Friday, February 27, 2015
Big or merely annoying? A little detail would be helpful.
Customer data stolen in TalkTalk hack attack
In an email sent to every customer, TalkTalk said scammers were using stolen information to trick people into handing over banking details.
TalkTalk said it had sent the email to every customer although only a few thousand account numbers went astray.
… The theft of data was unearthed when TalkTalk investigated a sudden rise in complaints from customers about scam calls between October and December 2014, said a spokeswoman.
… The attackers got at some of TalkTalk's internal systems via a third-party that also had access to its network. Legal action is now being taken against this unnamed third party.
… Although TalkTalk said it became aware of the data loss late last year, the BBC has been contacted by one customer who said the scammers working to a similar pattern called in August. His wife's familiarity with computers helped her quickly spot that the call was fake.
Strange, the FBI is involved but has not (yet) blamed North Korea, which is “near Russia.”
Jeff Mays and Murray Weiss report:
The hacking attack that left city agencies unable to receive some emails last week may have originated from somewhere near Russia and was an attempt to scam city employees and others out of money, according to law enforcement sources.
And it may be more widespread than previously believed, with workers at the state-overseen Long Island Rail Road receiving infected emails as well.
Read more on DNAinfo
Interesting. Does this signal a change in our strategic direction? Surely we won't shift resources to risks we already have solutions for, at the cost of abandoning work on more sophisticated threats? Perhaps we just need a much larger budget?
US Spymaster Warns Over Low-level Cyber Attacks
A steady stream of low-level cyber attacks poses the most likely danger to the United States rather than a potential digital "armageddon," US intelligence director James Clapper said on Thursday.
US officials for years have warned of a possible "cyber Pearl Harbor" that could shut down financial networks, poison water supplies or switch off power grids.
But Clapper told lawmakers that American spy agencies were more focused on lower-profile but persistent assaults that could have a damaging effect over time.
"We foresee an ongoing series of low-to-moderate level cyber attacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security," he said.
… He cited North Korea's alleged hacking of Sony Pictures in November and an Iranian attack a year ago against the Las Vegas Sands Casino Corporation. [These are “low-level attacks?” Bob]
If law enforcement forbids notification, do they assume the liability?
On June 4, 2014, the U.S. Dept. of Veterans Affairs, Office of Inspector General, Criminal Investigative Division notified Kaplan University (KU) that a former KU employee had stolen some students’ information, but placed a stay on notifying the affected students because of the criminal investigation. That stay was lifted this month, and KU began notifying affected students by letter on February 15, offering them a one-year complimentary membership in Experian ProtectMyID (the 3-bureau program that includes identity theft resolution and identity theft insurance). KU notes that it took considerable time and effort to work through the hard copy documents provided to them by VA OIG/CID to determine whom to notify and what information had been involved for each affected student.
It is not clear from their attorney’s letter to the New Hampshire Attorney General’s Office why or how the Dept. of Veterans Affairs became involved. Nor is there a lot of detail, period. We do not know how many students were affected, when the data theft occurred, how it occurred, how the information was misused, or how the breach was discovered. Nor do we know if the former employee has now been criminally charged.
DataBreaches.net e-mailed Kaplan University to ask a number of questions. They did not reply to yesterday’s inquiry, and re-sending the inquiry today resulted in an auto-responder that their media relations person was traveling on business and would reply to emails between flights. So far, there’s still no response, so we’re somewhat up in the air while he’s up in the air.
This post will be updated as more details become available.
If it ain't a Best Practice it's Unfair?
Wyndham: Third Circuit Requests Briefing on Whether FTC Declared Unreasonable Cybersecurity Practices Are ‘Unfair’
Katherine Gasztonyi writes:
On February 20, the Third Circuit sent a letter to counsel in FTC v. Wyndham Worldwide Corp., identifying at least one topic that will be addressed in the upcoming oral argument regarding the parties’ dispute over whether the FTC has the authority to regulate companies’ data security practices: whether unreasonable cybersecurity practices are “unfair.” The letter requested that counsel be prepared to address the issue by answering three questions. First, whether the FTC has declared that unreasonably security practices are “unfair” through procedures provided in the FTA (sic) Act. Second, if not, whether the FTC is requesting that the federal courts determine that unreasonable cybersecurity practices are “unfair” in the first instance. And finally, whether federal courts have the authority to determine that unreasonable cybersecurity practices are “unfair” in the first instance under a case brought under 15 U.S.C. § 53(b) (providing authority for the Commission to bring suit to enjoin a person or entity that the Commission has reason to believe is violating or is about to violate a provision of the FTC Act). The letter further indicated that the Third Circuit may also request additional briefing on these topics.
Read more on Covington & Burling Inside Privacy.
Hypothesis: If this is “non-standard” it will be invisible to current “bad guy” search tools and therefore more secure.
Are Mesh Nets The Future of The Internet?
In Havana, people are using a self-contained network to communicate with each other, play games, and share files despite pervasive Internet censorship in Cuba. This ad-hoc network—called a mesh network—has impressed a lot of people, and has many wondering if it represents the future of the Internet. Let’s take a look.
A mesh network is a network in which each node (a computer, phone, or tablet) serves as a relay, routing data between its peers. Snet, Havana’s mesh network, serves as a great example. Its 9,000 users use a combination of broadband cables and high-power wi-fi antennas to connect to send e-mail, share files, and play games with each other, without connecting to the outside Internet.
If it's a “Thing” and it's connected to the Internet of Things, it's going to collect and share information.
Why EBooks Are Recording Information About Your Reading Habits
… What you probably don’t know is that your reading activity can be monitored, recorded and even shared with government security agencies.
… It has been established that Amazon collects certain information about its readers. This goes beyond the basic analytics that you would expect to be collected by a progressive, digital company like Amazon (Apple, Barnes & Noble and Google Play Books – which you can now add your own books to – use similar techniques). The use of big data such as how long you spend reading, how far you make it through a book, search terms used to find the books and genres that you find appealing is a major part of these companies’ strategy, and also helps publishers to develop more readable books. [Not sure how that happens... Bob]
I wasn't sure why they did it yesterday, and apparently they were not too sure either.
Google backtracks on 'explicit' Blogger content ban
Google has reversed the decision to ban explicit sexual content on Blogger.
On Friday, in an update by Social Product Support Manager Jessica Pelegio on Google's Product Forums, the tech giant said in light of feedback and concern relating to the "retroactive enforcement of the new policy," which would impact on bloggers who have held accounts for over 10 years, Google has reversed its decision to ban explicit content entirely from the network.
In addition, Pelegio said the reversal was due in part to the potential "negative impact on individuals who post sexually explicit content to express their identities."
Interesting. I find a wide variation in student understanding of social media privacy.
When Using Social Media, Beware the Invisible Audience
Just one post to a social media site has the power to reach millions. But when we post, most of us are just thinking of, and writing for, a few people — a small audience of family, friends or the people we regularly interact with on each platform.
Unfortunately, the “invisible audience” — the people you didn’t know were looking, or who you didn’t know could look — often only reveals itself after an ill-timed, careless or incendiary post blows up in your face. On the small scale, you may have to apologize to a contact or co-worker, or deal with some other type of negative feedback. But a growing number of cases are showing how one careless tweet or Facebook post of questionable taste can lead to far grimmer consequences, including losing your job or becoming the focus of public shaming by a “digital mob” of strangers.
… Today’s students are more sophisticated in their understanding of privacy than some older people are, said Gailey, drawing insights from her class. “They have come of age after lot of cautionary tales,” she said. “They have learned not to post every photo from the party they went to. Students didn’t know all this five years ago.”
Apparently, there is a market beyond terrorists. Won't the FBI be surprised...
Silent Circle targets enterprise users with 'world first' privacy ecosystem
… Announced on Thursday, Silent Circle said "strong demand" from enterprise customers seeking to keep communication private through the Blackphone product range led the firm to launch a private, common equity round in order to grow and cater for new clients.
… On Thursday, Silent Circle reached an agreement with Geeksphone -- co-founder of the Blackphone project -- to buy out the companies' joint venture, SGP Technologies, granting Silent Circle 100 percent ownership of the JV and Blackphone product line.
SGP Technologies was founded in order to develop the Blackphone, a privacy-centric mobile device. The gadget features a custom Android operating system dubbed PrivatOS and is equipped with Silent Circle encrypted communications apps including Silent Phone and Silent Text.
So, what business opportunities open up?
FCC Adopts Tough Net Neutrality Rule in Historic Regulatory Shift
… The action places ISPs under Title II of the Telecommunications Act, reversing a 2002 FCC decision that classified ISPs under a different section of the law. The FCC's 2010 net neutrality regulation was struck down in January 2014 by a federal court that generally upheld the intent of the rule to prevent ISPs from creating "fast lanes'' for those who can pay more or restricting bandwidth for some companies. The court ruled the FCC was imposing regulations it didn't have the authority to enforce because it had not classified ISPs as utilities.
(Related) How long will this last?
(Related) Everything you ever wanted to know?
The Ultimate Net-Neutrality Reading List
Perspective. As IBM goes, so goes the industry?
IBM Outlines Profit Plan Focusing on Cloud, Analytics, Security
IBM's CEO says the company's plan to revamp its business Relevant Products/Services to shift away from hardware and focus on business analytics, cloud Relevant Products/Services computing, mobile Relevant Products/Services services and security Relevant Products/Services is on track.
I'm so old, I can remember a time when there were only two genders! Not sure if sophisticated analytics or mere marketing is pushing the change.
Facebook users who don't fit any of the 58 gender-identity options offered by the social-media giant are now being given a rather big 59th option: fill in the blank.
For the toolkit. (There may be a few bugs to overcome)
Microsoft Finally Allows Customers To Legally Download Windows 7 ISOs
… Sometimes, people simply lose the disc or ISO they had, and so it shouldn't be such a challenge to get a replacement.
Well, with a new feature on its website, you are now able to get that replacement ISO. However, it's behind a bit of protection: you'll need to provide your legal product code, and then the language, in order to go through to the download page. If you've somehow lost your key but are still using the OS that it's tied to, you can retrieve it through a tool like the Magical Jelly Bean (an application I've used for many years and has saved me a time or two).
[Magical Jelly Bean: https://www.magicaljellybean.com/
Tools for my students.
8 Diagramming Apps for Better Brainstorming on the Go
For my Data Analytics students.
Ben Wellington: How we found the worst place to park in New York City -- using big data
City agencies have access to a wealth of data and statistics reflecting every part of urban life. But as data analyst Ben Wellington suggests in this entertaining talk, sometimes they just don't know what to do with it. He shows how a combination of unexpected questions and smart data crunching can produce strangely useful insights, and shares tips on how to release large sets of data so that anyone can use them.
Global warming! Global warming! It's all Al Gore's fault!
IT'S OFFICIAL - This is our snowiest February in Denver
Just 10 days ago, we were on track for one of the driest Februarys in Denver history, but after several snowstorms, Denver has set a new record for February snowfall -- 22.2 inches.