Sunday, June 26, 2016

Interesting that you don’t have the inclination to implement Best Practices until you have been breached.  I hope my Computer Security students can learn from the failures of others.
I’ve previously posted info on the Verticalscope breach affecting 45 million.  But I never posted their breach announcement.  As I was just reviewing it, I noticed their response to the breach with respect to new password requirements . I thought it was a bit different, and should be mentioned here.
From the What We Are Doing part of their statement:
We are in the process of invalidating passwords of all VerticalScope user accounts.  We have posted a site security notification on each site updating users on the potential risk to certain accounts, the password reset and steps we are implementing to improve security.  We are in the process of implementing stronger password rules (passwords now require a minimum of 10+ characters and a mixture of upper- and lower-case letters, numbers and symbols) along with automated account password expiries to encourage more frequent password changes.  We will remind our users to use good password practices (not using the same password for multiple online accounts and using unique strong passwords).  We are in the process of implementing additional safeguards to detect, alert and mitigate any future brute force attempts, and have notified our third party vendors that interact with our various forum API’s of the February breach to allow their own security teams to investigate.  We are continuing our investigation and will be collecting information to provide to the appropriate law enforcement authorities.
VerticalScope is taking steps to strengthen account security.  We were already using encrypted passwords and salted hashes to store passwords, and our new password controls are intended to further strengthen user security.  We are taking steps to investigate and test new encryption and security technologies to further protect our users.


Why would you cut yourself off from your customers? 
Well, I wanted to send an inquiry to LookBook to ask them if they were aware of being hacked or a report that their user database was up for sale, but there was no contact method on their web site, and the domain lookup didn’t help, either.  So I resorted to tweeting to them, and hope that their Twitter team will escalate the tweet to their security folks.
@lookbook  Was lookbook.nu hacked?  Are you aware of claims your user database is up for sale?  See this post: https://t.co/GiSAzrpkGq
— Dissent Doe (@PogoWasRight) June 26, 2016


A system where no one is responsible… 
State Dept. scrambled on trouble on Clinton's server
State Department staffers wrestled for weeks in December 2010 over a serious technical problem that affected emails from then-Secretary Hillary Clinton’s home email server, causing them to temporarily disable security features on the government’s own systems, according to emails released Wednesday.
The emails were released under court order Wednesday to the conservative legal advocacy group Judicial Watch, which has sued the State Department over access to public records related to the presumptive Democratic presidential nominee’s service as the nation’s top diplomat between 2009 and 2013.
The emails, reviewed by The Associated Press, show that State Department technical staff disabled software on their systems intended to block phishing emails that could deliver dangerous viruses.  They were trying urgently to resolve delivery problems with emails sent from Clinton’s private server.
   Abedin and Clinton, who both used Clinton’s private server, had complained that emails each sent to State Department employees were not being reliably received.
   Days after the technical crisis, on Jan. 9, 2011, an IT worker was forced to shut down Clinton’s server because he believed “someone was trying to hack us.”  Later that day, he wrote, “We were attacked again so I shut (the server) down for a few min.”  It was one of several occasions when email access to Clinton’s BlackBerry smartphone was disrupted because her private server was down, according to the documents.


Can you think of a better way?
Exclusive: Google, Facebook quietly move toward automatic blocking of extremist videos
Some of the web’s biggest destinations for watching videos have quietly started using automation to remove extremist content from their sites, according to two people familiar with the process.
The move is a major step forward for internet companies that are eager to eradicate violent propaganda from their sites and are under pressure to do so from governments around the world as attacks by extremists proliferate, from Syria to Belgium and the United States.
   The technology was originally developed to identify and remove copyright-protected content on video sites.  It looks for "hashes," a type of unique digital fingerprint that internet companies automatically assign to specific videos, allowing all content with matching fingerprints to be removed rapidly.
Such a system would catch attempts to repost content already identified as unacceptable, but would not automatically block videos that have not been seen before.

(Related)  Because the poorer way is already in place.
How the US is working to defeat ISIS online
   The office is also growing from 68 people earlier this year to about 150 now.
Its budget has grown from $5.6 million in 2015, to more than $15 million this year.  The administration has requested $21.5 million for 2017.  
   "We recognize that it takes a network to defeat a network, so we're building a network of partners because we believe we have a very good message, we're not always just the most credible entity to convey that message," he said. 
"So we have partners that have a tremendous amount of credibility that we're working with to make sure they have the tools and capabilities to get out the word that Daesh is indeed a vicious awful organization that is rife with hypocrisy and everything else," he said, using a derogatory Arabic term for ISIS.  
   "It's not that it's not working, it's just frankly, it'll take some time to work through the process."  [It's not that it's not working, it’s just not working now?  Bob] 
Rep. Brad Sherman (D-Calif.) recently noted during the House Foreign Affairs Committee hearing that the State Department currently needs 14 levels of review before sending out a Tweet.
Those who receive State Department funding also have to meet a bar, albeit a lower one, of six levels of review, he added.  By contrast, he said, "If you're a volunteer, you do a tweet."

(Related)  And then there’s the Google way…
USNews article – Google as global censor across all its brands
by Sabrina I. Pacifici on Jun 25, 2016
Robert Epstein, June 22, 2016: Google, Inc., isn’t just the world’s biggest purveyor of information; it is also the world’s biggest censor.
“…But as the golden gateway to all knowledge, Google has rapidly become an essential in people’s lives – nearly as essential as air or water.  We don’t let public utilities make arbitrary and secretive decisions about denying people services; we shouldn’t let Google do so either.”  An outline of the list discussed in the article as follows:
1. The autocomplete blacklist.
2. The Google Maps blacklist.
3. The YouTube blacklist.
4. The Google account blacklist.
5. The Google News blacklist.
6. The Google AdWords blacklist.
7. The Google AdSense blacklist.
8. The search engine blacklist.
9. The quarantine list.


Now you think of it? 
Dem protest ignites debate about control of House cameras
Rank-and-file Democrats are calling for C-SPAN to be given more control of cameras in the House after the blackout of their sit-in on gun control.
The cameras in the House have long been under the control of the majority party, despite vocal protests from C-SPAN and government transparency advocates.


The First Amendment promises that I can tell you this.
MSU McLellan Free Expression Online Library
by Sabrina I. Pacifici on Jun 25, 2016
MSU Law’s First Amendment Law Clinic is the only clinical program in the country solely dedicated to the protection of student speech and press rights.  Now, a $500,000 donation from leading Michigan attorney and MSU Law Trustee Richard D. McLellan will expand the clinic’s impact nationwide by creating a Free Expression Online Library and Resource Center.  The McLellan Free Expression Online Library will provide answers to legal questions and links to hundreds of sources on topics such as student censorship, invasion of privacy, social media speech, libel and copyright issues.  Students across the country will be able to connect with MSU Law’s resources to protect their rights to free speech.”


Perspective.  Preparing for the self-driving car?
The Young and the Carless? The Demographics of New Vehicle Purchases
by Sabrina I. Pacifici on Jun 25, 2016
June 24, 2016 – The Young and the Carless? The Demographics of New Vehicle Purchases, Christopher Kurz, Geng Li, and Daniel Vine, Federal Reserve Board:
U.S. sales of new light vehicles have rebounded strongly since the end of the 2007-09 recession and are considered one of the bright spots of the recovery.  Indeed, sales totaled 17.4 million units in 2015, about the same rate as the all-time record set in 2000 Personal vehicle sales, which exclude sales to businesses and governments, have also rebounded strongly since the end of the recession…  As sales have rebounded, some analysts have noticed a shift in the age composition of new light vehicle buyers.  Indeed, a number of recent studies and press articles have documented a dramatic decline in young adults’ willingness to own vehicles, particularly in the years since the 2007-09 recession.  For example, Fortune recently cited the decline in the fraction of new vehicles purchased by young adults–defined as 18 to 34 year olds–as evidence that financial constraints for that age group had increased and their interest in driving had decreased.  As quoted in the article, young adults “just don’t think driving is cool–or even necessary–anymore.”  Similar stories abound and often attribute these changes to the rising popularity of social media, which reduces the need to travel, and alternative means of transportation, such as ride-sharing, public transportation, and biking, which reduce the need of owning a vehicle…”


For the next time I teach Math.
Review Questions – Underground Mathematics
I wrote earlier on the wonderful resources on Underground Mathematics from the University of Cambridge.  Thinking about the new A level specifications I believe this site will provide us with rich resources for these new specifications.
Each section includes Review Questions, look at Thinking about Algebra for example; scroll down the different resource types for the Review questions for this station.
Alternatively you can browse all the Review questions.

No comments: