Wednesday, April 09, 2014

At this level, it is much more difficult to determine what was breached and what was taken.
Tom McKay reports:
Security researchers have identified a very, very serious security hole in one of the fundamental technologies protecting personal data all across the Internet. OpenSSL, the cryptographic software library that an estimated two-thirds of web servers worldwide use to connect with end users and guard against digital eavesdropping, has been vulnerable to hackers for as long as two years. It may be the biggest security breach in the history of the Internet.
In a blog post published Monday, the OpenSSL researchers dubbed the critical flaw “Heartbleed,” admitted that the glitch allows for easy, untraceable breaches of secure systems, and announced the release of an immediate fix.
Read more on PolicyMic.
[From the article:
It's not theoretical. The research team provided evidence that with awareness of the bug, they were able to breach Yahoo security and steal email logins and passwords without leaving a trace.
… Until everyone updates their servers, widespread knowledge of the bug could mean open season for hackers. A Tor Project blog post ominously said that "If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle." Tumblr advises that you change all of your passwords immediately, including for their own service

(Related) Probably not, but a good start.
Everything you need to know about the Heartbleed SSL bug

It's not yet “Skynet” but it suggests that poor software testing can allow deadly bugs to slip through. (When we create technology that can make decisions autonomously, you car may choose to let you die.)
GM Air-Bag Software Blamed in U.S. Petition to Recall Impala
… The Center for Auto Safety, in a letter to U.S. regulators today, cited a government petition by a former GM researcher who said he found a software fault that can misread a passenger’s weight and render frontal air bags inoperative.
… “This is a design defect in every GM vehicle with the flawed algorithm” in the software, said Clarence Ditlow, executive director of the Washington-based Center for Auto Safety, which has been tracking recalls and defects since it was founded in 1970.
NHTSA’s databases don’t pinpoint the cause of air-bag failures, so it’s not clear how many cases can be tied to a flawed algorithm, Ditlow said.

As the value of “Big Data” becomes more apparent, companies that are no longer “required” to keep data may “Choose” to keep data.
This is huge.
AFP reports:
Europe’s top court on Tuesday struck down an EU law forcing telecoms operators to store private phone and email data for up to two years, judging it too invasive, despite its usefulness in combating terrorism.
By allowing EU governments to access the data, “the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data,” the European Court of Justice (ECJ) said.
Read more on Raw Story.
The Court of Justice’s press release can be found here (pdf).

Apparently, there is no App for that.
Cellphone use in court keep interrupting this trial about smartphones
… U.S. District Judge Lucy Koh has become increasingly frustrated during the first few days of the trial pitting Apple against Samsung because the many personal Wi-Fi signals interfere with a network the judge relies on for a real-time transcript of the proceedings.
The phones also ring, buzz and jingle, and can be used to take photos, a serious violation of court rules.

Short answer: no! But what if things change?
Richard Raysman and Peter Brown write:’
… courts have begun to confront a myriad of legal questions arising from these incidents. Companies and employees have heretofore been subject to suit in myriad jurisdictions as a result of data breaches and disclosures. Heretofore, the results have not been consistent and remain largely contingent on the facts of a specific controversy. This article will discuss several pressing issues in the rapidly evolving area of law responsive to data breaches, including: litigating class action claims following a breach of consumer personal data; instances of settlement of data breach claims; and particularized data breach claims that arise after an involuntary divulgence of medical records.
Read more on New York Law Journal.

Scary stuff from the insurance guys? Apparently profits aren't going up as much as premiums.
588% more for health insurance? It's true, survey finds
… Based on information collected from 148 brokers, premiums around the country increased an average 11% for group plans and 12% for individual policies. And in some parts of the country, the rate increases are even higher.
Premiums for individual plans in Delaware increased a whopping 100%, followed by New Hampshire at 90% and Indiana at 54%. In the small group market, Washington state held the dubious honor with rates increasing 588%. Pennsylvania small groups faced a 66% increase and in California, employers can expect to pay premiums 37% higher than last year.
Morgan Stanley said that while the rate hikes are “largely due to changes under the [Affordable Care Act]” like the minimum essential benefit requirement or increased insurer taxes, there are other factors at work.

A Privacy Resource.
Welcome to the home page of the European Data Protection Supervisor
by Sabrina I. Pacifici on April 8, 2014
“The EDPS is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. He does so by:
  • monitoring the EU administration’s processing of personal data;
  • advising on policies and legislation that affect privacy; and
  • cooperating with similar authorities to ensure consistent data protection.”

A Security Resource
2014 Internet Security Threat Report, Volume 19
by Sabrina I. Pacifici on April 8, 2014
Symanted – “The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from the Symantec Global Intelligence Network, which Symantec’s analysts use to identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.”

Obamacare links.
Affordable Healthcare Act
by Sabrina I. Pacifici on April 8, 2014 - “You can read the Affordable Care Act by visiting the links below. The health care law, sometimes known as “Obamacare,” was signed March 23, 2010. Read the full law: The law has 2 parts: the Patient Protection and Affordable Care Act and the Health Care and Education Reconciliation Act. You can view them in PDF or HTML formats below. You can also view an unofficial, consolidated version that is more readable. In all cases, the documents are searchable using the “Control + F” keys on your computer and typing in the word or phrase you are looking for.
Official certified full-text of the laws in PDF form:
Summary and certified full-text version in HTML (web page) format:

For my students.
David Miller's SlugBooks Out To Disrupt College Textbook Market
… Simply-said, SlugBooks is a resource that helps college students save money on their text books.

For my students.
You Need No Development Skills To Create Professional Windows Phone Apps

For my students...
Who knew
Did you?
Me too, 
10 Ways To Celebrate National Poetry Month

No comments: