“I don't know how introverts survived without the Internet. Or with the
Internet. Actually, I don't know how we survive at all. It feels
impossible.”
― The Girl with the Lower Back Tattoo
Just when the caterpillar thinks that it is all grown up, it becomes a butterfly
”The butterfly said to the sun, “They can’t stop talking about my transformation. I can only do it once in my lifetime. If only they knew, they can do it at any time and in countless ways.”
– Dodinsky
From The Washington Post, an illustrated encyclopedia of sleeping positions on a plane. Economy only…we don’t need to see how peacefully the lie-flat fancies in business are slumbering.
― The Girl with the Lower Back Tattoo
Just when the caterpillar thinks that it is all grown up, it becomes a butterfly
”The butterfly said to the sun, “They can’t stop talking about my transformation. I can only do it once in my lifetime. If only they knew, they can do it at any time and in countless ways.”
– Dodinsky
From The Washington Post, an illustrated encyclopedia of sleeping positions on a plane. Economy only…we don’t need to see how peacefully the lie-flat fancies in business are slumbering.
The multi-millionaire son of Exclusive Brethren world leader Bruce D. Hales has been accused of assaulting a man on a public street outside the religious leader's mansion in suburban Sydney.
A woy of world without pain (New Yorker)
Putin Enlists Major Cultural Leaders To Rewrite Russian Constitution
Malchkeon rereading the late Clive James, came across this in his introduction to Cultural Amnesia (2007): “There is too much to appreciate.” Mozart, he notes, never heard all of Bach. “We can hear everything by both of them.” He writes:
“Butterfly Kisses
Aged imperfections
stitched upon my face
years and years of wisdom
earned by His holy grace.
Quiet solitude in a humble home
all the family scattered now
like nomads do they roam.
Then a gift
sent from above
a memory
pure and tangible
wrapped in innocence and
unquestioning love.
A butterfly kiss
lands gently upon my cheek
from an unseen child
a kiss most sweet.
Heaven grants grace
and tears follow
as youth revisits
this empty hollow.”
Own your data. Hub Culture is the one global community actively committed to ensuring individual data ownership as it works to build frameworks for digital self-reliance, governance, and collaboration. You can get involved here.
Joseph Savirimuthu, “Book review: Blockchain and the Law: The Rule of Code”, (2019) 16:1 SCRIPTed 95 https://script-ed.org/?p=3748 DOI: 10.2966/scrip.160119.95. Download PDF
Grandson 'inherited' ancestor's WWI head injuries
Why is Japan so successful at returning lost property?
In the dark, it's easy to see through Singapore’s respectable facadeIn Singapore, everything has its price. Even people.
Hank Azaria from The Simpsons says he will no longer voice Apu
A voice actor for hit animated series The Simpsons has said he will no longer voice the controversial character of Apu Nahasapeemapetilon, an Indian-born convenience store owner.
Where did the urban legend of the dangerous Australian drop bear come from?
Tricking visitors into believing Australia is home to predatory bears that drop from treetops on to unsuspecting people walking below has become a national pastime, but where did the myth originate?
Gov Info
Security
January 3,
2020
Certain
federal agencies, especially units within the Department of Defense, still have
plenty of work to do when it comes to sharing cybersecurity information and
threat intelligence among themselves as well with the private sector, according
to an unclassified report recently sent to Congress. The Office of the
Inspector General of the Intelligence Community, which is part of the Office of
the Director of National Intelligence, published the audit. While the audit
found that substantial progress has been made on the sharing cybersecurity
information and threat intelligence among agencies over the last two years, it
pointed to several areas of ongoing concern, including the failure of certain
Defense Department units to use appropriate policies and procedures for data
sharing.
Reuters
January 2,
2020
Newly
passed legislation will push the U.S. State Department to disclose how it
polices the sale of cyber tools and services abroad. The move followed a
Reuters investigation which revealed that American intelligence contractors
clandestinely assisted a foreign spying operation in the United Arab Emirates,
helping the monarchy to crack down on internal dissent. The legislation directs
the State Department to report to Congress within 90 days on how it controls
the spread of cyber tools and to disclose any action it has taken to punish
companies for violating its policies. Under U.S. law, companies selling hacking
products or services to foreign governments must first obtain permission from
the State Department. U.S. lawmakers and human rights advocates have grown
increasingly concerned that hacking skills developed for U.S. spy services are
being sold abroad with scant oversight. “Just as we regulate the export of
missiles and guns to foreign countries, we need to properly supervise the sale
of cyber capabilities,” said congressman Dutch Ruppersberger of Maryland, who
drafted the legislation.
The Hill
January 1,
2020
A federal strategy
for defending the U.S. government against cyberattacks is one step closer to
completion, with lawmakers saying they have a draft form that could be
finalized as early as March. The report has been in the works since 2018 after
the National Defense Authorization Act created a commission, consisting of
lawmakers and industry leaders, to draw up recommendations. Rep. Mike Gallagher
(R-Wis.), co-chairman of the commission, told The Hill that the commission had
recently put together a draft version. “Over the holiday we will have a few
weeks to dig into the draft text, and there are a few issues we are working
through, but we feel good,” Gallagher said on Dec. 19. “We had a meeting this
week, an additional meeting, and it was a really robust debate, and so I think
we’re getting there.” The 2020 National Defense Authorization Act, signed into
law by President Trump last month, extended the initial deadline for the
commission to produce the report to April 30. Rep. Jim Langevin (D-R.I.),
another member of the commission, told The Hill that the commission would
likely publish the report before the new deadline. “We will get our work done
certainly before then. It could well be as early as March,” Langevin said on
Dec. 19. “We are coming to a place where we can see the light at the end of the
tunnel.”
Nextgov
December
31, 2019
With just
over 10 months to go before Americans head to the polls to elect their next
president, states will have access to additional money to help shore up
insecure voting equipment. The funding—$425 million—was included in
appropriations for the Election Assistance Commission under the 2020 spending
bills President Trump signed into law on Dec. 20. EAC Chairwoman Christy
McCormick said the commission “will do everything in its power to distribute
these funds as expeditiously as possible.” The funding is a boost over
Congress’ most recent appropriation of $380 million for election improvements
in 2018—the first time since 2010 that Congress made resources available to
help states and localities with their election infrastructure and
administration. “State and local election officials from across the country
regularly tell us about the need for additional resources,” said EAC Vice Chair
Benjamin Hovland. “This new funding will allow election officials to continue
making investments that strengthen election security and improve election
administration in 2020 and beyond.” While election experts welcomed the new
funding, they said it may not be sufficient in the face of ongoing
threats. Lawrence Norden, director of the Electoral Reform Program at the
Brennan Center for Justice, said the funding is “an important and necessary
step” to protecting the 2020 elections. However, it “should not be Congress’s
only investment in election security.”
ADMINISTRATION
Politico
January 2,
2020
A
long-awaited report this week from the Department of Homeland Security found
security problems with the computer systems that a North Carolina county used
to handle voter data during the 2016 election — but no evidence that Russian
hackers had breached them. Still, the review is unlikely to totally resolve questions
surrounding the county’s use of software provided by the Florida company VR
Systems, which — as POLITICO reported last week — have added to broader doubts
about the security of election technology that Americans will use at the polls
in 2020. Experts contacted by POLITICO said the new DHS analysis has its share
of holes — for instance, failing to examine all the computer systems the
Russians could have targeted. And they noted that officials in Durham County,
N.C., had waited until about a week after Election Day to preserve some
potentially important evidence. “I think [the investigation is] incomplete,”
says Jake Williams a former NSA hacker who is founder of the security firm
Rendition Infosec and trains forensic analysts. “It’s the best investigation
that can be conducted under the circumstances. We can’t investigate what we
don’t have, [and] a lot of the crucial evidence is missing.”
FCW
January 2,
2020
The
Department of Homeland Security and the General Services Administration want to
know what it would take to develop a cloud-based centralized vulnerability
disclosure platform for the federal government. In a request for information
released late December, the agencies asked industry for feedback on how to set
up a system that could serve as a primary point of entry for security
researchers warning about bugs in their internet-accessible systems. While the
platform would be managed by the Cybersecurity and Infrastructure Security
Agency at DHS, agencies might have to kick in some of their own funding and
participation would be voluntary. CISA is looking at a centralized
software-as-a-service platform that can track incoming submissions, validate
each report for legitimate bugs while filtering out errant ones, enable
web-based communication between the reporter and agency during remediation
efforts and allow agencies to create separate role-based accounts for their
main organization and component agencies.
The
Times-Picayune
January 2,
2020
Three weeks
after City Hall computer systems were crippled by a cyberattack, New Orleans
officials on Thursday offered their first timeline for restoring the systems,
saying the city's Police Department and courts should have their access to
computer networks restored by Monday. Most of the city's computers have been
screened and cleared for use by employees, officials said during a press
conference to provide an update on progress. The city's online systems for
paying bills and transacting other city business should be available before
property tax deadlines at the end of January. "We have made significant
progress," Chief Information Officer Kim Walker LaGrue said, adding that
her office as well as 75 state and federal partners have been working
continuously since the attack to restore the city's networks.
Infosecurity
Magazine
January 2,
2020
US maritime
facilities have been on high alert over the Christmas break after the Coast
Guard revealed details of a ransomware-related outage in late December. The
bulletin described a recent attack causing widespread operational disruption at
a “Maritime Transportation Security Act (MTSA) regulated facility. “Forensic
analysis is currently ongoing but the virus, identified as ‘Ryuk’ ransomware,
may have entered the network of the MTSA facility via an email phishing
campaign. Once the embedded malicious link in the email was clicked by an
employee, the ransomware allowed for a threat actor to access significant
enterprise Information Technology (IT) network files, and encrypt them,
preventing the facility’s access to critical files,” it explained. “The virus
further burrowed into the industrial control systems that monitor and control
cargo transfer and encrypted files critical to process operations. The impacts
to the facility included a disruption of the entire corporate IT network
(beyond the footprint of the facility), disruption of camera and physical
access control systems, and loss of critical process control monitoring
systems.” The port facility’s operations were apparently disrupted for over 30
hours as a result of the attack.
CyberScoop
January 2,
2020
The FBI is
warning U.S. companies about a series of recent ransomware attacks in which the
perpetrator, sometimes posing as a government agency, steals data and then
encrypts it to further extort victims. In an advisory to the private sector
last week, the FBI called for vigilance to combat the so-called Maze
ransomware, which the bureau said began hitting U.S. organizations in November.
“From its initial observation, Maze used multiple methods for intrusion,
including the creation of malicious look-a-like cryptocurrency sites and
malspam campaigns impersonating government agencies and well-known security
vendors,” states the advisory obtained by CyberScoop.
Fifth
Domain
December
28, 2019
The public
comment period on the draft vulnerability disclosure program for federal
agencies published by the Department of Homeland Security’s cybersecurity
agency has been extended until Jan. 10, 2020. The draft binding operational
directive (BOD), one of few authorities Cybersecurity and Infrastructure
Security Agency has to force entities to take action, would require that
federal agencies establish a VDP, in which security researchers could report
vulnerabilities in agencies’ public-facing websites. The original comment
period was set to expire Dec. 27, but CISA extended the deadline after a
“phenomenal response" from stakeholders. So far, CISA has received
comments from stakeholders both at federal agencies, industry and think tanks,
concerned with everything from legal protections for researchers submitting
vulnerabilities to mandated remediation time frames. Several comments have
expressed concern about resources agencies ultimately dedicate to the
disclosure programs.
INDUSTRY
ZDNet
January 3,
2020
An
Arkansas-based telemarketing firm sent home more than 300 employees and told
them to find new jobs after IT recovery efforts didn't go according to plan
following a ransomware incident that took place at the start of October 2019.
Employees of Sherwood-based telemarketing firm The Heritage Company were
notified of the decision just days before Christmas, via a letter sent by the
company's CEO. Speaking with local media, employees said they had no idea the
company had even suffered a ransomware attack, and the layoffs were unexpected,
catching many off guard. "Unfortunately, approximately two months ago our
Heritage servers were attacked by malicious software that basically 'held us hostage
for ransom' and we were forced to pay the crooks to get the 'key' just to get
our systems back up and running," wrote Sandra Franecke, the company's
CEO, in the letter sent to employees. She goes on to say that data recovery
efforts, initially estimated at one week, have not gone according to plan and
the company had failed to recover full service by Christmas. Franecke said the
company lost "hundreds of thousands of dollars" because of the
incident and have been forced to "restructure different areas in the
company."
Bleeping
Computer
January 2,
2020
The
anonymous operators behind the Maze Ransomware are being sued by a victim for
illegally accessing their network, stealing data, encrypting computers, and
publishing the stolen data after a ransom was not paid. The company suing Maze
is Southwire, a leading wire and cable manufacturer from Carrollton, Georgia,
who was attacked in December 2019. As part of this attack, the ransomware
allegedly stole 120GB of data and encrypted 878 devices. After a ransom of 850
bitcoins, or $6 million. was not paid by Southwire, the Maze operators
published a portion of their stolen data on a "news" site that the
threat actors created. This site is hosted at an ISP in Ireland that Southwire
states that they contacted repeatedly but did not receive a response.
CyberScoop
December
31, 2019
Microsoft
has taken hold of 50 websites used by suspected North Korean hackers to bolster
attempted hacks against government employees, universities and nuclear
organizations, among other targets. The company announced Monday it won a court
order allowing it to take over 50 websites that a hacking group Microsoft
refers to as Thallium (also known as APT37, or Reaper) has used as part of a
campaign to steal sensitive data. Thallium would send phishing emails which
directed would-be victims to malicious websites, where they would be prompted
to enter their username and password. A successful effort would provide
Thallium access to victimized account data including messages, contact lists
and appointments. This effort marks the fourth time Microsoft has used U.S.
courts to sink nation-state hacking infrastructure. In March, Microsoft said it
took over domains used by Phosphorous, an Iranian group also known as Charming
Kitten, and in August 2018 said it had moved against Strontium, a Russian group
more commonly known as Fancy Bear or APT28. The company also has disrupted a
Chinese-linked group it calls Barium.
AP
December
31, 2019
An Alaska
air carrier that suffered a cyber attack has experienced more disruption than
initially projected, according to a company announcement. The RavnAir Group on
Dec. 20 experienced what it called a "malicious" cyber attack on its
information technology network, Anchorage television station KTVA reported. The
company canceled some Alaska flights of Dash 8 aircraft and said passengers
could expect more schedule changes. On Monday, the company announced the
disruption was worse than initially reported. Restoration of systems could take
up to a month, the company said. Additional flight cancellations and delays are
possible for the group's three airlines, RavnAir Alaska, PenAir and RavnAir
Connect, the company said.
INTERNATIONAL
The
Washington Post
January 3,
2020
Iran’s
cyber troops long have been among the world’s most capable and aggressive —
disrupting banking, hacking oil companies, even trying to take control of a dam
from afar — while typically stopping short of the most crippling possible
actions, say experts on the country’s capabilities. But Friday’s American
airstrike that killed one of Iran’s top generals, Quds Force Commander Maj.
Gen. Qasem Soleimani, now threatens to unleash a fully unshackled Iranian
response, analysts and former U.S. officials warned. They said a variety of
potential cyber-attacks, possibly in conjunction with more traditional forms of
lethal action, would be well within the digital arsenal of a nation that has vowed
“severe revenge." “At this point, a cyber-attack should be expected,” said
Jon Bateman, a former Defense Intelligence Agency analyst on Iran’s cyber
capabilities and now a cybersecurity fellow for the Carnegie Endowment for
International Peace.
The Wall
Street Journal
December 30,
2019
he hackers
seemed to be everywhere. In one of the largest-ever corporate espionage
efforts, cyberattackers alleged to be working for China's intelligence services
stole volumes of intellectual property, security clearance details and other
records from scores of companies over the past several years. They got access
to systems with prospecting secrets for mining company Rio Tinto PLC, and
sensitive medical research for electronics and health-care giant Philips NV.
They came in through cloud service providers, where companies thought their
data was safely stored. Once they got in, they could freely and anonymously hop
from client to client, and defied investigators' attempts to kick them out for
years. Cybersecurity investigators first identified aspects of the hack, called
Cloud Hopper by the security researchers who first uncovered it, in 2016, and
U.S. prosecutors charged two Chinese nationals for the global operation last
December. The two men remain at large. A Wall Street Journal investigation has
found that the attack was much bigger than previously known. It goes far beyond
the 14 unnamed companies listed in the indictment, stretching across at least a
dozen cloud providers, including CGI Group Inc., one of Canada's largest cloud
companies; Tieto Oyj, a major Finnish IT services company; and International
Business Machines Corp.
Gov Info
Security
December 30,
2019
Wanted: A
new chief executive to take the helm of Britain's National Cyber Security
Center. On Friday, the NCSC announced that its chief executive, Ciaran Martin,
45, will pursue longstanding plans to step down from his position by the end of
summer 2020. A search is underway for his replacement to facilitate a smooth
handover before his scheduled leaving date. Martin's upcoming departure serves
as useful moment for reviewing the effectiveness of the NCSC model, which looks
to have been highly successful at creating a one-stop-shop for private-sector
organizations to interface with the government about cybersecurity matters,
including investigating major incidents, defending against nation-state attacks
and battling election interference. The model is now being emulated in other
countries, although the U.S. remains a notable holdout.
TECHNOLOGY
ZDNet
January 2,
2020
In a new
research paper published on the last day of 2019, a team of American and German
academics has shown that field-programmable gate array (FPGA) cards can be
abused to launch better and faster Rowhammer attacks. The new research expands
on previous work into an attack vector known as Rowhammer. Rowhammer attacks
were first detailed in 2014. The attack exploits a design flaw in the hardware
modern memory cards -- most commonly known as RAM. On modern RAM cards, data is
stored inside memory cells, and all memory cells are arranged in a grid
pattern. In 2014, academics discovered that by reading data stored on one row
of memory cells repeatedly, and at high speeds, they could create an electrical
charge that would alter data stored in nearby memory rows. By coordinating
repeated read operations, in an operation named "row hammering," they
could use the unwanted electrical charges to corrupt RAM data, or manipulate
the user's data in malicious ways. After it was disclosed to the public,
industry experts deemed the Rowhammer attack only a theoretical threat, but one
that had the potential to become a bigger problem later down the line. Just as
it was initially predicted, over the past five years, academics have greatly
expanded on the initial Rowhammer attack. They found ways around mitigations,
they expanded the attack surface to various computer components and
configurations, and they even found a way to use Rowhammer to steal data from
attacked systems, instead of just altering it. The latest addition to this list
is a new Rowhammer attack variation called JackHammer, which allows a malicious
party to abuse FPGA cards to launch better and faster Rowhammer attacks.