Interesting
precedent.
Target
hack victims could get up to $10,000
Target
is proposing to pay customers who suffered from a 2013 data breach up
to $10,000 each in damages.
The
proposal is part of a $10 million offer by Target to settle a class
action lawsuit. Victims able to prove they were harmed by the
breach, which affected up to 110 million customers, will be eligible
for up to $10,000 each.
…
In addition, Target (TGT)
is required to improve its data security, including the designation
of a chief information security officer. The company must also
provide security training to its employees.
…
Under the terms of the proposed settlement, Target customers who can
prove they were damaged by the data breach will get the first shot at
the $10 million. For example, victims will be reimbursed for
unauthorized credit card charges, bank fees or costs related to
replacement IDs -- so long as they are documented.
After
those claims are paid, any remaining settlement funds will be evenly
distributed to class members without documentation.
(Related)
…
While it's yet to be formally signed off, the settlement
documentation is thorough—enough to include a draft of the
form that victims will fill in to make a claim
Not
what you want your breach victims to hear. However the audit states
(kind of) that Premera does have adequate security management. We
will have to wait to see if anything the auditors found is related to
the breach.
Mike
Baker reports:
Three weeks before hackers infiltrated Premera Blue Cross, federal
auditors warned the company that its network-security procedures were
inadequate.
Officials gave 10 recommendations for Premera to fix problems, saying
some of the vulnerabilities could be exploited by hackers and expose
sensitive information. Premera received the audit findings April 18
last year, according to federal records.
Read
more on Seattle
Times.
I’m
waiting for someone to discuss whether if OCR had been more actively
auditing covered entities, the Anthem and Premera breaches would have
occurred.
[From
the article:
The
auditors also found that several servers contained software
applications so old that they were no longer supported by the vendor
and had known security problems, that servers contained “insecure
configurations” that could grant hackers access to sensitive
information, and that Premera needed better physical controls to
prevent unauthorized access to its data center.
[The
audit report:
Another
example of words you don't want your breach victims (or their
lawyers) to hear. Also interesting, the words you don't
hear form Anthem.
Sarah
Ferris reports:
Leaders of the Senate’s health committee are accusing insurer giant
Anthem of failing to inform millions of people who may have been
affected by a massive data breach last month.
Committee chairman Lamar Alexander (R-Tenn.) and ranking member Patty
Murray (D-Wash.) said Wednesday that 50 million customers who may
have been impacted by the cyberattack still have not been informed.
Read
more on The
Hill.
And
count me among the 50 million who still have not received a
notification letter, so I’m not exactly unbiased here.
[From
the article:
A
spokesperson for Anthem defended the company's response to the data
breach. Because the company expected a lengthy process to inform all
of the impacted customers, it set up a website and a hotline for
customers. [That has
nothing to do with notification. Bob]
"Over
the last few days, we have also accelerated our member notification
mailings. Approximately
2.4 million letters are mailed daily. [Clearly
not starting six weeks ago, so when did it start and how many letters
have been mailed? Bob] We are working continuously to
complete that process as soon as possible," the company wrote in
a statement.
This
could be interesting. I wonder if the ACLU will take the argument
nationwide?
Cyrus
Farivar reports:
According to a judicial ruling issued
Tuesday, the Erie County Sheriff’s Office (ECSO) in Northwestern
New York state must turn over a number of documents concerning its
purchase and use of stingrays. The 24-page
order comes as the result of a lawsuit brought by the New York
Civil Liberties Union (NYCLU) and marks a rare victory in favor of
transparency of “cell-site simulators,” which are often shrouded
in secrecy.
Read
more on Ars
Technica.
Apparently
flying a drone while drunk (DWI – Droneing While Impaired?) is not
a crime in DC? Also provides my Ethical Hackers with guidance: Do
you surveillance, cut the connection, get drunk.
…
The U.S. Attorney’s office for the District of Columbia said on
Wednesday that a Secret Service investigation of the incident found
the pilot of the craft — reported to be an employee of a federal
intelligence agency who had
been drinking — lost control of the flying machine
around 3 a.m. on January 26.
…
“A forensic analysis of the drone determined that it was not
operating under the direction of its controller when it crashed at
the White House,” the U.S. Attorney’s office said. [Is
that why there were no charges? Bob]
…
Despite the decision by the U.S. Attorney’s office, the Federal
Aviation Administration is reviewing the incident and may impose an
action of its own.
…
In response, the manufacturer of the $1,000, 2-pound Phantom
quadcopter instituted new restrictions
to prevent the machine from flying around downtown Washington.
(Related)
Drones for cheap...
SKEYE
Nano Drone on Sale For 41% off – Now Just $34.99
At
the bottom of a slippery slope?
Elizabeth
Goitein and Faiza Patel write:
The Foreign Intelligence Surveillance (FISA) Court is no longer
serving its constitutional function of providing a check on the
executive branch’s ability to obtain Americans’ private
communications. Dramatic shifts in technology and law have changed
the role of the FISA Court since its creation in 1978 — from
reviewing government applications to collect communications in
specific cases, to issuing blanket approvals of sweeping data
collection programs affecting millions of Americans.
Under today’s foreign intelligence surveillance system, the
government’s ability to collect information about ordinary
Americans’ lives has increased exponentially while judicial
oversight has been reduced to near-nothingness. This report
concludes that the role of today’s FISA Court no longer comports
with constitutional requirements, including the strictures of Article
III and the Fourth Amendment. The report lays out several steps
Congress should take to help restore the FISA Court’s legitimacy.
Read
the Brennan Center report:
I
sometimes wonder what planet the French are from. Clearly their
brains function quite unlike human brains.
Glyn
Moody writes:
Techdirt has been charting for a while France’s descent from a
bastion of enlightenment values to a country that seems willing
to give
up any freedom
in the illusory hope of gaining some security. According to a story
in Le Figaro, even worse is to come in the shape of a new law
(original
in French, found via @gchampeau):
[the proposed law] wants to force intermediaries to “detect, using
automatic processing, suspicious flows of connection data”.
Internet service providers as well as platforms like Google,
Facebook, Apple and Twitter would themselves have to identify
suspicious behavior, according to instructions they have received,
and pass the results to investigators. The text does not specify,
but this could mean frequent connections to monitored pages.
Read
more on TechDirt.
I'm
just saying...
Feds
acknowledge power to act on Web rates
Federal
regulators on Wednesday acknowledged that new net neutrality
regulations could allow the government to interfere with how much
companies charge for Internet service.
Clearly,
I'm out of touch. Do we need 1 hour delivery? It suggests to me
that we can no longer plan ahead. Why Miami and Baltimore? Do those
cities lead the pack when ordering fast delivery?
Amazon
expands one-hour delivery to Miami and Baltimore
…
Amazon (AMZN,
Tech30)
said that its service, Prime Now, expanded to "select Baltimore
and Miami zip codes" on Thursday and will soon expand to wider
neighborhoods in those cities.
Amazon
said the service is available to Prime members (costing $99 a year)
and can be accessed through an app on iOS and Android devices.
One-hour delivery costs $7.99 and two-hour delivery is free. The
service is available from 8 a.m. to 5 p.m., seven days a week.
Interesting
article, but now I have even more questions.
Why
the U.S. does nothing in Ukraine
The
ongoing war
in Ukraine recently passed the first anniversary of the
highly dubious referendum
that split Crimea off from Ukraine and eventually saw it attached to
Russia.
…
For a recent paper,
Krickovic and I interviewed a number of foreign policy experts here
in Moscow to understand the extent of Russian strategic interests.
The interview subjects clearly indicated that the war in Ukraine is a
symptom of greater dissatisfaction with the post-Cold War
international order. As Evgeny Lukyanov, the Deputy Secretary of
Russia’s Security Council, has said,
“We need to sit down [with the United States] and renegotiate the
entire post-cold War settlement.” [Russia
calls it a “settlement,” the US calls it a collapse. Bob]
…
This places Obama in a different position relative to formulating
strategy regarding a rising
challenger
like China that needs to be accommodated
or challenged
because the latter is dissatisfied with the international
distribution of benefits. Russia is instead a declining
challenger (by its own standards) that offers the United States a
third policy course of maintaining the status quo and waiting to
negotiate later from a position of greater strength.
An
article for my next Computer Security class.
Common
Mobile Application Security, Privacy Challenges
Last
fall, the Gartner analyst firm predicted
that through 2015, 75 percent of mobile applications would fail
basic tests related to security and enterprise policy.
A
separate
survey from Frost & Sullivan of 300 enterprises found that 83
percent have at least one mobile app for employees to use on their
devices, with roughly one-in-three having 11 or more.
Both
these surveys underscore a basic reality for IT - the adoption of
mobile apps has made secure development
practices critical.
"Mobile
application security is one of the fastest growing problem areas
for developers and ultimately C-Level executives today,"
Skills
for my students.
Learning
Google Script: 5 Best Sites & Tutorials to Bookmark
…
Google Apps Script is perhaps one of the most useful tools you can
have in your technological toolbelt. It allows you to tie Google
services together in a way that’s
reminiscent of IFTTT. But it’s way more than that.
It’s
an IDE (Integrated Development Environment), that runs in the
browser. No installs necessary. Google Apps Script also offers a
platform to run your code on, much like the
ScraperWiki Platform, or Amazon Web Services, or Heroku does.
The most obvious advantage of this is that it allows you to run your
code from the cloud, and to be able to work from a variety of
devices. It’s truly platform agnostic.
Timers
for the toolkit?
6
Useful Timers and Clocks For Your Computer or Phone
No comments:
Post a Comment