Wednesday, October 10, 2018

DHS, US-CERT document multiple foreign threats, not just to elections



\US DHS chief Kristjen Nielsen told the Senate today that the US faces unprecedented cyber threats from overseas enemies, both corporations and governments and even individuals. The best link is ABC’s here. The midterm elections aren’t the only catalyst.

US Cert reports (TA-276B) “persistent threat activity exploiting managed service providers (link ).  It’s not clear if this includes web hosting companies. (see also 276A, related).
  
There is also a new “hidden COBRA” on fast cash systems, TA-275A, link

Monday, October 08, 2018

Google-Plus shutting down ("sunsetting") after company finds potential security vulnerabilities very difficult to fix in a cost-effective way for individuals; enterprise version will be boosted




Google has suddenly announced today that it will “sunset” Google+ for individual consumers, while promoting a new version for enterprises.  I heard about this on FB Messenger from a Friend in the DC area LGBT and social media business community.

The decision is announced here on Google’s own blog.  User data will be shut down and migrated by the end of August, 2019.  The discussion is part of a “Project Strobe”.

But the sudden announcement appeared after major security lapses were reported. Ashley Carman has a story on The Verge here.
  
The Wall Street Journal has more details in a searing story today in by the Macmillans, here.  Apparently there was a consumer leak that the WSJ, at least, says was not properly communicated to the public.  But Google insists the security problem was found in project Strobe and caught in time.
  
  
Google reports low consumer usage and engagement, apparently in comparison to major rivals (Facebook).  Google announced Google+  in 2011 and even intended it to pursue the “circles of users” concepts even more than Facebook, but it has not taken off.
  
I have found Google+ useful in stimulating discussion on YouTube videos I like, particularly on classical music.  I have not used it a lot in other areas for communicating news.
  
This development would raises potential questions in my own mind about the long range future of Blogger, this platform, also owned by Google but completely separate from it (but available through the same Google account).  I don’t know how well the business model for Blogger works today compared to a decade ago; but I have wondered that since around 2015, as I have noticed that not that many people advertise on the blogs (that I happen to look at), despite claims to the contrary on product forums. But I don't see that Blogger could present any of the same security problems. 

There have not been that many high-profile shutdowns of consumer platforms. AOL shutdown its Hometown product in 2007 for low usage and provided a transition to Blogger. Myspace seems to be running OK. 
    
This is a developing story that will be covered in more detail on posts on other blogs, as there are strategic implications especially for individual users (compared to whole companies and enterprises)

Sunday, October 07, 2018

Another Facebook "friend request" hoax



Here’s the low-down on the new Facebook “friend request” scam that erupted today.

I got one of these messages in church, during the communion.

ABC News Tampa Bay explains the hoax here
  
 This seems to be an invitation to get the scammer to create duplicate profiles (happened to me in 2016).

Thursday, October 04, 2018

News2Share covers indictment of seven Russian hackers



News2Share journalist Ford Fischer gives a good account of the indictment of seven Russian hackers, with “Fancy Bear” and the like, in this long Twitter thread of the DOJ meeting today

Vox Sentences summarizes “The Vanishing of Kamal Khashoggi which included a coverup of doping of Russian athletes.

But the Military Times (Gregory Katz et al) warns that Russians targeted a nuclear power company in Pennsylvania, possibly wanting to jump across an air gap to a control system. 

Tuesday, October 02, 2018

Is Trump's idea of pre-emptive cyber attack making us all less safe?



Josephine Wolff offers an op-ed in the New York Times particularly critical of Trump’s interest in pre-emptive cyber attacks, “Trump’s Reckless Cyber-Security Strategy.” 
  
Actually, this is not so far from criticizing the wisdom of a bloody nose electronic flux (EMP) attack on North Korea in late February, after the Winter Olympics, which was argued down.

Wolff says that the Obama administration was careful about unleashing Stuxnet on Iran.  But the danger today might be in tempting foreign powers to dare trying to jump “air gaps” separating the power grids in the US from the open Internet (with so called “jumps”).
  
Wolff also discusses the Sony hack in 2014; but that may have more to do with some companies antagonizing certain foreign enemies like North Korea.