Tuesday, December 23, 2014

Dr. Evil airs his grievances for Festivus plus bonus cybersecurity news


Happy Festivus!  To celebrate the holiday this year, I'm giving a platform for someone else to air his grievances.  Take it away, Dr. Evil!

Dr. Evil (Mike Myers) interrupts Sam Smith's (Taran Killam) Christmas special to address North Korea and Sony Pictures directly about the hack.
Thank you, that was a beautiful airing of grievances.

On a more serious note, follow over the jump for cybersecurity and cybercrime news since Labor Day from colleges on the campaign trail and the bowl hunt that I originally included in Overnight News Digest at Daily Kos.

In reverse chronological order, Arizona State University has the honor of going first with Working to make mobile payment more secure, posted on December 19, 2014.
Consumers are well aware of several recent security breaches regarding the credit and debit cards they use on a daily basis: Target, Home Depot, Neiman Marcus and more.

Gail-Joon Ahn, an Arizona State University engineering professor, is working on tools that will make transactions more secure and allow individuals to control the privacy of their information. In 2014 he was issued five new patents for that technology and eight more patents are pending related to secure mobile payment.
...
“When you disclose your identity, you disclose all kinds of information,” Ahn said. “Your ID, your username, your credit card number, driver’s license number and all kinds of other personal attributes.

“You’ve given that information to the bank, but once disclosed, you don’t know how it’s being used or have any ability to control it.”
University of Southern California: What’s next in cybersecurity?
USC Viterbi researchers demonstrate the future of security at Department of Homeland Security event
by Robert Perkins
December 16, 2014
Two researchers from the USC Viterbi School of Engineering’s Information Sciences Institute will be among the headliners at a federal cybersecurity showcase in Washington, D.C., this week.

Terry Benzel and John Heidemann will present cybersecurity technology developed at ISI to more than 500 industry and government leaders at a three-day workshop hosted by the Department of Homeland Security.

“The DHS Cybersecurity Division 2014 R&D Showcase and Technical Workshop provides a venue to exchange ideas with colleagues in the research community and connect with technology transition partners,” said Benzel, deputy director of the cybernetworks and cybersecurity division of ISI.
University of Texas: Theft Researcher: Avoid Using Your Debit Card This Holiday Season
By Tricia Bailey, Center for Identity
Published: Dec. 5
It’s the holiday season, and for many of us that means shopping.

But this year, leave your debit card at home.

That’s not to say you shouldn’t find the perfect gifts for your loved ones. Just use a credit card—or better yet, cash—to do it, if you can.

Why? If your credit card is stolen or fraudulently used, you’re never on the hook for more than $50 in fraudulent charges. But with a debit card, your protection decreases as time goes on, leaving you liable for the entire stolen amount 60 days after your statement is sent to you.

Use a debit card only to get cash at an ATM, and stick to cash or a credit card for point-of-sale transactions.
Wired via Slate: This Hacker Was Threatened With 440 Years of Prison for Misdemeanors
By Andy Greenberg
November 28, 2014
Thanks in part to America’s ill-defined hacking laws, prosecutors have enormous discretion to determine a hacker defendant’s fate. But in one young Texan’s case in particular, the Department of Justice stretched prosecutorial overreach to a new extreme: about 440 years too far.

Last week, prosecutors in the Southern District of Texas reached a plea agreement with 28-year-old Fidel Salinas, in which the young hacker with alleged ties to members of Anonymous consented to plead guilty to a misdemeanor count of computer fraud and abuse and pay $10,000 in restitution. The U.S. attorney’s office omitted one fact from its press release about that plea, however: Just months ago, Salinas had been charged with not one, but 44 felony counts of computer fraud and cyberstalking—crimes that each carry a 10-year maximum sentence, adding up to an absurd total of nearly a half a millennium of prison time.

Virtually all of those charges have now been dismissed entirely. And Salinas’ defense attorney Tor Ekeland argues they were piled on based on a faulty reading of computer crime laws, possibly intended to intimidate the young hacker into a unfavorable plea or to damage his reputation. “The more I looked at this, the more it seemed like an archetypal example of the Department of Justice’s prosecutorial abuse when it comes to computer crime,” Ekeland said in an interview with Wired. “It shows how aggressive they are, and how they seek to destroy your reputation in the press even when the charges are complete, fricking garbage.”
University of Virginia: U.Va. Law Clinic Brings ‘True Threats’ Facebook Case to Supreme Court
Mary Wood
November 24, 2014
How authorities decide whether a threat is criminal has grown murky in a world where many of us communicate electronically, often on social media.

The Supreme Court Litigation Clinic at the University of Virginia School of Law hopes to clear up the question when instructor John Elwood argues Elonis v. United States on Dec. 1.

The clinic is representing Pennsylvania man Anthony Elonis, who was convicted in 2011 of several charges stemming from statements he made on Facebook about his estranged wife and others. At issue in the case is whether the comments, many of which were styled as rap lyrics, constituted a “true threat.”
University of Michigan: Secure, free encryption of all websites is goal of new project
November 19, 2014
ANN ARBOR—In an effort to reinvent and dramatically improve Internet security, researchers at the University of Michigan have joined with Mozilla and other industry and nonprofit partners to soon offer free, automated and open website HTTPS encryption.

They're establishing a new certificate authority called Let's Encrypt, which will begin operating in summer 2015. Certificate authorities are organizations that ensure the identities of websites. A certified site is then protected from a host of potential cyber attacks. You can tell you're on one if the web address begins with HTTPS, rather than the more common HTTP.

"Anything you do on the web is visible to network-based attackers if you're using regular HTTP," said J. Alex Halderman, U-M assistant professor of computer science and engineering who initiated the Let's Encrypt project two years ago.

"Attackers can potentially spy on everything you're accessing, modify what you see, alter programs you download to make them malicious, or take over the website account you're logged in under. But HTTPS is a fundamental protection against these attacks, and what we're doing with Let's Encrypt is trying to make HTTPS ubiquitous."
Georgia Tech: Georgia Tech releases 2015 Emerging Cyber Threats Report
October 29, 2014
In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspace in nation-state conflicts.
...
In the report, Georgia Tech covers five major areas. Observations that summarize findings in each area are as follows:

    Technology enables surveillance, while policy lags behind.

    Attackers continue to target the trust relationship between users and machines.

    Mobile devices fall under increasing attack, stressing the security of the ecosystem.

    Rogue insiders cause significant damage, but solutions are neither simple nor easy.

    Low-intensity online nation-state conflicts become the rule, not the exception.
Florida State University: Cybersecurity campaign urges online safety at Florida State
Megan Del Debbio
10/01/2014 10:08 am
In today's helter-skelter world of online interactions, transactions and distractions, the risk of identity theft, credit card fraud and other security threats are more widespread than ever. And it’s going to take a superhero effort to battle it.

This October, Florida State University joins a national effort to promote cybersecurity and privacy by participating in National Cyber Security Awareness Month (#NCSAM). The “Be a Cyberhero” campaign sponsored by the Information Security and Privacy Office (ISPO) within Information Technology Services (ITS), challenges faculty, staff and students to make a commitment to build a safe cyberspace at Florida State.

The purpose of the campaign is to educate the campus on safe cybersecurity practices and empower users to learn how to use the Internet safely and securely at work, school and home.
That's the cybersecurity and cybercrime news for today, which makes for quite a large list of implied grievances and the answers to them.

No comments:

Post a Comment