Worth reading. (Stop smirking.)
Why The
Ashley Madison Hack Is More Scary Than Funny
… After
almost two years of unending data breaches, everyone knows cybercrime
is bad, damaging and dangerous. And yet the Ashley Madison hack made
us smile
… At
the time of the breach, the group claiming credit, the Impact Team,
made the breach known by posting a small amount of a supposedly
larger cache of stolen (and identifying) user data and made Ashley
Madison’s owner, Avid Life Media, an offer: take down the site, or
see all the data go up for public consumption.
And then … nothing.
For about a month the issue didn’t progress – Ashley Madison
stayed up, and the data remained under wraps.
Until this week.
That’s when
the whole breach
went up on the Web in the form of a giant data dump. And this
time around, smirks certainly abound.
… The
Ashley Madison hack in terms of the sheer amount of data was massive
— 10 GB of data (and that was compressed) from over 33 million
accounts
… The
Ashley Madison hack in terms of the sheer amount of data was massive
— 10 GB of data (and that was compressed) from over 33 million
accounts — or the equivalent of four motion pictures worth of data.
And within those accounts is a virtual buffet of personal
information.
Home addresses, 36
million email addresses, phone numbers, partial payment
data, first and last names and hashed passwords — and financial
transactions.
Paid extra for the
premium “guaranteed affair within three months” service? That’s
in the records. Paid the company to delete your account and forget
they ever saw you? That’s there too. All in, records documenting
9.6 million transactions
were included in the full data dump – all of which appeared on an
Onion (Tor) website.
… TrustedSec
researcher Dave Kennedy wrote in a blog
post. “This is much more problematic as it’s not just a
database dump, this is a full scale compromise of the entire
company’s infrastructure including Windows domain and more.”
(Related)
An interview of the hackers. Apparently, there was no security.
Ashley
Madison Hackers Speak Out: 'Nobody Was Watching'
(Related) Now
this is curious. I wonder whose name they are trying to hide?
Now the UK’s
Information Commissioner’s Office has posted something about the
legalities concerning the Ashley Madison data leak. Simon Rice
writes, in part:
Wherever your sympathies might lie in relation to the people identified in the published data set, the fact remains that such details are personal information, with certain protections in law.
Like many online attacks, the data protection response is international. In this case, we’re liaising with our counterparts in Canada, where the company is based.
But with cases like this, there is still a domestic aspect to consider.
Anyone in the UK who might download, collect or otherwise process the leaked data needs to be aware they could be taking on data protection responsibilities defined in the UK’s Data Protection Act.
Similarly, seeking to identify an individual from a leaked dataset will be an intrusion into their private life and could also lead to a breach of the DPA.
[…]
It’s worth noting too that any individual or organisation seeking to rely on the journalism exemption should be reminded that this is not a blanket exemption to the DPA and be encouraged to read our detailed guide on how the DPA applies to journalism.
Read more on the ICO’s
blog.
How does a company screw
up so spectacularly? What did they do wrong?
Peter Kafka reports:
No, Spotify doesn’t want to root around your phone’s address book, or your photos.
That’s the message the music service is sending out today — after clumsily suggesting otherwise earlier this week.
“We should have done a better job in communicating what these policies mean and how any information you choose to share will — and will not — be used,” the company says in a post attributed to CEO Daniel Ek. “We understand people’s concerns about their personal information and are 100 percent committed to protecting our users’ privacy and ensuring that you have control over the information you share.”
Read more on Re/Code.
This may come up in
other elections this year. (There is still the possibility the
comments were factual.)
Comcast
releases username that suggested U.S. politician molested children
Comcast Cable Communications has given a northern
Illinois politician the identity of an Internet service subscriber
whose account was used to post an anonymous comment online suggesting
the politician molests children.
Comcast turned over the name of the subscriber on
Aug. 14, attorney Andrew Smith said Thursday, almost two months after
the Illinois Supreme Court upheld lower court rulings that Internet
service providers have no obligation to withhold the identity of a
commenter if their comments could be considered defamatory.
This should raise
“sexting” to interesting heights. Perhaps I can connect my
dash-cam directly to my lawyer…
Comcast
releases its livestreaming app to all subscribers
Comcast says its livestreaming app did very well
during its limited
release, so the company's now making it available to all
Xfinity customers. The app, called Xfinity Share, gives you a way to
broadcast video streams, photos and even previously recorded videos
not just on your own TVs, but on other subscribers' TVs. It also
lets you share from mobile to mobile, though, if that's more
convenient. Xfinity Share used to be exclusive to Triple Play
package customers, but now it can be accessed by every voice, video,
home and internet subscriber. However, the recipient still needs to
have an X1
DVR-ready set-top box to see what you're trying to send them on a
bigger screen.
Say, you want to livestream your kids' next game
to their grandparents' TV: just grab the app from iTunes
or Google
Play, then follow these instructions:
To stream to the TV, users just need to follow these simple steps: open the Xfinity Share app, select "Stream Live," select "Stream to other contacts," enter the home phone number or comcast.net email address for the person you want to see the video, and click "Stream." A notification will pop up on that person's TV, and all that person needs to do to watch the live streaming is click the "Info" button on the X1 TV remote.
For my Website students.
Learn HTML
and CSS with These Step by Step Tutorials
For all my students.
Turn Your
iPhone Into A Personal Security Device for Emergencies
I must have a couple of students who are Dr Who
fans…
How to Make
Your Own Doctor Who Adventure for the BBC
I smile when I see this post. Evil ain't I?
Hack
Education Weekly News
… British Prime Minister David Cameron wants
every school in England and Wales to become an academy (that is,
a
school independent of local control).
… Via
Education Week: “The Department of Education is asking for bids
to design a prototype system to quickly evaluate ed-tech in K–12
schools, in hopes of making it easier for educators to figure out
what works in products they purchase with federal funding.” [This
will never happen. Bob]
… A US District Court judge has begun hearing
a lawsuit brought against Compton Unified School District, claiming
“trauma is a disability and that schools are required – by
federal law – to make accommodations for traumatized students, not
expel them.
… The ACT makes
the case for multiple choice tests – they “can and do
efficiently assess students’ higher-order thinking skills and
reflect their real-world problem solving skills.”
… Inside
Higher Ed reports that there are 74,468 unique email addresses
from .edu domains released as part of the hack of the Ashley Madison
website.
… Teachers
applying for a Google Certified Educator certificate will be
monitored via their webcams.
… Gallup has released the results of a poll
about the availability of computer science in schools. Among
the findings, “just 7% of principals and 6% of superintendents
surveyed report that demand for it is high among parents in their
school or district.”