Fund Based on Digital Currency Ethereum to Wind Down After
Alleged Hack
… Founders of the
fund, DAO, which was built around a digital currency called Ethereum and which
raised more than $150 million this spring, said Friday morning they have
been forced to shut down the fund and plan for its unwinding.
The attack spirited away roughly 3.6 million Ethereum
coins, valued at around $55 million, from DAO to another account.
… The DAO’s
founders are planning to “fork” the code and effectively void the hacker’s
transactions.
“The DAO’s journey is over but all funds are safe,” said Stephan Tual, the
founder of Slock.It, the group that created DAO, which stands for Decentralized
Autonomous Organization. “All stolen
funds will be retrieved from the attacker.”
… DAO was set up
in May as an experiment in using digital currencies and self-operating digital
contracts to create a venture-capital fund that could run itself. But it was
criticized early on for being poorly constructed, and there were calls for it
to halt operations while it worked out its bugs. Those criticisms now appear prescient.
… One investor in
the DAO, Menno Pietersen, said he opposed the rescue and called the incident a
“horrible mess.” The DAO’s creators
“messed up” and didn’t take the time to build their product correctly, he said.
He acknowledged that he himself didn’t
vet the investment carefully enough, but said that as a backer of Ethereum, he was against any fix that would invalidate the goal
of creating a decentralized platform. If
trades can simply be erased, he asked, “what will they do next?”
Because no one is perfect.
Perhaps penetration testing should be continuous? (Pay attention Ethical Hacking
students.)
How Hired Hackers Got “Complete Control” Of Palantir
Palantir Technologies has cultivated a reputation as
perhaps the most formidable data analysis firm in Silicon Valley, doing
secretive work for defense and intelligence agencies as well as Wall Street
giants. But when Palantir hired
professional hackers to test the security of its own information systems late
last year, the hackers found gaping holes that left data about customers
exposed.
Palantir, valued at $20 billion, prides itself on an
ability to guard important secrets, both its own and those entrusted to it by
clients. But after being brought in to try
to infiltrate these digital defenses, the cybersecurity firm Veris Group
concluded that even a low-level breach would allow hackers to gain wide-ranging
and privileged access to the Palantir network, likely leading to the
“compromise of critical systems and sensitive data, including customer-specific
information.”
… Virtually every
company is vulnerable to hacks, to varying degrees. In recent years, red teams generally have had
a high success rate in getting deep inside of companies’ networks, and they virtually
always find at least some security flaws, according to an industry source. That Palantir did a red team exercise shows
that it wanted to identify and repair any such flaws. The Veris report notes multiple strengths in
Palantir’s defenses, including an “excellent” response by its security staff.
I’ll bet this is not their policy. If they have a policy. Something my Computer Security students need
to think about.
For today’s object lesson (and maybe abject lesson),
I give you FIS Global and Guaranty Bank and Trust.
I’ve written up the incident in more
detail over on the Daily
Dot, but the short version is a hacker (@1×0123) found a vulnerability
in FIS Global’s client portal login and tweeted about it. FIS didn’t
respond to him directly. Instead, they
got his Twitter account locked and the screenshots removed.
Getting a hacker’s Twitter account locked. What could possibly go wrong, right?
It wasn’t just the hacker they failed to respond to. FIS also failed to respond to two inquiries
by this blogger to their communications department and one attempt to reach
their Twitter team.
Trying a different route, and not knowing at the time
whether the vulnerability had been addressed, this blogger also reached out to
contact the bank client whose data was being exposed on the Internet. They didn’t reply to two voicemails left with
two different executives.
C’mon, folks. Don’t
you want people to let you know if they find a vulnerability that’s exposing
your customer data or proprietary information? Are you familiar with behaviorism?
If you keep ignoring people when they take time out of
their lives to try to alert you to a situation, well, then the next time
someone finds a vulnerability, they’ll either just keep it to themselves,
exploit it, or share it with others who will exploit it. Is that what you really want? When someone notifies you, then even if you
were already aware of the situation, take a damned moment to let them know you
got their message and appreciated it.
At the very least, try not to tick off the hacker, okay,
because it just may make a difference in their decision to publicly
dump your data.
Read my report on the Daily
Dot
I thought this might happen. Firefox is allowing anyone to have a personal
account, a business account, a dating account, a job search account, a ‘say
outrageous things’ account, a ‘don’t let this screw up my credit’ account,
etc. No doubt the FBI (et al) will want
to make connections that users would like to keep separate.
Firefox Containers Help You Browse The Web Using Separate
Identities
In the physical world, when interacting with other people,
we like to think that we have a strong, recognizable personality, but the truth
is we often tend to change it according to the context we’re in. We behave differently when we are among
friends than with our boss, our parents or our children. At work we’re one
person, on holiday another.
So far this has been hardly possible to replicate online,
mainly because our surfing experience is tracked and monitored in every
possible way in order to build a single, identifiable profile, which
advertisers can use to target us.
Enters “Containers”, a new interesting feature Mozilla is
testing in version 50 of the Nightly build of its popular Firefox browser. As security engineer Tanvi Vyas writes in the company’s blog, with Containers “users are
able to portray different characteristics of themselves in different
situations”.
Say you have two twitter accounts and want to login to
them at the same time? No need to open a secondary browser or launch a desktop
application like TweetDeck. With
Nightly, you could just open the File menu and select the “New Container Tab”
option, choosing between the Personal, Work, Shopping, and Banking options.
… Imagine you’re
trying to book a flight and you don’t want the airline to adjust the price according to your browsing history: you
won’t have to delete all your cookies any more, just open a separate tab.
As Vyas acknowledges, the idea of contextual identities is not new, but so far it
has been hard to implement, mainly because it’s difficult to figure out what
the best user experience should be.
The model I’ve proposing for years!
Municipal fiber network will let customers switch ISPs in
seconds
Most cities and towns that build their own broadband
networks do so to solve a single problem: that residents and businesses aren't
being adequately served by private cable companies and telcos.
But there's more than one way to create a network and
offer service, and the city of Ammon, Idaho, is deploying a model that's worth
examining. Ammon has built an open access network that lets
multiple private ISPs offer service to customers over city-owned fiber. The wholesale model in itself isn't
unprecedented, but Ammon has also built a system in which residents will be
able to sign up for an ISP—or switch ISPs if they are dissatisfied—almost
instantly, just by visiting a city-operated website and without changing any
equipment.
Perspective. My
students will be shocked. They thought
Uber was always profitable.
Uber points to profits in all developed markets
Uber says it has now reached profitability in all its
developed markets, underscoring the business case for the new ride-hailing
models that are disrupting the transportation industry.
Travis Kalanick, chief executive, told the FT that Uber is
making money in North America, Australia and in its Europe, Middle East and
Africa region, on a basis that excludes interest and tax.
“We have hundreds of cities that are profitable globally,”
he said. “That allows us to invest in
new places, and to sustainably invest in a very expensive place like China.”
Mr Kalanick also disclosed that China — where
the company is fighting a costly subsidy battle with rival Didi Chuxing —
is now Uber’s biggest market by number of rides, accounting for a third of the
company’s daily trips.
Because crazy people…
Active Shooter Event: Quick Reference Guide – DHS
by Sabrina
I. Pacifici on Jun 17, 2016
Department of Homeland Security guide – quick reference
guide to assist friends, family, colleagues, co-workers, organizations – “An
“active shooter” is an individual who is engaged in killing or attempting to
kill people in a confined and populated area; in most cases, active shooters
use firearms(s) and there is no
pattern or method to their selection of victims.”
Once again…
Hack Education Weekly News
… “A Swedish
college has been ordered to refund tuition fees to an American business student
for giving her a poor economics education,” the
AP reports. “The Vastmanland court
ruled Tuesday the Malardalen University’s two-year program
‘Analytical Finance’ that Connie Askenback attended from 2011 to 2013 ‘had no
practical value.’”
… From
the press release: “Achieving the Dream Launches Major National Initiative
to Help 38 Community Colleges in 13 States Develop New Degree Programs Using Open
Educational Resources.” More via
The Chronicle of Higher Education.
… Via
the Detroit Free Press: “Wayne State drops math as general ed
requirement.” [5 out of 4
students thrilled! Bob]
… Via
The Chronicle of Higher Education: “Facebook Reveals How
It Decides if a Research Project Is Ethical.”