Wednesday, June 14, 2017

Like most breaches, the full story seems to trickle out over time, a really long time.  What will the states do about this? 
Flow of information on hacking of US election escalates
by Sabrina I. Pacifici on Jun 13, 2017
Bloomberg: “Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.  In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data.  The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database.  Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter.  In all, the Russian hackers hit systems in a total of 39 states, one of them said…  The new details, buttressed by a classified National Security Agency document recently disclosed by the Intercept, show the scope of alleged hacking that federal investigators are scrutinizing as they look into whether Trump campaign officials may have colluded in the efforts.  But they also paint a worrisome picture for future elections…” 


You should revisit all those activities you thought were Okay.  Laws change.  Security techniques change.  And the ability to detect a problem should get better with time.
Dana Branham reports:
OU unintentionally exposed thousands of students’ educational records — including social security numbers, financial aid information and grades in records dating to at least 2002 — through lax privacy settings in a campus file-sharing network, violating federal law.
The university scrambled to safeguard the files late Tuesday after learning The Daily had discovered the breach last week.  
[…]
In just 30 of the hundreds of documents made publicly discoverable on Microsoft Office Delve, there were more than 29,000 instances in which students’ private information was made public to users within OU’s email system.  Each instance could constitute a violation of the Family Educational Rights and Privacy Act, which gives students control over who can access their educational records.
Read more on OUDaily.


For my Computer Security students, as I send (some of) them out into the world! 
DHS, FBI release details on North Korea cyberattacks
The FBI and Department of Homeland Security (DHS) on Tuesday released technical details about the methods behind North Korea’s cyberattacks.
The agencies identified IP addresses associated with a malware known as DeltaCharlie, which North Korea uses to launch distributed denial-of-service (DDoS) attacks.
The alert called for institutions to come forward with any information they might have about the nation’s cyber activity, which the U.S. government refers to as “Hidden Cobra.”


Apparently, it is important to be able to give money away without interruption.
First federal agency gets 'A' grade in IT report card
Federal agencies averaged a "B" grade in information technology procurement in their latest report cards, with one agency being the first to score an "A."
The fourth version of the Federal Information Technology Acquisition Reform Act (FITARA) scorecard dropped Tuesday morning, with the B average the same as in the last report, six months ago.
   In the latest report card, the United States Agency for International Development scored the first ever A-range grade — an A-plus.  Commerce, Homeland Security, Housing and Urban Development, Justice, Veterans Affairs, the Environmental Protection Agency and the General Services Administration all scored in the B range.  Defense received the only F. 


For our website students.


Why you need a good teacher, not just any old teacher.

No comments: