Saturday, December 17, 2016

The tool that moves the world’s money is vulnerable.  Is this the best an alert bank’s security procedures could do?  If so, lots of banks are in serious trouble.
Reuters reports:
Hackers targeted Turkey’s Akbank via the SWIFT global money transfer system in an attack which the bank said had not compromised customer data but would cost it up to $4 million.
Banks globally face a growing threat from cyber attacks, more of which have succeeded since February’s $81 million heist from the Bangladesh central bank.  It was not immediately clear how much, if any, money had been stolen from Akbank, Turkey’s third-largest listed bank by assets and it would not give any further details beyond confirming it had been targeted in a SWIFT attack on Dec. 8.
Read more on The Fiscal Times.


Am I right to assume that compromised accounts could result in pizzas delivered to people who never ordered them? 
So Domino’s says it hasn’t been hacked, but it wants its customers to use better security hygiene because so many other companies have been hacked.  Michael Moore reports:
The pizza delivery chain emailed customers today urging them to change the password linked to their My Domino’s account as soon as possible.
Although Domino’s says that the company has not been hacked, the company says it is simply advising customers to up their security practices to boost their own protection.
Read more on The Express.
[From the article:
The email told customers that "a small handful" of its customers had been the victim of cyber-scams that stole the password used not just for their Domino's account, but on other websites as well.


For my Computer Security class.  What really happened.  The hacker got userids and passwords for employee emails, the emails had county resident information, nothing got out, but LA will provide “free identity monitoring” for victims, but denies there were any victims. 
On a single day in May, 108 Los Angeles County employees fell for a phishing attack that affected approximately 756,000 individuals.  Here is the press release issued Dec. 16 from the County of Los Angeles Chief Executive Office:
The County of Los Angeles today disclosed that it was the victim of a phishing email attack that potentially affected hundreds of thousands of individuals and has resulted in felony charges against a Nigerian national.
Based on intensive investigation and monitoring, there is no evidence that confidential information from any members of the public has been released because of the breach.
The phishing incident occurred May 13, 2016, when 108 County employees were tricked into providing their usernames and passwords through an email designed to look legitimate.  Some of those employees had confidential client/patient information in their email accounts because of their County responsibilities.
   An exhaustive forensic examination by the County has concluded that approximately 756,000 individuals were potentially impacted…
   At the direction of the District Attorney’s Office, notification of the potentially affected individuals was delayed to protect the confidentiality of the sensitive, ongoing investigation and prevent broader public harm.
   The County of Los Angeles is committed to assisting any individuals whose personal information may have been compromised in this phishing incident.
That information may have included first and last names, dates of birth, Social Security numbers, driver’s license or state identification numbers, payment card information, bank account information, home addresses, phone numbers, and/or medical information, such as Medi-Cal or insurance carrier identification numbers, diagnosis, treatment history, or medical record numbers.


What would satisfy the Secretary of State?  How about your BoD?
DHS responds to hacking accusations from Georgia
Department of Homeland Security (DHS) officials said Friday they have identified the cause of an incident that led the state of Georgia to accuse the agency of attempting to hack its network. 
Last week, Georgia Secretary of State Brian Kemp sent a letter DHS head Jeh Johnson asking why the state’s systems had logged what he called an attempt to breach its network coming from a DHS internet address.  Kemp said an attacker had tried to scan his systems.
DHS officials told reporters on a conference call Friday that the attempted entry came from an employee at the state's Federal Law Enforcement Training Center who was accessing Georgia's database of licensed security personnel.  The training center regularly accesses that database to verify that potential employees are licensed.
Based on the data provided by Kemp, the DHS was able to identify why the alarm was triggered, it said: The center employee cut and pasted data from the website into Microsoft Excel.  Excel sent out what’s known as an HTTP option command, a request for server information.
   Johnson sent Kemp a reply to this affect Monday, but the secretary of State was not satisfied with his answer.
On Wednesday, he wrote to Donald Trump to ask the president-elect to investigate.


Interesting.  As recently as Sunday the FBI said that Russia’s motives were “fuzzy.”  Who changed their mind?
FBI in agreement with CIA that Russia aimed to help Trump win White House
FBI Director James B. Comey and Director of National Intelligence James R. Clapper Jr. are in agreement with a CIA assessment that Russia intervened in the 2016 election in part to help Donald Trump win the White House, officials disclosed Friday, as President Obama issued a public warning to Moscow that it could face retaliation.

(Related).  It was anyone’s fault but mine? 
Clinton blames FBI director & Russia for her defeat
Democratic presidential candidate Hillary Clinton told her donors that FBI Director James Comey and Russian President Vladimir Putin were the chief culprits for her loss to Donald Trump in November, ignoring problems that were revealed about her campaign.


Here’s my idea: Presidential pardons for my Ethical Hacking students.
Will Obama Order American Hackers to Dox Putin?


Would you rather be first or right? 
The First Reply to a Trump Tweet Is Prime Media Space
Donald Trump tweeted again this morning.
I mean, of course he did.  The president-elect can’t seem to stay away from the platform, where he spouts off about everything from the television programs he dislikes to the conspiracy theories he’s heard.  He has more than 17 million followers.
The ability to broadcast a message directly and immediately to that many people—and the many more who then see his messages, which are inevitably amplified by retweets and news reports—represents a profound kind of power.  Tweeting is also a way for Trump to leapfrog the press as traditional informational gatekeepers.  
   In this media microcosm, Trump’s tweet is something like the headline on the front page.  (Perhaps a more apt comparison is the text screaming across the bottom of the cable news screen.)  Meanwhile, the rest of the action unfolds in the reply field.  Being the first to reply to a Trump tweet promises someone an enormous audience.
   “So the reply space is a media channel unto itself,” said Justin Hendrix, the executive director of NYC Media Lab, a public-private partnership that connects universities and technology companies. “You see various people, including professional journalists, taking advantage of it.

(Related).  A tool to get your reply there firstest with the mostest?  
Now you can fact-check Trump’s tweets — in the tweets themselves
   people who just click through to the link see only Trump's claim, and none of the context.
Unless, of course, they've installed our extension for Google Chrome.
We made a tool that slips a bit more context into Trump's tweets.  It's still in the early stages, but our goal is to provide additional context where needed for Trump's tweets moving forward (and a few golden oldies).
   Sometimes, we just add more context, like when Trump announced his pick of Rex Tillerson to serve as secretary of state.  Curious for more info?  It's right there in the tweet now.
It takes a little while for the Chrome extension to update, so we'll try to stay up to speed on fact-checking what Trump is tweeting, but it may take a few minutes.  This is a work in progress, so don't hesitate to offer feedback and thoughts.
And don't hesitate to point to Trump tweets that could use a little explication.  That's the goal, after all.


Anything to get rid of my students. my wonderful students jobs! 
BLS online resource center for Jobseekers or Workers
by Sabrina I. Pacifici on Dec 16, 2016

No comments: