Monday, February 22, 2016

My Computer Security class is amused.
In Employee Email, Apple CEO Tim Cook Calls For Commission On Interaction Of Technology And Intelligence Gathering
Early this morning, Apple CEO Tim Cook sent an email out to employees about the FBI’s request to unlock an iPhone with the subject line ‘Thank you for your support’. The email outlines some responses to Cook’s open letter last week and paints the issue of Apple’s refusal to cooperate as one of civil liberties.
… Cook says that some advocates of the government’s order, which we have covered in detail here, want it to “roll back” data protections to the point at which they were as of iOS 7. In iPhones running older versions of iOS, Apple was able to extract information from devices even though they were locked with a personal pin code. Apple has never unlocked devices for the government, a common misconception among some media covering this ongoing story.
The most recent development in the case came over the weekend, when the FBI admitted that it had hastily reset the Apple ID password of terrorist Syed Farook’s iPhone 5c, removing the possibility that it could connect to Apple’s servers and perform a fresh iCloud backup.
… Additional questions have been raised about how the FBI plans to get more information than a backup would provide, even if the pass code is cracked. Some common theories are that Farook was using secure messaging apps that he left un-secured on the device, but the FBI has not given specific reasoning.
… “In the same vein, you’ll also notice that in demanding a tool, FBI has sneakily ensured that a more “open” copy of the software will have to be released (that will work on other devices) in order for it to be tested, validated, and re-tested by a defense team,” notes iPhone security researcher Jonathan Zdziarsky. “This guarantees that the hacking tool FBI is forcing Apple to write will be out in the public, where it will be in the hands of multiple agencies and private attorneys.”




Background for my Computer Security students.
California AG Releases 2016 Data Breach Report, Retail and Financial Sectors Most Vulnerable
by Sabrina I. Pacifici on Feb 21, 2016
EPIC – “A new report from California Attorney General Kamala Harris examines data breaches in California from 2012 to 2015. There were 657 data breaches during the last four years, which compromised over 49 million records. The retail sector experienced the largest share of breaches at 25%, followed by the financial sector at 18%. Among several recommendations, the report recommends that organizations adopt strong encryption. “Government and the private sector have a shared responsibility to safeguard consumers from threats to their privacy, finances, and personal security,” Attorney General Harris stated. The Attorney General received a 2015 EPIC Champion of Freedom Award. EPIC recently launched “Data Protection 2016,” a non-partisan campaign to make data protection an issue in the 2016 election.”


(Related) An infographic
What Exactly is a DDoS Attack and How Does it Happen?


(Related) Makes it look like a good business to be in!
Ransomware takes millions, baffles law enforcement
… Law enforcement is scrambling to keep up as some victims, desperate to regain access, simply pay the price without consulting police. The FBI has even told victims to pay up — a controversial move for security experts.
“The ransomware is that good,” said Joseph Bonavolonta, assistant special agent in charge of the Cyber and Counterintelligence Program in the FBI’s Boston office, during a cybersecurity conference last fall. “To be honest, we often advise people just to pay the ransom.”
… Stu Sjouwerman, CEO for cybersecurity training firm KnowBe4, said a major operation could get off the ground for somewhere between $20,000 and $40,000. That includes “millions of email addresses” to target and a “bullet proof server.”
Within weeks, that shop could rake in millions, netting potentially a 1,000 percent return on investment, he said.




You can't rely on passwords!
Park Han-na reports:
Korean bank customers will soon be able to make online transactions without using security cards or one-time passwords (OTP) as the government is seeking ways to make online payments easier so as to drive innovation in the sector, financial authorities said Sunday.
[…]
The move is expected to encourage financial institutions to develop security tools that are more convenient and safer than the OTP and security cards that are currently used in the transfer of money through online and mobile applications.
Read more on Korea Herald.




I thought we were not going to help terrorists find targets? Have we abandoned that strategy?
EPA Releases Online Mapping Tool to Help Protect Drinking Water Sources
by Sabrina I. Pacifici on Feb 21, 2016
Via EPA – “The U.S. Environmental Protection Agency today released DWMAPS – the Drinking Water Mapping Application to Protect Source Waters. This robust, online mapping tool provides the public, water system operators, state programs, and federal agencies with critical information to help them safeguard the sources of America’s drinking water. DWMAPS allows users to learn about their watershed and understand more about their water supplier. DWMAPS also lets users see if sources of their drinking water are polluted and if there are possible sources of pollution that could affect their communities’ water supply. DWMAPS can even guide users to ways they can get involved in protecting drinking water sources in their community.”




Perspective. An interesting article. Has he identified “the next big thing?”
What’s Next in Computing?




A very simple to-do list in the cloud.
Collaboratively Create Reminders & Task Lists on Pinside
Pinside is a free online sticky note service. Pinside can be used to create boards of notes for yourself or boards to share with others. You can create a mix of private and shared notes within one account. Sticky notes on shared Pinside boards are designed for creating to-do lists. As each item on the the notes is completed you and or your collaborators can delete completed items.


No comments: