Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
Data Center in Space
Cloud computing is old technology. An LA-based start-up wants to move your data beyond the cloud. Cloud Constellation wants to store your data in space. The firm is planning on building a satellite-based data center that will have room for petabytes of data and may start orbiting Earth as early as 2019 according to Computerworld.
CEO Scott Sobhani told the author Cloud Constellation is looking upward to give companies and governments direct access to their data from anywhere in the world. Its data centers on satellites would let users bypass the Internet and the thousands of miles of fiber their bits now have to traverse in order to circle the globe. And instead of just transporting data, the company’s satellites would store it, too.
The article describes the pitch like this – Data centers and cables on Earth are susceptible to hacking and to national regulations covering things like government access to information. They can also slow data down as it goes through switches and from one carrier to another, and all those carriers need to get paid.
Cloud Constellation’s system, called SpaceBelt, would be a one-stop-shop for data storage and transport. Need to set up a new international office? No need to call a local carrier or data-center operator. Cloud Constellation plans to sell capacity on SpaceBelt to cloud providers that could offer such services.
Security is another selling point. Data centers on satellites would be safe from disasters like earthquakes, tornadoes, and tsunami. Internet-based hacks wouldn’t directly threaten the SpaceBelt network. The system will use hardware-assisted encryption, and just to communicate with the satellites an intruder would need an advanced Earth station that couldn’t just be bought off the shelf, Mr. Sobhani told ComputerWorld.
Cloud Constellation’s secret sauce is a technology that it developed to cut the cost of all this from US$4 billion to about US$460 million, Sobhani said. The network would begin with eight or nine satellites and grow from there. Together, the linked satellites would form a computing cloud in space that could do things like transcode video as well as storing bits. Each new generation of spacecraft would have more modern data center gear inside.
The company plans to store petabytes of data across this network of satellites. Computerworld points out that the SpaceBelt hardware would have to be certified for use in space. Hardware in space is more prone to bombardment by cosmic particles that can cause errors. Most computer gear in space today is more expensive and less advanced than what’s on the ground, satellite analyst Tim Farrar of TMF Associates said.
Taneja Group storage analyst Mike Matchett told the author that the idea of petabytes in space is not as far-fetched as it may sound. A petabyte can already fit on a few shelves in a data center rack, and each generation of storage gear packs more data into the same amount of space. This is likely to get better even before the first satellites are built.
But if you do put your data in space, don’t expect it to float free from the laws of Earth. Under the United Nations Outer Space Treaty of 1967, the country where a satellite is registered still has jurisdiction over it after it’s in space, said Michael Listner, an attorney and founder of Space Law & Policy Solutions. If Cloud Constellations’ satellites are registered in the US, for example, the company will have to comply with subpoenas from the U.S. and other countries, he said.
And while the laws of physics are constant, those on Earth are unpredictable. For example, the US hasn’t passed any laws that directly address data storage in orbit, but in 1990 it extended patents to space, said Frans von der Dunk, a professor of space law at the University of Nebraska. “Looking towards the future, that gap could always be filled.”
rb-
On the Bach Seat, we have covered different theories about data centers several times. These theories included manure, sewer gas, and used cars to power DC’s as well as proposed data centers underwater and at KMart. This one however seems the most unique, considering the start-up costs to build and launch satellites.
Related articles
- Yahoo Wants to Sell Its ‘Chicken Coop’ Data Center Designs (datacenterknowledge.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2014, Big data, Cloud computing, Cloud Constellation, Data center, Petabyte, Satellites, Space, SpaceBelt, United Nations Outer Space Treaty of 1967
Security Cam Concerns in Ann Arbor
Next time you are in Ann Arbor to get a bite to eat at Zingerman’s or attend a U of M football game at Michigan stadium someone may be watching you. NetworkWorld, says Ann Arbor is one of the top U.S. cities with the most unsecured security cameras. In fact, Ann Arbor ranks seventh nationally.
The report’s author, security firm Protection 1, analyzed the data from Insecam. Inseacam identifies open security cameras and Protection 1 estimates there are over 11,000 open security cameras on the Internet in the U.S. Protection 1 identified the cities with the most cameras that can be viewed by anyone online. The top 10 cities with unsecured security cameras are:
Walnut Creek, CA – 89.69 / 100,000 residents- Richardson, TX – 72.74 / 100,000 residents
- Torrance, CA – 72.55 / 100,000 residents
- Newark, NJ – 38.07 / 100,000 residents
- Rancho Cucamonga, CA – 36.76 / 100,000 residents
- Corvallis, OR – 37.98 / 100,000 residents
- Ann Arbor, MI – 34.18 / 100,000 residents
- Orlando, FL – 34.05 / 100,000 residents
- Eau Claire, WI – 22.21 / 100,000 residents
- Albany, NY – 20.32 / 100,000 residents
Open security cameras connect to the Internet via Wi-Fi or a cable. They have no password protection or are using the manufacturer’s default password. Malicious people and governments can record or broadcast our lives from unprotected open security cameras. Open cameras are also vulnerable attacks that can turn them into bots.
From a privacy perspective, the most worrisome finding is that 15% of the open cameras are in Americans’ homes. Anyone can watch these cameras if the default password is not changed to a unique password to lock down the camera.
Besides being spied on from the web, open cameras can be exploited by criminals. Cyber-criminals can force online cameras to attack other things on the Internet as part of a DDoS attack.
A DDoS attack against a jewelry shop website led to the discovery of a CCTV-based botnet. A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing a denial of service for users of the targeted system. TargetTech says the flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
Help Net Security reports that Sucuri researchers discovered the jewelry site was being attacked by a CCTV botnet made up of 25,000+ cameras from around the globe. The website was first attacked by a layer 7 attack (HTTP Flood) at 35,000 HTTP requests per second and then, when those efforts were thwarted, with 50,000 HTTP requests per second.
Sucuri researchers discovered that all the attacking IP addresses had a similar default page with the ‘DVR Components’ title. After digging some more, they found that all these devices are BusyBox based. Busybox is a GNU-based software that aims to be the smallest and simplest correct implementation of the standard Linux command-line tools.
The compromised CCTV cameras were located around the globe:
- 24% originated from Taiwan,
- 12% United States,
- 9% Indonesia,
- 8% Mexico,
- and elsewhere.
rb-
Unless something is done, security flaws, misconfiguration, and ignorance about the dangers of connecting unsecured devices to the IoT will keep these botnets functioning well into the future.
To protect your website from botnets and DDoS, you need to be able to block or absorb malicious traffic. Firms should talk to their hosting provider about DDoS attack protection. Can they route incoming malicious traffic through distributed caching to help filter out malicious traffic — reducing the strain on existing web servers. If not find a reputable third-party service that can help filter out malicious traffic.
DDoS defense services require a paid subscription, but often cost less than scaling up your own server capacity to deal with a DDoS attack.
Arbor Networks is one firm that provides services and devices to defend against DDoS.
Google has launched Project Shield, to use Google’s infrastructure to support free expression online by helping independent sites mitigate DDoS attack traffic.
Related articles
- GetResponse CEO Statement Regarding the DDoS Attack (getresponse.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2016, Ann Arbor, Arbor Networks, BusyBox, CCTV, Daniel Cid, DDOS, Denial-of-service attack, DVR, GOOG, Google, HTTPS, Inseacam, Internet of Things, IP address, Jim Harbaugh, Linux, Michigan, Protection 1, Security, Sucuri
Independence Day 2016
Independence Day is the time when Americans celebrate freedom from a tyrannical government in the 18th century. While gaining that freedom, the founding fathers used encryption. They used encryption while risking their lives to gain the freedom we celebrate on July 4th. The EFF documents how many of the Founding Fathers of the United States used encryption to secure our freedoms.
- Thomas Jefferson
was the principal author of the Declaration of Independence and the country’s third president. He is known to be one of the most prolific users of secret communications methods. He even invented his own cipher system—the “wheel cipher” or the “Jefferson disk” as it is now commonly referred to. Mr. Jefferson also presented a special cipher to Meriwether Lewis for use in the Lewis and Clark Expedition.
George Washington was the first president of the United States. He frequently dealt with encryption and espionage issues as the commander of the Continental Army. He gave his intelligence officers detailed instructions on methods for maintaining the secrecy and for using decryption to uncover British spies.
- John Adams was the second U.S. president. He used a cipher provided by James Lovell—a member of the Continental Congress Committee on Foreign Affairs. He was an early advocate of cipher systems—for correspondence with his wife, Abigail Adams while traveling.
- Benjamin Franklin in
vented ciphers used by the Continental Congress. In 1748, he published a book that spoke of encryption written by George Fisher, The American Instructor.
- James Madison was the author of the Bill of Rights and the country’s fourth president. He was a big user of enciphered communications. Numerous examples from his correspondence prove that. The text of one letter from Madison to Joseph Jones, a member of the Continental Congress from Virginia, dated May 2, 1782, was almost completely encrypted via cipher. And on May 27, 1789, Madison sent a partially encrypted letter to Thomas Jefferson describing his plan to introduce a Bill of Rights.
- John Jay, the first Chief Justice of the U.S. Supreme Court, used ciphers for all diplomatic correspondence made while outside the United States. And John Jay’s brother, Sir James Jay, invited a special invisible ink, also known as sympathetic ink, and sent a supply from London to both his brother and then General Washington.
TechDirt correctly concludes that If encryption was good enough for the Founding Fathers to use in the 18th Century … it’s pretty ridiculous that we’re still having this debate now in this age of constant government monitoring, warrantless searches, corporate data aggregation, data sharing, and tools like IBM’s Non-Obvious Relationship Awareness software (NORA). The time is now to fight shortsighted “going dark” claims by the FBI and efforts by clueless politicians like Sen. Dianne Feinstein (D-CA) who have plans to ban encryption.
rb-
Seems to me that the biggest threat to 
America this Independence Day is the political ambitions of technically illiterate know-nothings in the gooberment. Be like the Founding Fathers and encrypt something start with HTTPS Anywhere from the EFF.
Related articles
- How to Drink Like the Founding Fathers this 4th of July (coolmaterial.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Holidays |
Tags: 2016, American Revolution, Benjamin Franklin, Bill of Rights, Constitution, Continental Army, Continental Congress, Declaration of Independence, EFF, Encryption, Founding Fathers, Fourth of July, Freedom, George Washington, HTTPS, Independence Day, John Adams, John Jay, Lewis and Clark Expedition, POTUS, SCOTUS, Thomas Jefferson
Malware Steals Your Cash At ATM
On September 2, 1969, America’s first automatic teller machine (ATM) started dispensing cash to customers at Chemical Bank in Rockville Center, New York. Since then ATMs have been a trusted avenue for many banking transactions. However, Business Insider warns that the next time you pull cash out of the ATM, or “Tap the Mac” you should take extra care. BI reports that Internet security firm Kaspersky Lab has announced the return of a newer and more dangerous version of the Skimer malware.
T
he report characterizes Skimer as an especially dangerous malware that turns whole ATMs into card-skimming machines. The malware first appeared in 2009 and has been distributed at ATMs all over the world.
The majority of ATM fraud takes place through card skimming. Card skimming is usually physical, as criminals typically install an illegal card-reading device into ATMs, film people entering their PINs on keypads, and then create duplicate cards for sale and use, reports the New York Times. Fortunately, users can uncover these card skimmers because they’ll spot a problem with the card reader or notice an unusual camera.
Skimer is particularly problematic because it is software-based. The article explains the threat is undetectable to the common ATM user since there is no physical sign of the ATM being tampered with. The Russian-based program lets criminals access an ATM remotely, install the malware, and then gather data such as PINs, card numbers, and account numbers over the course of time. A “money mule” can then insert a special magnetic stripe card into the ATM to access the stolen data, take out money, or print card numbers onto a receipt.
The attack begins by gaining access to the ATM system either through physical access or via the bank’s internal network. Then Backdoor.Win32.Skimer malware is installed which infects the core of the ATM. The ATM core is responsible for the machine’s interactions with the banking infrastructure, cash processing, and credit cards. After that, the ATM has become a skimmer. The compromise allows the attackers to withdraw all the funds in the ATM or grab the data from cards used at the ATM, including customers’ bank account numbers and PIN codes.
Kaspersky is trying to help banks detect Skimer and is providing techniques for identifying affecting machines and securing their ATM networks in the future. Sergey Golovanov, a principal security researcher at Kaspersky Lab explains it is possible for banks to stop Skimer.
We have discovered the hardcoded numbers used by the malware, and we share them freely with banks … they can proactively search for them inside their processing systems, detect potentially infected ATMs and money mules, or block any attempts by attackers to activate the malware
To prevent ATM attacks, Kaspersky recommends that banks:
- Perform regular AV scans,
- Use whitelisting technologies,
- Have a good device management policy,
- Enable full-disk encryption,
- Protect the ATM’s BIOS with a password,
- Only allow HDD booting,
- Isolate the ATM network from any other internal bank network.
Despite a way to control Skimer, ATM fraud continues to grow according to BI. A recent FICO study found the number of compromised ATMs in the U.S. surged 546% from 2014 to 2015, thanks in large part to the slow EMV migration of debit cards and ATMs. The article speculates that EMV upgrades would stop Skimer. The resistance to EMV means ATM fraud could grow even more from 2015 to 2016.
John Heggestuen, at BI Intelligence, explains that EMV cards are being rolled out with an embedded microchip for added security. The microchip carries out real-time risk assessments on a person’s card purchase activity based on the card user’s profile. The chip also generates dynamic cryptograms when the card is inserted into a payment terminal. Because these cryptograms change with every purchase, it makes it difficult for fraudsters to make counterfeit cards that can be used for in-store transactions.
Retail card fraud cost U.S. retailers approximately $32 billion in 2014, up from $23 billion in 2013. To solve the card fraud problem across all channels, payment companies and merchants are implementing new payment protocols that could finally help mitigate fraud. In the article, BI’s Heggestuen describes some of the other technologies that financial institutions are utilizing to reduce fraud risks.
• Encryption of payments data is being widely implemented. Encryption degrades valuable data by using an algorithm to translate card numbers into new values. This makes it difficult for fraudsters to harvest the payments data for use in future transactions.
• Point-to-point encryption electronically changes sensitive payment data from the point of capture at the payments terminal all the way through to the gateway or acquirer. This makes it much more difficult for fraudsters to harvest usable data from transactions.
• Tokenization increases transaction security. Tokenization assigns a random value to payment data, making it effectively impossible for hackers to access the sensitive data from the token itself. Tokens are often “multiuse,” meaning merchants don’t have to force consumers to re-enter their payment details. Apple Pay uses one emerging form of tokenization.
• 3D Secure is an imperfect answer to user authentication online. One difficulty in fighting online fraud is that it is hard to confirm that the person using card data is actually the cardholder. 3D Secure adds a level of user authentication by requiring the customer to enter a passcode or biometric data as well as payment data to complete a transaction online.
rb-
The best recommendation to protect yourself from Skimer and other ATM threats is to use the ATMs at your bank or credit union. These ATMs are harder for thieves to install any type of skimmers or malware on because of the higher traffic and monitoring. ATMs located outside a financial institution like at a 7-11 are highly suspect.
Related articles
- Fraudsters Coordinate 14,000 ATM Withdrawals in 3 Hours to Steal $13 Million (theepochtimes.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2016, 3D Secure, AAPL, Apple Pay, APT, ATM, Biometrics, Credit card, Debit card, EMV, Encryption, Fraud, Kaspersky Lab, Malware, PCI-DSS, Security, Skimer, Tokenization
Your Next Job
Hate your job? The Business Insider says that only 19% of IT professionals are really happy at work. Still feeling the bite of the 2008 depression, market correction, recession, recovery that wont recover? Here is an out-of-this-world opportunity. NASA wants you to apply for a job on Mars.
The space agency released a series of recruitment posters that advertise potential positions that may one day need to be filled on Mars. The posters feature ads for farmers, surveyors, teachers, technicians, and other positions.
Journey to Mars‘ (PDF) plans to colonize the Red Planet envisions people living and working in Martian colonies beginning in 2030.
You can download all the posters from the NASA website.
Related articles
- Mars mission receives a record number of applicants (abc.net.au)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.