Mirai Botnet Infects Devices in 164 Countries
Mirai, the infamous botnet used in the recent massive distributed denial
of service (DDoS) attacks against Brian Krebs’ blog
and Dyn’s
DNS infrastructure, has ensnared Internet of Things (IoT) devices in
164 countries, researchers say.
In early October, Mirai’s developer released
the malware’s source code and also revealed that there were over 300,000
devices infected with it. Soon after, as
the botnet was increasingly
used in DDoS attacks, Flashpoint security researchers determined that over
half a million IoT devices worldwide were vulnerable to Mirai, because they
were protected by weak
security credentials.
I like it! But it
will never happen.
White & Case LLP write:
At a recent Parliamentary meeting
to discuss the draft Digital Economy Bill, the UK Information Commissioner
recommended imposing personal liability and accountability upon company
directors. If such liability is imposed,
it will mark a radical departure from the current law, under which directors of
companies generally have no personal liability or accountability for breaches
of data protection law committed by their companies.
On 13 October 2016, the
Information Commissioner, Elizabeth Denham, (the “Commissioner“)
gave evidence to a House of Commons Public Bill Committee (the
“Committee”) regarding the ICO’s recommendations for the Digital Economy Bill (the “Bill”). The Commissioner expressed support for making
directors personally liable for breaches of data protection law by their
companies.
Read more on Lexology.
I wonder how often they do a “two-year review?”
Donna Borak reports:
A U.S. bank regulator on Friday
disclosed a data breach involving a former agency employee’s unauthorized
removal of more than 10,000 records.
The cybersecurity breach was
first detected by the Office of the Comptroller of the Currency
in September while the agency was undertaking a retrospective two-year review
of employees downloading information in an effort to help minimize
cyberthreats.
Read
more on WSJ.
Update. Why don’t I
get students like this? Oh wait, I do!
Oops. I missed this one when Tristan Kirk first
reported it:
A notorious
teenage hacker who was the brains behind more than 1.7 million cyber
attacks around the world is facing jail.
Adam Mudd, 19, sold access to his
Titanium Stresser programme, allowing users to crash websites and computers by
overloading them with requests.
He is believed to have made more
than £300,000 before his 18th birthday through subscriptions to his programme,
which fueled 1,738,828 cyber attacks around the globe between September 2013
and March last year.
Mudd designed the distributed
denial of service (DDoS) software from his bedroom when he was just 15, first
roadtesting it by crashing the West Herts College’s website while he was
studying computer science there.
Read more on The
Evening Standard.
A novel use of technolgy!
BBC reports:
Ontario police are broadcasting
thousands of text messages to phones used close to the site of a murder.
Police hope the messages will
bring forward new evidence and eyewitnesses to the murder of John Hatch last
year.
The phones have been identified
as being in use on 16 December close to the route Mr Hatch travelled on the
night he was killed.
About 7,500 people are expected
to receive the messages asking them to contact police.
Read more on BBC.
Of note: the OPP said it
used a court order to discover the numbers of all the active phones known
to have been used last year in the vicinity.
"Après moi le deluge." I expect many more “concrete injuries.”
Klein Moynihan Turco LLP write:
On October 24, 2016, the United
States District Court for the Southern District of California refused to
dismiss claims brought by two former inmates and their counsel regarding
violations of a California privacy law. The plaintiffs commenced a class
action against Securus Technologies, Inc. (“Securus”), a self-proclaimed
“inmate communications provider,” alleging that Securus unlawfully monitored
and recorded telephone conversations between the inmates and their counsel. The California Invasion of Privacy Act
(“CIPA”) “makes it a felony to, ‘without permission from all parties to the
conversation, eavesdrop[] on or record[], by means of an electronic device, a
conversation, or any portion thereof, between a person who is in the physical
custody of a law enforcement officer or other public officer, or who is on the
property of a law enforcement agency or other public agency, and that person’s
attorney . . . .’”
Read more on JDSupra.
[From the
article:
Among other arguments contained in its motion to dismiss,
Securus alleged that the plaintiffs’ allegations were insufficient to provide
standing. The Court rejected this
argument, holding that a violation
of CIPA is indeed a concrete and particularized injury in fact.
An interesting article. (The GIF headline is a nice touch!)
HOW THE UAE IS RECRUITING HACKERS TO CREATE THE PERFECT SURVEILLANCE
STATE
“Be careful what you wish for, 'cause you just might get it.” I toss these at my international students
just to watch the amazed expression on their faces…
The Economics Of The Uber Employment Decision Is Not Quite
What You Think - Drivers Are Now Poorer
Much excitement in left wing circles as Uber loses a case
at an employment tribunal. The argument
was over what is the legal status of Uber drivers? Are they really self-employed? Or do they have a closer relationship with the
firm, something closer to employment, or even as an employee? This is of course a legal question and one
that depends upon the vagaries of UK employment law. However, the underlying economics here is
rather clear–the result, whichever way it goes, isn’t going to change the
overall conditions for Uber drivers very much, if at all. The net effect is in fact to make them
slightly poorer. Because all of those
things which come with closer employment relationships actually come out of the
wages of the workers in the first place.
What benefit is there for NYC?
Study: NYC's Airbnb ban costs $500M
Airbnb hosts in New York City could generate
a half billion dollars each year by renting out their homes to tourists,
according to a new analysis, but that money will likely disappear under the
state’s new penalties targeting short-term rentals.
The business-friendly American Action Forum calculated the
price of short-term rentals in the city and found that Airbnb hosts have the
potential to earn $500 million each year. They did not account for empty rooms that
remain unfilled on any given night.
… Critics of
Airbnb say the short-term rental website is raising the cost of living in New
York City, but others point out it provides economic opportunity to residents
and feeds tax dollars into the state and city coffers.
Saturday again?
Hack Education Weekly News
… Via
Edsurge: “U.S. Dept. of Ed. Unveils Free Online Tool for Rapid
Evaluation of Edtech Products.”
… Via
The New York Times: “Obama Brought Silicon Valley
to Washington.” (Is that a good thing?) [At least the large
contributors. Bob]
… Via
Inside Higher Ed: “A divided federal appeals court on Wednesday upheld a
lower court’s ruling that a Minnesota community college was
justified when it kicked a student out of a nursing program because of Facebook
comments administrators deemed to be unprofessional and threatening to fellow
students.”
… Via
the Education Law Center: “Several New Jersey civil rights
and parent advocacy organizations have filed a legal challenge to new high
school graduation regulations recently adopted by the State Board of
Education. The new rules make passing
the controversial PARCC exams a requirement for a New Jersey
high school diploma and will also prevent students who opt out from
graduating.” [What happens if no one passes?
Bob]
… Via
the MIT Media Lab: “Blockcerts – An Open Infrastructure
for Academic Credentials on the Blockchain.” [Why? Bob]
… Also
via Edsurge: “Pursuing Academic Freedom and Data
Privacy Is a Balancing Act.”
… Via
The Next Web: “Survey shows millennials fall for cyber scams
more often than seniors.”
Inspired by the Privacy Foundation’s seminar on Encryption
and Privacy, I thought I’d point you to these tools created by Drexel
University that illustrate how easy/complex encryption is. I encrypt the instructions for a
mini-project, then point the students to the encryption/decryption
calculator. They have to create keys and
encrypt a message to me.
RSA Calculator
This guide is intended to help with understanding the
workings of the RSA Public Key Encryption/Decryption scheme.
RSA Express Encryption/Decryption Calculator
This worksheet is provided for message
encryption/decryption with the RSA Public Key scheme
No comments:
Post a Comment