In which, we are enthralled by Le Bon Professeur Jules Verne. Via a typically superb post - crafted by Nick Pelling at his Tremendous Cipher Mysteries site; further, by way of a fascinating article in the United States Army Signal Corps Bulletin of April to June 1940 detailing Monsieur Verne's prediliction for both transpositional and Vigenère ciphers. Outstanding.
Infinity Maxim: There are an unlimited number of security vulnerabilities for a given security device, system, or program, most of which will never be discovered (by the good guys or bad guys).
Comment: This is probably true because we always find new vulnerabilities when we look at the same security device, system, or program a second or third time, and because we always find vulnerabilities that others miss, and vice versa. - as compiled by Roger G. Johnston, Ph.D., CPP, Argonne National Laboratory
The overnight Daily Digest from Securosis (visit here to sign up - always a good read) contains an interesting theme on ticker symbols, and posits the effect that previous security breaches exert on company stock price. In this case, a positve effect...
And, while on the previous subject, the ticker symbol HACK is presented, and speculation of adding other security related tickers. The HACK ticker symbol represents an Exchange Traded Fund (ETF) (in this case, an investment vehicle targeting the so-called cyber-security realm and originally created by PureFunds).
Superbly minimalist posting via Uncrunched by the inimitable Michael Arrington, detailing the VCs, board members and others behind Superfish. As interesting, but for different reasons, are the information security (in this case anti-virus flogger Lavasoft) businesses also utlizing the SSL MITM module (aka Redirector) from Komodia. Ooops.
NIST, the National Institute of Standards and Technology, has released a new internal report targeting replication device risk management (Replication devices reproduce images, objects or documents from an electronic or physical source, et cetera).
Entitled NIST Internal Report 8023 Risk Management for Replication Devices, the report provides clear and correct guidance to establish in-house methods, policies and procedures in the effort to provision the data stored within replication systems using the well-used infosecurity triad (Confidentiality, Integrity and Availability) as a baseline.
Replication devices are the perfect example of the so-called 'soft-underbelly' in many (if not all) organizations. These systems are quite often utilized for intelligence gathering activities due to on-board storage and other facilities that enable footprinting of historical data, thereby establishing timelines, and of course, all important raw data to accompany those timelines.
In this case, Tweet Deleters... Apparently, foolish belief in the effectiveness of messaging deletions is widespread within the so-called twitter-sphere. Once published, the content will live on, in one form or another... Astonishing stupidity.
Going dark in 2014, the Equation Group's malware command and control servers have reportedly been migrated onto United States soil... This, after a nefariously successful run targeting thousands of victims in at least 40 countries. Focusing on vertical industry segments such as medical, telecom and aerospace sectors, including diplomatic missions, research institutions, military, governments, the Equation Groups' malware is apaprently fostering speculation as to connections between and betwixt US agencies.
"In an exhaustive report published Monday at the Kaspersky Security Analyst Summit here, researchers stopped short of saying Equation Group was the handiwork of the NSA—but they provided detailed evidence that strongly implicates the US spy agency." - via ArsTechnica's Dan Goodin
Counsel-of-Record in the class action suit targeting the security issues evidenced by LinkedIn's failure to employ industry standard data protection schemes has released an update for class members [as ordered by the Court on January 29, 2015]. The gist of the message appears below, while the full and precise terms of the settlement appear at this link: http://www.LinkedInClassActionSettlement.com.
IF YOU PAID A FEE TO LINKEDIN FOR A PREMIUM SUBSCRIPTION BETWEEN MARCH 15, 2006 AND JUNE 7, 2012, A CLASS ACTION SETTLEMENT MAY AFFECT YOUR RIGHTS
LinkedIn denies that it engaged in any wrongdoing or violated any law, and the Court has not determined who is right. Rather, the parties have agreed to settle the lawsuit.
Who is a Settlement Class Member? You are a Settlement Class Member if you live in the United States and paid a fee to LinkedIn for a premium subscription at any time between March 15, 2006 and June 7, 2012.
What Do I Get From the Settlement? Settlement Class Members who were influenced by LinkedIn’s statements about its security when they signed up for LinkedIn premium subscriptions can submit a valid claim by May 2, 2015 to receive a payment of up to $50 from a $1,250,000 Settlement Fund, after payment of the costs of administering the settlement, the attorneys’ fee award, and any incentive award to the plaintiff. The amount of any payment to Settlement Class Members depends upon the number of valid claims filed. For further explanation regarding the payments, please review the detailed notice at www.LinkedInClassActionSettlement.com. If there is still money left in the Settlement Fund after all of the foregoing payments are made, the money will be donated to appropriate non-profit organizations. LinkedIn will also employ both salting and hashing, or an equivalent or greater form of protection, to protect LinkedIn users’ passwords for a period of five (5) years. File your claim online here at www.LinkedInClassActionSettlement.com by May 2, 2015. To request a paper copy, call toll-free 1-877-790-2130.
What are My Other Options? You will be a member of the Settlement Class unless you exclude yourself from the settlement. If you do not wish to be a member of the Settlement Class, you may exclude yourself by mailing a valid request for exclusion to the Settlement Administrator, and it must be postmarked no later than April 13, 2015. Be sure to include your name, address, email address, phone number, and a statement that you wish to be excluded from the Class in In re LinkedIn User Privacy Litigation, Case No. 12-cv-03088-EJD. If you choose to exclude yourself, you give up your right to object to the settlement, but retain any rights you may currently have to sue LinkedIn over the legal issues in the lawsuit.
You and/or your lawyer have the right to appear before the Court and object to the proposed settlement (i.e., state the reasons you do not like it). You can’t ask the Court to order a larger settlement; the Court can only approve or deny the settlement. If the Court denies approval, no settlement payments will be sent out and the lawsuit will continue. If that is what you want to happen, you must object. You can object ONLY if you stay in the Settlement Class. If you exclude yourself, you have no basis to object because the case no longer affects you. Your written objection must be filed or mailed to the Court referencing In re LinkedIn User Privacy Litigation, Case No. 12-cv-03088-EJD no later than April 13, 2015. Specific instructions about how to object to, or exclude yourself from, the settlement are available at www.LinkedInClassActionSettlement.com.
If you do nothing you will be in the Settlement Class, and if the Court approves the Settlement Agreement, you will also be bound by all orders and judgments of the Court. If approved, your claim relating to LinkedIn’s statements about the security of your password and information and relating to a June 2012 data breach that are the subject of this case against LinkedIn, will be fully and finally resolved and released (as set forth in greater detail in the Settlement Agreement).
Who Represents Me? The Court has appointed attorneys from Edelson, PC and Kaplan Fox & Kilsheimer LLP, to represent the class: These attorneys are referred to as Class Counsel. If you want to be represented by your own lawyer in this case, you may hire one at your expense.
When will the Court Consider the Proposed Settlement? The Court will hold a hearing to determine the fairness of the settlement at 9:00 a.m. on June 18, 2015 at the Robert F. Peckham Federal Building, 280 South 1st Street, San Jose, CA 95113 in Courtroom 4, 5th Floor before Judge Edward J. Davila. At that hearing, the Court will consider whether to approve the settlement and a request by Class Counsel for attorneys’ fees of up to one-third (1/3) of the Settlement Fund and an award for the Class Representative of up to $7,500. The Court may award less than these amounts. The hearing may be postponed to a different date or time without notice, so check www.LinkedInClassActionSettlement.com for updates. You are not required to come to this hearing. How Do I Get More Information? This notice is a summary. For the precise terms and conditions of the settlement, please see the Settlement Agreement available at www.LinkedInClassActionSettlement.com, by contacting Class Counsel at 1-866-354-3015, by accessing the Court docket in this case through the Court’s PACER system at https://ecf.cand.uscourts.gov, or by visiting the office of the Clerk of the Court at the address above between 9:00 a.m. and 4:00 p.m., Monday through Friday, excluding Court holidays. Please do not contact the Court or LinkedIn with questions about the settlement or the claim process.
By Order of the Court Dated: January 29, 2015