Tuesday, October 29, 2013
So are we saying Adobe could not determine from their records how many records were taken?
Brian Krebs has updated his investigation into the Adobe hack that was originally reported to have affected 2.9 million customers.
In a post on KrebsonSecurity.com today, Brian writes that at least 38 million are affected.
But just this past weekend, AnonNews.org posted a huge file called “users.tar.gz” that appears to include more than 150 million username and hashed password pairs taken from Adobe. The 3.8 GB file looks to be the same one Hold Security CTO Alex Holden and I found on the server with the other data stolen from Adobe.
Adobe spokesperson Heather Edell said the company has just completed a campaign to contact all existing users whose login and encrypted password information was stolen, urging those users to reset their passwords. She said Adobe has no indication that there has been any unauthorized activity on any Adobe ID involved in the incident.
In a statement to Krebs, Adobe writes:
“So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users,” Edell said [emphasis added]. “We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not.”
Read more on KrebsonSecurity.com.
If anyone would retaliate for a cyber attack, the Israelis would. But who do you retaliate against?
Israeli Tunnel Hit by Cyber Attack, Experts Say
Remember, it's not Health Care, it's almost every government IT project.
The Stunning Negligence That Doomed Obamacare's Launch
If you can't make a logical argument, make an illogical one.
EPIC has filed a reply brief in In re EPIC with the U.S. Supreme Court, responding to the Government’s brief, which was filed after two extensions. The government argues the Supreme Court cannot hear the case. EPIC responded that it “simply cannot be correct” that the order of the Foreign Intelligence Surveillance Court, an inferior court, is not reviewable by the Supreme Court. EPIC also explained that the order is clearly unlawful. “No court has ever determined that ‘relevance’ permits the compelled production of such vast quantities of irrelevant personal information,” EPIC said, noting that Congressman Sensenbrenner, co-author of the USA PATRIOT Act, has written that “This expansive characterization of relevance makes a mockery of the legal standard.” EPIC also outlined the extraordinary impact of the NSA telephone record collection on all Americans: “These telephone records are unique and identifiable, and reveal a great deal of private information about millions of telephone users. In no instance has the Government established any individualized suspicion [Not exactly how the military (the NSA'a client) works. Bob] to support the collection of this information.” For more information, see In re EPIC.
We were talking “e-Discovery” at the Privacy Foundation's Big Data seminar last Friday (No video, no audio, no transcript – you REALLY had to be there) Interesting to find a whole website devoted to “Best Practices” for lawyers.
Judge Grimm’s New Discovery Order Is Now An e-Discovery Best Practice – Part One
Judge Paul Grimm’s new Discovery Order, which, to my knowledge, he now enters in every medium or large size case before him in District Court in Maryland, has just been included in Electronic Discovery Best Practices (found at EDBP.com).
What would George Washington do?
DNI Clapper Declassifies Additional Intelligence Community Documents Regarding Collection Under Section 501 of the Foreign Intelligence Surveillance Act
From IC on the Record, yesterday:
In June of this year, President Obama directed me to declassify and make public as much information as possible about certain sensitive intelligence collection programs undertaken under the authority of the Foreign Intelligence Surveillance Act (FISA) while being mindful of the need to protect national security. Consistent with this directive, in September 2013, I authorized the declassification and public release of a number of documents pertaining to the Government’s collection of bulk telephony metadata under Section 501 of the FISA, as amended by Section 215 of the USA PATRIOT Act (Section 215). Today I am authorizing the declassification and public release of a number of additional documents relating to collection under Section 215. These documents were properly classified, and their declassification is not done lightly. I have determined, however, that the harm to national security from the release of these documents is outweighed by the public interest.
Release of these documents reflects the Executive Branch’s continued commitment to making information about this intelligence collection program publicly available when appropriate and consistent with the national security of the United States. Additionally, they demonstrate the extent to which the Intelligence Community kept both Congress and the Foreign Intelligence Surveillance Court apprised of the status of the collection program under Section 215. Some information has been redacted because these documents include discussion of matters that continue to be properly classified for national security reasons and the harm to national security would be great if disclosed. These documents will be made available at the website of the Office of the Director of National Intelligence and at ICOntheRecord.tumblr.com, the public website dedicated to fostering greater public visibility into the intelligence activities of the U.S. Government.
Identify potential epidemics without medics in black helicopters dropping in to make sure you “eat healthy.”
Elizabeth Harrington reports:
The National Library of Medicine (NLM) is “mining” Facebook and Twitter to improve its social media footprint and to assess how Tweets can be used as “change-agents” for health behaviors.
The NLM, a division of the Department of Health and Human Services (HHS), will have software installed on government computers that will store data from social media as part of a $30,000 project announced last week.
Read more on Washington Free Beacon.
I’m not sure what to make of this. Is the NLM going to be downloading all tweets in a publicly searchable archive like the Library of Congress?
I an think of a few CEOs that would find this rather intimidating. Welcome to the Internet Age.
Zach Miners reports:
Facebook CEO Mark Zuckerberg sometimes speaks quickly and his statements on Internet privacy are not always clear, so researchers have created an archive to collect everything the executive has said publicly, aimed at gaining a better understanding of where the company stands on privacy.
The University of Wisconsin-Milwaukee is hosting the Zuckerberg Files, a digital treasure trove containing over 100 full-text transcripts and about 50 video files documenting Zuckerberg’s public statements for scholars to download and analyze.
Read more on Computerworld.
Speaking of Facebook...
Facebook Data Scientists Know Who Your Lover Is
… In a new paper, they write that embeddedness is an at best mediocre predictor of that special something. Relying on embeddedness, they were able to accurately predict Facebook users' significant others 24.7 percent of the time.
Another measure fared much better: "dispersion," or how many different networks of theirs a person's friend shares. In other words, your significant other won't just share many friends with you, but friends from all walks of life: your colleagues, your high school buds, your college friends, your family, and so on. Using dispersion, Backstrom and Kleinberg doubled their accuracy: 50 percent of the time, a person was romantic partners with the person who was the most dispersed across his or her social network. For married people, their accuracy rose to 60 percent, a figure which they say is more than 30 times higher than random guessing would produce (everyone in their sample had at least 50 friends).
Pew – Photo and Video Sharing Grow Online
by Sabrina I. Pacifici on October 28, 2013
“A new study by the Pew Research Center’s Internet Project [by Maeve Duggan] shows that 54% of internet users have posted original photos or videos to websites and 47% share photos or videos they found elsewhere online. The mobile landscape has also added to photo- and video-sharing. Apps like Snapchat and Instagram have capitalized on the ubiquity of cell phones and smartphones that make it simple to upload and share images. Some 9% of cell phone owners use Snapchat and 18% use Instagram. This is the first time the Pew Internet Project has asked cell owners about Snapchat and Instagram.”