Saturday, July 14, 2012

At last! Will the FTC claim that Best Practices are now Required Practices? How far can they push? My Computer Security students should note that in this case, Lessons Learned = zero.
On June 26, the FTC filed a complaint against Wyndham Worldwide Corporation, a global hotel and resort company, and three of its subsidiaries for violation of Section 5 of the FTC Act. If this case goes to trial – and Wyndham’s comments about intentions to fight the suit suggest it might – it will be the first privacy/security matter fully litigated under Section 5.
The Commission brought the case in the U.S. District Court for the District of Arizona alleging “failure to maintain reasonable and appropriate data security for consumers’ sensitive personal data” after Wyndham faced three data breaches in less than two years.
… According to the complaint, the first breach was a “brute force attack” in which intruders accessed the Phoenix data center’s network by guessing user IDs and passwords. Even though the password guessing caused 212 user account lock-outs before intruders prevailed – a common signal of hacking – the FTC claims Wyndham could not locate the two locked-out computers and only realized four months later that the network had been infiltrated. The FTC alleges the intruders then installed memory-scraping malware to access payment card data, and over 500,000 payment card accounts were compromised and hundreds of thousands of account numbers exported to a domain registered in Russia. The second and third attacks were largely the same, although the FTC claims that in both cases, Wyndham failed to notice the breach on its own – a credit card issuer alerted the company that cards used at its hotels were soon thereafter used for fraudulent transactions. In total, the FTC estimates that over 619,000 consumer payment card accounts were compromised.
[The complaint:

This is an old technique called “Traffif Analysis”
Research: Why Johnny Can’t Browse in Peace: On the Uniqueness of Web Browsing History Patterns
July 13, 2012 by Dissent
Here’s the abstract of a research report by Ɓukasz Olejnik, Claude Castelluccia, Artur Janc:
We present the results of the first large-scale study of the uniqueness of Web browsing histories, gathered from a total of 368,284 Internet users who visited a history detection demonstration website. Our results show that for a majority of users (69%), the browsing history is unique and that users for whom we could detect at least 4 visited websites were uniquely identified by their histories in 97% of cases. We observe a significant rate of stability in browser history fingerprints: for repeat visitors, 38% of fingerprints are identical over time, and differing ones were correlated with original history contents, indicating static browsing preferences (for history subvectors of size 50). We report a striking result that it is enough to test for a small number of pages in order to both enumerate users’ interests and perform an efficient and unique behavioral fingerprint; we show that testing 50 web pages is enough to fingerprint 42% of users in our database, increasing to 70% with 500 web pages. Finally, we show that indirect history data, such as information about categories of visited websites can also be effective in fingerprinting users, and that similar fingerprinting can be performed by common script providers such as Google or Facebook.
Read the whole report on

For my Business Continuity class: How would you distinguish this outage from one cause by terrorists?
Explosion, Fire Cause Data Meltdown in Calgary
Downtown Calgary, Alberta, is going into its second day without complete use of government services, after some sort of explosion knocked out internet service provider Shaw Communications and a host of other nearby businesses.
The explosion kicked off a fire on the 13th floor of Shaw’s office building. A spokesman for the Calgary fire department says that it took firefighters some time to gain access to the floor, considering the amount of electrical equipment that had been engulfed by the flames.
… The fire department spokesman could not comment on specifics of what exactly was effected in the fire — and Shaw did not respond to a request for comment — but considering the description and level of outages, the fire was likely located in crucial data transfer and telecommunication areas. Even Shaw’s public website was down as of Friday afternoon, except a simple homepage with updates on restoring service.
The effects spread across the city. The Calgary Herald reports that nearby hospitals lost power and that IBM Canada, which leases three floors in the Shaw building, keeps a data center which provides outsourced services for clients like Service Alberta. IBM did not return calls seeking comment.
The CBC reports that the fire not only knocked out IBM’s offices, but left up to 30,000 landline telephone customers unable to call 911. Exasperating the problem, the city also lost us of its 3-11 informational service which left many customers completely in the dark about when they’d get communication back.
The CBC says the Shaw building was designed with backup networks, but the explosion damaged those as well.

Well, I find it interesting...
The Freedom Stick - be ready for Universal Design next academic year
It is time for every student to be given the opportunity to discover and experiment with a range of tools which can support their own individual differing communication needs – not just in school, but throughout their lives.
One free downloadable package of software allows students the ability to make almost any computer a fully accessible device. Students can convert text to audio, get their ideas down by speaking, They can draw, manipulate photography, create visual or audio-visual presentations, calculate mathematics a variety of ways, organize themselves, try a different keyboard, support their spelling and writing… and most importantly, learn the power of “Toolbelt Theory- the power of learning to choose and use tools well.
The Freedom Stick is a system, it can be downloaded and installed on a 4gb Flash Drive and carried everywhere by the student, plugged into and used on school computers or public library computers, or even employer computers – anywhere any version of Microsoft Windows is installed
The Freedom Stick is a collection of free, open-source programs which provide the widest range of supports for differing student needs. It is also a system supported by a range of learning tools – including a full set of “how to use” videos and presentations. It is easy to adapt to the students own needs, and it works with the supports included in Windows to create a true Universal Solution Set.
The Freedom Stick contains:
  • A full version of Open Office (equivalent to Microsoft Office and all documents adapt to both software programs), including Writer (Word), Impress (PowerPoint), Calc (Excel), Base (Access), plus Scribus (similar to Microsoft Publisher).
  • The Sunbird Calendar and Thunderbird Email systems.
  • Fully accessible versions of the Firefox, Opera, and Chrome web browsers including Text-To-Speech options and translations. Firefox and Chrome both include pre-set bookmark folders, offering access to free Digital and Audio Texts, online calculators (including talking calculators), and a wide range of curriculum supports.
  • A full scientific graphing calculator, a digital periodic table with physics and chemistry calculators built in, Converber – a remarkable unit converter, and X-mind – similar to Inspiration.
  • Balabolka, one of the most sophisticated Text-To-Speech systems available which can convert whole digital books to audio files, read anything with word-by-word highlighting, and which allows students to write and hear their own reading read back to them.
  • PowerTalk Portable, which will read any PowerPoint presentation, if PowerPoint is installed on your computer.
  • Audacity, a digital recorder and player.
  • Software for drawing, painting, photo-editing/manipulation, and computer screen recording.
  • Kompozer for writing html code (for building websites) and Notepad++ for coding (and testing code) in almost any computer language.
  • Screen magnifiers.
  • 7-Zip for creating and unpacking Zip Files.
  • Simulation software including Robot Programming and Home Design.
  • Games including Chess and Sudoku.
You can begin learning about the Freedom Stick, how to use it and individualize it, with these Presentations:

No comments: