Thursday, May 23, 2013

Who guards the guardians? Apparently, DHS was not auditing this vendor nor did the vendor keep access logs. Does not make me feel secure...
Jason Miller reports:
Tens of thousands of current and former Homeland Security Department employees are at risk of identity theft after officials discovered a vulnerability in the vendor’s system for processing background investigations.
All DHS employees working in the headquarters office, for the Customs and Border Protection and for the Immigration and Customs Enforcement components from 2009 to 2013 are the most affected, according to an internal notice sent to employees, which was obtained by Federal News Radio and confirmed by a DHS spokeswoman.
“As a result of this vulnerability, information including name, Social Security numbers (SSN) and date of birth (DOB), stored in the vendor’s database of background investigations was potentially accessible by an unauthorized user since July 2009,” the internal notice stated.
Read more on FederalNewsRadio.com
Related: DHS Notice
[From Federal News Radio:
A DHS spokeswoman emphasized there is no evidence [No logs? Bob] that any employee data was stolen or lost.
DHS said it found out about the breach from a law enforcement partner [DHS didn't detect the breach? Bob] and is investigating if the vendor had any data stolen.


Faster detection by the organizaton itself. See DHS, this is how it should be done.
Krister Rollins reports:
The Maine Attorney General’s office is issuing an alert for people who may have used an out-of-state service for buying tickets for shows and other forms of entertainment recently.
The service, Venidini (sic), Inc., has been hacked, exposing financial information for tens of thousands of customers.
Vendini sent a letter to Maine’s Attorney General about the breach. Vendini’s letter says that on March 29th, someone broke into a server that contains the names, addresses, email addresses, credit card numbers and credit card expiration dates of tens of thousands of people, 22,900 Mainers among them.
Read more on WCSH. A statement on Vendini’s blog, posted yesterday, reads:
… We regret to inform you that on April 25, 2013, Vendini, Inc. detected an unauthorized intrusion into its systems.


This is new.
Sue Reisinger writes:
Earlier this month the U.S. Equal Employment Opportunity Commission filed—and quickly settled—its first lawsuit accusing an employer of gathering illegal genetic information during a job applicant’s medical exam. The agency followed it up last Thursday by filing its first class action suit against another employer on similar grounds.
The Genetic Information Nondiscrimination Act went into effect in 2009, and some individuals have sued companies under it. But not until this month did the government take official action to enforce GINA, as the law is called.
“Employers need to be aware that GINA prohibits requesting family medical history,” said David Lopez, general counsel of the EEOC, in a statement. “When illegal questions are required as part of the hiring process, the EEOC will be vigilant to ensure that no one be denied a job on a prohibited basis.”
Read more on Corporate Counsel.
[From the article:
And, according to the law, it doesn’t matter if a company doesn’t know about the medical examiner’s request. In other words, it is the company’s responsibility to make sure any third-party medical examiner it hires doesn’t ask an illegal question.
However, GINA provides a “safe harbor” for employers if they attach language to any request for information from a health care provider that tells the applicant not to answer questions about family or genetic information.


There seem to be a few holes in the planned coverage...
Travelers visiting the US may have to prepare for more hassles at customs: All foreign nationals leaving the country at 30 airports must have their fingerprints taken, according to a new amendment to a planned immigration reform bill.
The amendment, which was approved by the Senate Judiciary Committee in a 13-5 vote, will see departure terminals at major US airports – including JFK, LaGuardia and Newark Liberty – equipped with high-tech systems for fingerprinting foreign nationals and scanning their passports and visas.
Read more on RT.
[From RT:
Currently, foreigners are only required to submit their fingerprints when entering the United States.
Not tracking exits is “a hole in the system,” said Senator Orrin Hatch (R-UT), one of the amendment’s proponents. "Biometric data provides the government with certainty that travelers (and not just their travel documents) have or have not left the country," the Senator’s office said in a statement, according to the Salt Lake Tribune.
The new departure procedure is being introduced in order to prevent foreigners from overstaying their visas. [I must be missing the “prevention” part... Bob]
… Advocates for the provision cite the recent high-profile case of Azamat Tazhayakov. A Kazakhstani, Tazhayakov was a friend of Dzhokhar Tsarnaev, a Boston Marathon bombing suspect, and was charged with obstruction of justice after he allegedly attempted to dispose of possessions belonging to Tsarnaev. Tazhayakov reportedly entered the United States in January on an invalid visa. [Why was it undetected? Shouldn't we fix that hole first? Bob]


Perhaps a new area of Psychology: Data Breach Distress Experts?
From Out-Law.com:
In a recently published judgment, the Court said that the Data Protection Act (DPA) does not oblige businesses to pay individuals compensation for distress that causes damage where the distress caused is not attributable to a breach of the Act.
Under section 13 of the DPA a person is generally entitled to compensation if they suffer damage as a result of violations of a section of the DPA by organisations that hold their personal data. Individuals are also generally entitled to compensation from those data controllers if they suffer distress that causes damage.
Read more on Out-Law.com


More coverage than ship based radar, more detail than satelites.
Navy’s High-Flying Spy Drone Completes Its First Flight
… The MQ-4C Triton took off today for the first time from a Palmdale, California airfield, a major step in the Navy’s Broad Area Maritime Surveillance program.
… The Navy even announced it via Twitter.
… The idea is for the Triton to achieve altitudes of nearly 53,000 feet — that’s 10 miles up — where it will scan 2,000 nautical miles at a single robotic blink. ... Its sensors, Northrop boasts, will “detect and automatically classify” ships, giving captains a much broader view of what’s on the water than radar, sonar and manned aircraft provide. Not only that, Triton is a flying communications relay station, bouncing “airborne communications and information sharing capabilities” between ships. And it can fly about 11,500 miles without refueling.


It's always easier to sell a bad idea if you can introduce a bit of misdirection.
"Supporters of the Communications Data Bill (also known as the Snooper's Charter) have lost no time in calling for the Bill to be revived, in response to yesterday's brutal murder of a soldier on the streets of Woolwich, South London. The Bill would have allowed monitoring of all online communications — including who people contact and what websites they visit — but was shelved after Deputy Prime Minister Nick Clegg opposed it, effectively splitting Britain's coalition government on the issue. Now the fear of new terrorism could rekindle support, based on the argument that even 'lone wolf' attackers use the Internet."


Even a non-lawyer can see the government will fight this one tooth and nail...
May 22, 2013
"EFF Takes FOIA Fight Over Secret Wiretaps to the Foreign Intelligence Surveillance Court"
"Today, EFF filed a motion in a secret court. This secret court isn’t in a developing nation, struggling beneath a dictatorship. It’s not in a country experimenting for the first time with a judiciary and the rule of law. And, as Wired recently noted, it’s “not in Iran or Venezuela, as one might expect.” No, the court is here, in the United States (it’s in Washington, D.C., in fact). It’s called the Foreign Intelligence Surveillance Court (or the FISC), and it reviews the federal government’s applications to conduct surveillance in national security cases. It’s comprised of 11 district court judges from around the country, and its opinions and orders are the law of the United States, like other federal courts. But the FISC is different from typical courts in one fundamental way: almost everything about the FISC is secret. In fact, just being able to publicly say that we filed a motion with the FISC is unusual. Most proceedings are done ex parte (in this context, meaning just with the government and the judge), and any non-governmental parties involved in proceedings are typically forbidden from ever disclosing it. Even when the FISC finds that the government has acted illegally, so far, that illegality has been been kept hidden from public scrutiny and accountability. EFF is trying to change that. We filed a lawsuit under the Freedom of Information Act (FOIA) after the Department of Justice refused to disclose a FISC opinion we requested. The FISC opinion held that the government engaged in surveillance that was unconstitutional and violated the spirit of federal surveillance laws. We only know the opinion exists because Senators, like Ron Wyden and Mark Udall, essentially forced the government to publicly acknowledge its existence."


Interesting perspective
What Google Glass Reveals About Privacy Fears
Marketing professionals have learned the hard way that no matter what they do or do not plan to do with consumer information, privacy matters. In part, that's because marketing has always been something of a black art. When an ad appears to speak to a consumer directly, of course, it's likely to be most effective. But that's also the moment when the creepy response kicks in. How did they know what I wanted, perhaps even before I did?
Couple the lack of transparency of marketing generally with the shock of new technology, and you get anxiety over information use that increasingly translates into calls for legislation or regulatory intervention.


Our favorite 'character' in the wacky world of Copyright disputes now becomes a patent troll?
Nyder writes
Techdirt points out that Dotcom isn't just asking for financial help: Instead, he's asking companies which use two-factor authentication "to help fund his defense, in exchange for not getting sued for the patent. He points out that his actual funds are still frozen by the DOJ and (more importantly) that his case actually matters a great deal to Google, Facebook and Twitter, because the eventual ruling will likely set a precedent that may impact them -- especially around the DMCA." Update: 05/23 14:23 GMT by T : Why is this relevant to Twitter? If you're not an active Twitter user, you might not realize that (after some well publicized twitter-account hijackings), the company is trying to regain some ground on security. Nerval's Lobster writes "Twitter is now offering two-factor authentication, a feature that could help prevent embarrassing security breaches. Twitter users interested in activating two-factor authentication will need to head over to their account settings page and click the checkbox beside 'Require a verification code when I sign in.'"


Not sure I understand what is going on here
"According to an announcement on a French government website, police have stopped current searches for missing adults and will not accept new search requests. 'Such 'searches in the interests of the family' were conducted under an administrative procedure almost a century old, introduced to help families separated during the upheavals of World War I to find missing relatives,' according to the French Ministry of the Interior. In a letter to police chiefs announcing the changes, the Ministry advised them to instead 'direct people towards social networks on the Internet, which offer interesting possibilities.'"
[From the article:
… unless there are signs that the person is in danger.
… Requests for the searches have fallen considerably in recent years, and are now most often used to find those behind on alimony payments
… Searches will continue for minors, and for those who disappear in worrying circumstances -- for example those with suicidal intent, or victims of a crime -- as they are conducted under a different procedure.


Might be fun to take a peek...
May 22, 2013
Congress.gov, currently in beta test, to eventually replace THOMAS
Library of Congress Magazine: "The Law Library and CRS, working with the Library's web services experts, maintain THOMAS, the Internet-accessible database that makes legislative information-bills, resolutions, treaties and the Congressional Record-available to Congress and the public. Congress.gov, a beta website operated jointly by the Library of Congress, the House, the Senate and the other legislative branch sources, provides the same information through mobile devices and eventually will replace THOMAS. The Law Library responds to all queries related to THOMAS and the Congress.gov beta site. "Since the launch of the public legislative information system known as THOMAS in 1995, Congress has relied on the Library to make the work of Congress available to the public in a coherent, comprehensive way," said Rep. Gregg Harper (R-Miss.) at the September 2012 launch of the Congress.gov beta site. "The Library staff has a strong working relationship with the House, Senate and the Government Printing Office, which will enable the Library to successfully develop the next generation legislative information website."


For my Ethical Hackers. Remember to documant your hacks – they may have 'historical significance” some day.
May 22, 2013
Scanned PDFs of about 800 historical documents related to phone phreaking are now available on the Exploding The Phone web site
"While researching the book...Exploding the Phone...Phil Lapsley amassed a bibliographic database of roughly 1,000 documents related to phone phreaking history. You can search this database by typing search terms into the box below. Many (but alas, not all) of the documents are available as scanned PDFs. For more information on what is and isn't in the database, and tips on searching it, please see the search help page."


For my Geeks. Republish government data for fun or profit! Worth reviewing the list. There is a Federal Register searh app, for example. Even some limited PACER access.
May 22, 2013
NextGov: Massive Catalog of Streaming Government Data Set to Launch
NextGov: "Government data officials have nearly completed an exhaustive list of nearly 300 application programming interfaces that will allow outsiders to stream up-to-date information from government agencies straight to their computers, websites and mobile apps. The final version of the federal API catalog will be released Thursday on the government dataset trove Data.gov to mark the one-year anniversary of the White House’s federal digital strategy, the site’s administrator Jeanne Holm told Nextgov by email Wednesday. A nearly complete version of the API catalog includes hyperlinks to about 280 government APIs, listed individually and broken down by federal department and agency. Holm called the current site a “transparent work in progress.” Officials will continue to add more APIs to the list after Thursday as agencies launch them, she said. An API is essentially computer code that allows one machine to automatically gather updated information from another. A community organization could use the API for a national farmers’ market database recently launched by the Agriculture Department, for instance, to stream information about local farmers’ markets on its website. APIs were a key component of the digital strategy, which required agencies to have at least two of them up and running by the strategy’s one-year anniversary. (The official deadline arguably won’t come for several months because it was also tied to the six-month anniversary of a government open data policy, due in November 2012, that wasn’t published until earlier this month). A major goal for the API program is that private sector and non-profit developers will build mobile apps and other products off of streaming government data about home prices, health outcomes and other topics, either to serve the public, to turn a profit or both. One model for the initiative is the multi-billion industry built off government-gathered Global Positioning System data, which is used by industries ranging from airlines to mobile app developers."


I normally don't teach 'lit-er-a-chore' but I can see myself incorporating one of these into my classes. See if you can guess which one.
5 Good Resources for Teaching & Learning About Shakespeare
Shakespeare Uncovered … a nice resource for helping students understand the things that influenced Shakespeare's writing.
Shakespeare Animated … Some of the animated plays that appear in the Shakespeare Animated playlist are Romeo and Juliet, Hamlet, MacBeth, and The Taming of the Shrew.
Crash Course videos about English literature includes two videos about Romeo & Juliet.
Insults by Shakespeare … In addition to explaining the insults used by Shakespeare the lesson also explores some of Shakespeare's other uses of dialogue.
L.A. Paun used LiveBinders to create and share a nice collection of Shakespeare resources. The LiveBinder has a section for Shakespeare in general and sections devoted to Romeo & Juliet, MacBeth, Hamlet, and Twelfth Night.
Shakespeare's Original Pronunciations could be a good resource to support classroom readings of some of Shakespeare's works. Take the guess work out of the pronunciations by hearing them.


For my Intro to IT students: This is Convergence.
… Our gadgets have also replaced a significant amount of physical objects, to the point where many of us wouldn’t consider buying a product when there is an equivalent piece of software that is up to the task.
In light of this here are a list of things many of you might not consider purchasing ever again.
Calculator
Scanner
The Diary
Remote Controls
Radio
Trackpad & Mouse
Alarm Clock
The Landline
Notebooks & Scrap Paper
Magazines


Another onerous task for my Intro to IT students.
… now it’s time to list the best playable Google Doodles released to date. Good Guy Google doesn’t delete these games, so they remain playable long after they appear on the Google homepage

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)