Tuesday, November 07, 2017

“They’re going to cut off my Netflix? Oh the horror!”
How to Spot the Netflix Email Scam Hitting Millions of Subscribers
A new phishing email scam is targeting millions of Netflix subscribers. The email scam is designed to trick Netflix users into thinking their accounts are in danger of suspension, which means that any subscribers worried about having their latest Stranger Things binge interrupted could be in danger of falling prey to a scheme seeking their personal and credit card information.
According to Deadline, the new scam has already targeted roughly 110 million Netflix subscribers with phishing emails disguised as official correspondence from Netflix warning users that their accounts could be suspended if their billing information is not updated. The emails include a link to a fake Netflix page that asks users to enter log-in details and, eventually, updated personal and billing information.




The ethics of reporting the details of stolen data seem to depend on how interesting it is.
Hack of Global Law Firm Appleby Exposes Rich and Famous
Following the huge 2016 leak of documents stolen from Panamanian firm Mossack Fonseca (aka, the Panama Papers), the expected analyses of documents stolen more recently from the Appleby law firm (aka, the Paradise Papers) has begun. The route is the same in both cases -- the German newspaper Suddeutsche Zeitung obtained the stolen documents from an anonymous source (possibly the hacker, or via a third party), and passed them to the International Consortium of Investigative Journalists (ICIJ).
The ICIJ then worked with 95 media partners to explore a total of 13.4 million documents comprising those stolen from Appleby together with other documents from the smaller family-owned trust company, Asiaciti, and from company registries in 19 secrecy jurisdictions.
"While the mechanics of the breach itself have yet to be revealed, this was clearly a targeted attack," comments Mark Sangster, VP and industry security strategist at eSentire. "Appleby took appropriate response steps in notifying their clients; but you can't insure [against] this. This class of events demonstrates why law firms must protect their clients' confidential information. No amount of cyber insurance, data back strategies, nor business continuity planning can ever put this genie back in the bottle."
Incident response is relatively meaningless if no incident is detected -- or not, as in this case, detected until too late.




For my Computer Security students.
Windows 10: If you want a highly secure device, follow these rules, says Microsoft
Microsoft has released a new document explaining the minimum hardware and firmware requirements to create a "highly secure" Windows 10 device.
… "Systems must be on the latest, certified silicon chip for the current release of Windows," Microsoft notes on the issue of processor generations.
… The processor must have a 64-bit architecture,


(Related) Arguments my student will hear.
The Myth of Security Enabling Your Business
Every year there are reports and surveys which make the case that security inhibits innovation, productivity and generally holds businesses back. I am not going to argue with that sentiment. Security requires that things are done in a certain manner, which can act as a constraint on wanting to do things a different way. What I do want to address is the notion that this is the case because security people just don’t get business. It’s actually the reverse – businesses do not get security. And this misconception is based on several fallacies, false beliefs and myths.
The first myth is that security is an add-on cost.
The second myth is that security can be bolted on after the fact.
The greatest myth of all is that security people should make security easy.




As an Auditor or as a Security Manager, I would like some of these metrics. But I only want to see them when something changes significantly.
Big Brother isn't just watching: workplace surveillance can track your every move
… To monitor productivity, software can measure proxies such as the number of emails being sent, websites visited, documents and apps opened and keystrokes. Over time it can build a picture of typical user behaviour and then alert when someone deviates.
“If it’s normal for you to send out 10 emails, type 5,000 keystrokes and be active on a computer for three hours a day, if all of a sudden you are only active for one hour or typing 1,000 keystrokes, there seems to be a dip in productivity,” said Miller.
“Or if you usually touch 10 documents a day and print two and suddenly you are touching 500 and printing 200 that may mean you’re stealing documents in preparation of leaving the company.”




Politicians are not held to the same standard as CEOs. If a CEO does not know what is happening in his company, he is still responsible for it. No politician will accept responsibility for anything that may cost them votes.
FBI originally deemed Clinton ‘grossly negligent’ in handling of secret emails
The FBI originally planned to say that Hillary Clinton was “grossly negligent” in her handling of secret emails, a top senator said Monday, revealing early drafts of the statement that James B. Comey drew up as FBI director.
… Gross negligence would seem to be a high enough standard to have prosecuted Mrs. Clinton — though Mr. Comey ended up not recommending charges, saying that while the former first lady, senator and top diplomat was clueless, he couldn’t prove she knew how badly she was risking national security.
… In an original statement that Mr. Grassley says appears to have been drafted May 2, Mr. Comey said there was “evidence to support a conclusion that Secretary Clinton, and others, used the private email server in a manner that was grossly negligent with respect to the handling of classified material.”
He also wrote in that draft that “the sheer volume of information that was properly classified as Secret at the time it was discussed on email (that is, excluding the ‘up classified’ emails) supports an inference that the participants were grossly negligent in their handling of that information.”
By June 10, those sentences were deleted and Mr. Comey wrote: “Although we did not find clear evidence that Secretary Clinton or her colleagues intended to violate laws governing the handling of classified information, there is evidence that they were extremely careless in their handling of very sensitive, highly classified information.”


No comments: