Monday, March 16, 2015

An interesting case study. Does “leaking” this information help the investigation?
Authorities Closing In on Hackers Who Stole Data From JPMorgan Chase
… Federal authorities investigating the attack at JPMorgan are increasingly confident that a criminal case will be filed against the hackers in the coming months, said people briefed on the investigation. Law enforcement officials believe that several of the suspects are “gettable,” meaning that they live in a country with which the United States has an extradition treaty. That would not include countries like Russia.
Indictments and arrests would be a notable victory for the Federal Bureau of Investigation and Preet Bharara, the United States attorney in Manhattan. In contrast, there have been no criminal charges in a December 2013 breach at Target, where payment card data for 40 million customers was stolen, along with the personal information of 70 million customers, or in the major attacks against eBay and Home Depot involving hundreds of millions more customers last year.
… The JPMorgan case is advancing quickly partly because the attack was not nearly as sophisticated as initially believed, [Suggesting that JPMorgan was not nearly as secure as we believed? Bob] and law enforcement authorities were able to identify at least some suspects early on, said the people briefed on the matter, who spoke on the condition they not be named because they were not authorized to discuss the case. Law enforcement officials also made the investigation a top priority given that the Department of Homeland Security has declared the banking system critical infrastructure, requiring additional protection from digital attacks.
… The intensifying hunt for the JPMorgan hackers comes as the bank, which has said it spends about $250 million a year on digital security and plans on doubling that in the future, [Because our vast security efforts were only half-vast? Bob] wrestles every day with securing its vast global network.
… The bank now also conducts a “routine review” to make sure that high security access is justified for a particular person. [Another “Best Practice” recently adopted? Bob]

The first question will be “What are they hiding?” I'm sure “sufficient” analysis of admissions data would reveal bias (or at least favoritism)
Joseph Pomianowski reports:
You just got lawyered.
That was the takeaway from Yale Law School Dean Robert Post’s annual “State of the School” address last Tuesday. In frank terms, he explained that students who requested access to their educational records under the Family Education Rights and Privacy Act (FERPA) would no longer be receiving the fat file they expected. To avoid being forced to hand over a wide range of documents in response to a flood of recent student requests, the school had decided to destroy its student admissions evaluation records along with any notations made by the career development office in individual student files.
Read more on The New Republic.

Is this sufficient? Should any organization that allows users to post data have a clear set of guidelines?
Facebook revamps its takedown guidelines
Facebook is providing the public with more information about what material is banned on the social network.
Its revamped community standards now include a separate section on "dangerous organisations" and give more details about what types of nudity it allows to be posted.
… The new guide will replace the old one on the firm's website, and will be sent to users who complain about others' posts.

I guess it depends on what your definition of “is” is... This is either not Hillary's fault...
The Plot Thins on the Clinton Email 'Scandal'

(Related) Or it is typical Hillary.
James Carville Inadvertently Admits Hillary Clinton Used Private Email to Avoid Accountabilty and Oversight

(Related) Was it really simpler? Looks like a lot more work to me. Granted the Clintons have “minions” to do the work, but I doubt we will ever know what work that was.
How to Set Up a Clinton-Style Home Email Server
Responding to mounting questions, Hillary Clinton—the former US secretary of state and a presumptive presidential candidate—said this week that she “opted for convenience” by using a personal email account instead of her official one.
But let’s be real: There’s absolutely nothing convenient about setting up a private email server, as Clinton says she did in her Chappaqua, New York, home. And security experts say her system may have had vulnerabilities that could have exposed correspondence to hackers and government snooping.
Setting up a server is no simple task. “It’s a pretty big job to maintain a server like that and make sure it’s properly configured,” says Peter Firstbrook, an internet security researcher at Gartner. Firstbrook says such an endeavor is “highly unusual.” He has not heard of any companies whose executives had set up personal servers for work emails, let alone government officials.
… For a personal server would to be airtight, it would need to be constantly monitored and updated.
“To say it wasn’t compromised is to say, ‘I don’t know it was compromised,’” Stewart Baker, a former Department of Homeland Security assistant secretary, told Politico.
Firstbrook said that there is sophisticated auditing software out there that would allow the Clintons to see exactly who had read their emails and when, but it’s unclear whether they used it.

Vladimir is increasingly sounding crazy.
Vladimir Putin says Russia was preparing to use nuclear weapons 'if necessary' and blames US for Ukraine crisis

Why bother analyzing your “Big Data” if you don't use the results?
People Who Use Firefox or Chrome Are Better Employees
… in the world of Big Data, everything means something. Cornerstone OnDemand, a company that sells software that helps employers recruit and retain workers, analyzed data on about 50,000 people who took its 45-minute online job assessment (which is like a thorough personality test) and then were successfully hired at a firm using its software. These candidates ended up working customer-service and sales jobs for companies in industries such as telecommunications, retail, and hospitality.
Cornerstone’s researchers found that people who took the test on a non-default browser, such as Firefox or Chrome, ended up staying at their jobs about 15 percent longer than those who stuck with Safari or Internet Explorer. They performed better on the job as well. (These statistics were roughly the same for both Mac and PC users.)
… Why would a company care about something so seemingly trivial as the browser a candidate chooses to use? Call centers are estimated to suffer from a turnover rate of about 45 percent annually, and it can cost thousands of dollars to hire new employees. Because of that, companies are eager to find any proxy for talent and dedication that they can.
That said, Housman notes that browser choice isn’t something that Cornerstone’s clients consider when hiring—that’d be seen as too intrusive.

For my Excel students.
Mini Excel Tutorial: Use Boolean Logic to Process Complex Data

No comments: