How
to measure the risk?
There
was a time when if an entity offered two years of free credit
monitoring/credit restoration services to breach victims, that was
considered unusual and commendable. And when the University
of Maryland offered five years of credit monitoring services
following a breach there, that was really surprising.
But
as consumers have often noted, if your SSN and identity information
are out there, you’re at risk for life. Criminals can just sit on
the data until after the free credit monitoring expires and then
begin using it with less risk. While your credit card number can
expire or be replaced, your SSN is generally forever.
Could
the Anthem breach may become a game-changer on remediation offered to
breach victims? A number of state attorneys general are looking into
the breach, and according to James Boffetti, Senior Assistant
Attorney General of New Hampshire and Chief of the Consumer
Protection and Antitrust Bureau, one issue they’re looking at is
“the appropriateness of the remedies that Anthem is offering to
people,” he said.
The
Union Leader reports
that Boffetti
said company officials have been “very responsive” to
investigators. And Anthem has a dedicated website to provide
information to affected customers about protecting themselves from
identity theft (anthemfacts.com).
But Boffetti said there is “a legitimate concern” about the
length of protection Anthem is offering its customers. “I think
that’s something that’s going to be discussed quite vigorously as
this investigation goes on,” he said.
Although
state attorneys general may pursue this aspect of the breach, I do
not expect HHS/OCR to really do anything about the mitigation issue.
HITECH provides a standard for mitigation, but no specifics when it
comes to things like credit monitoring services. And, to date, I
don’t think any of OCR’s less than two dozen resolution
agreements involved mitigation. Last year, HHS/OCR was sent a
complaint about alleged HIPAA and HITECH violations that does include
a complaint about failure to adequately mitigate harm and the risk of
harm. Whether OCR has done anything with that complaint is unknown
to this complainant.
Just
because they are headquartered in Moscow does not mean this is all
propaganda.
Kaspersky
Lab Reveals Detailed View of Most Advanced Hacking Operation Known
Via
ars
technica: “… In an exhaustive
report published Monday at the Kaspersky
Security Analyst Summit here, researchers stopped short of saying
Equation Group was the handiwork of the NSA—but they provided
detailed evidence that strongly implicates the US spy agency. First
is the group’s known aptitude for conducting interdictions,
such as installing
covert implant firmware in a Cisco Systems router as it moved
through the mail. Second, a highly advanced keylogger in the
Equation Group library refers to itself as “Grok” in its source
code. The reference seems eerily similar to a line published last
March in an Intercept article headlined “How
the NSA Plans to Infect ‘Millions’ of Computers with Malware.”
The article, which was based on Snowden-leaked documents, discussed
an NSA-developed keylogger called Grok. Third, other Equation Group
source code makes reference to “STRAITACID” and “STRAITSHOOTER.”
The code words bear a striking resemblance to “STRAITBIZARRE,”
one of the most advanced malware platforms used by the NSA’s
Tailored Access Operations unit. Besides sharing the unconventional
spelling “strait,” Snowden-leaked documents note that
STRAITBIZARRE could be turned into a disposable “shooter.” In
addition, the codename FOXACID belonged to the same NSA malware
framework as the Grok keylogger. Apart from these shared code words,
the Equation Group in 2008 used four zero-day
vulnerabilities—including two that were later incorporated into
Stuxnet. The similarities don’t stop there. Equation Group
malware dubbed GrayFish encrypted its payload with a 1,000-iteration
hash of the target machine’s unique NTFS
object ID. The technique makes it impossible for researchers to
access the final payload without possessing the raw disk image for
each individual infected machine. The technique closely resembles
one used
to conceal a potentially potent warhead in Gauss, a piece of
highly advanced malware that shared strong technical similarities
with both Stuxnet and Flame. (Stuxnet, according to The New York
Times, was a joint
operation between the NSA and Israel, while Flame, according to
The Washington Post, was devised
by the NSA, the CIA, and the Israeli military.)”
People
seem to be getting the word, but not all follow Best Practices. Note
that these Apps are a natural response to the government's insistence
that they be able to decrypt any messages encrypted by the ISP.
Australian
ministers used an encrypted messaging app to discuss getting rid of
the prime minster
Australian
ministers have reportedly been communicating through a secret social
media app which sends private messages that can be anonymous,
self-destructing and untraceable.
Encrypted
peer-to-peer messaging app, Wickr, lets users transfer data, text and
files through a secure exchange server.
Secret
messages, pictures, videos, audios files and documents can be sent
and received through the app, which does not collect personal
information, and can be made to expire after a nominal period of
time. Users can connect with others without uploading contact lists,
chat with group of up to 10 people and “shred” their device of
any deleted materials.
…
Earlier this year, following a series
of leaked emails, American billionaire investor Mark Cuban decided
to handle negotiations of a new deal over his free texting app
Cyber Dust, which features texts that disappear after 30 seconds.
Despite
the government’s push
to force telcos to store metadata for security purposes, the
Wickr app deletes geolocation and identifying information from sent
media, meaning there’s no metadata trail available to capture.
[Wickr:
https://www.wickr.com/
[Cyber
Dust: https://www.cyberdust.com//
For
my Ethical Hackers: This is how a lot of “hacks” begin. Someone
has a relatively trivial problem and realizes there is a simple
“solution.”
How
to Remove Password from PDF Files with Google Chrome
…
Is there any software program available that can remove password
protection from PDF files? One that doesn’t cost a dime and works
on both Mac and Windows? Well the answer is yes and that too is
already installed on your computer. It’s called Google Chrome.
Google
Chrome has a built-in PDF reader* and a PDF
writer and we can combine the two features to remove the password
from any PDF document.
Should
be interesting to debate.
The
New York Times Room for Debate asks, Can a Genetic
Test Be Anonymous?
Read
the responses by:
- Ifeoma Ajunwa, Law Professior: There’s No Guarantee
- Somalee Datta, Director, Bioinformatics at Stanford: A Path to Better Health Care Research
- Marcy Darnovsky, Center for Genetics and Society: A Dangerous Business Model
- Frank Pasquale, Author, “The Black Box Society:” Insure People Against Genetic Data Breaches
Interesting
metaphor.
Rights
of Passage: On Doors, Technology, and the Fourth Amendment
Braverman,
Irus, Rights of Passage: On Doors, Technology, and the Fourth
Amendment (February 1, 2015). Law, Culture and the Humanities, 2015,
DOI: 10.1177/1743872114520893 ; SUNY Buffalo Legal Studies Research
Paper No. 2015-017. Available for download at SSRN:
http://ssrn.com/abstract=2571482
“The
importance of the door for human civilization cannot be overstated.
In various cultures, the
door has been a central technology for negotiating the distinction
between inside and outside, private and public, and profane and
sacred. By tracing the material and symbolic significance
of the door in American Fourth Amendment case law, this article
illuminates the vitality of matter for law’s everyday practices.
In particular, it highlights how various door configurations affect
the level of constitutional protections granted to those situated on
the inside of the door and the important role of vision for
establishing legal expectations of privacy. Eventually, I suggest
that we might be witnessing the twilight of the “physical door”
era and the beginning of a “virtual door” era in Fourth Amendment
jurisprudence. As recent physical and technological changes present
increasingly sophisticated challenges to the distinctions between
inside and outside, private and public, and prohibited and accepted
visions, the Supreme Court will need to carefully articulate what is
worth protecting on the other side of the door.”
Worth
a read?
160,000
Facebook accounts are compromised per day, and the company loosens up
your privacy settings every time they update the terms of service.
So
claims Marc Goodman in his book, “Future Crimes: Everything is
Connected, Everyone is Vulnerable and What We Can Do About It”
(Doubleday).
Read
more on NY
Post.
For
my students
How
to Search Google Books, Scholar, and News Archive
Last
week in my post about the Google News Newspaper Archive I mentioned
the value of getting students to use search tools other than
Google.com. By using search tools like Google Books and Google
Scholar students often find resources that they wouldn't have
discovered had they simply used Google.com for their searches. The
three videos embedded below provide overviews of how to use Google
Books, Google Scholar, and the Google News Newspaper Archive.
Google
Books https://www.youtube.com/watch?v=yyrHFXbeMu8
Google
Scholar https://www.youtube.com/watch?v=3kQXABU73hI
Google
News https://www.youtube.com/watch?v=lq9oKtErzWU
Since
my students are gathering and analyzing tweets, it might be useful to
know what rules should be followed. (and perhaps suggest wording for
our project document?)
How
to Tweet Like a Cop
…
In April 2014, the New York Police Department coined the hashtag
#myNYPD on Twitter. The goal was to encourage New York City
residents to tweet images or anecdotes of themselves interacting
positively with police officers. It was meant to drive good will
toward a department struggling with its image in the wake of a public
thrashing at the hands of then-public advocate Bill de Blasio, who
later became mayor on a platform that included criticism of the
NYPD's controversial stop-and-frisk program.
#myNYPD
backfired spectacularly. The hashtag was flooded with
images of uniformed officers swinging cudgels at unarmed protesters.
It was the department's first real taste of the vicious trolling so
common on Twitter. Bill Bratton, de Blasio's pick for police
commissioner, seemed unfazed. "I kind of welcome the attention,"
he said, calling the pictures "old news."
Even
so, the department drew up a list of guidelines—best practices—for
its employees who operate on Twitter. Newsweek obtained
this Social Media Handbook through a Freedom of Information Law
request.
…
Read the full handbook below:
Includes
some concepts that my students need to include in their project
papers. (Hint. Hint)
Why
Business That Use 'Big Data' Make More Money (Infographic)
…
Big data is big news these days, because it has the potential to
make a pretty profound impact on the bottom line for a business.
Collecting
large quantities of information and analyzing it allows entrepreneurs
to make better, more strategically beneficial business decisions.
The infographic
below was generated by the big data analytics platform Datameer
to demonstrate how using data can result in smarter business
decisions and more revenue for all sorts of companies.
...On
the other hand?
Data
Monopolists Like Google Are Threatening the Economy
The
White House recently released a report
about the danger of big data in our lives. Its main focus was the
same old topic of how it can hurt customer privacy. The Federal
Trade Commission and National
Telecommunications and Information Administration have also
expressed concerns about consumer privacy, as have PwC
and the Wall
Street Journal.
However,
big data holds many other risks. Chief among these, in my mind, is
the threat to free market competition.
…
Federal government regulators must ask themselves: Should data that
only one company owns, to the extent that it prevents others from
entering the market, be considered a form of monopoly?
…
Perhaps the time has come for a Sherman Antitrust Act – but for
data. Unsure where you come down on this issue? Consider this:
studies
have shown that around 70% of organizations still aren’t doing much
with big data. If that’s your company, you’ve probably already
lost to the data monopolists.
No comments:
Post a Comment