Almost everyone has been hacked. What will you do
about it?
Equifax, one of the three major consumer credit
reporting agencies, said on Thursday that hackers had gained access
to company data that potentially compromised sensitive information
for 143 million American consumers, including Social Security numbers
and driver’s license numbers.
… “This is about as bad as it gets,” said
Pamela Dixon, executive director of the World Privacy Forum, a
nonprofit research group. “If you have a credit report, chances
are you may be in this breach. The chances are much better than 50
percent.”
Criminals gained
access to certain files in the company’s system from
mid-May to July by exploiting a weak point in website
software, according to an investigation by Equifax and security
consultants. The company said that it
discovered the intrusion on July 29 and has since found no
evidence of unauthorized activity on its main consumer or commercial
credit reporting databases.
… “On a scale of
1 to 10 in terms of risk to consumers, this is a 10,” said Avivah
Litan, a fraud analyst at Gartner.
… Last year,
identity thieves successfully made off with critical W-2 tax and
salary data from an Equifax website. And earlier this year, thieves
again stole W-2 tax data from an Equifax subsidiary, TALX, which
provides online payroll, tax and human resources services to some of
the nation’s largest corporations.
Cybersecurity
professionals criticized Equifax on Thursday for not improving its
security practices after those previous thefts, and they
noted that thieves were able to get the company’s crown jewels
through a simple website vulnerability.
“Equifax should have multiple layers of
controls” so if hackers manage to break in, they can at least be
stopped before they do too much damage, Ms. Litan said.
Potentially
adding to criticism of the company, three senior executives,
including the company’s chief financial officer, John Gamble, sold
shares worth almost $1.8 million in the days after the breach was
discovered. The shares were not part of a sale planned in
advance, Bloomberg reported.
… Equifax has
created a website, www.equifaxsecurity2017.com,
to help consumers determine whether their data was at risk.
… Beyond
compromising the personal data of millions of consumers, the breach
also poses a potential national security threat. In recent years,
Chinese nation-state hackers have breached insurers like Anthem and
federal agencies, siphoning detailed personal and medical
information. These hackers go wide in their assaults in an effort to
build databases of Americans’ personal information, which can be
used for blackmail or future attacks.
Again? Same thing every election cycle?
Software to
capture votes in upcoming national election is insecure
The Chaos
Computer Club is publishing an analysis of software used for
tabulating the German parliamentary elections (Bundestagswahl). The
analysis shows a host of problems and security holes, to an extent
where public trust in the correct tabulation of votes is at stake.
Proof-of-concept attack
tools against this software are published with source code.
Might be
amusing to try this in my Computer Security class.
EU Defense
Ministers Put to Test in Mock Cyberattack
A
major cyberattack targets European Union military structures, with
hackers using social media and "fake news" to spread
confusion, and governments are left scrambling to respond as the
crisis escalates.
This
was the scenario facing a gathering of EU defence ministers in
Tallinn on Thursday as they undertook a exercise simulating a cyber
assault on the bloc -- the first mock drill of its kind at such a
senior level in Europe.
...
NATO now considers
cyberspace to be a conflict domain alongside that of air, sea and
land.
… "We
are not creating programmers from the ministers but we want them to
understand that these quickly developing situations could demand
quick political decisions -- that's the idea of the exercise,"
Estonian Defence Minister Juri Luik said.
-
'Exciting' exercise -
Estonian
officials said the aim was to improve ministers' understanding of the
kinds of target that could be hit by a cyberattack, the effects such
an attack could have and how they could respond -- as well as the
need for clear, coordinated communication with the public on what can
be a complex issue.
German
Defence Minister Ursula von der Leyen said the two-hour exercise was
"extremely exciting".
"The
adversary is very, very difficult to identify. The attack
is silent, invisible... it is cost-effective
for the adversary because he does not need an army, but
only a computer with internet connection," she said.
A
hack-the-hackers project for my Digital Forensics students: get
copies of these tools and find a way to detect or block them.
Shadow
Brokers Release Tool Used by NSA to Hack PCs
The
hacker group calling itself Shadow Brokers continues to release tools
and exploits allegedly stolen from the U.S. National Security Agency
(NSA), including a sophisticated espionage platform that can be used
to take full control of targeted computers.
In
the past year, Shadow
Brokers has apparently tried to make a significant
amount of money by offering to sell various tools and exploits
used by the Equation Group, a cyber espionage actor linked by
researchers to the NSA.
After
several failed attempts, the Shadow Brokers’ latest offer involves
monthly
leaks for which interested parties have to pay a fee ranging
between 100 Zcash (roughly $24,000) and 16,000 Zcash (roughly $3.8
million) -- older dumps can be acquired for a few hundred Zcash while
the price of future dumps will increase exponentially. An analysis
of their cryptocurrency addresses showed that the hackers have made
at least tens
of thousands of dollars from the monthly dump service.
With
the September
release, announced on Wednesday, Shadow Brokers informed
interested entities that they will offer two dumps every month, and
that Monero digital currency is no longer accepted.
Now here is a thankless
job…
What North
Korea thinks about Trump — according to the man who interprets his
tweets for Kim Jong Un
… Pak Song Il, the North Korean tasked with
interpreting US politics, statements, and military posture, told
Osnos during a trip to Pyongyang that Trump had thrown him for a
loop.
"When he speaks, I have to figure out what he
means, and what his next move will be," Pak said. "This is
very difficult."
"He might be irrational — or too smart. We
don’t know," Pak said.
Perspective.
News Use
Across Social Media Platforms 2017
As of
August 2017, two-thirds (67%) of Americans report that they get at
least some of their news on social media – with two-in-ten doing so
often, according to a new survey from Pew Research Center.
… For the first time in the Center’s
surveys, more than half (55%) of Americans ages 50 or older report
getting news on social media sites. That is 10 percentage points
higher than the 45% who said so in 2016. Those under 50, meanwhile,
remain more likely than their elders to get news from these sites
(78% do, unchanged from 2016).
Too good to be true? A follow-up.
MoviePass
Bungles Its First Big Test With Subscribers To Its $9.95/Month
Service
Movie ticket subscription purveyor MoviePass is
off to a rocky start, with delays in delivering membership cards to
new subscribers and a significant number of customers complaining
that a buggy app is preventing them from getting in to the movies
they were expecting to see.
… on Thursday the New York City-based ticket
subscription service advised via a mass email titled “Important
MoviePass Updates” that it would not be delivering membership cards
to new paying subscribers within the ‘5-7 days business days’
period that it had promised upon receiving their initial $9.95
payments.
The email explained: “Though our processing
facility has increased production, there is currently a 2-3
week delay in card delivery.” The communique cited
“unprecedented demand” as the cause of the problem.
… Google Play Store data indicates that the
MoviePass app has been downloaded over 100,000 times. Of the 2,500
users who have rated the app, approximately half gave it the lowest
possible rating of one star out of five. I took it upon myself to
check out the app, and after less than a minute of experience with it
I found myself frustrated and feeling that those scathing reviews
were well justified.
The first thing the app does is demand access to
the user's smartphone files and photos, as well as the ability to
track their location. If a user declines to provide MoviePass with
what appears to be unlimited access to their private information, the
app immediately freezes them out of the service, even though they
have paid for it.
Robot law. (I wonder if this would improve
student averages too?)
No comments:
Post a Comment