- Change yours often.
- Don’t share them with friends.
- The longer, the better.
- Be mysterious.
- Don’t leave yours lying around.
Thursday, August 07, 2014
DHS has lost similar data before. If I wanted to slip an agent into the DHS (can't imagine why I would) the is the information I would want to analyze to create the perfect background profile.
United States Investigations Services (USIS) suffers major computer breach, officials say; DHS contractor
Ellen Nakashima reports:
A major U.S. contractor that conducts background checks for the Department of Homeland Security has suffered a computer breach that likely resulted in the theft of employees’ personal information, officials said Wednesday.
The company, USIS, said in a statement that the intrusion “has all the markings of a state-sponsored attack.”
The breach, discovered recently, prompted DHS to suspend all work with USIS as the FBI launches an investigation. It’s unclear how many employees were affected, but officials said they believe the breach did not affect employees outside DHS. [So was DHS specifically targeted or is DHS their only client? Bob] Still, the Office of Personnel Management has also suspended work with the company “out of an abundance of caution,”a senior administration official said.
Read more on Washington Post, keeping in mind as you read the rest of her report that Anonymous claims that not only did China hack OPM in March, but it had hacked OPM, too. OPM has not confirmed nor denied that claim.
Gosh Mr Science, could this happen in the US too?
Kate Fulton reports:
The UK’s privacy watchdog has fired a warning to barristers and solicitors following a spate of data protection breaches by legal professionals.
In a blog post, the ICO wrote that 15 incidents involving legal professionals breaching the Data Protection Act (DPA) have been reported in the last three months.
Read more on TechRadar.
[From the article:
"We have published some top tips to help barristers and solicitors look after the personal information they handle. These measures will set them on the road to compliance and help them get the basics right."
Tools & Techniques for my Computer Security students.
LogRhythm Launches Honeypot Security Analytics Suite
Just weeks after announcing that it had raised $40 million in a new round of equity financing, SIEM and security intelligence vendor LogRhythm has released a new analytics suite that monitors honeypots in order to detect and track would-be attackers.
According to the Boulder, Colorado-based Company, the suite enables customers to analyze nefarious tactics and generate targeted threat intelligence.
Designed to look like production servers but left vulnerable on purpose, Honeypots are isolated decoy systems and services used to deceive and detect attackers.
The new Honeypot Security Analytics Suite helps LogRhythm customers deploy honeypots to attract opportunistic hackers and then capture network and log activity stemming from the honeypots. By deploying honeypots, organizations can detect various evolving attacks – including advanced zero-day malware, brute force attacks and emerging nefarious payloads, the company said.
It's what you don't know that hurts you. My wife buys vitamins and other supplements for her horse and our dogs. What group does that put us in?
Too much soft cheese may directly impact your health insurance premiums
… You shop at the supermarket and you give them your loyalty card because you’re constantly told that this practice will give you some amount of monetary return. It also gives the supermarket the ability to monitor your purchasing habits. Now keep in mind that you are a known quantity; your name, your contact details and various other personally identifiable data points about you as an individual.
Now you go and apply for insurance with an organisation that has access to this data, whether that be because both companies are under the same umbrella or that the fine print none of us ever read when you signed up for the loyalty card said it could be shared with partners. You buy too much crap – soft drinks, chips, high-fat foods – and you’re also buying vitamins to treat high blood pressure and elevated cholesterol. Then you apply for life insurance.
Or perhaps your shopping habits put you squarely into a particular ethnic bracket; the foods you eat, the magazines you buy, the medicines you choose and so on and so forth. Studies show this ethnic group also has a higher propensity of at-fault claims on their motor vehicle insurance. Now you want to insure your new wheels.
I offer you a new term, “Creep-nology” Really creepy technology.
Douglas Macmillan reports:
Hiding in Foursquare’s revamped mobile app is a feature some users might find creepy: It tracks your every movement, even when the app is closed.
Starting today, users who download or update the Foursquare app will automatically let the company track their GPS coordinates any time their phone is powered on. Foursquare previously required users to give the app permission to turn on location-tracking. Now users must change a setting within the app to opt out.
Read more on WSJ.
A TED video.
The dark secrets of a surveillance state
Tour the deep dark world of the East German state security agency known as Stasi. Uniquely powerful at spying on its citizens, until the fall of the Berlin Wall in 1989 the Stasi masterminded a system of surveillance and psychological pressure that kept the country under control for decades. Hubertus Knabe studies the Stasi — and was spied on by them. He shares stunning details from the fall of a surveillance state, and shows how easy it was for neighbor to turn on neighbor.
Et tu, Bill?
Microsoft Is Scanning Your Online Images
You’ll be pleased to discover it isn’t just Google scanning your emails for evidence of illegal activity; Microsoft is doing exactly the same thing. In the same way Google tipped off the authorities about child pornography allegedly being shared via Gmail, Microsoft did the same when it discovered abuse images allegedly being stored on OneDrive.
Microsoft’s Terms of Service explicitly state that the company will use “automated technologies to detect child pornography or abusive behaviour that might harm the system, our customers, or others.” However, regardless of the vile nature of the images being shared, this still raises questions over the right to privacy when using cloud services.
For my Computer Security students. Would you like the poster or the T-shirt?
Passwords Are Like Underwear—They Aren’t Meant to Be Shared
… Software vendor IS Decisions has recently published a report entitled “From Brutus To Snowden: A Study Of Insider Threat Personas” in which the company looks at workers’ habits, behavior and attitudes around topics including password sharing and network access. The company surveyed 1,000 people in the U.S. and another 1,000 in the U.K. to compile the report’s data.
IS Decisions found that while information security teams spend the majority of their time defending against attacks from outside the organization, the threat from within the organization is not considered seriously enough. The report looks at hypothetical “personas” based on worker demographics to help companies understand who is most likely to share a password with someone or exhibit other behavior that can put a network at risk.
… I’ll leave it to you to read the report and draw your own lessons from it, but I will close with this interesting bit of advice from an infographic in the report:
Passwords are like underwear.
To delink or not to delink. The data itself is fine, but no one can point users to it?
Wikimedia Blasts Europe's 'Right to Be Forgotten'
The Wikimedia Foundation on Wednesday released its first-ever transparency report -- and along with it a protest against Europe's "right to be forgotten" law. Wikimedia is the nonprofit owner of Wikipedia and other sites.
"Last week, the Wikimedia Foundation began receiving notices that certain links to Wikipedia content would no longer appear in search results served to people in Europe," wrote Wikimedia General Counsel Geoff Brigham and Legal Counsel Michelle Paulson.
"Denying people access to relevant and neutral information runs counter to the ethos and values of the Wikimedia movement," they added. "The Wikimedia Foundation has made a statement opposing the scope of the judgment and its implications for free knowledge."
… "I think they're overstating the case," John Simpson, director of Consumer Watchdog's Privacy Project, told TechNewsWorld. "I don't think they understand the privacy issues involved."
Meanwhile, the professionals (e.g. http://www.law.du.edu/index.php/privacy-foundation ) are slowly running out of funding.
Consumer Privacy Organizations Oppose Farcical Class Action Settlement
by Sabrina I. Pacifici on Aug 6, 2014
“EPIC, along with a group of consumer privacy organizations, has asked the Federal Trade Commission to object to an unfair class action settlement in California federal court. In 2010, Google was sued for sharing user web browsing information with advertisers. Under the proposed settlement agreement, Google will distribute several million dollars to a handful of organizations, many of which already have ties to the company. EPIC and other privacy organizations have argued that the proposed agreement “confers no monetary relief to class members, compels no change in Google’s behavior, and misallocates the cy pres distribution” to organizations that are “not aligned with the interests of class members and do not further the purpose of the litigation.” The consumer groups, who have already written to the court opposing the settlement, urged the Federal Trade Commission to object as well. The agency filed a similar objection in Fraley v. Facebook, an unfair class action settlement in the Ninth Circuit. For more information, see EPIC: FTC and EPIC: Search Engine Privacy.”
Why has PETA refused to become involved?
Photographer 'lost £10,000' in Wikipedia monkey 'selfie' row
A photographer involved in a copyright row with Wikipedia over a monkey "selfie" says he has lost £10,000 in income over two years because of it.
David Slater, from Coleford in the Forest of Dean, said the web-based encyclopaedia had repeatedly refused to remove the image from its site.
He said there had been no interest from anyone in buying the image since it was declared to be in the "public domain".
The site said Mr Slater did not own the copyright as he did not take the photo.
… The debate about the picture resurfaced on Wednesday as the Wikipedia Foundation published its first transparency report - following a similar practice by Google, Twitter and others.
Perhaps we could recreate the full survey here. I'd bet our students would out score those kids. (I did)
Technology knowledge -- it's all downhill after you're 14
A new study by the UK's communications regulator Ofcom finds that the "millennium generation" of 14-15 year olds are the most technology aware group but as we get older digital knowledge begins to decline.
The study of 2,000 adults and 800 children measured confidence and knowledge of communications technology to calculate a Digital Quotient (DQ) with the average UK adult scoring 100.
Today's 14 year olds have a DQ of 113 and are the first generation to have grown up with the benefits of broadband, probably never knowing the pleasures of dial-up internet. People in their 40s have a DQ in the high 90s, around the same as a modern six-year-old. Over 70s score a DQ in the 80s. You can try this out for yourself and see how you compare with a quick three minute taster test.
… You can find out more about the results of the survey on the Ofcom website.
Apparently we're not teaching everything future tech workers will need.
AI, Robotics, and the Future of Jobs
by Sabrina I. Pacifici on Aug 6, 2014
Pew Report – “The vast majority of respondents to the 2014 Future of the Internet canvassing anticipate that robotics and artificial intelligence will permeate wide segments of daily life by 2025, with huge implications for a range of industries such as health care, transport and logistics, customer service, and home maintenance. But even as they are largely consistent in their predictions for the evolution of technology itself, they are deeply divided on how advances in AI and robotics will impact the economic and employment picture over the next decade. We call this a canvassing because it is not a representative, randomized survey. Its findings emerge from an “opt in” invitation to experts who have been identified by researching those who are widely quoted as technology builders and analysts and those who have made insightful predictions to our previous queries about the future of the Internet. (For more details, please see the section “About this Report and Survey.”)
We still have a few design students finishing their program. I can't do what they do, so I find tools like this to trade for future design favors.
– Create vector graphic design with YouiDraw online. It’s like Adobe Illustrator or CorelDraw but it works with HTML5 and Google Drive. So there’s no software to download and you can access your work anytime, anywhere. An Online Logo Maker is available for creating high quality vector graphics, headings, HTML5 logos, icons, web site elements and buttons by hundreds of templates and styles.
(Related) Oh look, another one!
– if you are into blogging or publishing in any way, then you will need a constant supply of royalty-free photos. One such source for this is Raumrot which is a site of free high-resolution photos you can download for any personal or commercial project. Each photo is categorized and links to the larger version on Flickr.com.
Another tool for my Math students.
Find More Than 4,000 Math Lessons on Open Curriculum
Open Curriculum is a new entry into the lesson depot market. Like similar sites, Open Curriculum offers a collection of thousands of resources for teaching mathematics. You browse the Open Curriculum resource lists according to grade level and topic.
… Open Curriculum provides more than just a collection of mathematics lesson materials. In your Open Curriculum account you can create and share your own lessons and units of study. You can also upload existing materials to incorporate into the lessons and units that you create in Open Curriculum.
… The sharing aspect of Open Curriculum could be useful for large departments that are looking for a place to share materials that they like and create with each other.
For my students. Could be more fun that a formal presentation. (Perfect for math problems?)
Google Acquires Directr, An App For Shooting Short Films On Your Phone
Directr, an app that we’ve covered a few times since its launch back in 2012, has just been snatched up by Google.
In an age of ultra-brief videos, Directr existed to help users and businesses shoot videos that were a bit longer than your average Vine — think ads, or promo clips, or family holiday videos.
Perhaps my idea to have my students write their own textbook isn't so great after all.