DDoS attack against Whitehouse.gov eyed as a valid protest
When Donald Trump is inaugurated as the U.S. President on
Friday, Juan Soberanis intends to protest the event -- digitally.
His San Francisco-based protest platform is calling on
Americans to oppose Trump’s presidency by visiting the Whitehouse.gov site and
overloading it with too much traffic. In
effect, he’s proposing a distributed denial-of-service attack, an illegal act
under federal law. But Soberanis doesn’t
see it that way. [They never do. Bob]
You have to plan for and manage any change.
I think a study I saw recently said about 69% of entities
reported data loss or breaches associated with departing employees. Vic Ryckaert reminds us what can help if
you don’t have control of all administrator credentials before you terminate an
employee:
Indianapolis-based American College of Education fired its
information technology employee last year, according to court documents, but
not before an administrative password was changed.
The online college then
asked the man to unlock the Google account that stored
email and course material for 2,000 students, according to a lawsuit filed by
the college. The man said he’d be
willing to help — if the college paid him $200,000.
Read more on IndyStar.
[From the
article:
In May, returning students could no longer access their
email accounts, papers and other course work. Google suspended access after too many failed
login attempts to the administrative account.
School officials asked Google for help. Google, the college said, refused to grant
access to anyone other than Williams, who was listed as the account's sole administrator. [Do you see a simple solution
here? Bob]
When officials called Williams, he directed them to his
lawyer.
"In order to amicably settle this dispute, Mr.
Williams requires a clean letter of reference and payment of $200,000,"
attorney Calvita J. Frederick wrote in a letter to the college's attorney.
You see why the ‘Best Practice’ is to avoid reuse of
passwords.
Credential Stuffing: a Successful and Growing Attack
Methodology
Credential theft occurs when attackers breach a system and
steal users' access credentials -- usually ID and password. The ID is most commonly the user's email
address. Credential spilling is when
those credentials are made available to other criminals. Credential stuffing is the large scale use of
automated means to test stolen passwords against other unrelated websites.
It is made possible because of the tendency for users to
recycle their passwords for multiple accounts. This means that if criminals can crack stolen
passwords from one account, they have legitimate credentials that have quite
likely been used on other accounts.
Something for my Computer Security demonstration team to
try?
It’s shockingly easy to hijack a Samsung SmartCam camera
Smart cameras marketed under the Samsung brand name are vulnerable to
attacks that allow hackers to gain full control, a status that allows the
viewing of what are supposed to be private video feeds, researchers said.The remote code-execution vulnerability has been confirmed in the Samsung SmartCam SNH-1011, but the researchers said they suspect other models in the same product line are also susceptible.
… It stems from
the failure to properly filter malicious input included in the name of uploaded
files. As a result, attackers who know
the IP address of a vulnerable camera can exploit the vulnerability to inject
commands that are executed with unfettered root privileges.
… The researchers provided more
technical details here
and also included the following video demonstration: https://www.youtube.com/watch?v=-_lcZyZkRe4
So, what should the Best Practice be?
Police Body-Worn Camera Legislation Tracker
by Sabrina
I. Pacifici on Jan 17, 2017
Via Urban Institute: “Laws governing how and when police
body-worn cameras can be used and whether the footage is released vary
considerably across the country. Use our
legislation tracker, which we will update periodically, to find out more about
passed and pending legislation in your state. For the latest commentary, click here.”
A ‘promise’ vs. ‘our current policy?’
John Ribeiro reports:
A privacy lawsuit against
WhatsApp in India over its new data sharing policy has got momentum with the
country’s top court seeking responses from Facebook, WhatsApp and the federal
government.
The privacy policy of WhatsApp at
launch in 2010 did not allow sharing of user data with any other party, and
after Facebook announced its acquisition of the messaging app in 2014, it was
“publicly announced and acknowledged” by WhatsApp that the privacy policy would
not change, according to the petition filed by Indian users of WhatsApp.
WhatsApp sparked off a furore
last year when it said it would be sharing
some account information of users with Facebook and its companies,
including the mobile phone numbers they verified when they registered with
WhatsApp.
Read more on PC
World.
If WhatsApp was feeling a tad beleaguered this week, it
would be understandable. In other
WhatsApp news, they’ve been addressing accusations that they have a “backdoor”
that allows government snooping, an accusation they have firmly denied. The “backdoor” claims started with
a researcher’s report. You can read a
recap of the kerfuffle on Economic
Times.
Try to keep up with the terminology, Bob!
Hyperconvergence: What’s all the hype about?
One of the hottest trends in data center technology is
hyperconvergence, with early adopters reaping the benefits of cost savings,
enhanced data protection, increased scalability and ease of management.
So, what is hyperconvergence? It’s a way to simplify data center operations
and management by combining compute, storage and networking in a single,
software-driven appliance.
It’ll never fly. (Unless Uber is investing in it. Are they?) Sounds like ‘fake news’ to me.
Airbus CEO sees 'flying car' prototype ready by end of year
Airbus Group plans to test a prototype for a self-piloted
flying car as a way of avoiding gridlock on city roads by the end of the year,
the aerospace group's chief executive said on Monday.
Airbus last year formed a
division called Urban Air Mobility that is exploring concepts such as a vehicle
to transport individuals or a helicopter-style vehicle that can carry multiple
riders. The aim would be for people to
book the vehicle using an app, similar to car-sharing schemes.
I have used the Venetian Arsenal as an example of ‘just in
time’ manufacturing in use centuries before it became the next big thing. Those who do not study history…
Most organizations would be happy to last for centuries,
as the Venetian Republic did. From 697
to 1797 AD, Venice’s technological acumen, geographic position, and
unconventionality were interlocking advantages that allowed the Most Serene
Republic to flourish. But when change comes suddenly, it can turn strengths
into weaknesses and sweep away even thousand-year success stories.
… But, like a lot
of successful entities, Venice reached a point where it focused more on exploitation
than exploration: Venetian traders followed existing paths to success. Entrepreneurs chose not to move away from
traditional pathways. Established
practices and preferences became more popular than exploration and speculation.
Merchants and traders played the game of
incremental innovation by focusing on efficiency and optimization.
… What’s the
lesson for entrepreneurs and innovators today? The stronger the assumption that the future
will function as today does, the greater the gravitational force of the status
quo. Organizations set in their ways
slow down and never strive for new horizons. They are doomed to wither.
Something for my students to think about.
As goes Target, so goes the retail industry? Is that why Walmart is pushing itself
online?
Target Joins Long List of Retailers Killed by Online Shopping
… Same-store sales
for November and December decreased 1.3%, Target said on Wednesday. Sales in
Target's stores dived 3%, while sales online rose more than 30%. Target saw sales declines in most of its
product categories, led by a high-single-digit drop in electronics and
entertainment.
Most Americans think Trump's tweets are a bad idea: poll
WSJ/NBC poll finds 47% of Republicans also uneasy
Americans have a clear message for Donald
Trump: Stop tweeting!
A new Wall Street Journal/NBC News poll finds that a
strong majority believes that the president-elect's prolific use of Twitter is
a bad idea.
Some 69% of adults agreed with the
statement that his use of Twitter is bad because "in an instant, messages
can have unintended major implications without careful review."
No comments:
Post a Comment