Tuesday, April 22, 2014

Perhaps a useful “Case Study” for educators?
Jamie Ross of Courthouse News reports that another lawsuit has been filed against Maricopa County Community College District (MCCCD) following a data breach it disclosed in November 2013 (search MCCCD for all previous coverage on this blog).
This latest lawsuit was reportedly filed by Jason Liebich, a current student at Phoenix College. It was filed in in Maricopa County Court by his lawyer, Robert Carey of Hagens Berman Sobol Shapiro in Phoenix.
Ross reports:
According to the lawsuit, MCCCD is now “falsely advising class members that no data breach had occurred, including current students who were never informed (in writing or otherwise) that a data incursion had occurred.”
Liebich reportedly seeks class certification, compensatory damages, credit monitoring, credit restoration, and punitive damages for breach of contract and negligence.
So far, all of the lawsuits have been filed within the state. Given that some of those whose information was involved resided out-of-state at the time MCCCD acquired their personal information and/or now reside out-of-state, I’m waiting to see lawsuits filed in other jurisdictions with a possible move to consolidate in a federal court. But time will tell.
I continue to believe that this breach is not only an epic #FAIL on infosecurity, but also highlights why we need more data security enforcement and accountability in the education sector. When colleges amass tremendous amounts of personal information but fail to adequately secure it, who steps in and investigates? Not the U.S. Department of Education. Not the FTC, who has no authority over the education sector and non-profits, and likely not state attorneys general – particularly if the educational institution is a state agency. It shouldn’t require lawsuits by breach victims to hold educational entities accountable for data security.
For another example of a security fail involving an educational institution, see my post about the University of Virginia hack, here.

Here's a thought: Don't do you banking on your smartphone by texting while driving.
Attackers Use Facebook to Target Android Users
Known as iBanking, the mobile malware has the capability to steal SMS messages and redirect incoming phone calls. It can also capture audio using the device's microphone.
The attack doesn't begin with iBanking however; it begins with the infection of the user's computer by a banking Trojan called Win32/Qadars, which researchers at ESET were monitoring. According to ESET researcher Jean-Ian Boutin, the Trojan was spotted attempting to get victims to install iBanking.

More data for my statistics class.
Verizon Publishes Vastly Expanded 2014 Data Breach Investigations Report
Verizon RISK team researchers found that 92 percent of security incidents from the past 10 years could be categorized in one of nine "threat patterns," or attack types, according to the Verizon 2014 Data Breach Investigations Report released Tuesday.

For my Ethical Hackers. Be the best you can be.
Book Review – The Limits of Social Engineering
by Sabrina I. Pacifici on April 21, 2014
“…Even if we assume that the privacy issues can be resolved, the idea of what Pentland [Alex “Sandy” Pentland, a data scientist who, as the director of MIT’s Human Dynamics Laboratory] calls a “data-driven society” remains problematic. Social physics is a variation on the theory of behavioralism that found favor in McLuhan’s day, and it suffers from the same limitations that doomed its predecessor. Defining social relations as a pattern of stimulus and response makes the math easier, but it ignores the deep, structural sources of social ills. Pentland may be right that our behavior is determined largely by social norms and the influences of our peers, but what he fails to see is that those norms and influences are themselves shaped by history, politics, and economics, not to mention power and prejudice. People don’t have complete freedom in choosing their peer groups. Their choices are constrained by where they live, where they come from, how much money they have, and what they look like. A statistical model of society that ignores issues of class, that takes patterns of influence as givens rather than as historical contingencies, will tend to perpetuate existing social structures and dynamics. It will encourage us to optimize the status quo rather than challenge it.”

Perhaps all the flack they've been taking when parents heard what data they wanted to collect will cause them to rename and try again? How can we analyze “Big Data” if we can't gather Big Data?
Jo Napolitano reports:
The technology nonprofit inBloom, created to build a massive cloud-based student data system, announced Monday it will close — just weeks after New York ordered it to delete state student records.
In an open letter posted to the group’s website, inBloom chief executive Iwan Streichenberger said the Atlanta-based organization had become “a lightning rod for misdirected criticism.”
Read more on Newsday (subscription required)

Another example of businesses doing what government should have done, but government didn't even know how to spell Internet.
AT&T's expanded 1 Gbps fiber rollout could go head to head with Google

Perhaps an explanation of why government doesn't/can't compute. Perhaps good news for my techies.
The Flow of Technology Talent into Government and Civil Society – A Report
by Sabrina I. Pacifici on April 21, 2014
A Future of Failure? The Flow of Technology Talent into Government and Civil Society – A Report, Freedman Consulting, LLC. ”Among the key findings of this report:
  • The Current Pipeline Is Insufficient: the vast majority of interviewees indicated that there is a severe paucity of individuals with technical skills in computer science, data science, and the Internet or other information technology expertise in civil society and government. In particular, many of those interviewed noted that existing talent levels fail to meet current needs to develop, leverage, or understand technology.
  • Barriers to Recruitment and Retention Are Acute: many of those interviewed said that substantial barriers thwart the effective recruitment and retention of individuals with the requisite skills in government and civil society. Among the most common barriers mentioned were those of compensation, an inability to pursue groundbreaking work, and a culture that is averse to hiring and utilizing potentially disruptive innovators.
  • A Major Gap Between the Public-Interest and For Profit Sectors Persists: as a related matter, interviewees discussed superior for-profit recruitment and retention models. Specifically the for-profit sector was perceived as providing both more attractive compensation (especially to young talent) and fostering a culture of innovation, openness, and creativity that was seen as more appealing to technologists and innovators.
  • A Need to Examine Models from Other Fields: interviewees noted significant space to develop new models to improve the robustness of the talent pipeline; in part, many existing models were regarded as unsustainable or incomplete. Interviewees did, however, highlight approaches from other fields that could provide relevant lessons to help guide investments in improving this pipeline.
  • Significant Opportunity for Connection and Training: despite consonance among those interviewed that the pipeline was incomplete, many individuals indicated the possibility for improved and more systematic efforts to expose young technologists to public interest issues and connect them to government and civil society careers through internships, fellowships, and other training and recruitment tools.
  • Culture Change Necessary: the culture of government and civil society – and its effects on recruitment and other bureaucratic processes – was seen as a vital challenge that would need to be addressed to improve the pipeline. This view manifested through comments that government and civil society organizations needed to become more open to utilizing technology and adopting a mindset of experimentation and disruption.”

Proof positive! (Looks like a whale shark to me.)
Has the Loch Ness Monster been spotted on Apple Maps?
Some say the Loch Ness monster has resurfaced in Scotland, based on an Apple Maps image -- but is it a real sighting of the elusive creature or clever marketing?
Members of the Official Loch Ness Monster Fan Club claim they have studied an image seen on Apple’s global satellite map application that shows the allegedly 100-foot-long creature, CNet .com reports, citing London’s Daily Mail. They say if you zoom in on Apple images from space you can even see the monster’s giant flippers.
… “‘Last year was the first time in almost 90 years that Nessie wasn’t seen at all. After Nessie “going missing” for 18 months, it’s great to see her back,” he told the Mail.

No comments: