harm that accounts for the state’s interest in enacting these laws. Without a theory of privacy harm, these laws will be enacted piecemeal. Legislators will have a difficult time justifying the laws to constituents; the laws will not be adequately tailored to legislative interest; and courts will find it challenging to weigh privacy harms against other strong values, such as freedom of expression. This Article identifies the government interest in enacting laws governing surveillance by private parties. Using social psychologist Irwin Altman’s framework of “boundary management” as a jumping-off point, I conceptualize privacy harm as interference in an individual’s ability to dynamically manage disclosure and social boundaries. Stemming from this understanding of privacy, the government has two related interests in enacting laws prohibiting surveillance: an interest in providing notice so that an individual can adjust her behavior; and an interest in prohibiting surveillance to prevent undesirable behavioral shifts. Framing the government interest, or interests, this way has several advantages. First, it descriptively maps on to existing laws: These laws either help individuals manage their desired level of disclosure by requiring notice, or prevent individuals from resorting to undesirable behavioral shifts by banning surveillance. Second, the framework helps us assess the strength and legitimacy of the legislative interest in these laws. Third, it allows courts to understand how First Amendment interests are in fact internalized in privacy laws. And fourth, it provides guidance to legislators for the enactment of new laws governing a range of new surveillance technologies — from automated license plate readers (ALPRs) to robots to drones.”




Research the RIAA and MPAA will simply ignore. (Begs the question: Are pirates 1 out of 47 users?)
With the option to stream millions of tracks supported by an occasional ad, or free of ads for a small subscription fee, Spotify appeared to be a serious competitor to unauthorized downloading.
While there has been plenty of anecdotal support for this claim, actual research on the topic has been lacking. A new study published by the European Commission’s Joint Research Centre aims to fill this gap.
In the study researchers Luis Aguiar (IPTS) and Joel Waldfogel (NBER) compare Spotify streaming data to download numbers from the 8,000 pirated artists on torrent sites, as well as legal digital track sales.
… “According to these results, an additional 47 streams reduces by one the number of tracks obtained without payment,” the paper reads (pdf).




Breaking away from the hype?
How People Are Actually Using the Internet of Things
… We did an open-source analysis of IoT user behavior, looking at 1,000 IoT technology platforms and services and more than 279,000 early adopter interactions with IoT devices. We found that consumers want an IoT that provides personalized services that can be adapted to different contexts. As with the Industrial IoT, the human IoT promises to be transformative.




Useful?
Screenr is Closing - Try Screencast-o-Matic
Earlier today I wrote a post about screencasting tools. In that post I included Screenr. A couple of hours later I received an email from Screenr announcing that they are shutting down on November 11th. Screencast-o-matic is my recommendation for a Screenr replacement.
Screencast-O-Matic is available in a free version and a pro version. The free version allows you to record for up to fifteen minutes at a time (that is plenty of time for most screencasts), publish to YouTube in HD, and save videos to your computer as MP4, AVI, and FLV files. The pro version ($15/year) includes video editing tools, unlimited recording lengths, a script tool, and removal of the Screencast-O-Matic watermark. Both versions of Screencast-O-Matic include a highlighted circle around your cursor so that viewers can easily follow your movements on the screen. A webcam recording option is included in the free and pro versions of Screencast-O-Matic.
Screencast-O-Matic can be used for creating how-to videos or simple flipped lesson videos in which you record yourself talking over a set of slides.




All my students should be using something like this (for the duration of my classes at least).
How to Create RSS Feeds for Google Search Results
Google Alerts, you probably know this, offer an easy way for you to create RSS feeds from the Google search results of any query. This is a good option if you are looking to monitor when new web pages are indexed by Google that match your search query.




Not during class, please.
8 Awesome Paid Mobile Games You Can Download for Free
… All of the games here work on both Android and iOS, and are now free for life—not for a limited period. “Free” still means some sacrifices sometimes, like ads or limited plays, but you still get a full game without having to pay a dime for it.


(Related)
6 Classic Board Games You Can Play on Your Phone




What a relief! I thought my students hated me.
12 Reasons Why People Are STILL Ignoring Your Emails


No comments: