Don’t mess with
Putin.
Hackers
Leak Olympic Committee Emails in Response to Russia Ban
A
group of hackers linked to Russia has leaked several emails
apparently exchanged between officials of the International Olympic
Committee (IOC) and other individuals involved with the Olympics.
The leak comes in response to Russia being banned from the upcoming
Pyeongchang 2018 Winter Games in South Korea.
The
group, calling itself Fancy Bears and claiming to be a team of
hacktivists that “stand for fair play and clean sport,”
previously released confidential athlete medical records stolen from
the systems of the World Anti-Doping Agency (WADA),
and also targeted the International Association of Athletics
Federations (IAAF).
One of their most recent leaks included emails
and medical records related to football (soccer) players who used
illegal substances.
The
first leaks from Fancy Bears came shortly after Russian athletes were
banned from the 2016 Rio Olympics following reports that Russia had
been operating a state-sponsored doping program.
While
Fancy Bears claim to be hacktivists, researchers have found ties
between the group and Fancy Bear, a sophisticated Russian cyber
espionage team also known as APT28, Pawn Storm, Sednit, Sofacy, Tsar
Team and Strontium.
The
latest leak includes emails apparently exchanged between IOC
officials and other individuals involved with the Olympics. Some of
the messages discuss the recent decision to ban
Russia from the upcoming Winter Games based on the findings of
the IOC Disciplinary Commission.
… While
the hackers claim the emails they leaked prove the accusations, a
majority of the messages don’t appear to contain anything critical.
Furthermore, Olympics-related organizations whose systems were
previously breached by the hackers claimed at the time that some of
the leaked files had been doctored.
Evaluating
the potential for hacking without actually hacking.
Is India's
Aadhaar System Really "Hack-Proof"? Assessing a Publicly
Observable Security Posture
Gosh, what a clever idea!
Uber’s
Secret Tool for Keeping the Cops in the Dark
In May 2015 about 10 investigators for the Quebec
tax authority burst into Uber
Technologies Inc.’s office in Montreal. The authorities
believed Uber had violated tax laws and had a warrant to collect
evidence. Managers on-site knew what to do, say people with
knowledge of the event.
Like managers at Uber’s hundreds of offices
abroad, they’d been trained to page a number that alerted specially
trained staff at company headquarters in San Francisco. When the
call came in, staffers quickly remotely logged off every computer in
the Montreal office, making it practically impossible for the
authorities to retrieve the company records they’d obtained a
warrant to collect. The investigators left without any evidence.
There ought to be a law…
This is still happening? It shouldn’t
be. At what point should they be required to abandon using fax?
Alicia Bridges of CBC reports:
The Saskatchewan Health Authority has again faxed private medical information about a patient to a North Battleford computer shop, according to the frustrated owner of the business.
Darryl Arnold says his company fax machine received a 21-page medical report from the Shellbrook Hospital that was intended for a North Battleford-area doctor.
Read more on CBC.
What’s also disturbing
is that they seem to be trying to put the problem-solving on the
involuntary recipient of their misdirected faxes:
Arnold said his company’s fax number is nearly identical to the one belonging to a North Battleford-area doctor’s office — it’s just one digit different.
He said he has been in contact with a health authority worker, who suggested he address the problem by changing his business fax number.
Arnold said he is willing to do that as long as the health authority compensates him for reprinting company business cards and letterhead.
But he said the health authority did not respond after he sent them the amount he wants them to pay for the number.
Arnold said the authority also suggested he try to set up his fax machine to block faxes from health authority numbers, but the company that sold him the machine has told him that’s not possible.
SHA is the source of the breach. THEY have to
solve/prevent this – not the computer shop. Jeez….
For my Computer Security students.
I like the “annual inspection” idea. BUT
Let’s do the math: $100 times 143,000,000 = More than the PowerBall
and MegaMillions combined! It will never pass.
Bill Would
Establish Cybersecurity Inspections, Impose Mandatory Penalties, and
Compensate Consumers for Stolen Data
“United States Senators Elizabeth Warren
(D-Mass.) and Mark Warner (D-Va.) today introduced the Data Breach
Prevention and Compensation Act to hold large credit reporting
agencies (CRAs) – including Equifax – accountable for data
breaches involving consumer data. The bill would give the Federal
Trade Commission (FTC) more direct supervisory authority over data
security at CRAs, impose mandatory penalties on CRAs to incentivize
adequate protection of consumer data, and provide robust compensation
to consumers for stolen data. In September 2017, Equifax announced
that hackers had stolen sensitive personal information – including
Social Security Numbers, birth dates, credit card numbers, driver’s
license numbers, and passport numbers – of over 145 million
Americans. The attack
highlighted that CRAs hold vast amounts of data on millions of
Americans but lack adequate safeguards against hackers.
Since 2013, Equifax has disclosed at least four separate hacks in
which sensitive personal data were compromised. The Data Breach
Prevention and Compensation Act would establish an Office of
Cybersecurity at the FTC tasked with annual inspections and
supervision of cybersecurity at CRAs. It would impose mandatory,
strict liability penalties for breaches of consumer data beginning
with a base penalty of $100
for each consumer who had one piece of personal identifying
information (PII) compromised and another $50 for each additional PII
compromised per consumer. Under this legislation, Equifax
would have had to pay at least a $1.5 billion penalty for their
failure to protect Americans’ personal information. To ensure
robust recovery for affected consumers, the bill would also require
the FTC to use 50% of its penalty to compensate consumers and would
increase penalties in cases of woefully inadequate cybersecurity or
if a CRA fails to timely notify the FTC of a breach.”
For our Disaster Recovery discussion.
The Most
Awful Transit Center in America Could Get Unimaginably Worse
… One day this autumn, an Acela pulls into
Newark, N.J., and a railway spokesman escorts me onto the rear engine
car, where we stand and take in the view facing backward. As we
descend into one of the Hudson tunnels—there are two, both 107
years old, finished in the
same year the Wright brothers built their first airplane factory—a
supervisor flips on the rear headlights, illuminating the ghastly
tubes.
What I have been saying for years.
Community-Owned
Fiber Networks: Value Leaders in America
Community-Owned
Fiber Networks: Value Leaders in America. Pricing Review Shows They
Provide Least-Expensive Local “Broadband”. January 10, 2018.
“By one recent estimate about 8.9 percent of
Americans, or about 29 million people, lack access to wired home
“broadband” service, which the U.S. Federal Communications
Commission defines as an internet access connection providing speeds
of at least 25 Mbps download and 3 Mbps upload. Even where home
broadband is available, high prices inhibit adoption; in one national
survey, 33 percent of non-subscribers cited cost of service as the
primary barrier. Municipally and other community-owned networks have
been proposed as a driver of competition and resulting better service
and prices. We examined prices advertised by a subset of
community-owned networks that use fiber-to-the-home (FTTH)
technology. In late 2015 and 2016 we collected advertised prices for
residential data plans offered by 40 community-owned (typically
municipally-owned) FTTH networks. We then identified the
least-expensive service that meets the federal definition of
broadband (regardless of the exact speeds provided) and compared
advertised prices to those of private competitors in the same
markets. We were able to make comparisons in 27 communities and
found that in 23 cases, the community-owned FTTH providers’ pricing
was lower when the service costs and fees were averaged over four
years. (Using a three year-average changed this fraction to 22 out
of 27.) In the other 13 communities, comparisons were not possible,
either because the private providers’ website terms of service
deterred or prohibited data collection or because no competitor
offered service that qualified as broadband. We also found that
almost all community-owned FTTH networks offered prices that were
clear and unchanging, whereas private ISPs typically charged initial
low promotional or “teaser” rates that later sharply rose,
usually after 12 months. We made the incidental finding that Comcast
advertised different prices and terms for the same service in
different regions. We do not have enough information to draw
conclusions about the impacts of these practices. In general, our
ability to study broadband pricing was constrained by the lack of
standardization in internet service offerings and a shortage of
available data. The FCC doesn’t collect data from ISPs on
advertised prices, prices actually charged, service availability by
address, consumer adoption by address, or the length of time
consumers retain service.”
Perspective.
Health Care
Just Became the U.S.’s Largest Employer
The
Atlantic – “This moment was inevitable. It just wasn’t
supposed to happen so soon. Due to the inexorable aging of the
country—and equally unstoppable growth in medical spending—it was
long obvious that health-care jobs would slowly take up more and more
of the economy. But in the last quarter, for the first time in
history, health care has surpassed manufacturing and retail, the most
significant job engines of the 20th century, to become the largest
source of jobs in the U.S. In 2000, there were 7 million more
workers in manufacturing than in health care. At the beginning of
the Great Recession, there were 2.4 million more workers in retail
than health care. In 2017, health care surpassed both. There are
several drivers of the health-care jobs boom. The first is something
so obvious that it might actually be underrated, since it is
rarely a proper news story in its own right: Americans, as a group,
are getting older…”
Definitely an article to hand out in my next
Statistics course!
Visualizing
the Uncertainty in Data
No comments:
Post a Comment