Thursday, January 22, 2015

We might have a chance to learn something! (As will every Class Action lawyer in the country.) Is there a way to get copies of the exhibits from both sides? For Academic purposes of course. My Computer Security (and Ethical Hacking) students would find it quite interesting.
From the yay-a-judge-standing-up-for-transparency dept.:
R. Robin McDonald reports:
A federal judge in Atlanta has put lawyers in litigation over credit and debit card security breaches at The Home Depot that he will reject attempts to seal large portions of the court record.
“The first 10 years I was on the bench pretty much we just went along with whatever y’all wanted to do about sealing documents. At least I did,” U.S. District Chief Judge Thomas Thrash Jr. told the lawyers at a Jan. 16 status conference on the multi-district litigation. “And then in these big commercial cases it became clear that things were just getting out of hand, and the lawyers were wanting to seal virtually everything.”
Read more on Daily Report.

We have learned something here. Processor contracts need to be rewritten! (Roughly $0.20 per card?)
Tracy Kitten reports:
A breached retailer has won a court ruling against its payments processor and merchant bank, setting a $500,000 cap on how much it must pay for a point-of-sale breach it suffered in late 2012. Now the processor and bank must pick up the rest of the breach-related tab.
On Jan. 15, the U.S. District Court for the Eastern District of Missouri ruled that the St. Louis-based grocery chain Schnuck Markets Inc. was not the sole party responsible for covering losses and expenses associated with its payments breach, which is estimated to have compromised some 2.4 million credit and debit cards.
Read more on,

Can it be? A government that does computer security right? Wow!
Claudia Lauer reports:
The Arkansas Department of Information Systems blocked all .zip files from the state’s email system after a malware attack was identified.
The department sent out notice over email and social media about 10:30 a.m. Wednesday. Department spokesman Janet Wilson said only a fraction of the more than 15,000 computers on the state’s computer network were affected.
“There were less than 50 machines that were actually infected,” she said. “We have multiple layers of defensive mechanisms. Some of them are malicious traffic filters and there are other measures as well. Those filters caught the malware attack. We ran a test on the computers in the network, and those 50 were identified quickly and taken off of the state network and replaced.”

What? You thought these things were secure? How do you think my Ethical Hackers can guarantee a 20% reduction in your insurance rates? Or consistently prove it's the other guy's fault?
Swati Khandelwal writes:
…. Since 2008, US-based Progressive Insurance has used the SnapShot device in more than two million vehicles. The little device monitors and tracks users’ driving behavior by collecting vehicle location and speed records, in order to help determine if they qualify for lower rates.
However, the security researcher Corey Thuen has revealed that the dongle is insecure and performs no validation or signing of firmware updates. [In other words, it does not check to see if modifications are authorized Bob] It has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols, possibly putting the lives of people inside the vehicle in danger.
Read more on The Hacker News.

This reads rather funny...
Mark Govaki reports:
The attorney for a former defense contractor employee accused of stealing sensitive government data questioned the timing and scope of federal agents’ search and why the FBI would erase surveillance video.
John M. Sember, 28, is accused in a complaint filed in Dayton’s U.S. District Court of either destroying or taking sensitive information from government computers after his defense contractor job ended at Wright-Patterson Air Force Base.
Read more on Dayton Daily News.
[From the article:
… Sometimes conflicting testimony from Fairborn police officers, federal agents and Sember himself was given in U.S District Court Judge Thomas Rose’s courtroom Friday during a hearing on defense motions to suppress and to dismiss the indictment.
… A wide array of computer and electronic equipment was seized from Sember’s Fairborn residence after a search warrant was served March 28, 2014. Items taken included a surveillance system DVR located in a small room behind a book case in his bedroom.
… Sember answered a question from assistant U.S. attorney Dwight Keller by saying he initiated the discussion about what may be found on the surveillance footage when FBI Special Agent Andrew J. Eilerman was going to return the surveillance DVR last fall.
… He also testified he didn’t think the footage — including a time stamp — would be erased before the outcome of his case.
FBI Special Agent James Howley testified he seized the DVR from Sember’s home because it could contain classified information and for “officer safety.” Hawley also said he didn’t ask anyone at the FBI to look at the footage and they did not know of any protocol allowing or disallowing the destruction of evidence without a court order before a case was decided.
Howley said an FBI forensic lab worker erased the DVR — believing the worker didn’t view it — at the request of Eilerman.

This isn't really a new idea, is it?
If you’re interested in surveillance – and curbing it – add this to your must-read list:
Kaminski, Margot E. and Witnov, Shane. The Conforming Effect: First Amendment Implications of Surveillance, Beyond Chilling Speech (January 2015). University of Richmond Law Review, Vol. 49, 2015. Available for free download at SSRN: (article is .pdf, 54 pp)
First Amendment jurisprudence is wary not only of direct bans on speech, but of the chilling effect. A growing number of scholars have suggested that chilling arises from more than just a threat of overbroad enforcement — surveillance has a chilling effect on both speech and intellectual inquiries. Surveillance of intellectual habits, these scholars suggest, implicates First Amendment values. However, courts and legislatures have been divided in their understanding of the extent to which surveillance chills speech and thus causes First Amendment harms.
This article brings First Amendment theory into conversation with social psychology to show that not only is there empirical support for the idea that surveillance chills speech, but surveillance has additional consequences that implicate multiple theories of the First Amendment. We call these consequences “the conforming effect.” Surveillance causes individuals to conform their behavior to perceived group norms, [Ask any dictator Bob] even when they are unaware that they are conforming. Under multiple theories of the First Amendment — the marketplace of ideas, democratic self-governance, autonomy theory, and cultural democracy — these studies suggest that surveillance’s effects on speech are broad. Courts and legislatures should keep these effects in mind.

I admit I can't figure out what Putin is doing here. Perhaps a bit of, “Yes, our economy is collapsing but our military is still strong?” Perhaps, “We really, really want the Ukraine?” Perhaps, “How dare they defy me?”
Ukraine says more Russian troops crossed border; fighting escalates
Ukraine's president on Wednesday accused Russia of moving additional troops and military hardware into his country, a charge the Moscow quickly denied amid intense fighting in eastern Ukraine.
… “The situation is getting worse because now we have information that more than 2,000 additional Russian troops are crossing our border together with 200 tanks and armored personnel carriers,” Poroshenko said in a Bloomberg TV interview. He did not say when the incursion occurred.
The troops and hardware were in addition to about 8,000 Russian soldiers and 300 tanks and armored vehicles already deployed in the country's coal-mining region of Donbas, he said.
… Russia had recently amassed more than 50,000 troops “in full combat readiness” and hardware close to Ukraine's borders, the Ukrainian Foreign Ministry said on its website Wednesday.

When all else fails, RTFM! (I find a simple Google search works fine.)
5 Sites To Find & Download User Manuals

Tools for my geeky students.
Need A Disk Cleanup? Visualize What Takes Up Space On Your Windows PC

Perhaps we can analyze this data to see if we get the same results? (If we do, perhaps some of the local PDs will be interested?)
Jeremy Gillula and Dave Maass write:
Police cars mounted with automatic license plate readers (ALPRs) wind their way through the streets of Oakland like a “Snake” game on an old cell phone. Instead of eating up pixels of food, these cameras gobble down thousands of license plates each day. And instead of growing a longer tail, ALPRs feed into a giant database of locational data as they conduct surveillance on every driver within the city limits, and sometimes beyond.
This is the portrait that emerged when EFF analyzed eight days of ALPR data provided by the City of Oakland in response to a request under the California Public Records Act.
Read more on EFF.
[From the EFF:
Want to take a look at the data yourself? Do you have a better analysis method? Want to draw your own conclusions? Please do! You can find the ALPR data here and the crime data here, both in CSV format, or here in a Google Fusion Table.

More reading for my students. We'll discuss at least a dozen of them...
9 Business Intelligence and Analytics Predictions for 2015

No comments: