Thursday, October 25, 2012

What is it with banks not wanting to get rid of their 1950's technology? Moving data from a seucre location electronically and fully encrypted is faster, cheaper, and unlikely to be stolen from an employees car.
VSECU notifies consumers of missing backup tapes
October 24, 2012 by admin
TD Bank isn’t the only financial sector entity dealing with missing backup tapes these days. Vermont-based VSECU sent out notification letters yesterday after two unencrypted backup tapes created on August 27th were discovered missing on September 10.
The tapes contained names, addresses, Social Security numbers, driver’s license numbers, financial account information, and transaction records.
The credit union does not think the tapes were stolen. They believe they may have been accidentally discarded and wound up in a landfill.
There’s no explanation as to why the tapes were unencrypted.
You can read their notification letter here.

Cybercrime: Mobile Changes Everything — And No One’s Safe
The FBI recently put out a mobile malware alert, providing us with a sobering reminder of this “evil software” for phones and tablets. In this particular case, the FBI was warning against the Finfisher and Loofzon malware, which spies on our data and leaks GPS positions to track our movements. While these threats appear to have been developed for government surveillance purposes, they can of course be used by any organization.
And therein lies the problem. Mobile malware affects all of us.
Unfortunately, the advice the FBI alert shared was vague and maddeningly difficult to follow. For example: “Users should look at the reviews of the developer/company who published the application” and “Turn off features of the device not needed to minimize the attack surface of the device.” Heck, I’m a security researcher, and I’m fuzzy about what all that means. [Consistant with the inability of FBI agents and lawyers to explain their cell phone tapping tools, as I posted yesterday Bob]
… Users Don’t Get It – But Hackers Do
But the fact remains that users remain unaware of the mobile malware problem, complacent about it, or simply reluctant to take action. Mobile malware is a bit like a traffic accident. Until it happens to us – or we hear a vivid story out there of “it happened to…” – the threat feels very abstract and remote.

(Related) Ethical Hacking: There's an App for that!
Have you ever tried finding your phone by calling it, only to remember that your phone is on Silent? At times like these, one wishes to be able to perform numerous little functions on the phone remotely like exiting the phone from Silent mode. Here to let you do this and many other such tasks remotely on your phone is an app called Agastaya.
Agastaya is a free to use phone application that lets you perform numerous useful tasks on your phone remotely. The app helps you access and retrieve data from your phone. For example, you can get contact information, call logs, phone IMEI number, SIM number, and SMS logs from your phone remotely. You can also change your phone’s profile e.g. exit it from the Silent mode by sending a text on it so you can call the phone, hear it ring, and find it; conversely, you can set your phone to Silent mode.

(Related) Mobile, with money to burn?
Presidential Campaign Donations in the Digital Age
10% of 2012 presidential campaign donors have contributed via text message or cell phone app. Democrats are more likely to contribute online or directly from their cell phone, while Republicans are more likely to contribute in person, by phone call, or via regular mail.

We've had a couple of individual breaches (TJ Max and Heartland for example) that were nearly as large as this years totals.
174 million records compromised in 855 data breach incidents last year, says report
October 24, 2012 by admin has a recap of some of the main findings in the 2012 Verizon DBIR:
Verizon’s Data Breach Investigations Report (92-page / 3.47MB PDF) (DBIR) covering the year 2011 found that 174 million records were compromised in a total of 855 data breaches in what it called an “an all time low” for protection against data breaches.
The report outlined that 96% of firms that were required to comply with the Payment Card Industry Data Security Standard (PCI DSS) and that fell victim to data breaches recorded in Verizon’s own “caseload” from last year, were not compliant with the standards.
Read more on Not surprisingly, their figures differ from’s figures as DLDB uses somewhat different sources for our breach entries. Thus, where Verizon’s sample is based on 855 incidents, DLDB reported 1,041 incidents for 2011, and where Verizon shows 81% of incidents used some form of hacking, only 30% of DLDB’s entries involved hacking (or 32% if you include virus/malware). As always, interpret with caution/qualifiers.
[From the report:
79% of victims were targets of opportunity (-4%)
Findings from the past year continue to show that target selection is based more on opportunity than on choice. Most victims fell prey because they were found to possess an (often easily) exploitable weakness rather than because they were pre-identified for attack.
Whether targeted or not, the great majority of victims succumbed to attacks that cannot be described as highly difficult. Those that were on the more sophisticated side usually exhibited this trait in later stages of the attack after initial access was gained.

We did it so Terrorists can check to see if their cover is blown. That way they don't need to go all the way to the airport only to discover they have been “randomly selected” for a cavity search!”
"Flight enthusiasts, however, recently discovered that the bar codes printed on all boarding passes — which travelers can obtain up to 24 hours before arriving at the airport — contain information on which security screening a passenger is set to receive. Details about the vulnerability spread after John Butler, an aviation blogger, drew attention to it in a post late last week. Butler said he had discovered that information stored within the bar codes of boarding passes is unencrypted, and so can be read in advance by technically minded travelers. Simply by using a smartphone or similar device to check the bar code, travelers could determine whether they would pass through full security screening, or the expedited process." [Given that information, could they create their own “expedited process” boarding passes? Bob]

Nothing new, but a citeable authority?
GAO Study Gives Low Marks to Companies Regarding Transparency to Consumers of Use of Location Data
October 24, 2012 by Dissent
Nihar Shah has a nice recap of the recent GAO report:
The Government Accountability Office (“GAO”) released a study in September, 2012 analyzing the collection, use and disclosure practices of fourteen companies operating in the mobile field regarding location data collected from consumers. In the absence of laws or regulations regarding the collection of location data specifically, the GAO compared the policies of the fourteen companies to best practices regarding the collection and use of personal information generally, aggregated from federal agencies such as the Federal Trade Commission (“FTC”) and Federal Communications Commission (“FCC”) and from self-regulatory bodies such as the CTIA – The Wireless Association. The study found that the companies’ practices included several departures from established best practices. The agency also determined that inconsistencies in what the policies say companies will do with location data and what the companies actually do with that data are exposing consumers to serious privacy risks.
Read more on InfoLawGroup.

What causes this supervisor to ask good questions when so many in similar oversight positions don't bother?
Supervisor seeks more privacy for Clipper card users
October 25, 2012 by Dissent
Zusha Elinson reports:
San Francisco Supervisor John Avalos has introduced a resolution urging the Metropolitan Transportation Commission and state Legislature to strengthen privacy protections for Clipper card users.
The transportation commission, which administers the transit card, also has begun re-examining why personal data is stored for seven years after a Clipper card account is closed.
Read more on The Bay Citizen.

You might find something of interest here...
Future of Privacy Forum
Privacy Papers for Policy Makers 2012
Future of Privacy Forum is pleased to share the third annual “Privacy Papers for Policy Makers,” showcasing leading analytical thinking about current and emerging privacy issues.
Leading Privacy Papers:
Bridging the Gap Between Privacy and Design
Deirdre Mulligan and Jennifer King
Mobile Payments: Consumer Benefits & New Privacy Concerns
Chris Jay Hoofnagle, Jennifer M. Urban, and Su Li
Smart, Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising
Blase Ur, Pedro G. Leon, Lorrie Faith Cranor, Richard Shay and Yang Wang
Will Johnny Facebook Get a Job? An Experiment in Hiring Discrimination via Online Social Networks (See digest for executive summary)
Alessandro Acquisti and Christina Fong
Privacy Papers of Notable Mention:
Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising
Pedro G. Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, and Yang Wang
View the 2011 papers here.

One of my students is an NRA Master Firearms Instructor. She'll love this!
With ‘Safe Haven,’ Desktop Weaponeers Resume Work on 3D-Printed Guns
Three weeks after a group of desktop gunsmiths had its leaded 3D printer seized by the digital manufacturing firm that owned it, the weaponeers have quietly restarted plans to build a gun entirely of printed parts. The group has also begun expanding their operation with outside help, including space for ballistics testing provided by a mysterious firm involved in the defense industry.
Cody Wilson, founder of the Wiki Weapon project, tells Danger Room that the unnamed company’s owner “wanted to offer me a safe haven, basically.” Wilson describes the company as a “private defense firm” in San Antonio, Texas, but the company’s owner is wary of negative publicity and Wilson doesn’t want to reveal the firm’s name without consent.
“We’ve got basically a space where we can do experiments. Ballistics, basically. So it’s not quite a range — we’ve got a range — but we’ve got floor space where we can literally test the guns and set up instrumentation,” Wilson says.

Something to stock those e-stockings?
If you have an eBook reader, finding quality sources for your different eBooks may not always be easy. Either the eBooks are of bad quality, they’re relatively expensive, or the site simply don’t offer what you want. When you comes to your kids, you’ll also need to be able to trust that the site offers the right kinds of eBooks to them. With so many things you need to be aware of, you might need a recommendation or two.
ePubBud is a great place to download children’s eBooks. Althought the eBooks being offered aren’t the most popular in the world, it has plenty of quality books in numerous different categories. Those categories include Beginner, Kids, Tween, Teen, Fiction, Reference, and Nonfiction. There are also a couple safe books for adults, so while the book may be harder to read, the theme remains clean for everyone. From ePubBud you can download files to import into your favorite reader or you can also view the eBooks in your browser. If necessary, you can buy ISBNs for $5 or sell your own eBooks.
  • Also read related articles:

e-State planning. What we need is an e-Xecutor
October 24, 2012
Planning in the Digital Age
Planning in the Digital Age, Gerry W. Beyer - Texas Tech University School of Law, October 22, 2012
  • "Recently, a new subdivision of property has emerged that many people label as “digital assets” such as accounts used for e-mail, professional and personal data backups, banking, investment, and shopping, domain names and web-hosting accounts, social networking accounts, and avatars for online games. While estate planners have perfected techniques to transfer traditional types of property, many estate planners do not address digital assets when preparing their clients’ estates. This article aims to educate estate planning professionals on the importance of planning for the disposition of digital assets, provides those planning techniques, and discusses how to administer an estate containing digital assets.

Hacking for fun and profit (and cost savings)
"Choice, a prominent Australian consumer advocacy group, has urged Australians to obfuscate their IP address to avoid geo-blocking and use US forwarding addresses to beat high IT prices. Australia is currently in the middle of parliamentary inquiry into the country's disproportionately high prices for technology. Choice also suggested setting up US iTunes accounts and using surrogate US addresses for forwarding packages from American stores. Choice has noted previously that Australians pay 52 per cent more for digital music downloads on iTunes compared to US users."

Something for my Math students!
Wednesday, October 24, 2012
Symbolab - A Scientific Equation Search Engine
Symbolab is a new search engine designed for mathematicians and scientists. The search engine is a semantic search engine which means that rather than just searching the text of your query Symabolab attempts to interpret and search for the meaning of your query. What this means is that when you type in an equation you will get results as links and get results as graphs when appropriate. Think of it Symbolab as a cross between Google and Wolfram Alpha.
The Next Web has an extensive interview with Symbolab's founder that I recommend reading if you're interested in learning about the ideas behind the development of this search engine.
Applications for Education
Symbolab could be a useful search engine for mathematics students. The search results can be sorted to find explanations of how to solve an equation, what an equation is used for, as well as videos and examples of an equation in use.

Is this the future of music? (Something is, and I'm going to keep looking 'til I find it!)
Dhingana Raises $7M For Free, Streaming Indian Music
Dhingana, a startup with a free service for streaming Indian and Bollywood music, has raised $7 million in Series B funding.
The company’s catalog includes 500,000 songs in 35 languages, which it makes available on its website and through smartphone apps. Dhingana says it has built an audience of 15 million monthly active visitors, making it the most popular service of its kind. And 40 percent of those visitors are located outside of India.

No comments: