Monday, January 04, 2016

This may have happened in earlier Presidential election years, but back then they probably used 3X5 cards and quill pens. (Read the whole thing!)
First someone left our voter registration details exposed to the world, but those were “just public records,” some argued. Now a second misconfigured database has been uncovered by Chris Vickery. This one, however, not only includes some states’ voter lists, but it also includes 19 million profiles with private information on religion, household values, gun ownership and more. Are you outraged now?
So Much for a Quiet Christmas
Five days after finding a misconfigured database with 191 million voters’ records, and only hours after he woke up the owner of Three Lock Box in the middle of the night to ask him why their database still wasn’t secured, Chris Vickery emailed DataBreaches.net and Salted Hash. He had found yet another misconfigured database with voters’ information. It was 7:30 am on Christmas morning.




Oh, the horror! Is nothing sacred? (Thanks for the list of sites!)
Payal Patak reports a malvertising attack on hundreds of porn sites left millions of people’s devices infected, beginning in November. In this case, the ads were hosted and served by AdExpansion, an adult ad network:
US-based security firm Malwarebytes detected popular websites such as xHamster, RedTube, PornHub and the likes to have been seriously attacked, which caused their data being compromised. These websites are moderately popular and attract several million visitors each day.
Other porn-sites recordely hit by malware were DrTuber, Nuvid, Eroprofile, IcePorn and Xbabe.
Read more on Korea Portal.
Malwarebytes had reported the problem at the beginning of December. AdExpansion had confirmed it, noting that although they had disabled the ads within hours of notification, they had been unable to prevent the malvertiser from creating new accounts.
So malvertising on porn sites and ElSurveillance hacking escort services and porn sites. And Ashley Madison data getting dumped.
How safe do you feel engaging in online pursuits of these kinds? By now, you should be prepared that any account you use may wind up compromised and that you may wind up exposed.




Surely someone can make a more thoughtful argument?
Congressman Mike Pompeo and constitutional lawyer David B. Rivkin, Jr., have an OpEd in the Wall Street Journal today. Let me cut to their point:
Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database. Legal and bureaucratic impediments to surveillance should be removed. That includes Presidential Policy Directive-28, which bestows privacy rights on foreigners and imposes burdensome requirements to justify data collection.
I’m kind of wishing that was The Onion and not the WSJ.
[From the OpEd:
… Forcing terrorists into encrypted channels, however, impedes their operational effectiveness by constraining the amount of data they can send [Absolute nonsense. Bob] and complicating transmission protocols, a phenomenon known in military parlance as virtual attrition. Moreover, the use of strong encryption in personal communications may itself be a red flag.
Still, the U.S. must recognize that encryption is bringing the golden age of technology-driven surveillance to a close, which necessitates robust human intelligence




For my Computer Security and Forensics students.
The Rise and Fall of Silk Road
by Sabrina I. Pacifici on Jan 3, 2016
Via Wired – “In October 2013, a young entrepreneur named Ross Ulbricht was arrested at the Glen Park branch of the San Francisco Public library. It was the culmination of a two-year investigation into a vast online drug market called Silk Road. The authorities charged that Ulbricht, an idealistic 29-year-old Eagle Scout from Austin, Texas, was the kingpin of the operation. They said he’d reaped millions from the site, all transacted anonymously with Bitcoin. They said he’d devolved into a cold-blooded criminal, hiring hit men to take out those who crossed him. The story of how Ulbricht founded Silk Road, how it grew into a $1.2 billion operation, and how federal law enforcement shut it down is complicated, dark, and utterly fascinating. This two-part series tells that story.”




Once you get on Putin's Enemies List, you can expect continuous harassment.
BlackEnergy Malware Used in Ukraine Power Grid Attacks
The BlackEnergy malware has been around since at least 2007 and it has been used in numerous targeted attacks, including ones aimed at Ukrainian government organizations and critical infrastructure companies in the United States.
Security firm ESET has been monitoring attacks involving the threat and recently discovered that the Trojan had been used to target news media and electrical power companies in Ukraine.
The news comes just days after Ukraine’s security service, the SBU, accused Russian special services of planting malware on the networks of several regional power companies. The agency also said attackers flooded the targeted firms’ technical support phone lines.




Will disparaging terms keep people from joining? Could this be done to ISIS recruiters?
People are mocking the Oregon 'militia' on social media by calling them 'YallQaeda' and 'VanillaISIS'
A tense standoff at an Oregon wildlife center led by armed, primarily white, antigovernment protesters captivated social media on Sunday as users alternately debated their motives and ridiculed them.
… While #YallQaeda has been used intermittently since at least 2011 to refer to various right-wing, Tea Party, or other antigovernment groups, it caught fire with users commenting on the Oregon standoff. It is currently trending with over 35,000 tweets so far.
After that, the terrorism-related puns really took off. The next biggest was #VanillaISIS, which some users have been using over the last month to refer to Donald Trump and his supporters, following "Daily Show" host Trevor Noah's dubbing of Trump as "White ISIS" or "WHISIS."




Perspective. The year of the bear?
China Stocks: Trading Halted for the Day as Circuit Breaker Kicks In
Asian markets tumbled on the first day of trading in 2016, with declines so steep in China that authorities halted all mainland trading before the end of the day.
Analysts cited a number of reasons for the selling, including China’s disappointing manufacturing data, reported earlier Monday, and the coming removal of a ban on major shareholders from selling stakes, put in place during the summer stock crash.
The Shanghai Composite Index fell 6.9%, its biggest decline on record for the first trading day of the year, before trading was halted. The smaller Shenzhen Composite fell 8.2%.




Perspective. The year the auto industry died and was reborn as “Transportation As A Service”
Lyft And General Motors Are Partnering To Bring You On-Demand Driverless Cars
… General Motors, which announced late last year that it expects to have a fleet of autonomous Chevy Volts on the road by the end of 2016, has invested $500 million in Lyft as part of a $1 billion round of funding at a $5.5 billion post-money valuation. As part of that investment, GM is partnering with Lyft to provide a fleet of on-demand autonomous vehicles that can be hailed exclusively on the Lyft platform.




The very definition of “over sharing.”
New on LLRX – Deep Web Research and Discovery Resources 2016
by Sabrina I. Pacifici on Jan 3, 2016
Via LLRX.comDeep Web Research and Discovery Resources 2016Marcus Zillman has a longstanding and comprehensive expertise pertaining to the Deep Web. The Deep Web or Dark Web covers trillions of pages of information held in dynamically generated repositories throughout the global web that remain inaccessible through popular applications and search engines. Searching for this information using deeper search techniques and the latest algorithms allows researchers to obtain a vast amount of information that was previously unavailable or inaccessible, in fields that include the sciences and maths, corporate and financial data, and data only surfaced using file sharing applications. Zillman’s new guide documents a wide range of sources to improve your research results, including articles and paper, cross database search services and tools, peer to peer and file sharing engines, and semantic web resources.




Always looking for sources to add to my RSS feed.
Don’t Like Podcasts? Read 17 Alternatives to the Most Popular Shows




For my students. (Also editorial cartoons)
How to Read Newspaper Comics Online Now for Free
… Once you’ve had your fill of reading comics, find out how you can make your own comic strips.


No comments: