Friday, October 10, 2014

I'll be at the Privacy Foundation seminar ( ) today, learning what could possibly go wrong with Internet connected eCigarettes.
The Cigarette That Charges for Every Puff
A recent patent from Phillip Morris imagines a web-connected e-cig. It could help users quit—but it could also open their pipe up to tracking and hacking.
… Once smartened-up, the Internet-connected pipe can do many things. Not-so-usefully, it could let users initiate a puff from the computer—in case, I suppose, old-fashioned inhaling gets too hard. Slightly-more-usefully, it could automatically send doctors information about how much tobacco was burned and for how long. That feature could be especially handy if the cigarette’s user is participating in a clinical trial, or trying—with someone or something else’s help—to stop smoking.
… In the patent’s ninth column, its authors propose one feature that might help them understand smoking’s costs: pay-as-you-puff. Smokers, it says, might want to charge themselves a little bit of money every time they take a hit:
… Goldman Sachs has identified e-cigarettes of all sorts as one of the eight great disruptive technologies of 2014, and it’s named the Internet of Things as the “next mega-trend.”
… when you connect some previously dumb object to the Internet, it can be both hacked, and you can be tracked.
… And—perhaps most importantly, and as pay-as-you-smoke testifies—when you connect an object to the Internet, you don’t quite own it the same way as you did before.

“Contained?” Bold words.
International Dairy Queen Confirms Data Breach
International Dairy Queen Inc. became the latest company to confirm a data breach, announcing Thursday the “Backoff” malware affected payment card information at 395 of its 4,500-plus U.S. locations.
… The company said “based on our investigation, we are confident that this malware has been contained.”

(Related) Listed so you know when to panic!
12 Colorado Dairy Queen stores hit by data breach
Twelve Colorado Dairy Queen and Orange Julius locations were among the 395 hit by information-thieving hackers nationwide since Aug. 1, the company says.

Government, thy name is not clarity. Something to keep an eye on.
Drew Hansen reports:
As we reported, the Office of Personnel Management’s decision not to renew two contracts with Falls Chuch-based US Investigations Services LLC led to the loss of 2,500 jobs. But it might also have set a precedent for how government handles contractor breaches.
As a reminder, in July, the background checks division at USIS was hit by a cyber attack that reportedly affected 25,000 government employees. USIS suspected it to be “state-sponsored.” The government quickly suspended work with USIS and then opted to drop its contracts with the company.
If the government was going to set a precedent of terminating contracts for security or data breaches, they probably should have set it years ago after a number of breaches involving SAIC, no?
In this case, I wonder if the government would have cancelled the USIS contract if it had not been for an earlier problem with USIS not running the background checks it was supposed to run.
So is it really one strike and you’re out? I think the answer is “not really, but if your security is really abysmal, maybe.”

Picture this...
Hundreds Of Thousands Of Teens Have Had Their Snapchat Photos And Videos Intercepted By Hackers
A giant database of intercepted Snapchat photos and videos has been released by hackers who have been collecting the files for years. Shocked users of the notorious chat forum 4chan are referring to the hack as "The Snappening," noting that this is far bigger in scale than the iCloud hacks that recently targeted celebrities.
Underground photo trading chatrooms have been filled in recent weeks with hints that something big was coming. Thursday night it finally arrived: A third-party Snapchat client app has been collecting every single photo and video file sent through it for years, giving hackers access to a 13GB library of Snapchats that users thought had been deleted.

This has potential but has no RSS feed! Good idea poorly executed.
EFF Launches and Counter-Surveillance Success Stories
“The Electronic Frontier Foundation (EFF) today launched, a new site showcasing digital privacy advocates from around the world who are leading the fight against mass surveillance. The site includes figures from the organization’s growing list of Counter-Surveillance Success Stories, a set of guides showing how individuals and organizations have taken on state and corporate spying in their own countries—and won. Translated into 16 languages, highlights images and quotes from activists, business leaders, lawyers, and technologists.

Is this a “Right to be Forgotten” issue or a “Free Speech” issue?
Megumi Fujikawa reports:
Google Inc. has suffered another setback on privacy issues, this time in Japan, following a European court ruling that gave Internet users the right to ask the company to remove information about them from search results.
The Tokyo District Court on Thursday issued an injunction, ordering Google to remove some Internet search results about a Japanese man that are considered to be violating his privacy, representatives from both sides said.
Though the Tokyo court order has far less sweeping implications than the precedent-setting ruling by the European Court of Justice, it touches on similar issues.
Read more on WSJ.

Not sure I get this. None of this is new. All of this has been addressed and (more or less) solved.
Report Examines Ways to Bridge Cybersecurity Workforce Gap
A new report from the (ISC)² Foundation and University of Phoenix highlights the challenges posed by the shortage of cybersecurity professionals and identifies key ways for schools and businesses to address the situation.
Culled from conversations with tech industry, higher education and talent development leaders, the report identifies key gaps challenging employers related to competency, professional experience and "education speed-to-market."
… "With the rising demand for qualified cybersecurity talent, industry leaders are increasingly calling for a common definition of the scope of work that cybersecurity covers—and agreed-upon competencies that cybersecurity professionals must demonstrate," according to the report. [The Common Body of Knowledge has been out there for some time. Bob]
… On the higher education level, the report recommends among other things that schools build case studies into the curriculum to ensure students have to apply their knowledge and skills in real-world scenarios. [There are several Computer Security lab tools to walk students through security software or analysis tools. Bob]
In regards to professional experience, the report recommends industry associations support student membership, and advises employers to hire interns and partner with universities. Colleges meanwhile should create networking opportunities for students to use to build their resumes and experience, the report (PDF) adds.

Have a GoPro camera? Planning to do something truly stupid? Be sure to broadcast it live!
– Watch or broadcast live events from your iPhone or iPad. Watch live local news, sports, music, conferences and thousands of other events broadcasting live from all over the world. Follow your friends and get notified when they go live. Broadcast live from your device camera to viewers watching on or Livestream apps.

No comments: