Stealing data is bad. Stealing data and then
failing to secure it is even worse. (Would this case get tossed out
in the Eleventh Circuit?)
Justin Baer reports:
Morgan Stanley suspected that Russian hackers stole client data from a former financial adviser who pleaded guilty to illegally accessing the bank’s computers and taking the information home with him.
Galen Marsh, who was fired from the Wall Street firm in January for viewing and copying account information on other advisers’ clients, pleaded guilty in September to one felony count of exceeding authorized access to a computer. But Mr. Marsh had always maintained that he wasn’t responsible for some of the client data appearing online on a text-sharing website, and that he didn’t offer to sell the information.
In a recent court document filed ahead of Mr. Marsh’s sentencing hearing, Mr. Marsh’s lawyers wrote that “based upon conversations with representatives of Morgan Stanley, we learned that hackers emanating from Russia were suspected of posting the information and offering to sell it online.”
Read more on WSJ.
[From the article:
According to court documents, Mr. Marsh allegedly
made
more than 5,000 unauthorized searches of confidential information
on the firm’s computer systems using the identification numbers of
other Morgan Stanley branches, groups and advisers, beginning in June
2011. He uploaded the data, which included client names, addresses,
account numbers and investment information, to a personal server in
his New Jersey home, the prosecutors alleged.
Mr. Marsh has argued he accessed the information
to analyze how other advisers managed clients’ money. Morgan
Stanley has said no clients lost money on the security breach.
Find a popular site. Use them to spread your
malware.
Joseph C. Chen reports:
NOTE: This is a developing story. Please watch this space for updates as we continue to dig into the technical details of this attack.
The blog page of one of the leading media sites in the United Kingdom, “The Independent” has been compromised, which may put its millions of readers at risk of getting infected with ransomware. We have already informed The Independent about this security incident and are working with them to contain the situation. For their part, the news website staff was quick to respond and take action to mitigate the risk this event posed to the website itself and its user base.
It should be noted that only the blog part of the website–which uses WordPress–is impacted; the rest of The Independent’s online presence seem unaffected.
Read more on TrendMicro.
Interesting. A “Golden Parachute” for the
average employee?
Scott Daugherty reports:
A Virginia Beach construction company claims a former employee stole trade secrets earlier this year and provided them to a competitor.
Unlike most such cases, however, officials with Atlantic Marine Construction Company aren’t arguing the employee stole their proposal sheets and other records before he was fired. Rather, the company claims Christopher McGrath, formerly of Virginia Beach, stole them after he was terminated via a widely available computer program he secretly installed on a work computer.
Read more on Virginian-
Pilot.
[From
the article:
The lawsuit said McGrath – Atlantic Marine’s
now-former vice president in charge of construction – installed
“Google Chrome Remote
Desktop” on a work computer in February without
authorization. He was fired in August for reasons not specified in
the suit.
Following his termination, McGrath accessed
Atlantic Marine’s computer network at least 16 times with the help
of the program, the lawsuit said. According to the suit, Atlantic
Marine believes McGrath viewed, copied and downloaded the company’s
trade secrets each time he connected to the network.
Local. There's one in Greenwood Village.
Notified in early November, still leaking customer data until
December.
Ron Ruggless reports:
CM Ebar LLC, parent to the Elephant Bar restaurants, warned customers who used credit cards at the 29-unit chain between August and December that their data may have been breached, the company said Tuesday.
The casual-dining operator said it was alerted to the potential security breach on Nov. 3, and it has investigated and removed the suspected computer malware that lead to the possible incident.
[…]
A representative for CM Ebar said the possible data breach included 20 restaurants in California, three in Colorado, two in Arizona and one each in the remaining states where it operates. A complete list of the restaurants is available at a microsite dedicated to the incident.
Read more on nrn.com.
So, outsource the last bit to a small company?
New EU
cybersecurity rules neutered by future backdoors, weakened crypto
The European Union has drawn up a set of rules
governing the security of the region's digital infrastructure. Under
the framework provisionally agreed last night by Members of the
European Parliament (MEPs) and the Luxembourg Presidency of the EU
Council of Ministers, transport, energy and other key companies will
have to ensure that the digital infrastructure that they
use to deliver essential services, such as traffic control or
electricity grid management, is
resilient enough to withstand online attacks. Similarly,
major digital marketplaces like eBay or Amazon, search engines, and
cloud services will be required to ensure that their infrastructure
is secure, and to report major incidents. Smaller
digital companies will be exempt from these requirements.
Remember, “A wet bird never flies at night.”
Not encrypted – encoded. Decoded it means, “How ignorant!”
Less than a week after the attacks in Paris —
while the public and policymakers were still reeling, and the
investigation had barely gotten off the ground — Cy Vance,
Manhattan’s District Attorney, released a policy
paper calling for legislation requiring companies to provide the
government with backdoor access to their smartphones and other mobile
devices. This is the first concrete proposal of this type since
September 2014, when FBI Director James Comey reignited
the “Crypto
Wars” in response to Apple’s
and Google’s
decisions to use default encryption on their smartphones.
Spam from USPS? Was there really a demand for
this? Why filter out most of their scans?
The US
Postal Service Will Soon Email You Scans of Your Mail
The US Postal Service is rolling out a new service
that emails you scans of the mail you’ll be getting in your mailbox
each day.
The USPS has been testing the service, Informed
Delivery, in some zip codes in Northern Virginia since 2014, and
it will reach the New York City metro area, plus select areas of
Connecticut, beginning this fall. USPS says expansion to other areas
is being considered for 2016. For now, the Postal Service will
only send you scans of letter-sized envelopes.
Once you
sign up, USPS will email you a notification before 11 am
daily, Monday through Saturday, containing grayscale images of just
the front of your envelopes for up
to ten pieces of mail.
… For now, the service won’t be available to
businesses, and it won’t work for packages—USPS says customers
should rely on its tracking and mail hold services instead for those
types of mail.
… USPS actually already
photographs every letter and package mailed in the United States—a
practice it
started after anthrax attacks in late 2001 killed five people,
including two postal workers.
Should be very simple.
Federal
Rules of Civil Procedure 2016 ePub
by Sabrina
I. Pacifici on Dec 8, 2015
From Sarah
Glassmeyer – “The Federal Rules of Civil Procedure just
had a ton of revisions come into effect on December 1. Since the
US Courts only publish this in a 170
page PDF, I thought I’d make it a little more user friendly and
make an ebook (by which I mean an ePub, compatible with everything
but Kindles) out of it. I also added in all of the new forms as
jpegs, so they look the way that they are supposed to look. It
was a massive pain in the tookus to do. You’re welcome.
Anyway, here
it is.”
Thank you Sarah.
Find a book for Christmas break!
NPR’s
Book Concierge – Guide To 2015’s Great Reads
by Sabrina
I. Pacifici on Dec 8, 2015
For my App students in the Winter Quarter.
11 Apps and
Sites for Learning to Code
… The MIT
App Inventorn allows students to create and publish their own
Android applications. The MIT App Inventor works in your web browser
(Chrome is recommended). The only download that is required for App
Inventor 2 is the optional emulator. The emulator allows people
who don't have Android devices to text their apps on their desktops.
If you have an Android device then the emulator is not required and
you don't need to worry about installing it. MIT provides excellent
support
documentation and curriculum for classroom use for new users of
App Inventor. Click
here to read about a great app developed by students using the
MIT App Inventor.
No comments:
Post a Comment