clock menu more-arrow no yes

Filed under:

Flakes: A Quiet Big Ten Football Spring And An Update On IT Security

New, 16 comments

PJ Fleck has been quiet. How is that possible?

Minnesota v Maryland Photo by Mitchell Layton/Getty Images

I went on a journey for the purpose of today’s Flakes. I wanted to do an update on spring football across the entire Big Ten.

It was not a long journey.

There is an eerie quiet across the conference about spring football. At first I thought it was just Minnesota not talking, but it’s... most everyone. It’s quiet everywhere.

Penn State has their annual Red-White Spring game this weekend. Kind of-ish. It’s more of a spring practice, and it’s certainly not listed on the CBS Sports master schedule of all spring game everywhere. The only news I’m aware of about Penn State is that the seniors are irritated they can’t see the glorified practice (link below).

According to the master schedule, Illinois, Maryland, Michigan State, Nebraska, Ohio State, and Rutgers are the only schools having spring games. Compare that to the SEC where only Florida and Kentucky are listed as doing nothing.

Maybe I’m off base, but it’s normally not like this, it it?

Has anyone heard from PJ Fleck? That guy never shuts up, yet I don’t recall the last time I heard a Fleckism. On the other hand, there are other pressing matters currently happening in the Twin Cities, so perhaps it’s best he’s mute.

I expected more. Therefore, I will entertain you with updates on where I live in the world of IT Security.

News

Grassroots Email Campaign Urges Penn State To Change 'Blue-White' Attendance Policy | Onward State
The initiative, led by an anonymous student group called “Dark Paw,” specifically asks Penn State to let seniors into Beaver Stadium for the final spring football practice. Currently, only freshmen are permitted to attend.

Hawkeye Football: Takeaways from Iowa’s Spring Practice Photos - Black Heart Gold Pants
One of the things we’ve been sold via the media availability from the Iowa coaching staff has been some semblance of an actual QB competition this spring. Last week we heard from starting QB Spencer Petras talking about his need for improved accuracy while QB coach and former OC Ken O’Keefe talked not only about the need for more accuracy out of Petras, but the fact that backup Alex Padilla had a mastery of the offense and was highly accurate.

6 Players to Watch During Penn State’s “Spring Scrimmage” - Black Shoe Diaries
It’s not quite the traditional Blue-White Game, but the Nittany Lions will take the field on Saturday in a scrimmage to wrap up the spring practice sessions. It’s obviously a welcome sight after missing the entirety of spring ball in 2020.

Wisconsin Badgers men’s basketball: Brad Davison returning to UW - Bucky's 5th Quarter
The Badgers will return a key, veteran piece of their backcourt next season.

2021 NFL Draft: Justin Fields would shine in 49ers offense if drafted No. 3 - SBNation.com
Shanahan knows how to put quarterbacks in a position to succeed, and Fields’ skill set makes him an excellent option at No. 3

College football spring games 2021: Schedule, dates, TV channels, times for Power Five conferences - CBSSports.com
A handy schedule for all Power Five spring games this spring

Coach sees opportunity as an era ends in Gophers men's gymnastics - StarTribune.com
The curtain officially closes Saturday, at the end of the NCAA men's gymnastics championships. After the scores are tabulated and the trophies handed over at Maturi Pavilion, the Gophers' 118-year run as a varsity program will be over, cut by an athletic department wrestling with a budget deficit.

It Security Stuff

Facebook Tries to ‘Scrape’ Its Way Through Another Breach

Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn’t hacked, but scraped. No matter how the theft is characterized, 533 million users have just learned that their nonpublic profile details were stolen and sold to fraudsters.

I shouldn’t need to point out that Facebook is a TERRIBLE, AWFUL organization run by people who would sell your mother for next to nothing, then claim it was done by those people down the street you don’t like.

Facebook has repeatedly been breached. They’ve repeatedly lied about their advertising metrics, with little repercussion from the feds, I might ad.

It would be nice if there were another platform that could bring us together that was not run by lying, cheating, stealing bastards.

Here’s how the FBI managed to get into the San Bernardino shooter’s iPhone - The Verge
The FBI partnered with an Australian security firm called Azimuth Security to gain access to an iPhone linked to the 2015 San Bernardino shooting, a new report from The Washington Post reveals. Before now, the methods the FBI used to get into the iPhone were kept secret. It was only clear that Apple wasn’t involved, as the company had refused to build a backdoor into the phone, kicking off a legal battle that only ended after the FBI successfully hacked the phone.

School janitor says she was fired for not installing smartphone tracking app • Graham Cluley
According to Canadian media reports, Michelle Dionne lost her job cleaning at an elementary school in Darwell, Alberta, after her employer ordered staff to install an app on their personal smartphones that would keep track of their location and work hours.

Exchange Server Hack

FBI Removing Web Shells from Infected Exchange Servers
The FBI undertook the action without the knowledge of those systems’ owners, although it is attempting to contact those organizations. Experts say it may be the first time a court has authorized such an action in the U.S. It was made possible after a change in 2016 to Rule 41, which is part of the Federal Rules of Criminal Procedure, says Alexander Urbelis, a partner at the Blackstone Law Group in New York and former acting CISO for the U.S. National Football League.

The change to Rule 41 was intended to help the government battle botnets and remove procedural hurdles for cases involving child pornography online where the location of the perpetrators may not be known. It allows investigators to access computers outside of a jurisdiction where a search warrant is granted and also to remotely remove malicious code from a victim’s machine, Urbelis says.

The FBI Is Now Securing Networks Without Their Owners’ Permission - Schneier on Security
This is nothing short of extraordinary, and I can think of no real-world parallel. It’s kind of like if a criminal organization infiltrated a door-lock company and surreptitiously added a master passkey feature, and then customers bought and installed those locks. And then if the FBI got a court order to fix all the locks to remove the master passkey capability. And it’s kind of not like that. In any case, it’s not what we normally think of when we think of a warrant. The links above have details, but I would like a legal scholar to weigh in on the implications of this.

This is pretty amazing.

Not sure if you’re aware of the Exchange Server hack (hahaha who am I kidding, you’ve never heard of this, have you?), but it is incredibly widespread, spitting out data to (mostly) Chinese hackers from sites all over the United States.

Why does this happen?

It happens because Microsoft doesn’t take security seriously. They say they do, but they are completely full of shit. They’d prefer everyone on the planet move to their cloud platforms, which they tout as secure, but have their own issues such as slow password hacking on the Office 365 platform. I’ve dealt with this one. Last year I had a customer send $45,000 to Singapore that they’ll never see again, and that was just the one transaction they let me know about.

It happens because organizations don’t take security seriously. Many organizations can’t afford IT security, so they don’t bother with it. Many organizations don’t care about it until it shuts their systems down. It’s expensive. It cuts into the bottom line.

I see people, reasonable, rational people post shit on Facebook about “they’re coming to take our guns”, “vaccine passports”, and microchips. Nobody needs to do that shit. They’re just going to steal your data, and in doing so, steal your money and your life.

If you can’t buy bullets your guns are going to be worthless and you won’t be able to afford to go anywhere so you can fake rage about vaccine passports. Life is hard.

What you going to do about data security?

Enable 2FA on all your accounts. Consider deleting your Facebook account. Learn more about what your government is going to do about data security, but try not to get sucked into the rabbit hole that everything is about government controlled socialism.

Should the government be going into non-government organizations and fixing their security issues?

IT’S A SLIPPERY SLOPE!

Isn’t everything?

I too am interested in feedback on the FBI’s action.

Our Dog Esther Could Use Some Assistance

Our beloved dog Esther has been diagnosed with double ACL tears. We’re not sure how this happened, but she is a mix of lab/German Shepherd, so she’s energetic, loyal, loud, and can get overexcited at a moment’s notice. It may have been from slipping on the ice, or playing ball on the stairs, I don’t know.

Unfortunately, she’s no longer as excitable or energetic. She spends a lot of time lying on the couch, or on her several teddies. She needs to be repaired.

Anyway, the cost for surgery is around $3300-$3400 per leg. Ouch. We have a Gofundme set up for her. I would appreciate assistance. I have tests coming up in May that may result in fun things for myself. Yay.