Tuesday, October 28, 2014
For my Computer Security students.
Credit Card Hacking is Americans' Top Crime Worry: Poll
Credit-card hacking is the number one crime on Americans' worry list, far above getting mugged or murdered, according to a Gallup survey released Monday.
As the number of major retailers reporting cyber breaches grows, with thieves stealing credit card data belonging to tens of millions of their customers, awareness of the hacking threat has taken off.
"Americans today are more worried about their credit card information being hacked from stores than about any other crimes they are asked about, and a relatively high percentage say they have been victims of this hacking," Gallup said.
Sixty-nine percent of Americans said they frequently or occasionally worry about computer hackers stealing the credit-card information they have used at stores.
The only other crime that worries the majority of Americans -- 62 percent -- is hacking and data theft of a computer or smartphone.
The number of detected cyberattacks skyrocketed in 2014 — up 48 percent from 2013 — and they are costing companies more money, according to two global studies released Monday.
This year is expected to see 42.8 million cyberattacks, roughly 117,339 attacks each day, a study from consulting firm PricewaterhouseCoopers found.
Nearly all companies surveyed were hit by a cyberattack in 2014, costing them hundreds of thousands, potentially millions, of dollars.
… Security filings revealed that retail giant Target alone shelled out upwards of $150 million since its data breach during the 2013 holiday shopping season.
Another report from security software vendor Kaspersky Lab estimated an average data security incident costs a company $720,000.
(Related) You may never know you've been a victim.
JPMorgan Data Breach Involves Information on 76 Million Households
JPMorgan Data Breach Involves Information on 76 Million Households, 7 Million Small Businesses, CRS Legal Sidebar, October 23, 2014
“JPMorgan did not provide individual customers with notice of the breach because it believed that it had no obligation to do so because no “sensitive customer information” was involved in the data breach. This means that JPMorgan apparently has complied with data breach notification standards promulgated by the federal banking regulators pursuant to the privacy provisions of the Gramm-Leach-Bliley Act (GLBA). These standards specify the contents of breach notices that must be supplied by telephone, mail, or electronic mail to all affected customers when a data breach involves “sensitive customer information.” Should “sensitive customer information” be involved in a data breach, the guidelines require financial institutions, such as JPMorgan, to notify customers only if after a “reasonable investigation” the company determines that “misuse of its information about a customer has occurred or is reasonably possible.”
Notice that the US government does not make this accusation about a group that is not part of the Chinese government. This is pure diplomatic speak.
Ellen Nakashima reports:
A coalition of security researchers has identified a Chinese cyberespionage group that appears to be the most sophisticated of any publicly known Chinese hacker unit and targets not only U.S. and Western government agencies but also dissidents inside and outside China.
News of the state-sponsored hacker group dubbed Axiom comes a week before Secretary of State John F. Kerry and two weeks before President Obama are due to arrive in Beijing for a series of high-level talks, including on the issue of cybersecurity.
Read more on Washington Post.
(Related) Countries (particularly China and Russia) tend to take accusations personally.
FireEye Links Russia to Cyber Espionage Campaign Dating Back to 2007
Security firm FireEye has released a new report uncovering and detailing a large cyber-espionage campaign that the company believes is sponsored by the Russian government and dates back to 2007.
The group behind the campaign, which FireEye is calling APT28, is a skilled team of developers and operators collecting intelligence on defense and geopolitical issues that would clearly benefit Russia.
Unlike many attacks often attributed to China and detailed in Mandiant’s (now part of FireEye) APT1 report released in 2013, the APT28 attackers do not appear to be after intellectual property theft for economic gain.
… Last week, Trend Micro released a report on a cyber-espionage operation dubbed "Operation Pawn Storm" which targeted military, government and media organizations around the world and utilized the Sofacy malware.
But according to McWhorter, the direct link and attribution to Russia is what FireEye is highlighting in its APT28 report.
… the report (PDF)
About time someone initiated a smackdown!
Nate Cardozo and Jamie Lee Williams write:
School districts across the country are grappling with how to deal with their students’ use of technology and social media. All too often, in an attempt to protect students, they end up implementing technology polices that give administrators too much power and go too far in restricting what students can do online. Williamson County Schools, a public school district in affluent Williamson County, Tennessee, is one such school district. Recently, a concerned parent, Daniel Pomerantz, brought the policy to the attention of EFF and the ACLU of Tennessee (ACLU-TN). Mr. Pomerantz was right to be concerned.
Earlier today, EFF and ACLU-TN sent a letter to the board on behalf of our client detailing our concerns. As we outline in our letter to the school board, the school district’s technology and Internet policy is troubling in a number of ways. Indeed, the policy violates the First and Fourth Amendment rights of 35,000 Williamson County students across the district’s 41 schools. We teamed up with ACLU-TN to demand that the Williamson County School Board immediately suspend the unconstitutional policy.
Read more on EFF.
If it takes analysis of Big Data to determine who to discriminate against, will it be obvious to anyone who does not analyze Big Data that documents the discrimination?
Companies that target certain people based on their online behavior could be practicing a form of discrimination, the American Civil Liberties Union (ACLU) warned on Monday.
Some businesses look at massive amounts of information about what people do on the Internet to target ads to one group over another, which the ACLU told the Federal Trade Commission (FTC) “has the potential to significantly reinforce existing economic disparities between racial groups."
“Because decisions about which advertisements to display are in some cases based on data about race or factors closely linked to race, we are in danger of segregating the consumer experience on the Web,” ACLU officials told FTC Chairwoman Edith Ramirez in a formal filing.
Both the FTC and the Consumer Financial Protection Bureau should investigate whether or not companies are violating the rules by using new forms of discrimination, the civil liberties group said.
“Sell 'em while they're young!” (and don't forget to tell them how hard it is to use Windows!)
… The tech giant has chosen 114 schools in 29 states to get grants as part of the Obama administration’s ConnectED effort, which seeks to connect 99 percent of the country’s students to high-speed broadband Internet.
“We believe that the young minds and young innovators of tomorrow should have every opportunity to realize their potential through today’s powerful learning tools,” Apple said in announcing its plans.
In the schools Apple will be targeting, 96 percent of students are eligible for free or reduced-price lunch, a common metric of poverty. Ninety-two percent of students in the schools are of a racial or ethnic minority.
“Despite their economic challenges, these schools share a vision of what their students’ lives would be like with Apple technology,” Apple said.
I think I'll start using this as my best example of something that will never happen. Politicians limiting the lies they can tell? You must be joking.
Disclosure rules pushed by Democrats [Next week it's the Republican's turn Bob] could result in the creation of a government review board monitoring the Internet, the chairman of the Federal Election Commission (FEC) warned Monday.
… The FEC deadlocked last month on the question of whether there should be more stringent reporting requirements for political advertisements that are distributed only on the Internet.
I keep meaning to buy more cocoa... I don't remember why.
Clinical Trial Shows Cocoa Diet Reverses Age-Related Memory And Cognitive Decline
Clinical Trial Shows Cocoa Diet Reverses Age-Related Memory And Cognitive Decline: 60 Year Old Cognition Reverted to 30-40 Year Old
“A new study and clinical trial by scientists at Columbia University Medical Center has shown that in healthy human adults, a diet of cocoa that is rich in flavanols is able to reverse the effects of age-related memory decline. Imaging reveals one region of the brain that is responsible for the improvement in cognition. The study is one of the first to show that dietary modification results in startling brain function improvement upon targeting of one specific brain region. Cognition tests reveal significant improvements in memory recall and reaction times, to the extent that performance of older people resembled that of younger.
… Previous studies have shown that age-related memory decline starts in early adulthood but has little impact on quality of life until the sixth and seventh decades.
Interesting. Would anyone notice if he (for example) changed the code to favor one political party over another? That would not break any laws, would it?
How Facebook Is Changing the Way Its Users Consume Journalism
NYT – Ravi Somaiya: “Many of the people who read this article will do so because Greg Marra, 26, a Facebook engineer, calculated that it was the kind of thing they might enjoy. Mr. Marra’s team designs the code that drives Facebook’s News Feed – the stream of updates, photographs, videos and stories that users see. He is also fast becoming one of the most influential people in the news business… About 30 percent of adults in the United States get their news on Facebook. Roughly once a week, he and his team of about 16 adjust the complex computer code that decides what to show a user when he or she first logs on to Facebook. The code is based on ‘thousands and thousands’ of metrics, Mr. Marra said, including what device a user is on, how many comments or likes a story has received and how long readers spend on an article.”