Sunday, October 19, 2014
For my Ethical Hackers and Computer Security students. Would you do the same for your organization? If so, consider sending an immediate email rather than waiting for the user to return to your site. Apparently Facebook still thinks everyone uses their site first.
Keeping Passwords Secure
The Facebook Security team has always kept a close eye on data breach announcements from other organizations. Theft of personal data like email addresses and passwords can have larger consequences because people often use the same password on multiple websites. Unfortunately, it's common for attackers to publicly post the email addresses and passwords they steal on public 'paste' sites.
… we built a system dedicated to further securing people's Facebook accounts by actively looking for these public postings, analyzing them, and then notifying people when we discover that their credentials have shown up elsewhere on the Internet.
… If we find a match, we'll notify you the next time you log in and guide you through a process to change your password.
Fortunately, I'm not flying to New Zealand any time soon.
Ian Apperley writes:
…Auckland Transport announcing this week a deal with Hewlett Packard to roll out facial recognition technology, along with what looks like car plate recognition and sifting of social media networks. Now, they aren’t turning the facial recognition on right away, but you can be sure they want to, as they are in discussion with the Privacy Commissioner. Worse, all that data will be pushed to the U.S. into a Cloud environment, which gives the Five Eyes network instant access to everything, given it traverses into the U.S. Of course local police will have access to it as well.
This is quite simply, Mass Surveillance.
Read more on NBR.
Perhaps some elements could serve for more generalized “Things on the Internet of Things” security guidelines.
FDA Releases Final Guidance on Cybersecurity in Medical Devices, Public Workshop to Follow on October 21-22, 2014
Morgan Kennedy writes:
On October 2, 2014, the Food and Drug Administration (FDA) released a final guidance document titled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”. The FDA said that the “need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network- connected devices, and the frequent electronic exchange of medical device-related health information.”
Read more on Covington & Burling Inside Privacy.
For my Computer Security students. Very “friendly” interview of Kim Dotcom, but they do summarize the case. (I haven't listened to the Snowden interview yet)
A match made in exile: Edward Snowden and Kim Dotcom open up to the New Yorker
… On Saturday, Jane Mayer remotely interviewed Snowden, who leaked information about the federal government's spying strategy, as part of the New Yorker Festival, which ended yesterday.
… Then, the following day, New Yorker features director Daniel Zalewski interviewed Dotcom, the founder of the now shuttered file-sharing site Megaupload, which the FBI accused of costing intellectual property owners $500 million in lost revenue.
Edward Snowden: http://www.youtube.com/watch?v=fidq3jow8bc
Kim Dotcom: http://www.youtube.com/watch?v=Q3c4LqN5ca4#t=353
Kim Dotcom has been run through the legal mill several times over the past few years, with his company shut down, his assets seized and his home raided in a short period of time. The only real development though in the ongoing and oft-delayed extradition trial, is that recently the Department of Justice in the US launched a civil suit against the German entrepreneur, asking the court to hand over all of his assets, current and past since they were only gained through – in its words – illegal means. Now Dotcom’s team has officially responded, claiming that the crimes he is said to have committed are entirely made up.
While that might sound like the argument you came up with when your sister told your parents you pinched her, it does have some merit here, since Kim Dotcom stands accused of secondary criminal copyright infringement, which implies he wasn’t directly responsible for copyright infringement but was heavily involved. That’s not a crime that currently exists on anyone’s legal books.
“The crimes for which the Government seeks to punish the Megaupload defendants do not exist. Although there is no such crime as secondary criminal copyright infringement, that is the crime on which the Government’s Superseding Indictment and instant Complaint are predicated,” Megaupload’s lawyers write.
They then highlighted how because of this made up law and charge, not only was Dotcom stripped of his rights and property, but millions of Megaupload users were also (and still are) denied access to their digital property.
“Tellingly, the Complaint and the Superseding Indictment together fail to identify a single instance in which an act of infringement — particularly an unauthorized upload or download — occurred entirely within the United States,” they continued, highlighting that the DOJ’s jurisdiction ends at the US border.
(Completely unrelated) But it caught my eye.
The Trans-Pacific Partnership Threatens Internet Freedom, Here’s How
ACTA and SOPA might be dead and buried, but the specter of draconian copyright law still lingers, as the leak of the latest draft of the Trans-Pacific Partnership treaty shows us.
The treaty – currently being written and developed by twelve countries – could soon see ISPs liable for the activities of their users, extended copyright terms, and the act of circumventing Digital Rights Management (DRM) technology criminalized.
Why we have self-driving cars.