Friday, August 11, 2017
Perhaps I can get my Computer Security students to write an App to monitor state data handling?
Kieran Nicholson reported:
A lapse in security at the Colorado Judicial Department led to information about jurors in Colorado, including Social Security numbers, being exposed on the internet for about a year.
The state court administrator’s office was contacted July 27 by a person in Alaska who alerted state officials about the potential for massive identity theft, according to the Judicial Department.
Read more on The Denver Post.
Not much detail, but the government is not very well liked at the moment. Probably no need for outside involvement.
Cyberattack Leaves Millions Without Mobile Phone Service in Venezuela
A massive cyberattack that took down government websites in Venezuela earlier this week also has left seven million mobile phone users without service, the government said Thursday.
A group that calls itself The Binary Guardians claimed responsibility for attacks that targeted the websites of the government, the supreme court and the National Assembly.
… Roa said there also have been nine cuts in the country's fiber optic network, which has cut off already precarious internet service to seven states.
"The attacks were carried out with the help of foreign agents, trying once again to disrupt our country's connectivity," Roa said, adding that an investigation was underway.
They are not after those little bottles of shampoo?
Russian Cyberspies Target Hotels in Europe
A notorious Russia-linked hacker group specializing in cyber espionage is believed to be behind an ongoing campaign targeting hotels in several European countries.
FireEye has linked the attacks with moderate confidence to APT28, a threat actor also known as Pawn Storm, Fancy Bear, Sofacy, Sednit and Strontium. The group is believed to have launched numerous high-profile attacks, including a campaign targeting last year’s presidential election in the United States.
While the recent attacks have targeted the networks of hotels, the security firm says there is some indication that the hackers may actually be looking to access the devices of government and business travelers via the guest Wi-Fi provided by these hotels.
How to pay a ransom without admitting that you paid a ransom.
The HBO hackers apparently want us all to know that they weren’t bluffing when they said they would not play games or go along with delaying tactics.
In a letter to HBO, described previously on this site, the hackers had written, “As we witnessed in other cases, Fucking FBI or other police enforcements, teach you couple of outdated trick to play with us and buy time. It doesn’t work with us.”
Those tricks apparently include promising to pay a large bug bounty but not paying the demanded ransom amount by the actual deadline.
Today, the hackers contacted DataBreaches.net and a few other media/news outlets with a new link to the previously dumped files. But “Mr. Smith” also attached a file labeled as “HBO’s Response.”
The file, which DataBreaches.net is redacting to delete the HBO executive’s name and email address, is dated July 27, and acknowledges receiving the hackers’ letters. The letter is not from Richard Plepler, HBO’s CEO. In other communications, the hackers indicated that they would only correspond with him going forward.
Trying to frame – or re-frame – the situation as a bug bounty possibility, HBO asked the hackers to extend their deadline for payment and committed – “as a show of good faith” – to making a bug bounty payment of $250,000.00.
HBO was asked to confirm whether the email was authentic, but DataBreaches.net has received no statement as yet. This post will be updated if and when one is received.
That said, in light of data leaks we’ve seen and the fact that the hackers sought 6-months of their annual income (which they estimated at $12-15 million), it appears that the hackers did not find $250,000 acceptable at all.
Update: It’s been pointed out to me that the hackers may not have believed the offer was genuine and may have viewed it simply as a delaying trick. It would be nice to hear from the hackers with a statement as to how they interpreted the offer, so I’ve sent an email inquiry and hope they’ll respond.
Somehow, I doubt I’ll get behind this one.
Governor Says Trump Interested in His Plan to Prop Up Coal Mining
West Virginia Governor Jim Justice said Donald Trump is “really interested” in his plan to prop up Appalachian mining by giving federal money to power plants that burn the region’s coal.
… The plan calls for the Department of Homeland Security to send $15 to eastern U.S. utilities for every ton of Appalachia coal they burn.
… Justice rejects the notion that his plan amounts to a "bailout" or "subsidy" for Appalachian coal. Rather, it’s a matter of national security, he said, because terrorists could easily blow up important gas pipelines or derail freight trains shipping coal to the east, leaving large swaths of the country lacking power-plant fuel.
“Can you imagine what would happen if we lost the power in the east for a month, or two months, or three months?” Justice said. “It would be like a nuclear blast went off. You would lose hundreds of thousands of people. It would be just absolute chaos beyond belief.’’
Perspective. Imagine what good public transportation would mean.
Study: Consumers may buy fewer cars when Uber, Lyft available
The availability of ride-hailing services such as Uber and Lyft may cause fewer people to buy their own vehicles, according to a new study. To assess the impact of transportation app companies on personal car ownership, researchers polled residents in Austin, Texas — where Uber and Lyft stopped operating for about a year due to a local ordinance.
The researchers found that 41 percent of respondents began using their own vehicle in instances where they would have normally used a ride-hailing app, while 9 percent actually purchased a new car in the wake of Uber and Lyft pulling their services.
… The study also found that people in Austin reported taking fewer trips, generally, after Uber and Lyft left the market: The average number of trips decreased from 5.65 to 2.01 per month.
Even older than I am!
Internet Archive – 78rpm Records Digitized by George Blood, L.P.
Internet Archive post: “Through the Great 78 Project the Internet Archive has begun to digitize 78rpm discs for preservation, research, and discovery with the help of George Blood, L.P.. 78s were mostly made from shellac, i.e., beetle resin, and were the brittle predecessors to the LP (microgroove) era. @great78project for uploads as they happen. The digitization project currently focuses on discs that are less likely to be commercially available–or available at all in digital form–particularly focusing on underrepresented artists and genres. Digitization will make this less commonly available music accessible to researchers in a format where it can be manipulated and studied without harming the physical artifacts. We have preserved the often very prominent surface noise and imperfections and included files generated by different sizes and shapes of stylus to facilitate different kinds of analysis. There’s no way to predict if the digital versions of these 78s will outlast the physical items, so we are preserving both to ensure the survival of these cultural materials for future generations to study and enjoy.”
Should I be using Evernote? I will at least read the manual…