God helps those who help themselves and God help
those who don't. How much would your liability rise if there were
records proving you had been warned but did nothing?
Gwyn D’Mello reports that an online music site
was hacked to make a point after they failed to secure their site
despite multiple warnings:
A white hat hacker used an exploit to
gain access to Gaana.com user credentials, because they neglected to
fix a security bug he reported.
It seems Gaana.com was hacked a few hours
ago, with user data and credentials being accessed. But, in a
fortunate turn of events, the responsible party turned out to be a
white hat hacker.
[…]
Mak Man, the hacker responsible, detailed
the incident in a Facebook
post, saying he had reported the exploit to the website’s team
on multiple occasions, but was ignored. He says he was trying to
bring attention to the glaring hole in their security, and had no
malicious intent.
While users’ credentials were accessed,
Mak Man has since said that the data was being queried in real time,
and was not stored or copied on their server.
The site notes that all its passwords were hashed.
See
their tweets about the incident.
(Related) Don't pay the ransom, but there are
still things you can and should do.
The mSpy data breach is the kind of breach that I
cover over on databreaches.net, but the privacy implications of this
one are so severe that I thought I should note it here.
If you’re using spyware to spy on your children
or a partner – regardless of whether you call it spying or
“monitoring” or any other euphemism – note that you – and
they can be exposed in a breach by companies that do not take
adequate security protections.
Brian Krebs has been all over this breach. Today,
he writes:
The mSpy data was leaked
to the Deep Web, where hundreds of gigabytes of files, chat logs,
location records and other data was dumped after the company
reportedly declined to comply with extortion demands made by hackers
who’d broken into mSpy’s servers. Included in that huge archive
is a 13 gigabyte (compressed) directory referencing countless screen
shots taken from devices running mSpy’s software — including
screen shots taken secretly by users who installed the software on a
friend or partner’s device.
The log file of the screen shots taken
from mSpy-infested devices doesn’t store the actual screenshot, but
instead includes incomplete links to the images. Incredibly,
nearly two weeks after this breach became public, all of the leaked
screen shots remain viewable over the Internet with nothing more than
a Web browser if one knows the base URL that precedes the file name.
And that base URL is trivial to work out if you have an active
mSpy account.
[From
Krebs:
Almost a week after I
requested comment from mSpy, a person named
Amelie
Ross responded with a somewhat nonsensical statement
that essentially said the whole incident was dramatically exaggerated
and aggravated by the media.
“Data logs do not include the information of the
account user, therefore cannot be tracked back to data owner,” Ross
said, ignoring the fact that I was able to identify and contact many
of the company’s customers.
Local. We may not have as many skimmers as
Florida, but we aren't immune either.
Police are hoping that citizens can help
catch some men suspected of attaching credit card ‘skimmer’
devices at local banks….. The devices have been discovered on ATM
machines at both branches of Bank of Colorado in
Grand Junction.
Something for my Ethical Hacking students to push?
ACLU:
Feds should offer rewards for finding cybersecurity flaws
… The group told the Department of Commerce
Internet Policy Task Force in
a
letter Wednesday to provide financial incentives for security
researchers who bring flaws to the government's attention. Such
rewards are common practice at large tech firms.
Do we have to do this state by state? No mention
of any other state's DA being involved.
Acting Attorney General John J. Hoffman and the
New Jersey Division of Consumer Affairs obtained a settlement with
the developer of “Tidbit,”
a software code designed to help websites generate revenue by using
their viewers’ computers to mine for the virtual currency known as
Bitcoin.
A New Jersey Division of Consumer Affairs
investigation has found that, despite initial assertions by Tidbit’s
developer, the software was used to gain access to computers owned by
persons in New Jersey, without the computer owners’ knowledge or
consent.
The Division further found that the developer of
Tidbit offered and provided
the software to web developers without reviewing their privacy
policies, and without having any control, compliance, or review
mechanism in place. The Division alleges that these
actions constituted violations of New Jersey’s Computer Related
Offenses Act and Consumer Fraud Act.
… Pursuant to the
Consent
Order announced Tuesday, Tidbit’s developer is prohibited from
accessing or attempting to access New Jerseyans’ computers without
clearly and conspicuously notifying the owners and obtaining their
verifiable consent. The Consent Order also includes a $25,000
monetary settlement that shall be suspended and automatically vacated
within two years, provided the software developer complies with the
settlement terms.
… Bitcoins are generated or “mined”
through the solving of highly complex algorithms, a process that
requires significant amounts of computer processing power.
… Rather than show ads to consumers, and earn
money by selling space to advertisers, websites that use Tidbit would
earn money by taking over part of the processing power of computers
that visited those sites, and by using those computers to mine for
Bitcoins.
For my Computer Security students. Facebook
should sell T-shirts with a big bulls-eye on them. Add this to your
weaponized drone software as “automatic targeting” and SkyNet is
here?
Facebook
Messenger sends out 'creepily' precise location data, as revealed by
Marauders Map Chrome extension
Facebook sends out such precise data to people you
chat with that your location can be tracked to individual streets, a
new Chrome extension shows.
Every time a person sends a Facebook message from
a phone, it sends out their location to the person chatting with
them. The extensions scrapes all of that data and overlays it on a
map, meaning that a precise chart of people’s movements can be done
using those conversations.
… Some of the data sent out makes it possible
to pinpoint locations to
less than a meter, he said, and that can be used to figure
out people’s regular schedule or to spy on them. Khanna points out
that it doesn’t take many messages to work out people’s habits,
especially if a number of people collude to share their data.
… The location sharing can easily be turned
off. iOS users can do so by heading to settings and then location
services, and turning location off for Facebook Messenger. Android
users can go on the app itself, head to its settings, and turn off
Location Settings.
For my Statistics students. Often, we assume we
know things we don't know. Or at least lawmakers do.
… The plaintiffs are challenging the usual
method (counting total number of people living in a district) and are
asking that states use the total number of eligible voters instead.
The trouble is, we don’t have robust statistics on the number of
eligible voters. If the Supreme Court were to set new standards for
districting, we would need to overhaul the nation’s statistics and
surveys.
Another area where auto-completion will no doubt
cause confusion and amusement.
Google’s
‘Mind-Reading’ Search Answers Your Questions Before You Finish
Typing
When
Google
introduced "Instant" to its search engine
five
years ago, it quickly became another feature that cemented Google
as many persons' go-to provider. With features like that and the
overall accuracy, it's no wonder why Google hogs 65% of the world's
search market share.
Well... it looks like Google's search is
about to become even better. So much better, in fact, that it aims
to answer a question before you can even ask it. A good example can
be seen below:
For the “I want it now!” generation. (and
another weapon in the Amazon-Google war)
Amazon
expands same-day delivery, offers free shipping on orders over $35
Amazon.com Inc said on
Thursday it will expand same-day delivery to San Diego and the Tampa
Bay Area under its Prime shipping service, which has been an engine
of revenue growth for the online seller.
Amazon offers same-day
delivery to Prime members for $5.99 per order and non-members for
$8.99 plus 99 cents per unit. It will now allow Prime members free
same-day shipping on orders over $35, Greg Greeley, head of Prime,
told Reuters.
"We know same-day
delivery volumes will grow dramatically now that we are making it
free," he said.
Another example of the US as the world's police
force? Interesting questions on where these crimes took place and
what the laws were in those countries. Or do we not really care?
FIFA
officials to be indicted by U.S. on corruption charges
About 10 officials of
FIFA,
the governing body of world soccer, will be indicted in the U.S. on
Wednesday on corruption charges involving the awarding of
the
World Cup and marketing and broadcast deals.
(Related) On the other hand, this does not
surprise me at all.
The world's
biggest brands could sue FIFA for millions over 'wasted' marketing
budgets
Looks like the Russian economy has rebounded
enough to start this stupidity again. (Or perhaps certain naysayers
have been silenced?)
Reuters
reporter: Russia is amassing unmarked tanks and soldiers on its
border with Ukraine
Russia's army is massing troops and hundreds of
pieces of weaponry including mobile rocket launchers, tanks and
artillery at a makeshift base near the border with Ukraine, a Reuters
reporter saw this week.
Many of the vehicles have number plates and
identifying marks removed while many of the servicemen had taken
insignia off their fatigues. As such, they match the appearance of
some of the forces spotted in eastern Ukraine, which Kiev and its
Western allies allege are covert Russian detachments.
For all my students.
How Famed
Tech Analyst Mary Meeker Foresees the Future of the Internet
The ever-mounting number of users to join the
World Wide Web may finally be starting to plateau. So says esteemed
tech analyst Mary Meeker, partner at Kleiner Perkins Caufield &
Byers, in her 20th annual Internet Trends report, which she presented
today at the Code Conference in California.
To be fair, Internet user growth is still solid,
Meeker says, but only increased by 8 percent in 2014 compared to 10
percent in 2013. Smartphone subscriptions followed a similar
trajectory, posting increases of 23 percent last year versus 27
percent the year prior.
Her report, embedded below, covers a vast array of
topics, including the expected proliferation of drone usage in 2015.
Meeker predicts that 4.3 million total consumer drones will be
shipped in 2015, comprising a $1.7 billion market.
Meeker also covers the ways in which today’s
youth is consuming -- and increasingly creating -- content on the
Web.
(Related) This may help me communicate with my
students. (I did say, “May.”) My library does not have this
yet.
Microsoft
Researcher Nancy Baym offers her new take on communication in the
digital age
… MIT Comparative Media Studies and Microsoft
Researcher
Nancy Baym
took time out to publish her research on the related phenomenon.
Five years ago, Nancy published
Personal Connections in the
Digital Age. The publication was an investigation into whether
technology had the capacity to diminish the interpersonal
relationships or in some way negatively impact humanity as a whole.
… “In the second edition, in particular, I
wanted to show that research done before social networking sites
existed still has relevance. We
don't need to invent the conceptual and empirical wheels anew with
each new medium.” [Brilliant!
Bob] During the interview, Nancy was also asked about
her opinion on whether or not we are on a road to losing intimacy of
personal connections? Her short answer was no.
Something for the geek toolkit.
Remote
Access Tools or How to Be In Two Places at Once
…
the
right remote access tools can help you connect to and
operate a computer in your office as if you were sitting right in
front of it. They vary in ease of use, features and cost, but we've
collected five of the best for your consideration.
(Related) For the entrepreneur's toolkit.
Free
Technology Resources for Small Business Start-Ups
For my data crunching students.
Dasheroo
Delivers Insight into Critical Business Metrics
There's certainly no shortage of
social
media outlets, emarketing sites and online services to
help you reach the Internet masses and grow your small business. But
there is a shortage of time to track your business' performance on
them all. Sure, you can log into Google Analytics, then Facebook,
then Salesforce, then MailChimp and so on to check the performance
snapshots that each service offers. But what you really need is a
dashboard for your dashboards—which is precisely what
Dasheroo
delivers.
… At the present time, Dasheroo lets you
choose from a solid selection of 18 popular online services (with
more Insights in the works) that includes Google Analytics, Facebook,
Twitter, Google Sheets, YouTube, Campaign Monitor, MailChimp,
Instagram, Salesforce, LinkedIn, SurveyMonkey, Vertical Response,
Constant Contact and others. Simply select the services you want
Dasheroo to track, enter your log-in info for each (you only have to
do that once), and you're ready to construct your custom Dashboard.
[From the
Dasheroo website:
20 Years for FREE! We love you,
our early adopters! So, for all of you that sign-up by June 15,
2015...drum roll please: You’ll get Dasheroo Grande plan FREE for
the next 20 years. Yup. Free. Until 2035.
(Related) For my Data Management students.
Did You
Realize There Were So Many Facebook Apps?
… The official messaging app,
Facebook
Messenger, is a widely-used form of communication. You can not
only send messages to your Facebook friends, but those in your
phone’s contact list as well. You can create group chats, send
photos and videos, and see when others have viewed your messages.
Facebook Messenger is available for both
iOS
and
Android.
For all my students. Very handy App.
Office Lens
- Now Available on Android, iOS, and Windows Phones
Office
Lens is an app from Microsoft that is designed for converting
pictures of notes on whiteboards and paper into notes that can be
edited in Microsoft Word or PowerPoint. I wrote about the app eight
weeks ago when it was still in a limited beta for Android users.
Office Lens is now available for all Android users. You can find the
app in the
Google
Play store. The iPhone version is available
here
and the Windows Phone version can be
found
here.
Probably the best aspect of Office Lens is that
hand-drawn images and figures captured through the app can be
separated from the text to move and manipulate as individual objects
in PowerPoint slides. See the video below for an overview of
Office
Lens.
Office
Lens could be a great app for students to use to snap a picture
of something on a whiteboard then add their own comments to it in a
Word Document.
The option in Office Lens to separate hand-drawn
objects could be a good way to digitize a brainstorming session.
When I brainstorm I often do it in a paper notebook that has pages of
edits. By taking a picture of the brainstorming session I could
separate each part of the notes then move them into new positions on
slides or in a document.