Tuesday, July 31, 2018

Targeting in Cyberwar is simple.
The Future Of Information Warfare Is Here — And The Russians Are Already Doing It
So reports Army Col. Liam Collins in the August issue of ARMY magazine. Here’s how it works:
“The Russians are adept at identifying Ukrainian positions by their electrometric signatures,” writes Collins. One would expect that, but the thing that impressed me what came next.
“In one tactic, soldiers receive texts telling them they are ‘surrounded and abandoned.’ Minutes later, their families receive a text stating, ‘Your son is killed in action,’ which often prompts a call or text to the soldiers. Minutes later, soldiers receive another message telling them to ‘retreat and live,’ followed by an artillery strike to the location where a large group of cellphones was detected.”




Were typewriters part of the backup plan?
Catalin Cimpanu reports:
On Monday, officials from Matanuska-Susitna (Mat-Su), a borough part of the Anchorage Metropolitan Statistical Area, said they are still recovering from a ransomware infection that took place last week, on July 24.
The ransomware infection crippled the Borough’s government networks and has led to the IT staff shutting down a large swath of affected IT systems.
“Last Tues., July 24, the Borough first disconnected servers from each other, then disconnected the Borough itself from the Internet, phones, and email, as it recognized it was under cyber attack,” said Mat-Su Public Affairs Director Patty Sullivan.
Read more on BleepingComputer.




It shouldn’t be that hard to count the records impacted in a breach.
Wouldn’t you hate to be That Guy who has to tell the boss that they need to revise their breach estimate up from 1+ million to 10 million?
Wale Azeez reports:
Dixons Carphone has apologised to all of its customers after revealing that a 2017 data breach affected personal data held in an additional 8.8 million customer records.
The admission early on Tuesday is the second revelation related to the data breach in six weeks and the third since 2015.
Read more on Sky News.


(Related) Even Yale has problems counting victims.
Between April, 2008, and January, 2009, hackers accessed and exfiltrated data on 119,000 individual affiliated with the university. The hacked data included the individuals’ names, Social Security numbers, date of birth (in most cases), and e-mail addresses and physical addresses in some cases.
Not knowing about the hack at the time, Yale did nothing. And in September, 2011, when they purged personal information from that database as part of their updated data protection program, they still had no idea that there had been a hack in 2008.
On June 11, 2018, during the course of a routine security review of Yale’s servers, Yale discovered that at some time between March, 2016 and June, 2018 hackers had accessed and extracted data including the names and Social Security numbers of 33 individuals from that server. Five days later, on June 16, 2018, they discovered the earlier hack.
Yale’s notification letter of July 26, 2018 indicates that they have no evidence of misuse of the information, but are offering those being notified one year of Kroll’s services.
You can read the notification to the New Hampshire Attorney General’s Office with the template notification letter on the AG’s site. Yale has also posted information on their website.




Helping the Twits who run Twitter? “We don’t understand our own technology.”
Twitter is funding college professors to audit its platform for toxicity
… Twitter has enlisted experts from universities to conduct an audit of its platform to figure out where the echo chambers and “uncivil discourse” are originating from.
Back in March, Twitter put out a call for experts to measure how toxic its platform was and suggest ways to improve it. It said finalists would be chosen in July. Twitter now says there were over 230 proposals, and of those, the winners include two professors from New York’s Syracuse University, one from Italy’s Bocconi University, a professor from a college that specializes in tech in the Netherlands, Delft University, and others.




No surprise, except in Washington.
US intelligence agencies determine that North Korea is constructing new missiles: report
… Satellite images taken in recent weeks appear to show that at least one and possibly two liquid-fueled intercontinental ballistic missiles (ICBMs) are being worked on at a large research facility in Sanumdong, outside of the capital of Pyongyang.
This is the same facility where the country first produced intercontinental ballistic missiles that could reach the U.S.




Perspective. Maybe the “wild west” era is over?
City Council approves new bike-share rules, prompting ofo to leave Seattle
The Seattle City Council moved to make dockless bike share a permanent fixture in the city Monday, passing legislation that would allow up to 20,000 of the bikes to operate here, while also setting a nonbinding deadline for the city to build a network of protected bike lanes through downtown.
The bike-share legislation, passed unanimously, allows up to four companies to operate in the city, each paying $250,000 for the right to scatter up to 5,000 bikes on the city’s sidewalks.
… The 10,000-or-so bikes currently in the city were used an average of about 7,000 times a day in May and June for as little as $1 a ride, although the program has drawn complaints about riders not wearing helmets and leaving bikes parked haphazardly and blocking pedestrian access.


(Related) Headline is something my students figured out long ago.
Electric Moped Sharing Service Launches in Brooklyn; Private Cars Increasingly Pointless
… Revel follows the car2go model: you open an app to find the nearest moped, and you can drive anywhere in Brooklyn or Queens, as long as you eventually return it to a legal spot somewhere within the zone—and you can park perpendicular to the curb, so finding a spot shouldn't be that hard.
I found the sign-up process straightforward: anyone with a valid driver's license can download the app, [How do they check? Bob] type in their driver information, give a credit card for the required $25 signup fee, and begin driving within 24 hours. Plus the first two rides are free. It took about two hours for the required background check to be completed, and I was good to go (you won’t get approved if you have any DUIs or other significantly bad infractions in your driving record). Of course, there was still the matter of learning how to actually operate the machine: Revel requires that anyone who hasn’t driven a moped in traffic complete a free 20-minute training course at their headquarters in Bushwick (there’s also a safety video on Youtube.)




Ah, the Right to print and keep guns!
More than 1,000 people have already downloaded plans to 3-D print an AR-15


(Related) Of course they did.
U.S. states make last-minute legal bid to halt 3-D online guns
… Along with Washington state, New York, New Jersey, Pennsylvania, Connecticut, Oregon, Maryland, and the District of Columbia are working on finalizing the lawsuit and plan on filing it later on Monday, Ferguson said.
The states behind the lawsuit argue that publishing blueprints would allow criminals easy access to weapons. Gun rights advocates say fears about 3-D printed guns are largely overblown, based on current technology.


No comments: