Monday, June 27, 2016

Brexit: TalkTalk boss paid £2.8M after hack attack

Found on a Star Wars light saber toy, “For Accessory Use Only. Not to Be Used as a Battle Device,” and more finalists from the latest Wacky Warning Labels contest. [Bob Dorigo Jones, John Stossel]

The increasing vitriol between the MEdiaDragons aka Boomers and (mostly) Gen Y has singed more than a few nose hairs in recent years. You’d be well advised to approach any discussion between active combatants with full hazmat gear. And now the #Brexit has brought matters to a head. Continue reading 

In the Financial Times, Martin Wolf says that the fearmongering and outright lies of Boris Johnson, Michael Gove, Nigel Farage, The Sun and the Daily Mail have won.   Continue reading 

Baba Vanga, a blind Psychic who died in 1996, has predicted that Europe will “cease to exist” after this year. Baba Vanga was very accurate with her predictions, with an 85-percent accuracy rate. Among her predictions, she was accurate about the 9/11 attack, as well as the ISIS attacks. Vanga made a prediction while she was alive that Europe will cease to exist after Muslims invade Europe in 2016. She called it the “great Muslim war.” Ottoman woman from Str...umica ... Amen

Guardian Can of Political Worms on  Twitter Digging into Pandora Box as spotted in Brisvegas Brexit: People are really really hoping this theory about David Cameron and Brexit is true

Speaking of Worms, this pre-Brexit Briefing Paper explores the food terrain exposed by the wider Brexit versus Bremain Referendum question to be decided by the voting UK public on June 23

Some basics on Article 50 notification

 "Every time we hear there's a scandal, the banks say 'we're all over it, we've fixed it, it won't happen again'," Ms Plibersek said. "Then there's the next scandal. Q and A calling for Royal Commission

MEDIADragons: Your Phone’s Vibration Motor Can Spy On What You’re Saying: Researchers figure out how to turn it into a microphone

The gravest attacks -- and most common -- perpetrated against agency networks involved nation states, according to an audit that happened to be released amid accusations the Russian government allegedly hacked the Democratic National Committee. 

Ars Technica  June 20, 2016
TalkTalk chief Dido Harding has been paid £2.8 million by the budget telco in the past year during a period that included the high profile hack attack on its systems, which put a serious dent in the company's profits and reputation. Ex-jockey Harding vowed in TalkTalk's annual report—published on Monday morning—to donate her £220,000 annual bonus to charity. It comes on the same day that MPs called for company bosses to take more responsibility for security gaffes. MPs and peers sitting on the culture, media, and sport committee have recommended that "a portion of CEO compensation should be linked to effective cyber security"—which, put another way, means that bonuses, and other salary incentives could be held back if a boss fails to act "before a crisis strikes." Harding, whose base pay for the year ended March 31, 2016 was £550,000, raked in almost £2 million on top of that figure in relation to performance targets covering a three-year period prior to TalkTalk's cyber attack.

Krebs on Security

June 20, 2016

GoToMyPC, a service that helps people access and control their computers remotely over the Internet, is forcing all users to change their passwords, citing a spike in attacks that target people who re-use passwords across multiple sites. Owned by Santa Clara, Calif. based networking giant Citrix, GoToMyPC is a popular software-as-a-service product that lets users access and control their PC or Mac from anywhere in the world. On June 19, the company posted a status update and began notifying users that a system-wide password update was underway. “Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack,” reads the notice posted to “To protect you, the security team recommended that we reset all customer passwords immediately. Effective immediately, you will be required to reset your GoToMYPC password before you can login again. To reset your password please use your regular GoToMYPC login link.” John Bennett, product line director at Citrix, said once the company learned about the attack it took immediate action. But contrary to previous published reports, there is no indication Citrix or its platforms have been compromised, he said.


June 23, 2016

An international body, operating via consensus and staffed by a globally diverse team of technical experts from governments and the private sector, should be set up to establish peer-reviewed technical attribution for major cyberattacks, Microsoft recommends in a policy paper out Thursday. The paper, "From Articulation to Implementation: Enabling Progress on Cyber Norms," suggests that the International Atomic Energy Agency might be the model for such a body. "The IAEA is renowned for its technical expertise, its board of governors and other organizational elements are made up representatives from around the world," and its inspectors carry out their work of verifying compliance with the global nuclear Non-Proliferation Treaty, or NPT, based upon well-established consensual criteria, the report notes.

The Hill
June 24, 2016
New research is raising serious questions about the cybersecurity practices of hospitals. The study, conducted by Ross Koppel of the Univerisity of Pennsylvania, found that sticky notes with passwords were prevalent in hospitals; that employees shared passwords; that keypad-protected doors to medical supply rooms often had passwords written on them; and that clinicians left computers logged on as a courtesy to whoever needed to use them next

The Hill

June 24, 2016
A federal court ruled that the FBI did not need a warrant to hack a suspect’s computer during a massive child pornography sting, outraging privacy advocates and opposing rulings in similar cases across the country.  

The Christian Science Monitor

June 24, 2016

Retailers nationwide are in midst of rolling out payment terminals intended for cards embedded with smart chips, which are supposed to better protect consumers against financial fraud than cards with magnetic strips. However, shoppers still aren’t adequately protected from hackers and identity thieves, The Home Depot and Walmart have claimed in separate lawsuits against MasterCard and Visa. "Visa and MasterCard have pushed consumers to use payment card technology that Visa and MasterCard know is defective and subject to fraud and have colluded with each other and with the banks that issue debit and credit cards to do so," states the suit from The Home Depot filed last week in Atlanta federal court. Walmart filed suit against Visa last month.

Naval Academy grads spread cyber awareness servicewide

Gov Info Security

June 23, 2016
The U.S. Securities and Exchange Commission has obtained an emergency court order to freeze the assets of a British citizen who it has accused of hacking into brokerage accounts in the United States and abroad to manipulate and fraudulently profit from stock price fluctuations that he engineered. On June 22, the SEC filed a complaint in the U.S. District Court in the Southern District of New York, alleging that Idris Dayo Mustapha "hacked into numerous accounts of U.S. customers of broker-dealers in and outside the U.S."  


June 20, 2016
Since the massive Office of Personnel Management hack was revealed last summer, the White House has exhorted and encouraged agencies to tighten their cybersecurity defenses. But lawmakers want to know if the administration has also considered a tougher approach -- using its budget authority to enforce cybersecurity standards. 

Federal News Radio

June 23, 2016
The Obama administration is still struggling on how it would respond to a cyber attack on U.S. water systems, financial structure or electrical grid. Defense Department Acting Assistant Secretary for Homeland Defense and Global Security Thomas Atkin was unable to provide specifics to the House Armed Services Committee this week on when exactly DoD would get involved if there was a cyber attack to critical U.S. infrastructure.