You only need a few minutes (seconds?) advanced
notice.
Defendants
in Newswire Hacking Case Agree to Pay $30 Million
The
SEC revealed in August that a cybercriminal group led by Ukrainian
nationals Ivan Turchynov and Oleksandr Ieremenko hacked
into the systems of newswire services Marketwired, PR Newswire and
Business
Wire in an effort to steal unreleased corporate earnings
announcements that would be highly valuable for making profitable
financial trades. The stolen data was transmitted via a website to
traders in the U.S., Russia, Ukraine, Malta, France, and Cyprus.
The
scheme is believed to have generated more than $100 million in
illegal profits based on roughly 150,000 press releases stolen
between 2010 and 2015. The hackers reportedly gained access to the
valuable information after stealing the login credentials of newswire
employees and planting malware on the targeted systems.
In
one example provided by SEC, the hackers and traders managed to make
over half a million dollars after getting their hands on a negative
earnings report 36 minutes before it was released to the public.
This is a rather big deal. Intercept the plain
text before it goes into the encryption software and you don't need
to worry about breaking encrypted communications.
TLS
Communications Exposed to KCI Attacks: Researchers
A flaw in the Transport Layer Security (TLS)
protocol can allow man-in-the-middle attackers to access apparently
encrypted communications, researchers have warned.
…
The
new method, dubbed “Key
Compromise Impersonation (KCI) attack,” leverages a
vulnerability in the protocol specification of TLS. The technique
allows an MitM attacker to gain complete control over the client-side
code running in the victim’s browser. Malicious actors can
eavesdrop on communications, replace legitimate elements on a website
with arbitrary content, and even perform actions on the victim’s
behalf.
Ignorance is not bliss, it's just ignorance.
Bob McGovern reports:
Gov. Charlie Baker — responding to a
Herald report on potential hacking and civil liberties problems with
the E-ZPass system — said he has asked transportation officials to
study the issue.
“Obviously every time there is a story
that suggests there’s an issue with something like this we ask
folks, whatever it is, to look into it and hopefully we’ll have an
answer on that in a day or two,” Baker said yesterday.
[From
the article:
Universal electronic tolling on the Pike is due by
the end of next year, and experts told the Herald that E-ZPass
technology — which is linked to users’ bank accounts — could be
susceptible to hacking. Meanwhile, the movements of New York drivers
with E-ZPass transponders have been monitored by state officials even
when they were far away from the toll, according to a report by the
New York Civil Liberties Union.
Baker, who has a transponder, said he isn’t
worried about someone stealing his information. [See
my comment, above. Bob]
Interesting twist, but unlikely to operate long
before irate customers notify (scream at?) their bank.
New ATM
Malware Allows Attackers to Physically Steal Cards
… According
to the security firm, Suceful is capable of reading data from the
payment card’s magnetic stripe and chip, and disabling ATM sensors.
The malware, which attackers can control from the ATM’s PIN pad,
also includes a feature that hasn’t been seen at other such
threats: it can retain and eject inserted cards to allow fraudsters
to physically steal them.
For my Computer Security students – looks like
your career success is guaranteed.
DNI
Testimony on Worldwide Cyber Threats
“Worldwide Cyber Threats – Overview – Cyber
threats to US national and economic security are increasing in
frequency, scale, sophistication, and severity of impact. The ranges
of cyber threat actors, methods of attack, targeted systems, and
victims are also expanding. Overall, the unclassified information
and communication technology (ICT) networks that support US
Government, military, commercial, and social activities remain
vulnerable to espionage and/or disruption. However, the
likelihood of a catastrophic attack from any particular actoris
remote at this time. Rather than a “Cyber Armageddon” scenario
that debilitates the entire US infrastructure, we envision something
different. We foresee an ongoing series of low-to-moderate level
cyber attacks from a variety of sources over time, which will impose
cumulative costs on US economic competitiveness and national
security.”
“We're here to help you!” Sound familiar?
Mark Bergen reports:
Edith Ramirez wants Silicon Valley to see
her agency as something more than a wrist slapper.
Last Wednesday, the Chairwoman of the
Federal Trade Commission came to San Francisco to host the agency’s
first “Start
with Security” conference, an initiative to institute broad
guidelines for consumer privacy protection — and convince
tech companies to turn to the FTC for guidance.
There is Privacy, then there is what? Hiding?
Being “on the lam?”
AP reports:
Federal prosecutors say registering at a
hotel under a false name cost real estate heir Robert Durst his right
to privacy there.
That opens their 65-page response to
defense lawyers’ contentions that all evidence found in Durst’s
New Orleans hotel room should be thrown out.
Interesting.
Law Times reports:
A recent Ontario Superior Court of
Justice ruling appears to open the way to adding invasion of privacy
claims to defamation lawsuits against journalists, says a defamation
lawyer.
“It’s a development that I think is
of concern to the media that invasion of privacy torts that one would
have thought are subsumed in defamation may now be treated
differently and separately from defamation, as the judge seemed to
accept,” says Paul Schabas, a partner at Blake Cassels &
Graydon LLP and an adjunct media law professor at the University of
Toronto.
On Aug. 31, Justice Graeme Mew released
the reasons for his July 17 decision on a motion in Chandra
v. CBC. The motion, brought by the CBC, sought to have the
court decide that it shouldn’t put an invasion of privacy claim to
the jury that the plaintiff had added to his original defamation
case.
A peak at your data should not mean potential
insurers get to keep it forever.
Over on I’ve Been Mugged, George Jenkins
describes what he learned when he and his wife really pursued the
question of how Medical Informatics Engineering had wound up with his
wife’s personal information caught up in their breach.
It’s a long – but important – read, as it
highlights routine business
practices that may come back to bite consumers who have no
interest in – or knowledge that – their employer may have shared
their identity information with prospective health insurers.
You can read his article
here.
Should your employer be able to share your
identity information with prospective health insurers without your
knowledge or consent? Should the prospective insurers be able to
retain that information forever – again without your knowledge or
consent?
If you answer “no” to either of the above
questions, then what law prohibits this from occurring? Should this
be considered an “unfair” business practice under the FTC Act?
There’s lots to think about from George’s
article. I encourage you all to read it.
Content and semantics will make this difficult and
error prone. Can you tell if I'm pointing out the error of someone's
rant or ranting myself?
Facebook will work with
Germany to combat anti-refugee hate speech
Facebook this week said it will work with the
German government to crack down on hate speech and xenophobia online,
following calls from the country's justice minister to do more to
combat hateful speech about refugees. As
The
Wall Street Journal reports, Facebook will work with
Germany's ministry of justice, internet service providers, and other
social networks to form a task force aimed at flagging and removing
hateful content more quickly. Facebook also pledged to help finance
organizations that track online hate speech, though the company did
not say it would change its policy on what types of content are
considered offensive.
(Related) Political correctness carried to the
ridiculous?
On August 28, 2015 the British Library publicly
stated that it would not acquire or give access to the digital
archive of materials collected by the Taliban Sources Project (TSP).
This decision, coming from “
one
of the world’s greatest research libraries” and “a place of
knowledge and inspiration, encouragement and engagement” has been
criticized by academics/researchers as
“madness”
and “completely,
completely ridiculous.” But, from a legal
perspective, the British Library’s self-censorship is a predictable
consequence of the UK’s broad terrorism laws and so if that
self-censorship is to be criticized then it is important not to lose
sight of the root cause of such decisions — the underlying law. It
is only then that progress is likely: the effectiveness of the law
can be practically assessed, its content re-appraised and, who knows,
lessons may even be learned and applied to future counter-terrorism
proposals engaging academic freedom.
2015 Legal
Technology Survey Report – Online Research
How fast will this spread? I bet takedowns will
continue to be a problem.
Overnight
Tech: Copyright ruling could spill over to campaign trail
The Ninth Circuit Court of Appeals ruled that
copyright holders — such as movie and music publishers — must
consider fair use before demanding companies such as YouTube remove
potentially infringing content. The court allowed Stephanie Lenz’s
lawsuit against Universal to go forward after the company improperly
demanded her video, in which her child dances to a Prince song, be
taken offline because of infringement concerns.
“Today’s ruling in the Lenz case comes at a
critical time,” according to the Electronic Frontier Foundation,
which argued the case. “Heated political campaigns — like the
current presidential primaries—have historically led to a rash of
copyright takedown abuse. Criticism of politicians often includes
short clips of campaign appearances in order to make arguments to
viewers, and broadcast networks, candidates, and other copyright
holders have sometimes misused copyright law in order to remove the
criticism from the Internet.”
Interesting. Something for my Enterprise Data
Management students to consider.
GE To Take
On IBM In The Race For IOT Dominance
General Electric
announced
yesterday the creation of a new unit with the aim to become the
leader in the Industrial Internet of Things race. GE Digital will
integrate GE’s Software Center, the expertise of GE’s global IT
and commercial software teams, and the industrial security strength
of Wurldtech. This new business model will be led by Bill Ruh,
formerly GE’s Vice President and Global Technology Director and now
newly appointed as Chief Digital Officer.
… This is a direct aim at the announcement
from IBM, also timed yesterday, with the creation of two new business
units that will apply Big Blue’s portfolio in Big Data, analytics
and cognitive computing (aka Watson) to the Internet of Things (IOT)
and Educations markets, respectively.
… In a typical industrial example, an electric
turbine generates power but also 500Gb of data a day. That data is
extremely useful if used in the right way but the machine itself is
not considered ‘smart’. Now imagine how that turbine that can
communicate in advance when it could potentially have a critical
failure. In industrial situations a machine can advise other systems
when it’s likely to fail due to being monitored against performance
and tolerance levels. GE’s platforms such as Predix caters for
these types of scenarios. The process can schedule maintenance in
advance before the event occurs through the data it’s receiving,
but not only this it can tell other turbines to take a spread of the
load during the maintenance and then switch back again once the
repairs are completed. To the outside world nothing has happened
because it was all seamless and taken care of by the platform.
(Related) Doh!
Richard Chirgwin reports:
The FBI has decided that your Things are
too risky to be allowed anywhere on the Internet.
Curiously, given that the Internet of
Things is backed by some of the largest tech vendors in the world,
the Bureau has also decided that responsibility for security – and
for understanding the capability of hardware and software – should
rest with the technological
equivalent of Homer Simpson. [I've
got to start using that phrase! Bob]
The FBI’s public service announcement,
published on September 10 here,
puts nearly all of the consumer protection responsibility on
consumers.
An IT Governance victory? Only out for one hour!
Someone has their act together!
Twitter for
Web is down: ‘Something is technically wrong’ (Update: It’s
back)
Twitter
Support says the website went down from 11:22 a.m. to 12:16 p.m.
PST
, but the issue has since been resolved.
… We’ve reached out to Twitter for more
information. We’ll be live-tweeting updates.
[Cute Bob]
Check back here for updates.
(Related) Also an IT Governance and Data
Management issue.
NY
regulator reaches agreement with four banks on Symphony messaging
New York State's
Department of Financial Services said it has reached an agreement
with Goldman Sachs, Deutsche Bank, Credit Suisse and Bank of New York
Mellon on record-keeping for the Symphony messaging system.
The banks, part of a
consortium of 14 financial institutions that have set up the Symphony
service, have agreed to retain a copy of their chat messages for
seven years.
They will also store
duplicate copies of the decryption keys for their messages with
independent custodians.
… Under New York
law, banks are obligated to retain records of their operations.
Many on Wall Street
view Symphony Communications LLC as a rival to message systems
provided by Bloomberg LP [and Thomson Reuters Corp, whose clients
include bankers, traders and investors.
Symphony's technology,
which was originally developed by Goldman Sachs, will become
available to all potential customers from Tuesday.
The
regulator had earlier expressed concerns over some of Symphony's
features, such as its promise of "guaranteed data deletion"
that could hinder regulatory investigations.
Russia acts like a Capitalist when they choose to.
Google
Found Guilty of ‘Abusing Dominant Market Position’ in Russia
MOSCOW—
Google
Inc.
has been found guilty
in a rapid Russian antitrust probe, a spokesperson for the country’s
antitrust regulator told The Wall Street Journal.
In February, Russia’s Federal Antimonopoly
Service opened a probe into Google for alleged anticompetitive
practices related to how the company bundles apps with its Android
mobile operating system.
The company was found guilty of “abusing its
dominant market position,” but not of “unfair competition
practices,” the regulator told The Wall Street Journal.
To be expected.
Chicago’s
‘Netflix’ tax challenged in court
As was to be expected, the 9 percent “amusement
tax” being levied on all kinds of streaming services and gaming
platforms in Chicago has provoked a lawsuit. The
complaint
was filed last week by a legal non-profit on behalf of six Chicago
residents, each of whom is a subscriber to one or more of such
services: Amazon Prime, Hulu, Netflix, Spotify, Xbox Live, and what
have you.
The amusement tax itself is not the problem,
though. At issue here is the imposition of the said tax on streaming
music, streaming video, and online gaming platforms, all of which
were not on the city’s list of taxable “amusements” until June
9, 2015. That’s when Chicago’s Comptroller Dan Widawsky ruled
that the charges paid for accessing the above services within its
limits would
attract
a 9-percent amusement tax from September 1, 2015.
Perspective. Is this because of a serious flaw in
the Taxi business model? It seems to me they could match this kind
of service easily.
Indian
Cab-Hailing Firm Ola Is Raising Over $500M At A Valuation Of Around
$5B
Another Thing on the Internet of Things and a lot
of hackable data?
Unmanned
Aircraft Systems (UAS): Commercial Outlook for a New Industry
“Unmanned aircraft systems (UAS) — commonly
referred to as drones — have become a staple of U.S. military
reconnaissance and weapons delivery in overseas war zones such as
Afghanistan. … However, the Federal Aviation Administration (FAA)
currently prohibits the use of UAS for commercial purposes, except
where it has granted an exemption permitting specific activities.
FAA has granted such exemptions since May 2014, primarily to firms
wishing to use UAS for agricultural, real estate, film and
broadcasting, oil and gas, and construction activities. As of
September 2, 2015, it had granted more than 1,400 such exemptions. …
Around 89 companies in the United States now produce UAS, which can
range from hobbyist planes that fly on a single charge for about 10
minutes and cost under $200 to commercial-level craft that can stay
aloft much longer but can cost as much as $10,000. Manufacture
of the aircraft, known as unmanned aerial vehicles ( UAVs), is
relatively simple. The aircraft’s basic elements
include a frame, propellers, a small motor and battery, electronic
sensors, Global Positioning System (GPS),and a camera. Some UAVs are
operated by controllers, but others can be guided by the operator’
s smart phone or tablet. The widespread availability of electronic
sensors, GPS devices, wifi receivers, and smartphones has reduced
their cost, enabling manufacturers to enter the market without
worrying about the supply of components. It has been estimated that,
over the next 10 years, worldwide production of UAS for all types of
applications could rise from $4 billion annually to $14 billion.
However, the lack of a regulatory framework, which has delayed
commercial deployment, may slow development of a domestic UAS
manufacturing industry..”
Perspective.
Apple is on
pace to sell 10M+ iPhones on opening weekend, beating last year’s
record
You can't tell the players without a scorecard!
USA.gov
resources on voting, political candidates and parties
“With the 2016 Presidential Election a little
over a year away, do you know how to research presidential candidates
and their political parties?
On
The Issues [Every Political Leader on Every Issue] has a complete
list of all the current presidential candidates and includes their
views on issues important to constituents across the United States.
For more information visit our
Researching
Candidates page on USA.gov.” Links and sources are public,
non-partisan, current, and useful for educators, citizens and
researchers.
Remember students, 1% to your favorite professor.
15 Great
Online Business Ideas
This may explain my sleepy students.
The Habits
of Super Successful Sleepers (Infographic)
I should print this for my Spreadsheet students.
Quick Excel
Tips Every Office Worker Needs to Know
