Thursday, April 03, 2014

Okay, they look like large balsa wood kit models. And neither one looks like the ones displayed in their military parades. But consider a bit larger model that could carry a nuke and you have a primitive cruise missile.
Take a closer look at North Korea’s alleged drones
If these unmanned aircraft look rudimentary, it's probably because they are: Not only did they all crash, but with only a poor quality camera that could not take video, and no way to broadcast the images, their use as a spy plane is severely limited.
Despite their lack of sophistication, however, the sudden appearance of these drones in South Korea is causing some serious concern.


This is consistent with “our customers are ignorant but really like playing with their mobile devices.” If they work well enough to allow customers to buy stuff, they work well enough.
Domingo Guerra writes on Appthority:
Recently Wal-Mart and Walgreens have both been noted to have security vulnerabilities connected to their mobile applications. Following recent revelations about the insufficient security of mobile apps from other major corporations, such as Target, Neiman Marcus, and Starbucks, it is clear that big company names are still struggling to iron out flaws in their mobile apps.
We recently put the Wal-Mart and Walgreens apps through our mobile app reputation analysis via the Appthority Service and found their ratings to be the following:
  • The Walmart iOS app earned an app reputation score of 23 out of a possible 100 points.
  • The Walgreens app earned an app reputation score of 19 out of a possible 100 points.
These findings are another reminder that big companies must prioritize and invest further in security and privacy when it comes to rolling out their mobile apps.


Since I get my news via RSS feeds, and email claiming to be from a news website would be highly suspicious.
News Junkies Make Great Targets
Unfortunately, the truth remains that individuals are a weak link in the battle against cyber criminals. Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.
The 2013 Verizon Data Breach Investigations Report finds that sending just three emails per phishing campaign gives the attacker a 50 percent chance of getting one click. With six emails the success rate goes up to 80 percent and at 10 it is virtually guaranteed. Social media helps spur success, enabling cyber criminals to gather information about us so they know how to more effectively entice targets to click on that malicious email.


Nothing really new, but worth putting on the “response” bookshelf (in the “response” folder) Note the lack of communication. If different agencies are having problems with different components, they could ask for help from agencies who did not have difficulty with that component. If everyone is having problems with the same component, they need to revise the component. (If a manager can't figure that out, they need a new manager.)
From a GAO report (GAO-14-487T) released today, the highlights:
The number of reported information security incidents involving personally identifiable information (PII) has more than doubled over the last several years (see figure).
As GAO has previously reported, major federal agencies continue to face challenges in fully implementing all components of an agency-wide information security program, which is essential for securing agency systems and the information they contain—including PII. Specifically, agencies have had mixed results in addressing the eight components of an information security program called for by law, and most agencies had weaknesses in implementing specific security controls. GAO and inspectors general have continued to make recommendations to strengthen agency policies and practices.
In December 2013, GAO reported on agencies’ responses to PII data breaches and found that they were inconsistent and needed improvement. Although selected agencies had generally developed breach-response policies and procedures, their implementation of key practices called for by Office of Management and Budget (OMB) and National Institute of Standards and Technology guidance was inconsistent. For example,
  • only one of seven agencies reviewed had documented both an assigned risk level and how that level was determined for PII data breaches; two agencies documented the number of affected individuals for each incident; and two agencies notified affected individuals for all high-risk breaches.
  • the seven agencies did not consistently offer credit monitoring to affected individuals; and
  • none of the seven agencies consistently documented lessons learned from their breach responses.
Incomplete guidance from OMB contributed to this inconsistent implementation. For example, OMB’s guidance does not make clear how agencies should use risk levels to determine whether affected individuals should be notified. In addition, the nature and timing of reporting requirements may be too stringent.
Download the full report from GAO


Interesting. Worth a read...
This new report from Pam Dixon and Bob Gellman for the World Privacy Forum explores the issue of predictive scores that use information about your past to predict your future. How accurate are these predictions? What impact can they have on your life? What scores are predicting you?
Brief Summary of report (provided by WPF):
This report highlights the unexpected problems that arise from new types of predictive consumer scoring, which this report terms consumer scoring. Largely unregulated either by the Fair Credit Reporting Act or the Equal Credit Opportunity Act, new consumer scores use thousands of pieces of information about consumers’ pasts to predict how they will behave in the future. Issues of secrecy, fairness of underlying factors, use of consumer information such as race and ethnicity in predictive scores, accuracy, and the uptake in both use and ubiquity of these scores are key areas of focus.
The report includes a roster of the types of consumer data used in predictive consumer scores today, as well as a roster of the consumer scores such as health risk scores, consumer prominence scores, identity and fraud scores, summarized credit statistics, among others. The report reviews the history of the credit score – which was secret for decades until legislation mandated consumer access — and urges close examination of new consumer scores for fairness and transparency in their factors, methods, and accessibility to consumers.
You can download the report here (.pdf)


How can broadcast TV possibly survive without fees from Cable? How did they do it before cable?
Dish Network, Echostar and the American Cable Assn. are among those supporting Aereo in its showdown with broadcasters in the Supreme Court.
They were among the companies and organizations which filed briefs to the high court on Wednesday, the deadline for amicus briefs in favor of Aereo. Oral arguments in the Supreme Court are scheduled for April 22.
If Aereo is allowed to continue, broadcasters say that cable and satellite operators could merely start their own similar services and bypass having to compensate them for retransmitting station signals, in what is now a multi-billion dollar revenue stream.


I should be simple to flag your WiFi, “Private.” Absent that, what should I assume?
From the hard-to-believe-this-wasn’t-an-April-Fool’s-joke dept.:
David Kravets reports:
Google wants the Supreme Court to reverse a decision concluding that the media giant could be held liable for hijacking data on unencrypted Wi-Fi routers via its Street View cars.
The legal flap should concern anybody who uses open Wi-Fi connections in public places like coffee houses and restaurants. That’s because Google claims it is not illegal to intercept data from Wi-Fi signals that are not password protected.
Read more on Ars Technica.


Virtual tourism? Can I still buy the T-shirts?
Angkor Wat at Google: Just like being there (video)
Google street view technology in Google Maps now offers detailed views of Cambodia's ancient temple complex Angkor Wat that enables virtual tourism [See here]. One can now travel to Angkor Wat without ever leaving your living room


For my Statistics students (and the other professors) Windows, Mac or Online.
– If you’ve ever tried to do anything with data provided to you in PDFs, you know how painful this is — you can’t easily copy-and-paste rows of data out of PDF files. Tabula allows you to extract that data in CSV format, through a simple interface. And now you can download Tabula and run it on your own computer, like you would with OpenRefine.

No comments: