It
is sometimes difficult to determine where a breach occurred. It is
even difficult to know where personal data comes from unless there
is a specific identifier built into the data or whoever posts it on
the hacker site names the victim.
When
in doubt, notify. Even if you suspect that it may be a vendor and
not your firm that’s been breached – particularly if it’s the
FBI or Secret Service that comes knocking on your door to alert you
that you may have been breached.
CICS
Employment Services Inc is notifying an undisclosed
number of individuals that their information may have been accessed
without authorization. The firm provides investigative and
background checks in Oregon.
I am writing to inform you of an incident that may affect the
security of your personal information. We were recently notified by
the Federal Bureau of Investigation (the FBI) that personal
information we processed regarding an application you made for
employment may have been accessed without authorization.
… The FBI’s forensic examinations of relevant portions of our
computer network, database and third party storage provider revealed
no evidence of any compromise. [I
didn't know the FBI turned over the results of their forensic
examinations. Maybe only the ones where they find nothing. Bob]
… We immediately engaged the services of an independent forensics
investigation firm [Because
they didn't trust the FBI review or like me, didn't think they'd get
the results? Bob] to determine whether CICS’ security
had been compromised. The forensic examinations revealed no evidence
that our network or database have been compromised.
… we changed web hosts
and have ensured that all PII contained in our network is encrypted
and secure. [Suggests
none of this was true before. Bob]
Read
their full notification
letter on the California Attorney General’s web site. The firm
has not responded by publication time to an inquiry asking them how
many individuals have been notified and if the FBI had any evidence
that the information had been misused for identity theft.
Curious.
Who makes choices like this? Teenage boys?
260,000
Facebook Users Infected With Trojan Disguised as Flash Update
Once
it infects a computer, the Trojan installs an extension in the
victim’s Web browser. The threat tags the victim’s Facebook
friends in a post advertising
an adult video. When users click on the link, they are
presented with a preview of the video, after which they are
instructed to install what appears to be a Flash Player plugin.
This component is the malware downloader.
Interesting.
Perhaps the FBI should hire a lawyer to review stuff like this.
Ken
Ritter of AP reports:
Undercover FBI and Nevada regulatory agents misled a federal judge
and violated the rights of a wealthy Malaysian businessman and his
son by posing as Internet repairmen to get into Las Vegas Strip hotel
rooms in a gambling probe last summer, a U.S. magistrate judge said.
In a case with Fourth Amendment implications, U.S. Magistrate Judge
Peggy Leen said evidence the agents collected as a result of the ruse
didn’t justify the deception used in the case involving Wei Seng
“Paul” Phua and his son, Darren Wai Kit Phua.
Read
more on ABC.
[From
the article:
"A
search warrant is never validated by what its execution recovers,"
Leen wrote in her 32-page recommendation that Gordon dismiss
evidence. "The search warrant is fatally flawed and lacks
probable cause to support the search."
…
The government also impounded Wei Seng Phua's $48 million Gulfstream
jet as collateral. [Guilty
or innocent, they never get that back, right? Bob]
Perhaps
a “Push” service to alert users when the “we have not been
served” notice does not go out? (Or are all my potential customers
terrorists or crooks?) In theory, this notice could be sent to
individual users.
EFF
Joins Coalition to Launch Canarywatch.org
“Warrant
canary” is a colloquial term for a regularly published statement
that an internet service provider (ISP) has not received legal
process that it would be prohibited from saying it had received, such
as a national
security letter. The term “warrant canary” is a reference to
the canaries
used to provide warnings in coalmines, which would become sick from
carbon monoxide poisoning before the miners would—warning of the
otherwise-invisible danger. Just like canaries in a coalmine, the
canaries on web pages “die” when they are exposed to something
toxic—like a secret FISA court order. Warrant canaries rely upon
the legal theory of compelled speech. Compelled speech happens when
a person is forced by the government to make expressive statements
they do not want to make. Fortunately, the First Amendment protects
against compelled speech in most circumstances. In fact, we’re not
aware of any case where a court has upheld compelled false speech.
Thus, a service provider could argue that, when
its statement about the legal process received is no longer true, it
cannot be compelled to reissue the now false statement, and can,
instead, remain silent. So far, no court has addressed
this issue. But if you’re not paying attention to a specific
canary, you may never know when it changes. Plenty of providers
don’t have warrant canaries. Those that do may not make them
obvious. And when warrant canaries do change, it’s not always
immediately obvious what that change means. That’s why EFF has
joined with a coalition of organizations, including the
Berkman Center for Internet and Society, New York University’s
Technology
Law & Policy Clinic, and the Calyx
Institute to launch Canarywatch.org.
The Calyx Institute runs and hosts Canarywatch.org.”
See
this FAQ for more information.
Interesting.
Assumes everything reported about the Snowden leaks is true and
could be used by terrorists, or “authoritarian
regimes.”
So they ask their governments (but not the terrorists and
authoritarian
regimes) to promise never to do it again.
Council
of Europe Report on Mass Surveillance
Provisional
version – Committee on Legal Affairs and Human Rights – Mass
surveillance. Rapporteur: Mr Pieter Omtzigt, Netherlands, Group
of the European People’s Party.
(Related)
Skype
Chats Compromised Syrian Rebels: Researchers
Syrian
opposition groups lost critical information when its members fell
victim to a "femme fatale" scheme using Skype chats that
injected computers and phones with malware, researchers said Monday.
The
security firm FireEye
said it uncovered the hacking scheme that stole tactical battle
plans, geographical coordinates, information on weapons and other key
data in a period from November 2013 to January 2014, and possibly
longer.
The
hackers lured victims into online chats with attractive female
avatars, eventually delivering a malware-laden photo, that allowed
the operators of the scheme to steal "scores of documents that
shed valuable insight into military operations planned against
President (Bashar al) Assad's forces," FireEye said in a report.
Do
we really need one hour shipping? Pizza parlors will need to deliver
much faster (perhaps ovens on the drones?)
Four
Technologies That Are Bringing One-Hour Shipping to Life
Earlier
this month, Amazon rolled out its new Prime
Now shipping service to a few zip codes in Manhattan.
If
you’re a Prime
subscriber and live in the serviced areas, the service promises
one hour delivery of packages to Prime users for about seven dollars
— alternately, you can get packages shipped in two hours for free.
The service currently supports about 250,000 of the most popular
items, and services only a small area.
Just
in time for my Data Management students to hear my governance
lecture.
4
Data Governance Trends to Watch in 2015
…
Many enterprises have benefited from the industry’s shift from
solely using traditional master data management to implementing
broader, higher-performing information governance environments
A
reasonably small set of “Big Data” for my students to analyze and
since Pew has already crunched the data, I know what results they
should get!
How
to access Pew Research Center survey data
“Earlier
in January [2015], the Pew Research Center released the full dataset
from our largest study ever conducted on U.S. politics, the 2014
Political Polarization and Typology survey, to make it available
to researchers. For the study, we interviewed 10,013 adults on
landline and cellphones. The dataset includes more than 150 measures
of political attitudes and behavior, plus a complete set of
demographic variables. It also has the full series of
political-values items asked on Pew Research Center surveys dating
back to 1994; the summary measures of ideological
consistency and typology
group membership constructed using these items; and measures of
partisan animosity and political engagement used in the center’s
reports released in 2014. There are two ways to locate and download
this and any other Pew Research Center dataset. Each research
area at the center has a “Datasets” or “Data and Resources”
section with
the available data listed in reverse chronological order by when the
survey was fielded….”
For
my geeky students.
$35
Raspberry Pi 2 Faster, Runs Windows 10
The
Pi Foundation on Monday announced that it has released the latest
version of its "entry-level PC." The Raspberry Pi 2 is now
available for US$35, the same price as the previous Model B+.
This
build-it-yourself computer features an 800MHz quad-core ARM Cortex-A7
CPU, which will offer six times the performance of the previous
system. It also includes double the memory with 1GB LPDDR2 SDRAM.
The
Raspberry Pi 2 will be fully compatible with the Pi 1, and because it
utilizes the ARMv7 processor, it can run a full range of ARM
GNU/Linux software including Snappy Ubuntu Core and, notably,
Microsoft's Windows 10.
I
can be an artist? (Article 4)
Everybody
Can Draw with Adobe PaintCan
Adobe
Labs has released a
free app called PaintCan. Available for free exclusively on iOS
(only in the U.S.), PaintCan
lets you turn photographs
into paintings in a matter of minutes. The video above
shows how it works, with automatic presets and manual brushstrokes
applied.
Due
to its experimental nature, Adobe is actively seeking feedback about
PaintCan, which may end up becoming a full Adobe product, be folded
into Photoshop,
or disappear altogether. Which means you should probably get hold of
it for free while you can.
The
monopolies will fall. Power to the people, dude!
Sen.
Cory Booker is cheering news that federal regulators will bar two
states from enforcing laws to prevent communities from building out
their own broadband Internet services.
…
“I’m pleased the FCC is standing up for the rights of
municipalities over special interests that may not find it profitable
to invest in low-income and rural areas,” he said in a statement on
Monday, hours FCC officials confirmed
the upcoming action.
…
"Every community should have the right to determine its
broadband needs and the path of its digital future, including the
ability to pick competition over monopoly for broadband services,”
echoed Shiva Stella, a spokeswoman for advocacy group Public
Knowledge.
No comments:
Post a Comment