Office by Alex Penny
My name is Bill, I am a recent graduate in Information Sciences and Technology from Penn State University and this is a place for me to post or give my 2 cents on the fascinating world of technology. I am now working for a pretty big technology related company whose name I will leave out just to avoid any possible complications, however far-fetched them happening may be. Music gets included from time to time as well.
Currently going through the same thing with my father. While I was able to persuade him to try out Android (and by no means does he not enjoy using his Droid Razr Maxx HD) I still constantly hear the paranoid comments on what is happening with his email and data. It’s hard to believe that if given a decent product he wouldn’t gladly jump back on the Blackberry Enterprise System.
A writer loses everything on his iPhone, his iPad and his Mac—including all of the photos from the first year and a half of his daughter’s life—after a hacker infiltrates his Amazon, Apple, Gmail and Twitter accounts:
Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.
Those security lapses are my fault, and I deeply, deeply regret them.
But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
“How Apple and Amazon Security Flaws Led to My Epic Hacking.” — Mat Honan, Wired
I’m almost embarrassed by how I feel reading this story. It really made me realize that someone accessing your online profiles can almost be as scary as physically getting robbed these days. I knew it was silly but I really did feel like I was reading somebody’s tale of finding out their home had been broken into. I don’t understand how he was able to talk to the hacker, I would have been too enraged to even type a sentence to the guy, but it does provide some valuable insight into who does things like this and what their motivation is. We throw around these idealistic and self-righteous purposes but at the end of the day you are still victimizing someone. Hopefully we can all learn something from Mat’s story and take precautions to better protect our data in the era of the cloud. Also take notice to how much of a role social engineering had in this, I feel he doesn’t stress that point enough.
(via longreads)
How out of touch do you have to be in order to be surprised by any of this? The only part that might have been remotely surprising was how low the percentage of teens the study claims look at porn. This is no different from how anyone under 30 grew up at this point, unfortunately this does not include parents of current teenagers so propaganda like this can actually spread. Educate your kids and trust them, if they don’t feel like they’re being trusted they’ll just find another way around your overbearing tendencies. Isn’t teens looking up porn basically a lazier version of what our parents generation was doing when they would sneak into their friends attic and find his father’s porn stash?
The Flame computer virus is not only capable of espionage but it can also sabotage computer systems and likely was used to attack Iran in April, according to a leading security company, Symantec Corp.
Iran had previously blamed Flame for causing data loss on computers in the country’s main oil export terminal and Oil Ministry. But prior to Symantec’s discovery, cyber experts had only unearthed evidence that proved the mysterious virus was capable of espionage.
Symantec researcher Vikram Thakur said on Thursday that the company has now identified a component of Flame that allows operators to delete files from computers.
» via MSNBC
In recent years, high-profile attacks on not just the Iranian government but also the U.S. government have taken place using software that, like Flame, was able to waltz straight past signature-based software. Many technically sophisticated U.S. companies—including Google and the computer security firm RSA—have been targeted in similar ways, albeit with less expensive malware, for their corporate secrets. Smaller companies are also routinely compromised, experts say.
Some experts and companies now say it’s time to demote antivirus-style protection. “It’s still an integral part [of malware defense], but it’s not going to be the only thing,” says Nicolas Christin, a researcher at Carnegie Mellon University. “We need to move away from trying to build Maginot lines that look bulletproof but are actually easy to get around.”
Both Christin and several leading security startups are working on new defense strategies to make attacks more difficult, and even enable those who are targeted to fight back.
“The industry has been wrong to focus on the tools of the attackers, the exploits, which are very changeable,” says Dmitri Alperovitch, chief technology officer and cofounder of CrowdStrike, a startup in California founded by veterans of the antivirus industry that has received $26 million in investment funding. “We need to focus on the shooter, not the gun—the tactics, the human parts of the operation, are the least scalable.”
CrowdStrike isn’t ready to go public with details of its technology, but Alperovitch says the company plans to offer a kind of intelligent warning system that can spot even completely novel attacks and trace their origins.
This type of approach is possible, says Alperovitch, because, although an attacker could easily tweak the code of a virus like Flame to evade antivirus scanners once more, he or she would still have the same goal: to access and extract valuable data. The company says its technology will rest on “big data,” possibly meaning it will analyze large amounts of data related to many traces of activity on a customer’s system to figure out which could be from an infiltrator.
Christin, of Carnegie Mellon, who has recently been investigating the economic motivations and business models of cyber attackers, says that makes sense. “The human costs of these sophisticated attacks are the one of the largest,” he says. Foiling an attack is no longer a matter of neutralizing a chunk of code from a lone genius, but of defeating skilled groups of people. “You need experts in their field that can also collaborate with others, and they are rare,” says Christin. Defense software that can close off the most common tactics makes it even harder for attackers, he says.
“Company X loses millions of passwords and personal data to Hackers Y. Company X says change all your passwords. End-users Z ignore or dutifully update and repeat a new password on all their sites. Law enforcement investigates but goes for donuts when the short Internet attention span sees another shiny object to fawn over.
Hackers Y pop up again six months later with phishing scams, or worse yet, attacks on business accounts using a combination of your stolen name, password, and the last four digits of your credit card number.
It’s not the passwords, folks. The infrastructure is broken. What’s that phrase about insanity and trying the same thing over and over?”
Good summary for those that aren’t sure what’s going on. It really is a good idea to change your passwords just in case.
On the large scale this seems like a good idea. I don’t know how many sites will be willing to insert code that could possibly change the entire appearance of their site. You never know when you’re going to disagree with this group on something, there should really be a democratic process on deciding when to “turn on the signal” or at least give the site owner the option to choose support or not before it shows up. Since it’s unlikely any big corporations would join in on anything that could be as potentially risky as this I can’t see it really reaching the largely apathetic masses.
President Obama on Wednesday issued an executive order requiring government agencies to make services available via mobile phones.
Under the new order, each federal agency will be required to make two “key government services” available on mobile devices within the next 12 months.
The order comes as the administration ramps up efforts to make large amounts of government data more accessible to the public to increase transparency.
