“They’re going to cut off my Netflix? Oh the
horror!”
How to Spot
the Netflix Email Scam Hitting Millions of Subscribers
A new phishing email scam is targeting millions of
Netflix
subscribers. The email scam is designed to trick Netflix users into
thinking their accounts are in danger of suspension, which means that
any subscribers worried about having their latest Stranger Things
binge interrupted could be in danger of falling prey to a scheme
seeking their personal and credit card information.
According to Deadline,
the new scam has already
targeted roughly 110 million Netflix subscribers with
phishing emails disguised as official correspondence from Netflix
warning users that their accounts could be suspended if their billing
information is not updated. The emails include a link to a fake
Netflix page that asks users to enter log-in details and, eventually,
updated personal and billing information.
The ethics of reporting the details of stolen data
seem to depend on how interesting it is.
Hack of
Global Law Firm Appleby Exposes Rich and Famous
Following
the huge 2016 leak of documents stolen from Panamanian firm Mossack
Fonseca (aka, the Panama
Papers), the expected analyses of documents stolen more recently
from the Appleby law firm (aka, the Paradise
Papers) has begun. The route is the same in both cases -- the
German newspaper Suddeutsche Zeitung obtained the stolen documents
from an anonymous source (possibly the hacker, or via a third party),
and passed them to the International Consortium of Investigative
Journalists (ICIJ).
The
ICIJ then worked with 95 media partners to explore a total of 13.4
million documents comprising those stolen from Appleby together with
other documents from the smaller family-owned trust company,
Asiaciti, and from company registries in 19 secrecy jurisdictions.
… "While
the mechanics of the breach itself have yet to be revealed, this was
clearly a targeted attack," comments Mark Sangster, VP and
industry security strategist at eSentire. "Appleby took
appropriate response steps in notifying their clients; but you can't
insure [against] this. This class of events demonstrates why law
firms must protect their clients' confidential information. No
amount of cyber insurance, data back strategies, nor business
continuity planning can ever put this genie back in the bottle."
Incident
response is relatively meaningless if no incident is detected -- or
not, as in this case, detected until too late.
For my Computer Security students.
Windows 10:
If you want a highly secure device, follow these rules, says
Microsoft
Microsoft has released a new
document explaining the minimum hardware and firmware
requirements to create a "highly secure" Windows 10 device.
… "Systems must be on the latest,
certified silicon chip for the current release of Windows,"
Microsoft notes on the issue of processor generations.
… The processor must have a 64-bit
architecture,
(Related) Arguments my student will hear.
The Myth of
Security Enabling Your Business
Every
year there are reports and surveys
which make the case that security inhibits innovation, productivity
and generally holds businesses back. I am not going to argue with
that sentiment. Security requires that things are done in a certain
manner, which can act as a constraint on wanting to do things a
different way. What I do want to address is the notion that this is
the case because security people just don’t get business. It’s
actually the reverse – businesses do not get security. And this
misconception is based on several fallacies, false beliefs and myths.
The
first myth is that security is an add-on cost.
The
second myth is that security can be bolted on after the fact.
The
greatest myth of all is that security people should make security
easy.
As an Auditor or as a Security Manager, I would
like some of these metrics. But I only want to see them when
something changes significantly.
Big Brother
isn't just watching: workplace surveillance can track your every move
… To monitor productivity, software can
measure proxies such as the number of emails being sent, websites
visited, documents and apps opened and keystrokes. Over time it can
build a picture of typical user behaviour and then alert
when someone deviates.
“If it’s normal for you to send out 10 emails,
type 5,000 keystrokes and be active on a computer for three hours a
day, if all of a sudden you are only active for one hour or typing
1,000 keystrokes, there seems to be a dip in productivity,” said
Miller.
“Or if you usually touch 10 documents a day and
print two and suddenly you are touching 500 and printing 200 that may
mean you’re stealing documents in preparation of leaving the
company.”
Politicians are not held to the same standard as
CEOs. If a CEO does not know what is happening in his company, he is
still responsible for it. No politician will accept responsibility
for anything that may cost them votes.
FBI
originally deemed Clinton ‘grossly negligent’ in handling of
secret emails
The FBI
originally planned to say that Hillary
Clinton was “grossly negligent” in her handling of secret
emails, a top senator said Monday, revealing early drafts of the
statement that James
B. Comey drew up as FBI
director.
… Gross negligence would seem to be a high
enough standard to have prosecuted Mrs.
Clinton — though Mr.
Comey ended up not recommending charges, saying
that while the former first lady, senator and top diplomat was
clueless, he couldn’t prove she knew how badly she was risking
national security.
… In an original statement that Mr.
Grassley says appears to have been drafted May 2, Mr.
Comey said there was “evidence to support a conclusion that
Secretary Clinton,
and others, used the private email server in a manner that was
grossly negligent with respect to the handling of classified
material.”
He also wrote in that draft that “the sheer
volume of information that was properly classified as Secret at the
time it was discussed on email (that is, excluding the ‘up
classified’ emails) supports an inference that the participants
were grossly negligent in their handling of that information.”
By June 10, those sentences were deleted and Mr.
Comey wrote: “Although we did not find clear evidence that
Secretary Clinton
or her colleagues intended to violate laws governing the handling of
classified information, there is evidence that they were extremely
careless in their handling of very sensitive, highly classified
information.”
No comments:
Post a Comment