Thursday, December 11, 2014

Laptops get stolen every day and every day press releases try to make the risk seem trivial. Here is how I (and perhaps my Computer Security students) read between the lines.
From the web site of Corvallis Clinic:
The laptop was stolen from a Corvallis Clinic employee’s locked car at a work-related conference in Portland in mid-November.
This was a breach of Clinic policy in that patient health information was reported to have been maintained on the employee’s personal laptop that had not been evaluated or cleared for use by The Clinic’s IT security officer. [The Clinic had inadequate (or no) data controls in place Bob]
The laptop was protected by a highly secure alpha-numeric password; [That provides no protection at all if the hard drive is pulled and accessed as a 'plug in' drive on another system. Bob] however, the data was not encrypted. Nevertheless, a breach of patient health information is unlikely. [Assumes the laptop was taken for the hardware not the data. Bob]
… The information stored was limited to spreadsheets, so any patient health information that may be on the computer is limited in data. The Clinic IT staff and third-party computer forensic experts are in the process of fully investigating what may have been stored on the laptop. [“We have no clue what this employee copied from our files.” Bob]
… None of the information is known to include Social Security numbers or financial credit information. Also, only patients seen within the last two years are potentially on the spreadsheet. [May include two years of data? Bob]

For my Ethical Hackers. See why I always do my hacking using my lawyer's credentials?
AFP reports:
Iran’s telecommunications minister has said his technicians are developing a system to identify any Internet user in the country at the moment of log-on, the ISNA news agency reported Saturday.
“Because of our efforts, in future when people want to use the Internet they will be identified, and there will be no web surfer whose identity we do not know,” Mahmoud Vaezi said, without elaborating on how this would technically be done.
Read more on Yahoo! News.

Kind of the opposite of giving the police video cameras. If I obviously have a camera, perhaps with blinking lights and a sign that reads, “I'm recording this for my lawyer,” would anyone within range have an expectation of privacy?
Jon Street reports:
The Illinois House and Senate have overwhelmingly passed an amendment that would make it unclear as to when it is legal to record an encounter with a police officer and when it is illegal.
Earlier this year, the Illinois Supreme Court struck down a similar law which made recording conversations with police or anyone else without their permission illegal. The court ruled that the state does not have the constitutional authority to criminalize recording in situations where individuals have no reasonable expectation of privacy.
Read more on The Blaze.

Spain, The Forbidden Kingdom? Will our grandchildren wonder what happened to Spain?
Spanish news to vanish from Google News globally
Google’s decision to close Google News in Spain because of a law requiring aggregators to pay news publishers for linking content also means that the publishers’ content will vanish around the world.
The company said it will block reports from Spanish publishers from its more than 70 Google News international editions in addition to the Spain shutdown on Dec. 16 — two weeks before a new Spanish intellectual property law takes effect.
Spain’s AEDE association, which represents large news publishers, lobbied for the law nicknamed the “Google Tax.”
The association declined comment Thursday on Google Inc.’s decision.

Circling the drain? Consider: The Soviet Union broke up because (at least in part) they could not keep pace with Reagan's spending on Star Wars tech. Now lower oil prices mean they have no money to spend on anything.
Russia’s Rate Increase Fails to Halt Ruble’s Slide to Record
Russia’s fifth interest-rate increase this year failed to stem the ruble’s worst rout in 16 years, risking further damage to an economy battered by sanctions and oil prices near the lowest since 2009.
… “This is a spineless decision,” Vadim Bit-Avragim, who helps oversee about $4 billion at Kapital Asset Management LLC in Moscow, said by phone. “If the central bank’s goal was to defend the ruble, it would’ve raised rates by 2-3 percentage points.”

“Hey, we're a monopoly. Take it or leave it.”
Comcast Faces Lawsuit For Turning Customer Routers Into Free Public Wi-Fi
Last year, Comcast announced that the company was deploying its Xfinity Home Hotspot initiative that would turn a user’s home router into a public hotspot. However, the initiative was met with criticism and a pair of Comcast customers is suing the company claiming that the imitative poses risks to subscribers and that Comcast’s actions were carried out without their permission.
The suit was filed in the US District Court in Northern California by Plaintiff Toyer Grear and daughter Joycelyn Harris. They are seeking to give their suit class action status for all Comcast customers whose wireless routers double as Xfinity Wi-Fi hotspots. “Without authorization to do so, Comcast users the wireless routers it supplies to its customers to generate additional, public WiFi networks for its own benefit,” the complaint states.

Perhaps not revelatory, but still interesting.
Measuring the Digital Economy – OECD
Directorate for Science, Technology and Innovation: “The growing role of the digital economy in daily life has heightened demand for new data and measurement tools. Internationally comparable and timely statistics combined with robust cross-country analyses are crucial to strengthen the evidence base for digital economy policy making, particularly in a context of rapid change. This report presents indicators traditionally used to monitor the information society and complements them with experimental indicators that provide insight into areas of policy interest. The key objectives of this publication are to highlight measurement gaps and propose actions to advance the measurement agenda.”

For my geeks. Grab the specs and build your own.
Google Launches Cardboard App Collection
Google is pushing its virtual reality headset Google Cardboard harder than ever, with updates for users, developers, and makers. When Google unveiled Google Cardboard at Google I/O 2014 in June, most people regarded it as a jokey take on the emerging VR form factor. But it turns out Google was deadly serious.
To demonstrate its commitment to Cardboard, Google has rolled some of its favorite Cardboard apps into a collection on Google Play. Included are a live performance from Jack White, a tour of the Shire from The Hobbit, and a 3D brick-breaking game. As well as Google’s own dedicated Cardboard app.
In order to help developers create the best Cardboard apps, Google has also released software development kits (SDKs) for Android and Unity. And for makers there are new building specs crafted with specific tools in mind. Finally, as proof Google is serious about Cardboard, it’s hiring a handful of people to work on creating virtual reality experiences.

No comments: