Tuesday, May 31, 2016

Cyber security is the biggest risk to the global financial system

Sewer robots and Intel Analystssome are named Luigi...

It is official: New rule puts onus on contractors to tighten IT security

Opal Cards Could be Next as Most Sydneysiders are using Credit Card for their bus, ferry or even train journeys ... (Crooks not just honest police officers can tell whether someone is home or not ...) Transport for NSW are currently investigating a security breach to its TrainLink booking system, temporarily closing reservations on the site. While the NSW TrainLink database does not contain sufficient credit card data for it to be used in any transactions, police have still confirmed that some of the information obtained in the breach could be used Transport NSW Data Breach

It is nice to spot new development in cyber security as most Asian nations are building strong capabilities in people and computer skills as well as infrastructure. The strategy, launched by Prime Minister Malcolm Turnbull in April, came with an acknowledgement Australia was prepared to take offensive action to protect the national interest.
Australia's cyber security strategy must be strengthened says national report

Hacker Site Removes 117 Million LinkedIn Passwords After Legal Threat

360 million Myspace accounts and 65 million Tumblr accounts, including email addresses, usernames and passwords have turned up for sale on the darkweb, including the private information of Australian users dating back to both sites' inception. In what may be one of the biggest breaches of all time, Time Inc, the parent company of Myspace, confirmed it was hacked in June 2013, and that the data has only now appeared for sale. "Shortly before the Memorial Day weekend, we became aware that stolen Myspace user login data was being made available in an online hacker forum," the site announced in a blog post
Myspace, Tumblr hacked: Hackers sell 425 million users' data on darkweb 

Australia's three largest listed insurers – QBE, IAG and Suncorp – could share more client data with each other, and their smaller rivals, via a beefed-up fraud prevention bureau in a bid to stem an estimated $2 billion a year in losses.    More sophisticated information sharing is needed between competitors to help thwart scammers and help stem a rise in fraudulent claims that is pushing up premiums for honest consumers.  That is the advice from head of a recent British government insurance fraud taskforce David Hertzell, who is in Australia to address a gathering of industry heavyweights in Sydney on Tuesday on ways to deter fraud. 
UK insurance fraud expert David Hertzell tells IAG, QBE & Suncorp to share data 

Cybersecurity officials from the departments of Homeland Security and Justice are stressing the importance of continued collaboration to keep cyberattacks at bay. "If you get hit, call somebody and start talking" to commercial or federal cybersecurity experts, said Brian Varine, chief of the Justice Security Operations Center. "Sharing information drives up the costs for attackers." He made the remarks at an ISMG Fraud and Breach Prevention Summit on May 18. "It's too bad they got in, but [sharing information] is your revenge," he added. Phyllis Schneck, deputy undersecretary for cybersecurity and communications at DHS' National Protection and Programs Directorate, echoed those sentiments and urged the audience, made up largely of private-sector corporate and IT managers, to help her agency build defenses to protect everyone

Facing the Financial Industry’s Cyber Challenge With Lessons From IT History Irving Wladawsky-Berger, WSJ. I’ve helpfully underlined the bullshit terms; if you hear anybody in your house use them, count the spoons when they leave:
Transforming something as complex as the financial eco system is a tall order, but as any student of IT history can tell you, the emergence of disruptive technologies can bring together key stakeholders. … I finished my remarks to the Commission by noting that the emergence of an innovative disruptive technology can serve as a catalyst to propel change forward by bringing key stakeholders together.
I’m giving high marks for the double-stakeholders/innovative disruptive strength move, as well as the grace notes of “tall order,” and “propel change forward.”

Machine Bias Pro Publica. Just because it’s an algorithm doesn’t mean it won’t be used to screw Slavic or African people....

Tor developers have been working on the next iteration of the Tor network and its underbelly, the Onion routing protocol, in order to create a stronger, harder-to-crack anonymous communications system. To advance the project, the developer team schedules brainstorming and planning meetings at regular intervals. The most recent of these meetings took place last week, in Montreal, Canada. In this session, the team tested the next generation of the Tor network working on top of a revamped Onion protocol. The team says it implemented a new mechanism for generating random numbers, never before seen on the Internet. The Tor Project says it created something it calls "a distributed RNG" (random number generator) that uses two or more computers to create multiple random numbers and then blends these outputs together. The end result is something that's impossible to crack without knowing which computers from a network contributed to the final random number, and which entropy each one used.
Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks. Banks around the world have been rattled by a $81 million cyber theft from the Bangladesh central bank that was funneled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks."

Fingerprinting The World’s Hackers via Mas

The House on Monday passed a cybersecurity bill from Rep. Joaquín Castro (D-Texas) that aims to help state and local officials battle hackers. Specifically, the bill authorizes the agency to establish a consortium that would provide training to state and local first responders and officials, conduct training and simulation exercises and help states develop information sharing programs.

Audit Finds 'Hostile Probes,' Breaches of Weather Satellite System

Vietnam's Tien Phong Bank said that it interrupted an attempted cyber heist that involved the use of fraudulent SWIFT messages, the same technique at the heart of February's massive theft from the Bangladesh central bank. Hanoi-based TPBank said in a statement late on Sunday in response to inquiries from Reuters that in the fourth quarter of last year it identified suspicious requests through fraudulent SWIFT messages to transfer more than 1 million euros ($1.1 million) of funds. 

J.P. Morgan Chase & Co. has limited some employees’ access to the Swift global interbank messaging service amid questions about security breaches at a pair of Asian banks that used the funds-transfer platform, people familiar with the matter said. 

Publish a “wrong” map of India, face seven years in jail and a huge fine [Hindustan Times; “crore” = 10 million]
“The Electronic Frontier Foundation (EFF) urged the Federal Communications Commission (FCC) today to update privacy rules to prevent broadband Internet access service providers from recording and sharing their customers’ every move online. EFF’s comments are part of the FCC’s rulemaking on consumer privacy and telecommunications services. As broadband providers are uniquely positioned to track every communication and activity—often in real time—the FCC is proposing to update current telecom policy to protect the privacy and security of consumers.

The head of the Association of British Insurers has called on the government to create a database where companies would have to record details of cyber attacks.