You’ve
probably seen some articles reminding law firms to secure
their
data
better,
as they hold a wealth of confidential personal, financial, medical, and
corporate data.
But now it seems that the Florida Bar
Association itself has been hacked. No, they don’t contain the vast troves of
sensitive personal and corporate law data that their members’ networks
maintain, but still, it should be somewhat embarrassing.
According to the bar association’s web site, the Florida
Bar is the organization of all lawyers licensed by the Supreme Court of Florida
to practice law in the state. Any lawyer
who wishes to practice in Florida must be a member. And according to their statistics, there are
currently 85,038 members in good standing who are eligible to practice plus an
additional 4,210 who are in good standing but not eligible to practice, and 13,535
more who are not eligible to practice (for a total of 102,783).
On September 22, a hacker or hackers associated with a
former Palm Beach County Sheriff’s Office deputy who has a long-standing
dispute with
Florida law enforcement that appears
to have gotten him raided by the FBI managed to access and acquire what
appears to be their entire database.
In a lengthy post about the hack and database dump, they describe
the data and comment on it (Caution:
their post uses language or imagery that some readers may find offensive).
They also parse the data. Here are just some of the data they report:
158,385 email addresses
219,139 office phones and cell phone numbers
84,772 fax numbers (who would have known? I haven’t seen a fax machine in 10 years)
226,928 mailing addresses
219,139 office phones and cell phone numbers
84,772 fax numbers (who would have known? I haven’t seen a fax machine in 10 years)
226,928 mailing addresses
And in what will likely make some lawyers unhappy, the hacker(s) also analyze the disciplinary files
in terms of which lawyers received the most bar complaints, and they include a
rank-ordered list.
The hacker(s) helpfully, if impolitely, give the bar
association a clue as to how secure their network better:
I recommend the Florida Bar do
something about their JSON outputs to prevent their data fro leaking like Chief
Deputy Gauger’s dick after banging a crack whore with syphilis.
The association’s web site, which had been reported by the
hacker(s) as being down on Thursday was online when DataBreaches.net
checked the site last night. There does
not appear to be any notice or mention of the hack or data leak.
DataBreaches.net emailed the bar association to
inquire as to what they were doing in response to the breach, but has not heard
back by the time of publication. This
story will be updated as more information becomes available.
Anyone want to bet?
The Social Security website is now secure
… I recently wrote
that the secure section of ssa.gov, the website of the US Social Security
Administration, was
not secure. As shown above, it was
rated C, a really bad grade, at the SSL Server Test run by SSL Labs.
… I tried to contact
the Social Security Administration, but never heard back.
Despite all that, my previous blog may have made
a difference. The previously insecure
secure.ssa.gov is now, actually, really secure. The current rating from SSL Labs is shown
above.
[By the
way, the SSL Server Test is an
interesting Hacking tool. Bob]
A new hacker target? Think what could go wrong…
Fight For The Future launched HelloVote
by Sabrina
I. Pacifici on Sep 25, 2016
BusinessInsider: “Registering to vote may now be a lot
easier for a portion of the roughly 90% of Americans who own a cellphone. The nonprofit group Fight For The Future
launched HelloVote on [the morning of September 22, 2016]
with the goal of boosting voter registration in several key battleground states
by allowing voters to register
directly via text message or Facebook Messenger. Backed by brands like MTV, Genius, and the
Latino Victory Project, the tool is the first major service to offer voter
registration through text messaging, a process the company hopes will boost
voter registration rolls, particularly among young voters…”
My Ethical Hacking students have a model to emulate.
Meeting Cellebrite - Israel's master phone crackers
Cellebrite was in the headlines earlier this year when it
was rumoured to have helped the FBI to crack an iPhone used by the San
Bernardino shooter.
Now the company has told the BBC that it can get through
the defences of just about any modern smartphone. But the firm refuses to say whether it
supplies its technology to the police forces of repressive regimes.
… Mr Ben-Moshe
claimed that his firm could access data on "the largest number of devices
that are out there in the industry".
Even Apple's new iPhone 7?
"We can definitely extract data from an iPhone 7 as
well - the question is what data."
He said that Cellebrite had the biggest research and
development team in the sector, constantly working to catch up with the new
technology.
He was cagey about how much data could be extracted from
services such as WhatsApp - "It's not a black/white yes/no answer" -
but indicated that criminals might be fooling themselves if they thought any
form of mobile communication was totally secure.
(Related)
Throughout 2016, it has become increasingly apparent that
our smartphones
have been misbehaving. Malware is bad enough, issues with the device chipset can be patched, and you should have set a PIN for your device just in case.
But those things — concerning as they are — have been a
mere sideshow to the real privacy scandal taking place right now. That device in your pocket, or on your desk,
or even in your hand as you read this… your phone has been spying on you.
… When this
possibility was first posited, it seemed unlikely — that is, until
cybersecurity researcher Ken Munro and Pen Test Partners’ David Lodge got
together to develop an app. With the aim
of recording nearby conversations and displaying them on a PC, the app was a
working proof of concept.
… Once you’ve
digested that chilling fact, it’s time to check the recordings. The best way to do this is to visit history.google.com/history/audio
on your phone or in
your desktop browser, and take a look at the long list of items that have been
recorded.
Reads more like a bio of the judge, but interesting.
District Court Judge releases list of more than 200 cases
veiled in secrecy of Patriot Act
by Sabrina
I. Pacifici on Sep 25, 2016
Washington Post – This judge just released 200 secret
government surveillance requests
Could be handy.
Network World – preliminary map of government open source
laws
by Sabrina
I. Pacifici on Sep 25, 2016
Jon Gold – NetworkWorld: “As the institutional use of
open-source software continues to expand like an octopus, the public sector
remains a key target market. Government
users like Linux and other open-source software for several reasons, but the
most important ones are probably that total cost of ownership is often lower
than it is for proprietary products and that open-source projects don’t vanish
if the company providing them goes under…
Here’s a map of the status of open-source laws around the world,
via the magic of Google Fusion Tables..”
A Maturity Model for my IT Governance class. 35 page PDF.
Baldrige Cybersecurity Excellence Builder
by Sabrina
I. Pacifici on Sep 25, 2016
Baldrige Cybersecurity Excellence Builder. Key questions
for improving your organization’s cybersecurity performance. Draft September
2016, National Institute of Standards and Technology.
Something to amuse my IT Architecture class.
Inside Apple And IBM's App Making Machine
… The IBM people
brought with them to Cupertino that day a mobile app they’d been working on—a
fuel calculation app for airline pilots—that they thought might serve as a
starting point for the partnership. It
was built by IBM people, who had also built some powerful data analytics into
the background. The IBM people hoped the
Apple people would see it and be impressed, and then the two companies would
continue building the app together.
But that’s not what happened. IBM's app—all 40 screens of it—was a bloated
mess. One Apple UI expert in the meeting
said simply "that’s not going to work," a person who was there told
me. Pilots, the expert said, would not
go through 40 screens in an app, even if they were currently doing the same
tasks on paper.
Job opportunities for my Architecture students?
Banks Face Costly, Complex Technology Upgrades
… The reporting
requirements put a strain on banks’ back-office
systems, which “have been cobbled together over decades across several
businesses,” said Caitlin Long, a former banker at Morgan Stanley and Credit
Suisse Group AG who worked on technology projects before
joining startup bank-tech firm Symbiont.io this year. “Many of
those systems weren’t generating enough revenue to be worth upgrading.”
Swaps represent an unusual challenge because, unlike in
other markets such as for stocks and options, derivatives prices hadn’t been
systematically tracked in real time before.
Another interesting Architecture problem. What information would you need? How many miles, on what roads, at what times,
in what weather?
Pay-per-mile insurance startup Metromile raises $191.5M,
acquires Mosaic Insurance
The automotive industry is in flux with the
rise of self-driving and electric cars, and the concept of car ownership
altogether being thrown into question. With
this, the car insurance industry is changing, too, and now, an on-demand car
insurance startup has raised a large round of funding as it aims to be leader
of that change.
Metromile,
the provider that lets you pay-per-mile for insurance, said that it has
raised a whopping $191.5 million in funding — “primarily equity”,
according to CEO Dan Preston. Metromile will
use the money to acquire an insurance carrier called Mosaic Insurance to handle
the underwriting of its policies itself; as well as to expand new states
in the U.S. and continue building its platform.
Research – Eating cheese daily is good for your health
by Sabrina
I. Pacifici on Sep 25, 2016
UK Telegraph – High-fat cheese: the secret to a healthy life?
As usual, readers be aware that we are
frequently told that various foods and beverages once thought to be bad for our
health are now, according to new research, good for our health.
- For reference, see the article, High intake of regular-fat cheese compared with reduced-fat cheese does not affect LDL cholesterol or risk markers of the metabolic syndrome: a randomized controlled trial – First published August 24, 2016, doi: 10.3945/ajcn.116.134932, The American Journal of Clinical Nutrition, Am J Clin Nutr ajcn134932.
No comments:
Post a Comment