Because the government keeps data longer than the
Internet (which keeps it forever)?
Andrea Shalal and Matt Spetalnick report:
Data stolen from U.S. government computers by suspected Chinese hackers included security clearance information and background checks dating back three decades, U.S. officials said on Friday, underlining the scope of one of the largest known cyber attacks on federal networks.
Of the four million federal employees whose data
were caught up in the breach, 2.1 million are reportedly current
government employees, and the fear is that their information could be
used for spear-phishing and to obtain even more sensitive
information.
Read more on Reuters.
Ellen Nakashima of the Washington Post
reports
that according to unnamed agency officials, the information obtained
in the hack included employees’ Social Security numbers, job
assignments, performance ratings and training information but
OPM officials declined to comment on whether payroll data was exposed other than to say that no direct-deposit information was compromised. They could not say for certain what data was taken, only what the hackers gained access to.
And of course, the finger-pointing has begun. As
the New York Times reports,
an audit of the government’s computer security had as recently as
November pointed out the serious security shortcomings.
But watch out for those who attempt to use this
hack to support irrelevant or harmful legislation. Any legislation
proposed should seriously consider the opinions of actual
infosecurity and technology experts. So far, the government’s
ridiculous claims that we can have strong encryption but the
government should be able to break it makes many of us wonder what
color the sky is in Washington these days.
(Related)
Michael A Riley and John Walcott report:
The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from health-care companies.
Forensic evidence indicates that the group of hackers responsible for the U.S. government breach announced Thursday likely carried out attacks on health-insurance providers Anthem Inc. and Premera Blue Cross that were reported earlier this year, said John Hultquist of iSight Partners Inc., a cyber-intelligence company that works with federal investigators.
Read more on Bloomberg.
State sponsored hacking, without actually hacking.
(Apple and Microsoft have already greased this slope.) Probably
simpler to use Chinese software in China and keep the domestic
software secret.
http://www.cnbc.com/id/102734535?__source=google|editorspicks|&par=google&google_editors_picks=true
China may
try to force US tech firms to give up code
While U.S. officials investigate whether Chinese
hackers breached data for millions of federal employees, Beijing
is working on a series of rules to protect itself from foreign cyber
incursions—or maybe to get its hands on American tech secrets, or
maybe both.
Beijing
wants foreign technology firms to give up their source code in
exchange for Chinese business, and new rules are set to make that
happen, focusing first on the banking sector, and then moving to
other important markets.
The first set of rules, from earlier this year,
mandated that domestic banks move to "safe and controllable"
technology—meaning any tech firm interested in doing business with
most Chinese financial institutions would need to hand
over its relevant source code and encryption keys. [Would
you trust a bank that did that? Bob]
We could use this!
Ann Bednarz reports:
Payday didn’t go as planned on January 2, 2014, for some Boston University employees. On that day, about a dozen faculty members discovered their paychecks hadn’t been deposited into their bank accounts. Thieves had changed the victims’ direct deposit information and rerouted their pay. BU’s IT security team traced the attack to a phishing email sent to 160 people at the university. The email – which prompted BU faculty to click on a link and confirm their log-in details – led to the compromise of 33 accounts. Thirteen faculty members had their paychecks stolen.
[…]
After BU warned faculty and staff of the paycheck heist, the attackers send another phishing attempt that played off BU’s warning and directed recipients to another bogus site. “The folks who sent the original message were actively watching us,” Shamblin said. “They coopted my authority for a second attack on my people.”
[…]
Meanwhile, 1,200 miles away, University of Iowa experienced similar attacks.
Read more on Network
World if you have an Insider account. I refuse to sign up
because they require that you enable third-party cookies and
javascript.
For my Computer Security students.
A Look at
Some of the Worst Computer Viruses in History
When you get a virus
on your computer, the results can be devastating to you,
personally. Some viruses, however, take the destruction and
devastation far beyond a few people. Some computer
viruses have caused million in damages the world over.
Which computer viruses have been the most
destructive throughout history? Check out the infographic below for
an extremely detailed look and prepare to be surprised, because some
of the damage caused by these viruses is truly hard to comprehend.
Via WhoIsHostingThis
Like those devices that monitor your “safe
driving,” insurance companies will likely be all over these
devices. Perhaps this is the one where they switch from “discounts
for users” to “penalties for non-users.” Or governments could
require them on all new cars.
Feds And
Carmakers Unveil Systems To Disable Your Car If You've Been Drinking
… The National Highway Traffic Safety
Administration unveiled a prototype vehicle with an advanced alcohol
detection system that could ultimately prevent vehicles from being
operated by a drunken driver.
The Driver Alcohol Detection System for Safety —
known as “DADSS” — is a noninvasive system aimed at detecting
when a driver is above the legal alcohol limit by instantly measuring
the driver’s breath or skin. If your blood alcohol level is above
0.08 percent — the legal limit in all 50 states — the car will be
disabled.
If increased revenue is greater than legal fees,
then: Give the users what they want and let the lawyers figure it
out?
As Facebook
Video Swells, YouTube Creators Cry Foul Over Copyright Infringement
As Facebook has briskly emerged as YouTube’s
first forbidding challenger in online video, racking up 4 billion
views per day, the social network may have a mounting copyright issue
on its hands -- one that smacks of a similar conflict YouTube faced
in its early days.
Increasingly, YouTube creators are alleging that
their popular videos are being pilfered from the platform and
uploaded to Facebook. A
new term has even been coined for this practice: ‘freebooting.’
Because Facebook doesn’t offer adequate
copyright protection or give creators the ability to monetize their
videos just yet, argues
George Strompolos, CEO of leading YouTube network Fullscreen,
freebooting is detracting from ever-valuable YouTube views.
From a culture that honors age (and success) this
makes perfect sense. Still, Warren isn't likely to buy them.
Chinese
online gaming company wins Buffett lunch for $2.3M
Time to start planning.
Microsoft
Office 2016 Updated With Collaborative Real Time Presence, Contextual
Insights
Microsoft is planning to release a new version of
its Office productivity suite, Office 2016, sometime later
this year. In the meantime, Microsoft has made available an
Office
2016 Public Preview, which is also available
for Mac users, and there are a few new features that were just
added.
Plan for this too since it's the path to Skye's
real time translation service.
You Can Now
Use Skype For Web (Beta) If You're In The U.S. Or UK
Skype's web-based client is now available to all
U.S. and UK users in open beta, no longer requiring any invites.
For my Business Intelligence students.
The
Internet of Things Is Changing How We Manage Customer Relationships
… But now that Big
Data and the Internet
of Things have come along, we can go beyond the transaction to
every little detail of the customer’s actual experience. You can
know when customers enter your store, how long they are there, what
products they look at, and for how long. When they buy something,
you can know how long that item had been on the shelf and whether
that shelf is in an area of things that usually sell fast or slowly.
And then you can view that data by shoppers’ age, gender, average
spend, brand loyalty, and so on.
(Related)
Data
Collection From Consumers Continues Without Transparency
by Sabrina
I. Pacifici on Jun 5, 2015
National
Journal – “Don’t be fooled: Congress may have finally
passed the
bill reining in the National Security Agency’s bulk-surveillance
programs [USA Freedom Act of 2015], but your data is still being
collected on the Internet. Lost in the debate over the NSA is the
fact that companies like Google and Facebook continue to vacuum up
vast troves of consumer data and use it for marketing. The
private-sector tech companies that run the social networks and email
services Americans use every day are relatively opaque when it comes
to their data-collection and retention policies, which are engineered
not to preserve national security but to bolster the companies’
bottom lines. Critics say the consumer data that private
companies collect can paint as detailed a picture of an individual as
the metadata that got caught up in the NSA’s dragnets. Companies
like Google and Facebook comb through customers’ usage statistics
in order to precisely tailor marketing to their users, a valuable
service that advertisers pay the companies dearly to access. “What
both types of information collection show is that metadata—data
about data—can in many cases be more revelatory than content,”
said Gabe Rottman, legislative counsel at the American Civil
Liberties Union. “You see that given the granularity with which
private data collection can discern very intimate details about your
life… For their part, various tech companies are paying attention
to the trend. Google on Monday unveiled a frequently
asked questions page to address users’ privacy concerns,
answering questions like “Does Google sell my personal
information?” and “How does Google keep my information safe?”
It also revamped its account settings page, offering privacy and
security “checkups” to walk users through steps to keep their
data safe. On the same day, Facebook announced
it will offer the option to send sensitive information, like password
reset links, in encrypted emails. (“New Facebook feature shows
actual respect for your privacy,” read a Wired
headline on an article about the announcement.) Facebook already
encrypts traffic to and from its site, and offers privacy fanatics—or
those who fear government retribution for their actions on the social
network—access to its services via the Tor browser, widely regarded
as the most secure and private way to access the Internet.”
- See also NYT – Sharing Data, but Not Happily
I've been thinking about re-writing my handouts.
“Captain Math!” “SecurityMan”
The Best
Apps for Reading Comics on Your iPad
Dilbert has some ideas for responding to my
students!