RBS reports:
Much has been written about the dangers of poorly
secured MongoDB databases among
others. Despite the many
warnings, millions of records have been lost due to misconfigurations in this database software. Now we have yet another massive database leak
has been uncovered related to an insecure MongoDB installation, exposing at
least 58 million subscriber records.
Twitter user @0x2Taylor posted
exfiltrated data on the file sharing site MEGA twice over the weekend, each
time resulting in the data being taken down very quickly. The data was then released for a third time on
a smaller file sharing website. After
analyzing the dataset, we can confirm that nearly 58 million records contain
full names, IP addresses, dates of birth, email addresses, vehicle data, and
occupations were included in the leak.
Read more on RiskBasedSecurity,
who note that ModB may have dodged a serious bullet, because there was another
table with 258 million records that were being downloaded or
accessed when the entire bucket was pulled offline.
As of today, ModB has not responded to this site’s
original notification to them, alerting them to the leak. Nor have they responded to an inquiry asking
them for a comment or what they intended to do about 58 million people having
their PII exposed.
We need to talk about this guy, ‘foreign power.’ Clearly he is acting like a common
criminal. Should we sic Elliot Ness on
him now or wait for him to become a full Tony Montana?
Claire Reilly reports:
It’s official. Foreign
spies compromised
Australia’s government networks last year, and they got at us through our
weather division.
The Australian Cyber Security
Centre has confirmed that a 2015 attack on servers at Australia’s Bureau of Meteorology
was conducted by a “foreign intelligence service.” The attack saw two computers on the BOM’s
network infected with remote access malware, allowing the attacker to search
for, and copy, an “unknown quantity of documents.
Read more on CNET.
(Related) Probably not worth mucking up their elections –
they do a fine job of mucking themselves.
Could we un-muck them? Probably
not. An interesting question…
White House Vows ‘Proportional’ Response for Russian DNC Hack
… White House
press secretary Josh Earnest said Tuesday that President Barack Obama is
considering “a range of responses” but isn't likely to announce one in advance.
It used public data, but it was against the rules!
Facebook, Twitter block surveillance tool
Facebook and Twitter are cutting off Geofeedia's access to
their data after an ACLU report that the company created tools to help law
enforcement with surveillance.
The ACLU report
released Tuesday, titled “Facebook, Instagram, and Twitter Provided Data Access
for a Surveillance Product Marketed to Target Activists of Color,” claims
Geofeedia marketed the tool to help police monitor activists particularly
minorities. The company mines social media and location data.
… “Twitter does
have a 'longstanding
rule' prohibiting the sale of user data for surveillance as well as a Developer
Policy that bans the use of Twitter data “to investigate, track or surveil
Twitter users,” a Twitter spokesperson explained in an email.
The tool made use of Geofeedia’s access to Facebook’s
Instagram API and Topic Feed API, as well as searchable access to Twitter’s
database of public tweets — data available to commercial entities with company
approval.
A Facebook spokesperson noted that Geofeedia, “only had
access to data that people chose to make public.”
Securing communications?
Disappearing messages for Signal
With this update, any conversation can be configured to
delete sent and received messages after a specified interval. The configuration applies to all parties of a
conversation, and the clock starts ticking for each recipient once they've read
their copy of the message.
… This release
also includes support for Signal Protocol's numeric fingerprint format, which
are called "safety numbers" in Signal.
Safety numbers can be verified by either scanning a QR
code or by reading a string aloud.
Time to replace SWIFT?
Second hacker group targets SWIFT users, Symantec warns
Cyber-security firm
Symantec Corp said on Tuesday that a second hacking group has sought to rob
banks using fraudulent SWIFT messages, the same approach that yielded $81 million
in the high-profile February attack on Bangladesh's central bank.
Symantec said that a group
dubbed Odinaff has infected 10 to 20 organizations with malware that can be
used to hide fraudulent transfer requests made over SWIFT, the messaging system
that is a lynchpin of the global financial system.
… The
company in May said it believed the Bangladesh heist was carried out by a group
known as Lazarus, which was also responsible for attacks on SWIFT customers in
Southeast Asia as well as the 2014 hack of Sony Pictures Entertainment.
The U.S. government has
blamed North Korea for the Sony attack.
This is not as hard as this article make it seem. It does require managers to manage. An unused tool is worthless.
Samsung Recall Puts Supply-Chain Oversight in Spotlight
Samsung Electronic Co. ’s
botched recall of its Galaxy Note 7 smartphone is putting a spotlight on
supply-chain oversight and raising questions about the ability of today’s
technology and management tools to help companies maintain quality control in
giant complex networks of suppliers—as when products are being built and
upgraded more swiftly.
It's like Wells Fargo, only smaller. Will I get my money back?
FCC hits Comcast with $2.3 million fine
The Federal Communications Commission (FCC)
announced on Tuesday that it has a reached a $2.3 million settlement
with Comcast Corporation over charges for services that customers never
authorized.
It’s the largest fine the FCC has ever levied against a
cable company.
“The Communications Act and the FCC’s rules prohibit a
cable provider from charging its subscribers for services or equipment they did
not affirmatively request, a practice known as ‘negative option billing,’ ” a
statement from the FCC said.
… The Comcast
representative said the company is overhauling its customer service process.
“We have retrained our reps, and we’re providing specific
information to customers on the phone,” the representative said. “We have a way for them to quickly get things
resolved if there is something that they didn’t know about on their bill.”
Is this how Jeff Bezos beats Safeway and King Soopers? (Or 7-11?)
http://www.wsj.com/articles/amazon-to-expand-grocery-business-with-new-convenience-stores-1476189657
Amazon to Expand Grocery Business With New Convenience Stores
… The Seattle
company aims to build small brick-and-mortar stores that would sell produce,
milk, meats and other perishable items that customers can take home, these
people say. Primarily using their mobile phones or, possibly, touch screens
around the store, customers could also order peanut butter, cereal and other
goods with longer shelf lives for same-day delivery.
For customers seeking a quicker checkout, Amazon will soon
begin rolling out designated drive-in locations where online grocery orders
will be brought to the car, the people said. The company is developing
license-plate reading technology to speed wait times.
A heads-up for my lawyer friends.
Faced with the claim that AI and robots are poised to
replace most of today’s workforce, most mainstream professionals
— doctors, lawyers, accountants, and so on — believe they will emerge
largely unscathed. During our consulting
work and at conferences, we regularly hear practitioners concede that routine
work can be taken on by machines, but they maintain that human experts will
always be needed for the tricky stuff that calls for judgment, creativity, and
empathy.
Our
research and analysis challenges the idea that these professionals will be spared.
We expect that within decades the
traditional professions will be dismantled, leaving most, but not all,
professionals to be replaced by less-expert people, new types of experts, and
high-performing systems.
60 seconds of social media.
What happens online in one minute / 60 seconds
Potentially useful tool?
A Nice Way to Share Bundles of Links With Your Students
Sqworl is
a free bookmarking tool for teachers and students. In Sqworl you can create
groups or bundles of bookmarks to share with your students and or colleagues. It provides a convenient way for you or your
students to share collections of resources created while researching or
browsing the web. As is demonstrated in
my video below, Sqworl has a nice feature that lets you add descriptive notes
to each visual bookmark within your Sqworl bundles. Watch my video embedded below to learn more.
This is interesting!
Stack Overflow puts a new spin on resumes for developers
Stack
Overflow, the community site best known for providing answers for all of
your random coding questions, also has a thriving jobs board and provides
services to employers looking to hire developers. Today, the team is expanding the jobs side of
its business with the launch of Developer
Story, a new kind of resume that aims to free developers from the
shackles of the traditional resume.
… Developer Story
offers two views: a traditional resume view for employers and a more modern
timeline view. It’s the timeline view
that emphasizes your achievements, but even the traditional view puts its
emphasis on which projects you have contributed to, which languages you’ve
used, which questions you’ve answered on Stack Overflow, etc. What’s important to note is that it’s the
developers who gets to choose which accomplishments they want to highlight to
potential hiring managers.
… If you want to
give it a try, the new service is now available
on Stack Overflow; like all of the company’s other services for
developers, it’s available for free.
No comments:
Post a Comment