Tuesday, February 03, 2015
It is sometimes difficult to determine where a breach occurred. It is even difficult to know where personal data comes from unless there is a specific identifier built into the data or whoever posts it on the hacker site names the victim.
When in doubt, notify. Even if you suspect that it may be a vendor and not your firm that’s been breached – particularly if it’s the FBI or Secret Service that comes knocking on your door to alert you that you may have been breached.
CICS Employment Services Inc is notifying an undisclosed number of individuals that their information may have been accessed without authorization. The firm provides investigative and background checks in Oregon.
I am writing to inform you of an incident that may affect the security of your personal information. We were recently notified by the Federal Bureau of Investigation (the FBI) that personal information we processed regarding an application you made for employment may have been accessed without authorization.
… The FBI’s forensic examinations of relevant portions of our computer network, database and third party storage provider revealed no evidence of any compromise. [I didn't know the FBI turned over the results of their forensic examinations. Maybe only the ones where they find nothing. Bob]
… We immediately engaged the services of an independent forensics investigation firm [Because they didn't trust the FBI review or like me, didn't think they'd get the results? Bob] to determine whether CICS’ security had been compromised. The forensic examinations revealed no evidence that our network or database have been compromised.
… we changed web hosts and have ensured that all PII contained in our network is encrypted and secure. [Suggests none of this was true before. Bob]
Read their full notification letter on the California Attorney General’s web site. The firm has not responded by publication time to an inquiry asking them how many individuals have been notified and if the FBI had any evidence that the information had been misused for identity theft.
Curious. Who makes choices like this? Teenage boys?
260,000 Facebook Users Infected With Trojan Disguised as Flash Update
Once it infects a computer, the Trojan installs an extension in the victim’s Web browser. The threat tags the victim’s Facebook friends in a post advertising an adult video. When users click on the link, they are presented with a preview of the video, after which they are instructed to install what appears to be a Flash Player plugin. This component is the malware downloader.
Interesting. Perhaps the FBI should hire a lawyer to review stuff like this.
Ken Ritter of AP reports:
Undercover FBI and Nevada regulatory agents misled a federal judge and violated the rights of a wealthy Malaysian businessman and his son by posing as Internet repairmen to get into Las Vegas Strip hotel rooms in a gambling probe last summer, a U.S. magistrate judge said.
In a case with Fourth Amendment implications, U.S. Magistrate Judge Peggy Leen said evidence the agents collected as a result of the ruse didn’t justify the deception used in the case involving Wei Seng “Paul” Phua and his son, Darren Wai Kit Phua.
Read more on ABC.
[From the article:
"A search warrant is never validated by what its execution recovers," Leen wrote in her 32-page recommendation that Gordon dismiss evidence. "The search warrant is fatally flawed and lacks probable cause to support the search."
… The government also impounded Wei Seng Phua's $48 million Gulfstream jet as collateral. [Guilty or innocent, they never get that back, right? Bob]
Perhaps a “Push” service to alert users when the “we have not been served” notice does not go out? (Or are all my potential customers terrorists or crooks?) In theory, this notice could be sent to individual users.
EFF Joins Coalition to Launch Canarywatch.org
“Warrant canary” is a colloquial term for a regularly published statement that an internet service provider (ISP) has not received legal process that it would be prohibited from saying it had received, such as a national security letter. The term “warrant canary” is a reference to the canaries used to provide warnings in coalmines, which would become sick from carbon monoxide poisoning before the miners would—warning of the otherwise-invisible danger. Just like canaries in a coalmine, the canaries on web pages “die” when they are exposed to something toxic—like a secret FISA court order. Warrant canaries rely upon the legal theory of compelled speech. Compelled speech happens when a person is forced by the government to make expressive statements they do not want to make. Fortunately, the First Amendment protects against compelled speech in most circumstances. In fact, we’re not aware of any case where a court has upheld compelled false speech. Thus, a service provider could argue that, when its statement about the legal process received is no longer true, it cannot be compelled to reissue the now false statement, and can, instead, remain silent. So far, no court has addressed this issue. But if you’re not paying attention to a specific canary, you may never know when it changes. Plenty of providers don’t have warrant canaries. Those that do may not make them obvious. And when warrant canaries do change, it’s not always immediately obvious what that change means. That’s why EFF has joined with a coalition of organizations, including the Berkman Center for Internet and Society, New York University’s Technology Law & Policy Clinic, and the Calyx Institute to launch Canarywatch.org. The Calyx Institute runs and hosts Canarywatch.org.” See this FAQ for more information.
Interesting. Assumes everything reported about the Snowden leaks is true and could be used by terrorists, or “authoritarian regimes.” So they ask their governments (but not the terrorists and authoritarian regimes) to promise never to do it again.
Council of Europe Report on Mass Surveillance
Provisional version – Committee on Legal Affairs and Human Rights – Mass surveillance. Rapporteur: Mr Pieter Omtzigt, Netherlands, Group of the European People’s Party.
Skype Chats Compromised Syrian Rebels: Researchers
Syrian opposition groups lost critical information when its members fell victim to a "femme fatale" scheme using Skype chats that injected computers and phones with malware, researchers said Monday.
The security firm FireEye said it uncovered the hacking scheme that stole tactical battle plans, geographical coordinates, information on weapons and other key data in a period from November 2013 to January 2014, and possibly longer.
The hackers lured victims into online chats with attractive female avatars, eventually delivering a malware-laden photo, that allowed the operators of the scheme to steal "scores of documents that shed valuable insight into military operations planned against President (Bashar al) Assad's forces," FireEye said in a report.
Do we really need one hour shipping? Pizza parlors will need to deliver much faster (perhaps ovens on the drones?)
Four Technologies That Are Bringing One-Hour Shipping to Life
Earlier this month, Amazon rolled out its new Prime Now shipping service to a few zip codes in Manhattan.
If you’re a Prime subscriber and live in the serviced areas, the service promises one hour delivery of packages to Prime users for about seven dollars — alternately, you can get packages shipped in two hours for free. The service currently supports about 250,000 of the most popular items, and services only a small area.
Just in time for my Data Management students to hear my governance lecture.
4 Data Governance Trends to Watch in 2015
… Many enterprises have benefited from the industry’s shift from solely using traditional master data management to implementing broader, higher-performing information governance environments
A reasonably small set of “Big Data” for my students to analyze and since Pew has already crunched the data, I know what results they should get!
How to access Pew Research Center survey data
“Earlier in January , the Pew Research Center released the full dataset from our largest study ever conducted on U.S. politics, the 2014 Political Polarization and Typology survey, to make it available to researchers. For the study, we interviewed 10,013 adults on landline and cellphones. The dataset includes more than 150 measures of political attitudes and behavior, plus a complete set of demographic variables. It also has the full series of political-values items asked on Pew Research Center surveys dating back to 1994; the summary measures of ideological consistency and typology group membership constructed using these items; and measures of partisan animosity and political engagement used in the center’s reports released in 2014. There are two ways to locate and download this and any other Pew Research Center dataset. Each research area at the center has a “Datasets” or “Data and Resources” section with the available data listed in reverse chronological order by when the survey was fielded….”
For my geeky students.
$35 Raspberry Pi 2 Faster, Runs Windows 10
The Pi Foundation on Monday announced that it has released the latest version of its "entry-level PC." The Raspberry Pi 2 is now available for US$35, the same price as the previous Model B+.
This build-it-yourself computer features an 800MHz quad-core ARM Cortex-A7 CPU, which will offer six times the performance of the previous system. It also includes double the memory with 1GB LPDDR2 SDRAM.
The Raspberry Pi 2 will be fully compatible with the Pi 1, and because it utilizes the ARMv7 processor, it can run a full range of ARM GNU/Linux software including Snappy Ubuntu Core and, notably, Microsoft's Windows 10.
I can be an artist? (Article 4)
Everybody Can Draw with Adobe PaintCan
Adobe Labs has released a free app called PaintCan. Available for free exclusively on iOS (only in the U.S.), PaintCan lets you turn photographs into paintings in a matter of minutes. The video above shows how it works, with automatic presets and manual brushstrokes applied.
Due to its experimental nature, Adobe is actively seeking feedback about PaintCan, which may end up becoming a full Adobe product, be folded into Photoshop, or disappear altogether. Which means you should probably get hold of it for free while you can.
The monopolies will fall. Power to the people, dude!
Sen. Cory Booker is cheering news that federal regulators will bar two states from enforcing laws to prevent communities from building out their own broadband Internet services.
… “I’m pleased the FCC is standing up for the rights of municipalities over special interests that may not find it profitable to invest in low-income and rural areas,” he said in a statement on Monday, hours FCC officials confirmed the upcoming action.
… "Every community should have the right to determine its broadband needs and the path of its digital future, including the ability to pick competition over monopoly for broadband services,” echoed Shiva Stella, a spokeswoman for advocacy group Public Knowledge.