Why would Russia stop these attacks? There are no serious
consequences.
Hack of
Saudi Petrochemical Plant Was Coordinated From Russian Institute
… A new study of the malicious computer code
used in a botched attack on a Saudi petrochemical plant concludes
that much of the effort was coordinated from inside a state-owned
Russian scientific institute, one of the most direct links between
official Russian hackers and a hostile intrusion on a major piece of
infrastructure.
The
report, issued by FireEye, a major cybersecurity company,
identifies the Central Scientific Research Institute of Chemistry and
Mechanics, a technical research institute in Moscow with ties to
Russian governments reaching back before the 1917 Bolshevik
revolution. But it leaves unanswered the question of why Moscow
would target a Middle Eastern plant, even given Russia’s rivalry
with Saudi Arabia in the petroleum marketplace.
… The
New York Times identified the facility in March as a Saudi plant,
at a time that there was wide consensus that the attack must have
been initiated by Iran, Saudi Arabia’s great rival for regional
influence.
It still may have been that Iran was behind the
attack — but the new research suggests that, if it was, Iran had a
lot of Russian help, and that when the malware needed to be
fine-tuned, the Russian institute provided the expertise.
Covering up for 2 or three years didn’t buy them
much.
Yahoo to
pay $50M, other costs for massive security breach
Yahoo has agreed to pay $50 million in damages and
provide two years of free credit-monitoring services to 200 million
people whose email addresses and other personal information were
stolen as part of the biggest security breach in history.
The restitution hinges on federal court approval
of a settlement filed late Monday in a 2-year-old lawsuit seeking to
hold Yahoo accountable for digital burglaries that occurred in 2013
and 2014, but
weren’t disclosed until 2016.
… Yahoo revealed the problem after it had
already negotiated a $4.83 billion deal to sell its digital services
to Verizon Communications. It then
had to discount that price by $350 million to reflect its
tarnished brand and the specter of other potential costs stemming
from the breach.
Security theater? If you don’t expect to find a
weapon, why waste time and money on a search?
My
Daughter's Middle School Plans to Teach Her Meek Compliance With
Indiscriminate Invasions of Privacy
Friday afternoon, I received a notice
from the Plano Independent School District, which runs the middle
school our youngest daughter attends in Dallas, describing a new
policy authorizing "random, suspicion-less metal detector
searches" of students in grades 6 through 12.
… Any student "who refuses to comply with
the search process will be removed from campus and subject to
disciplinary consequences."
… According to the Supreme
Court, targeted searches of public school students require
"reasonable suspicion" that contraband will be discovered,
which is a lighter burden than the usual standard of "probable
cause" but still better than nothing. The constitutional
rationale for Plano ISD's new policy, which was unanimously
approved by the school board in August, is that the searches are
"administrative," meaning there is no reason to believe
that any particular student forced to undergo them is carrying a
weapon. Perversely, this complete lack of evidence is supposed to
make the searches compatible with the Fourth Amendment's ban on
unreasonable searches and seizures.
Typical New Jersey. Call it: targeted fake news.
Middletown
released residents' email addresses to a mystery third party
On July 10, the Middletown government received a
public records request seeking all the names and email addresses of
people who had voluntarily turned over this contact information to
the town in order to receive emergency alerts and updates on local
happenings.
Ten days later, Middletown gave
"Watch07748@gmail.com" — the requesting party that
provided no name or mailing address — all of those email addresses.
That might have been where the story ended, except
that on Sept. 29 an email, purporting to be from a grassroots
organization that doesn't appear to exist, landed
in the inboxes of seemingly everyone who was on the township's email
list.
The email attacked a Democratic candidate for
township committee…
… When asked about it at Monday night's
committee hearing, Perry said he did not write the email. He did
not, however, completely distance his campaign from the email blast,
stating that the email addresses were obtained legally.
The New Jersey Election Law Enforcement Commission
says that political communications, in whatever form, must include
language that identifies who paid to create or distribute that
message. Failure to do so could be a violation of election law.
No comments:
Post a Comment