Trump Calls For Russian Cyber-Espionage To Recover Clinton’s
30,000 Deleted Personal Emails
Correction. This
was not flagged as a North Korean hack when it was first announced. We should have known better. I guess Kim Jong-un wants to send a bunch of
Secret Shoppers south to buy the latest video games. (Maybe there are no Pokémon in the
North? Now that would be a real
sanction!)
Well, it was only a matter of time before we saw this,
right?
South Korean police said Thursday
that North Korea was behind the latest hacking of a leading online shopping
mall, which led to the leak of personal information of some 10 million
customers.
The remark came after police
conducted a detailed probe into the server of Interpark Corp., after an
unidentified entity broke into it and stole customer-related information in
May.
Read more on The
Korea Times.
For my Computer Security students.
Could Your Devices Cause a Massive Security Breach at Work?
Many companies let their employers access important services with
their own devices. Most of the time,
this doesn’t cause any problems, but it does remove a bit of control. If a big mistake is made, it could end up causing a huge breach!
[Cute
little infographic: http://cdn.makeuseof.com/wp-content/uploads/2016/07/security_breach.png?b34c28
Computer Security students. How would you prevent this? (It is actually quite easy.)
Graham Cluley writes:
It was just after 6pm on December
23, 2013, and Lennon Ray Brown, a computer engineer at the Citibank
Regents Campus in Irving, Texas, was out for revenge.
Earlier in the day, Brown – who
was responsible for the bank’s IT systems – had attended a work performance
review with his supervisor.
It hadn’t gone well.
Brown was now a ticking time bomb
inside the organisation, waiting for his opportunity to strike. And with the insider privileges given to him
by the company, he had more of an opportunity to wreak havoc than any external
hacker.
Prosecutors described what happened
next, just before Brown left the Citibank offices that evening:
Read more on Tripwire.
Think anyone will notice? The real question is, was this data actually
useful?
This story needs to get a lot more media coverage in
the U.K. and discussion. Will the
British people just shrug, though, because of currently elevated terrorism
threats, or will they be outraged and insist on reform?
Graeme Burton reports:
The hearing into Privacy
International’s challenge to the UK security services’ collection of bulk
communications and personal data opened in London on Monday, and previously
secret documents revealed for the first time the extent of government
surveillance into ordinary citizens’ communications.
This follows a ‘dirt dump’ in
April which showed that successive
home secretaries have allowed this to carry on since at least 2005.
The documents provide evidence
that MI5, MI6 and GCHQ collected data on every citizen in the UK, including
location information, telephone numbers dialled and calls received, as well as
metadata regarding time, date and duration of calls.
In addition, the security
services are accused by Privacy International of collecting data in bulk via
the internet, including browsing history, IP addresses visited, instant
messaging data and operating systems. The
bulk collection of personal information even includes physical post data.
Read more on The
Inquirer.
Are you trying to identify owners or users? It may not tie 100% to one person, but would
99% be enough for you?
Wendy Davis reports:
The advocacy group Electronic
Privacy Information Center is asking a federal appellate court to revive iPhone
user Ryan Perry’s battle with CNN.
The dispute largely centers on
whether the 12 random numbers and letters that make up an iPhone’s Media Access
Control address should be considered “anonymous.” EPIC argues in new court papers that the MAC
address actually serves as a better way to identify iPhones’ owners than their
names.
[…]
The dispute dates to 2013, when
Perry alleged in a potential class-action lawsuit that CNN disclosed
information about video clips watched by himself and other iPhone users, along
with their 12-digit Media Access Control addresses, to the analytics company
Bango.
Read more on MediaPost.
Every organization should have incident response plans
that include cyber. (Why does the
government think it should have colors for the level of severity, and then call
them by number?)
New Presidential Policy Directive Details U.S. Cyber Incident
Response
The U.S. Government finally has its own incident response
plan. In reality it is more like the framework for the development of an
incident response plan (IRP); but it is a good high level
start. IRP for a nation is more complex
than IRP for an organization; but Obama's new Presidential Policy Directive on
Cyber Incident Coordination (PPD-41), approved on Tuesday, begins to define what
constitutes a cyber incident, and who is responsible for responding to that
incident.
The first problem is to define whether an incident
requires a national response. Here the
PPD describes a cyber incident severity schema specifying six
color-coded levels from zero to five. [I propose color 48, fuchsia! Bob]
For my Ethical Hacking students. Disable this or find evidence that it “harms”
me in some way so I can sue Microsoft. (A good mid-term project)
Cortana can’t be disabled in the Windows 10 Anniversary
Update
Microsoft has decided that Cortana, its personal digital
assistant, is so useful that you’ll
never be able to disable it going forward. While Cortana has received a variety of
upgrades in the Anniversary Update, and now supports multiple languages,
deeper integration with calendars and applications, and can remember random facts about you, it can’t be flatly
shut off any longer.
Perspective. I
wonder if my students know what SaaS is?
http://smallbiztrends.com/2016/07/saas-industry-trends-small-business.html?google_editors_picks=true
85 Percent of Small Businesses Set to Invest More in SaaS
(Infographic)
Just a couple of years ago, businesses looked at Software
as a Service (SaaS) with some apprehension primarily because of security risks.
A lot has changed since then. Today more than 85 percent of small business
executives are willing to invest more in SaaS solutions over the next five
years, according to research by Intuit.
… The data has
been compiled and analyzed by software company Better Buys in its 2016
Report on the State of SaaS.
· About 64 percent of
small and medium-sized businesses rely on cloud-based technology to drive
growth and boost workflow efficiency, finds cloud computing services company
BCSG.
· SaaS is expected to
grow to $12 billion in 2016, and jump to $16 billion in 2017, and continue to
grow year over year to an estimated $55 billion by 2026.
· About 90 percent of
mobile data traffic will be generated by cloud solutions by 2019.
· Nearly half (43 percent) of small business
owners use mobile as the primary devices for running their operations
I really hope this works out okay, but I note that even
though he is harmless, he can be harmless only among the second class citizens,
not anywhere near members of Congress or the president.
John Hinckley, Who Tried To Kill A President, Wins His
Freedom
A federal judge in Washington, D.C., has granted a request
for Hinckley to leave the mental hospital where he's resided for decades, to go
live full-time with his elderly mother in Williamsburg, Va.
The release could happen as early as next week, the judge
ruled. Under the terms of the order, Hinckley is not allowed to contact his
victims, their relatives or actress Jodie Foster, with whom he was obsessed. Hinckley
also will not be permitted to "knowingly travel" to areas where the
current president or members of Congress are present.
Remember this?
Think we should try to do it in Denver?
(Or wait for Big Brother to do it for us?)
New Yorkers Greet the Arrival of Wi-Fi Kiosks With Panic,
Skepticism and Relief
When it comes to acceptance of New York City’s rapidly
growing network of sidewalk kiosks offering “free super fast Wi-Fi,” some
people are Nekeya Browns and some are Alex Padillas.
As soon as the
LinkNYC booths were activated in their Washington Heights neighborhood this
month, Ms. Brown celebrated by plugging in her headphones and swaying to some
Marvin Gaye tunes; Mr. Padilla, in his Yankees jersey, stood a few feet back,
reluctant even to touch the keyboard for fear of having his pocket of personal
data picked.
… “Whoever thought
of this was a great person,” she said, listing all of the benefits of the
kiosks. “I told a homeless lady that
whenever you need to call your family, you can use this.”
And so it goes
in the first stage of the citywide rollout of these curbside machines that
promise swift connections to the internet, phone service and ports for charging
cellphones and other devices, all at no cost to the users.
… Along Eighth
Avenue in Midtown, some homeless people are camping around the kiosks.
… City officials …
admit they did not know what to expect
… Last weekend,
experts on digital data and online privacy were wondering what CityBridge
planned to do with all of the personal information made available.
… The civil
liberties organization has asked city officials to revise LinkNYC’s privacy
policy, arguing that it allows the system’s operators to collect all sorts of
data about users and sell it to other companies.
… “What Google’s
doing here is taking the business model that they’ve perfected in the online
world and bringing it into the real world,” Mr. Dean said in an interview.
Uber drivers drive to you when you call them. What will self-driving cars do?
How Ford and MIT's Electric Shuttle Experiment Could Improve
Ride-Hailing
Ford Motor is unleashing electric vehicles onto the
Massachusetts Institute of Technology campus. Students and faculty will be able hail these
cars via mobile app in order to shuttle them to and from class. It sounds a lot like Uber and Lyft. But that’s
not exactly what Ford is aiming for—at least not initially.
The electric shuttles, which will be small enough to navigate sidewalks [Who has right-of-way? Bob] within the campus, will be
outfitted with cameras and LIDAR sensors, or light-sensitive radar. The technology emits short pulses of laser
light so that the vehicle’s software can produce high-definition 3D images in
real-time of what is around the cars. All
of the data captured by the cameras and LIDAR combined with weather information
as well as class schedules will be used to understand pedestrian traffic
patterns.
In the near term, Ford and MIT researchers hope to use all
that data to predict demand for the shuttles, then routing those vehicles to
areas where they’re needed most at the corresponding times.
… But Ford posits
the research project at MIT could also enhance the concept of ride-hailing as a
whole because it’s focused on developing predictive algorithms that will direct
vehicles to where people are most likely to need them and, hopefully, reduce wait times.
In other words, this research could eventually be used for a
commercialized, on-demand shuttle service well beyond the borders of Ford’s
company campus.
I would not have expected Microsoft to help Apple. Silly me. On the other hand, I don’t think I would have
ever thought of their solution.
Microsoft thinks it can do a better iPhone camera app than
Apple
Don’t look now, but Microsoft is becoming a serious player
in the world of iPhone apps.
It has already brought over Office and subsumed
well-regarded email app Acompli
and calendar
app Sunrise into a revamped Outlook for iPhone. Now, Microsoft is looking to offer up a rival
to the built-in camera app.
Microsoft Pix, a free app from Microsoft
Research, focuses first and foremost on delivering better pictures of people. It does
this by continuously taking pictures when the app is open and using an
algorithm to choose the best shot or shots from among 10 images (seven just
before the camera button is pressed and three after).
No comments:
Post a Comment