Tuesday, February 04, 2014
This is rarely listed as a “Risk” when planning for Security. But ask your Public Relations people what the downside of looking like an uncaring incompetent might be. And remember, Congress needs to portray you as head of an uncaring corporation that doesn't know how to protect its customers.
Esme Murphy reports:
Congress began a series of hearings Monday before a Senate banking subcommittee into the massive data breach at Target and other retailers.
Lawmakers grilled the Secret Service about when Target told them about the breach, and another hearing is slated for Tuesday. That’s when Target CFO John Mulligan will be in the hot seat.
On Monday, members of Congress focused on whether companies, including Target, delayed informing law enforcement officials and the public.
Read more on CBS Minnesota, where you can also watch a clip from today’s hearing. If you missed the hearing and want to watch the whole of today’s hearing, you can view it on C-Span (1 hr, 49 minutes).
Tomorrow, the Senate Judiciary Committee will be holding its own hearing on “Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime.” Target CFO John Mulligan is slated to be a witness on the first panel. The hearing begins and 10:15 am and will be streamed online. More details and the schedule can be found here.
“Just ask, we'll send you money.” (This drives auditors, even ex-auditors like me, absolutely crazy!)
File Your Taxes Before the Fraudsters Do
… According to a 2013 report from the Treasury Inspector General’s office, the U.S. Internal Revenue Service (IRS) issued nearly $4 billion in bogus tax refunds in 2012. The money largely was sent to people who stole Social Security numbers and other information on U.S. citizens, and then filed fraudulent tax returns on those individuals claiming a large refund but at a different address.
Very often a “he said, she said” argument with few facts. But not when details are released.
Giving Up on Oracle, Researcher Discloses Critical Vulnerabilities in Oracle Forms and Reports
In a blog post, security researcher Dana Taylor recounted what became a two-year odyssey between her and the company to fix software vulnerabilities in Oracle Forms and Reports. Oracle did not respond to multiple requests over the past few weeks from SecurityWeek to comment, but Taylor said in an email interview that she went "above and beyond" what is normally considered responsible disclosure.
… "In the Oracle reporting server’s case it is unfortunately fairly easy to show the magnitude of the problem," he said. "A simple Google dork search on "inurl:rwservlet" which is the fingerprint of a reporting server that may be vulnerable, returns [roughly] one million results. That means that when a zero-day like this comes to play, hackers have a starting point of [approximately] one million potential targets."
While some companies are good at patching servers in time, it is never immediate due to the service disruption that ensues as well as the process of applying every update as soon as it comes out, he added.
Should be no surprise. The data is out there. All you need is someone smart enough to interpret what it is telling you. (and to realize that no matter what it tells you, “There's a market for that!”)
We have Pam Dixon’s testimony on behalf of the World Privacy Forum to thank for this.
From the Democratic Press Office:
Chairman John D. (Jay) Rockefeller IV is asking six data brokers for information on the compilation and sale of products that identify consumers based on their financial vulnerability or health status. [Of course, the consumers “self-identify” based on the sites they visit. Brokers merely lump similar users together. Bob] Rockefeller brought attention to this industry practice during the Committee’s December 18, 2013, hearing titled, “What Information Do Data Brokers Have on Consumers, and How Do They Use It?”, and it was also highlighted in the majority staff report released at the hearing.
“We call it the 'George Orwell was too optimistic' system.” Assuming they have all this data (and they likely will, one way or another) what will they do with it? Fire “below average” teachers? Deny admissions to state funded universities? Require students to smile when they ask, “Would you like fries with that?”
Jules Polonetsky writes:
New York State is working on a system that will track students from pre-kindergarten to the work force. The goals are noble. Despite the billions we spend on education, we don’t have the data to evaluate what works. But what are the risks of assembling detailed data about every student’s abilities? Privacy advocates are sounding the alarm, worried about the implications of sharing this data. Parents and policymakers are being drawn into the fray, but often aren’t steeped in the full scope of the debate.
Read more on LinkedIn.
[From the article:
We need to discuss the deployment of big data analytics by education institutions to enhance student performance, evaluate teachers, improve education techniques, customize programs, devise financial assistance plans, and better leverage scarce resources to optimize education results.
This surprises you, why?
Latest transparency reports show steady rise in surveillance data requests
Google, Facebook and Microsoft were among the technology companies to release new figures Monday showing a rising number of requests for their users’ data coming from a secretive U.S. surveillance court.
… Google received FISA requests related to the content of between 9,000 and 9,999 accounts during the first half of 2013, up from between 7,000 and 7,999 in the first half of 2011.
The court sought content related to 15,000 to 15,999 accounts from Microsoft, up from 11,000 to 11,999 in the second half of 2011.
At Facebook, during the second half of 2012, the court sought data related to the content of 4,000 to 4,999 Facebook user accounts, the company said in a report. The company received more of FISA requests during the first half of 2013—the number rose to between 5,000 and 5,999 users’ accounts.
… Yahoo and LinkedIn also released new figures on Monday related to government data requests tied to national security. At Yahoo, the company only said it received FISA requests related to content for between 30,000 and 30,999 accounts during the first half of 2013.
… Apple already released new figures last week in response.
From the “government knows what is best for you” people? Fortunately, I have plenty of time to prepare my Ethical Hackers. Your cars will say, “You can't park here. This is Bob's parking space. Move me immediately!” Better still, how about howling like a dog at 3AM?
U.S. may mandate 'talking' cars by early 2017
U.S. regulators are crafting a rule that would require all new vehicles to be able to "talk" to one another using wireless technology, which the Department of Transportation said would significantly reduce accidents on U.S. roads and alleviate traffic congestion.
… "When these technologies are adapted across the fleet, the results could be nothing short of revolutionary for roadway safety," said David Friedman, acting administrator of the DOT's National Highway Traffic Safety Administration.
The details of implementation are still unknown. [Translation: “We don't know what we going to do, but it will be amazing! Trust us!” Bob]
Pew – 6 new facts about Facebook
by Sabrina I. Pacifici on February 3, 2014
Aaron Smith – “Facebook turns 10 tomorrow and reaches that milestone as the dominant social networking platform, used by 57% of all adults and 73% of all those ages 12-17. Adult Facebook use is intensifying: 64% of Facebook users visit the site on a daily basis, up from 51% of users who were daily users in 2010. Among teens, the total number of users remains high, according to Pew Research Center surveys, and they are not abandoning the site. But focus group interviews suggest that teens’ relationship with Facebook is complicated and may be evolving. New Pew Research Center survey findings show how people are using Facebook and what they like and dislike about the site.”
For my Criminal Justice students. See why we insist you take those techie courses? (and economics) My lawyer friends can tell me how you go about seizing the database that resides on the servers, and what you might have told the judge you will do with it.
Digital Currency Founder: U.S. Indicted Me For Not Giving FBI My Source Code
The indicted founder of digital currency Liberty Reserve says the U.S. government began targeting him only after he refused to turn over the source code for his proprietary system to the FBI.
Arthur Budovsky, who is fighting extradition to the U.S. from Spain, told a Madrid court that the FBI approached him in 2011 to obtain the source code for what he says was the purpose of undermining the service.
“I refused. It’s like asking Coca-Cola for their secret formula,” he told the court, according to the Associated Press. “The truth is that the U.S. wants to protect its monopoly on financial transfer platforms.”
His denial launched a witch hunt, he says, that resulted in his indictment last year along with six others in a $6 billion money-laundering scheme, in what authorities are calling the largest international money laundering case ever prosecuted.
It also resulted in U.S. authorities seizing Liberty Reserve’s servers in Holland, giving them access to financial information on some 800,000 users and 44 million transactions and the ability to trawl through the data for evidence of illegal activity conducted by Liberty Reserve users. The case was handled by the U.S. Secret Service and DHS’s Homeland Security Investigations.
For my Math students.
The Art of Problem Solving
Last week Marilyn Just emailed me with a couple of suggestions to add to my list of mathematics resources. One of the suggestions that jumped out at me was the Art of Problem Solving. The Art of Problem Solving offers a variety of tutorial resources for students. Some of the resources are free and some are not. The highlight of the free resources is a catalog of more than three hundred short instructional videos like the one embedded below.
The bulk of the videos are designed for pre-algebra and algebra lessons.
One of those World Changing Things that sneak in under the radar.
Personal Loans Online — How Peer-to-Peer Lending Is Changing the Game
… the public perception of this lending paradigm is one associated mostly with the developing world.
I was surprised to discover that peer to peer lending is also challenging the likes of BarclayCard and CitiBank in their traditional heartlands of the affluent West. There are a number of services on the market right now which allow lenders to provide credit, and for borrowers to gain access to funds without dealing with a bank or credit union. I looked at three of them, and explored how they’re shaking up the finance game.