After
the fact, will your security practices look as dumb
as this one?
No,
Human
Resource Advantage. You do not get to put an
unencrypted thumb drive with employee records in the regular mail to
TrustHCS and then claim
you take the security of personal information in your control “very
seriously.”
From
your own investigation, that drive contained names, Social Security
numbers, dates of birth, bank account information, postal and email
addresses, and any leave of absence requests, including those
submitted under the Family Medical Leave Act for several current and
former employees of TrustHCS.
Heck,
there wasn’t even any password protection (not that that would have
done much).
“Very
seriously?”
No
way.
And
where were you in all this, TrustHCS? Did your
contract with Human Resource Advantage permit them to send you
sensitive employee records without any encryption or protection? If
it did, why? And if it didn’t, are you still using them?
For
my Computer Security students. What if this is just practice? Also
should be food for tought for my Risk Analysis students.
Turkey
Investigates Cause of Worst Power Outages in 15 Years
The
most extensive power failure in 15 years disrupted services across
Turkey, with the prime minister saying all possible causes including
terrorism were being investigated.
…
Yildiz ruled out insufficient energy supply, while saying he
couldn’t yet exclude the possibility of a cyber attack. The
ministry was also investigating whether a disruption at a power plant
in Izmit could have created a “domino effect” of power failures
nationwide, he said.
…
The nationwide failures expose vulnerability in Turkey’s
electricity infrastructure, according to Aaron Stein, an associate
fellow at the Royal United Services Institute, who wrote about the
subject in a report published this year by Edam, an Istanbul-based
think tank.
“Turkey
has yet to formulate a policy regarding the defense of critical
national infrastructure,” Stein said by e-mail from Geneva today.
“Turkey has never defined
critical national infrastructure and therefore does not have a
national plan to defend these non-defined sites.”
(Related)
You have to exercise your talents.
…
The attack began when an individual or group hacked software used by
Baidu,
China’s largest search engine. The attackers altered the software
Baidu uses to serve ads on Chinese websites, causing Baidu users’
computers to automatically and repeatedly connect to other sites.
The attack was invisible, so Baidu users didn’t know that their
browsers were hammering away at other servers.
That
flood of traffic was directed toward two anti-censorship tools hosted
on GitHub. One is a piece of software developed by GreatFire, a
non-profit group that monitors censorship in China. The Chinese
government harshly
restricts what websites its people may visit, and has repeatedly
censored products from Google and other Western companies in recent
years. The other tool under attack allows Chinese users to access a
translated version of The New York Times, which is blocked in China.
It isn’t known who is behind the software that copies the Times’s
content.
(Related)
Rutgers
University Faces China And Ukraine In ‘March Madness’ DDoS Attack
…
In an email sent out Sunday to tens of thousands of Rutgers students
at 2:30PM EST, approximately an hour after the university's website
went down for 15 minutes, Rutgers vice president of Information
Technology Don Smith acknowledged the cyberattack,
saying "The Rutgers Office of Information Technology (OIT) has
been working around the clock to resolve service interruptions caused
by a Distributed Denial of Service (DDOS) that began Friday
afternoon."
Reports are saying that although certain tools used by Rutgers students and faculty have been affected — for instance, the university's Sakai learning software was not available off-campus on Sunday — the university has not detected any thefts of personal or confidential information up until this point.
Reports are saying that although certain tools used by Rutgers students and faculty have been affected — for instance, the university's Sakai learning software was not available off-campus on Sunday — the university has not detected any thefts of personal or confidential information up until this point.
Guidelines
for my Ethical Hackers.
PCI
Security Standards Council Releases Guidance on Pen Testing
…
The
report, available
here, was developed by a PCI Special Interest Group of industry
experts and is aimed at organizations of all sizes, budgets and
sectors. Specifically, the guidance focuses on understanding the
different components comprising a penetration test and how they
differ from a vulnerability scan in terms of scope, application and
network layer testing, segmentation checks and social engineering.
It also provides advice on determining the qualifications of a pen
tester as well as information related to the "three primary
parts of a penetration test": pre-engagement, engagement and
post-engagement.
Important
because my Computer Security students will monitor activity to locate
threats and forecast operational issues before they result in
failures. We will need to know where the line is to avoid crossing
it.
Ca:
Key features of District of Saanich employee monitoring software
violate employee privacy rights
In
an investigation report released today, B.C. Information and Privacy
Commissioner Elizabeth Denham is recommending that the District of
Saanich disable key features of its employee monitoring software
including keystroke logging, automated screen shots and continuous
tracking of computer program activity because they violate the
privacy rights of employees and elected officials.
Commissioner
Denham has also recommended the District destroy all data collected
by the software, Spector 360. The District has agreed to do so
following the conclusion of the Commissioner’s investigation.
“Public
bodies have a responsibility to secure and protect their computers
and networked systems against internal and external threats, however
they must also respect an employee’s legal right to privacy,”
said Commissioner Denham.
…
“The District can only collect personal information that is
directly related to and necessary for the protection of IT systems
and infrastructure. An
employee’s every keystroke and email, or screen captures of
computing activities at 30-second intervals clearly exceeds that
purpose and is not authorized by privacy law.”
The
Commissioner also found that the District failed to provide adequate
notice to employees and elected officials about the amount and type
of personal information it was collecting.
…
Investigation Report F15-01: Use of employee monitoring software by
the District of Saanich is available for download at:
https://www.oipc.bc.ca/report/investigation-reports/
A
lot of little dips into the Big Data pool.
Microsoft:
Just Three Enterprises Impacted by Law Enforcement Requests in 2H
2014
In
its
transparency report, Microsoft said that the total number of law
enforcement requests received in the second half of 2014 was 31,002,
bringing to the total for the year to 65,496, down from 72,279 in
2013.
…
Of
the data provided to law enforcement, which requires a court order or
a warrant, 3 percent was content customers created, shared or stored
on Microsoft services, such as email. The remaining 97 percent of
data disclosed was non-content data, Microsoft said, including things
such name, email address, email address, name, state, country, ZIP
code and IP address captured at the time of registration.
Have
we just outlawed news helicopters?
Eugene
Volokh writes:
Does the First Amendment include a right to gather information using
flying drones? The federal trial court decision in Rivera
v. Foley (D. Conn. Mar. 23) is to my knowledge the first
court decision to consider the matter, and it’s largely skeptical
of the First Amendment claim — though of course it won’t be the
last word on the subject, both because it is just a trial court
opinion, and because it mostly holds that any right to use drones
wasn’t “clearly established” at the time of the events.
Read
more on The
Volokh Conspiracy.
[From
the article:
The
court concluded that no right to gather information through
videorecording had been recognized under Supreme Court and Second
Circuit precedent. (Several decisions from other circuits have
recognized such a right, but two others have held that no such right
was clearly established at the time of those decisions, and in any
event the Second Circuit, in which this particular case arose, hadn’t
spoken.)
But
the court went further, concluding that, even if a right to
videorecord was recognized, it did not clearly extended to hovering
above — even 150 feet above — “the site of a major motor
vehicle accident and the responding officers within it, effectively
trespassing onto an active crime scene”
Big
Data and Analytics?
IBM’s
latest big bet: $3 billion on the Internet of things
Imagine
adjusting store merchandising based on whether it will rain or snow
over the next 48 hours. Alerting auto insurance policy holders to
find shelter as a hailstorm approaches. Or anticipating spikes in
electricity demand, using temperature and humidity metrics to
consider historical data.
Those
are just three scenarios made possible through a new global,
strategic relationship between IBM and The Weather Company, parent of
the Weather Channel and WSI, which licenses forecast information to
businesses.
…
Right now, IBM figures that up to 90% of the data generated by
devices such as appliances, connected vehicles, smartphones and other
connected devices is never analyzed.
…
Among other things, IBM will train at least 10,000 consultants on
data services in the coming months, including 5,000 weather
specialists. It will also fund market development, research and
development, and additional alliances, he said. “We are looking at
non-traditional sources, data sources that people have had trouble
integrating into operational systems,” Cawley said.
…
Another high-profile example is Oracle’s
buyout of Datalogix, which collects insights about more than $2
trillion in consumer spending that could serve as the foundation for
new marketing services. Expect more of the same from Google,
Microsoft, and Amazon
Web Services.
“All
of these guys are racing to find companies to partner with that have
these huge sources of data,” Gens said. “It
will become an arms race of who can accumulate the most valuable
sources.”
Something
to tease my Business Intelligence students?
The
Importance of Data Occupations in the U.S. Economy
Economics
& Statistics Administration, Department of Commerce.
By William Hawk, Regina Powers, Economists, and Robert Rubinovitz
Deputy Chief Economist Economics and Statistics Administration Office
of the Chief Economist. ESA Issue Brief #01 -15. March 12, 2015.
“The
growing importance of data in the economy is hard to dispute. But
what does this mean for workers and jobs? A lot, as it turns out:
higher paying (over
$40/hour), faster growing jobs. In
this report we identify occupations where data analysis and
processing are central to the work performed and measure the size of
employment and earnings in these occupations , as well as in the
industries that have the highest concentration of these data
occupations. Key
findings of the report include:
•
Employment where data is central to the job was about 10.3 million in
2013 (of which 1.6 million were government workers), or about 7.8
percent of all employment. However, including occupations where
working with data is at least an important part of the job
dramatically increases that number: to 74.3 million jobs, or over
half of the workforce.
•
Hourly wages for private-sector workers in data occupations, which
are concentrated in the broad categories of business and
computer/mathematical occupations, averaged $40.30 in 2013, about 68
percent higher for all occupations.
•
For these top data occupations, two-thirds or more of the workers
have at least a college degree; in comparison about one-third of
workers across all occupations have a bachelor’s degree or higher.
That's
“suspects” not those wearing bracelets in lieu of jail. (This
“suspect” is “a recidivist sex offender.” Apparently, the
bracelet was seen as an extension of the “always let law
enforcement know where you are” laws.)
Orin
Kerr writes:
The case is Grady
v. North Carolina. Held: Forcing someone to wear an ankle
bracelet to monitor location is a Fourth Amendment search. The new
decision extends the Jones search doctrine to searches of
persons, and it provides more opportunity to ponder what the Jones
test means. I’ll start with the history, then discuss the new
decision, and then offer some thoughts on the new case.
Read
more on The
Volokh Conspiracy.
Interesting.
Daniel
Solove writes:
Does scholarship really have an impact? For a long time, naysayers
have attacked scholarship, especially scholarship about law. U.S.
Supreme Court Chief Justice Roberts once remarked:
“Pick up a copy of any law review that you see, and the first
article is likely to be, you know, the influence of Immanuel Kant on
evidentiary approaches in 18th Century Bulgaria, or something.” He
noted that when the academy addresses legal issues at “a
particularly abstract, philosophical level . . . they shouldn’t
expect that it would be of any particular help or even interest to
the members of the practice of the bar or judges.” Judge Harry
Edwards also has attacked legal scholarship as largely irrelevant.
Critics are quick to point out that much legal scholarship is not
cited much — and many articles are never even cited by anyone other
than the authors themselves in subsequent works.
But I think that a lot can be learned from the story of one of the
most influential law articles of all. That article was Samuel D.
Warren & Louis D. Brandeis, The
Right to Privacy, 4 Harvard Law Review 193 (1890).
Read
more on Concurring
Opinions.
Related:
Orin Kerr has now uploaded a short paper to SSRN called, “The
Influence of Immanuel Kant on Evidentiary Approaches in Eighteenth
Century Bulgaria.” As Orin writes,
“Well, someone had to do
it.”
...or
perhaps Russia needs to sell the gas? They don't have
enough storage and they can't shut down the wells.
Why
Russia suddenly wants to supply cheap gas to Ukraine
…
So why is Russia suddenly offering to help the country it has spent
the past few months undermining?
Last
week the European Commission sent a letter to the Russian government
asking it to consider granting Kiev a discount on its gas from
Russia, such as abolishing the export duty, which now costs $100 per
thousand cubic metres of gas.
The
Russian response — requesting Gazprom lower its prices for Ukraine
— hints that Russia is seeking to cool tensions in the region to
wriggle out of international sanctions as it attempts to pull itself
out a deep economic downturn.
For
my Android toting students.
WhatsApp
Voice Calls Open To All - No Invites Needed
…
Today
however, the voice call feature is literally open for all.
…
The feature has currently been rolled
out to the Android platform, so others may need to wait a bit.
…
To download the update if your Play
Store hasn’t prompted you yet, you can head over to APK
Mirror and download the file or if you want to play it official
then go to the WhatsApp
Website to download it. If you are someone who plays by the book
and would wait for the automatic update then it may take a day or so
for it to be available on the Google Play Store.
For
my cable cutting students, but many are public domain so I might find
a use for them in the classroom.
5
Lesser-Known Free Sites for Watching TV Shows
Funny
that they reached the same conclusion we have.
What
MIT Is Learning About Online Courses and Working from Home
“Virtual
work” is increasingly just “work” for most of us – whether
we’re dialing into a conference call with our branch offices in
London and New York, or VPN-ing in from home to catch up with work
after-hours, remote work is the new normal.
…
What we’re seeing most recently, and
what I’m very excited about, is going from that linear model to a
much more non-linear idea. The digital learning experience is
becoming really a collection of inter-related learning nuggets, that
you might take very different paths through, depending who you are
and what your needs are, and how you learn most effectively. So
that’s where I’m seeing some interesting changes happening.
Tools
for my toolkit.
Convert
PDFs to Google Docs to Differentiate Instructional Materials
Recently,
we discovered a feature of Google
Drive that has changed how we prepare and access materials and
resources for our students. As we attempt to make all curricula
digital and thus make it available to all students, the idea of using
PDFs was always a problem. PDFs are just not editable in most
situations, and this was an issue when it came to modifying and
differentiating documents. Adobe
Acrobat was our “go to” application for this type of
conversion, but it was costly and often hard to come by in an
educational setting. Note: We still use Adobe
Acrobat for complex projects or documents that do not convert well in
Google Drive. With the most recent update to Google Drive, OCR
(Optical
Character Recognition) capabilities are better and easier than
ever.
- Open and sign into Google Drive
- Upload a PDF document to your Drive
- Right-Click on the document once it is uploaded.
- Choose Open with>Google Docs
The
original PDF remains in your Drive and a new, converted document is
created. You can open your new document and rename, edit, annotate,
share, etc. just as you can do with any other Google Doc, Slides or
Sheets. This works best with PDF documents that are clear and mostly
text-based. Tables, images and formatted text can be a bit of a
challenge for Google Docs (images and tables tend to end up on one
page and text on a separate page), but I am sure it’ll get even
better and easier in the next update.
No comments:
Post a Comment