Monday, March 09, 2015

This has to be embarrassing. They seem to have adequate backups (meaning those weren't encrypted too) but still find they need to be “implementing even more layers of protection and safeguards

(Related) One vector to tell people about.
Cybercriminals Use Help Files to Distribute Ransomware
Innocent-looking help files have been used by cybercrooks to distribute a variant of the notorious file-encrypting ransomware CryptoWall, Bitdefender reported.
The security firm spotted a spam run on February 18, when malicious actors sent out bogus “Incoming Fax Report” emails to a couple hundred users. The messages carried a help file with the .chm (compiled HTML) extension.
When users opened the file, they were presented with a help window. In the background, a piece of malicious code downloaded the CryptoWall ransomware from a remote server and executed it.

Small but curious? The hospital claims the nurse's Facebook page was hacked, but does not disclose how the patient data was obtained.
Brittany Noble-Jones and Adam McDonald report:
St. Louis University Hospital officials say they are investigating an incident after 27 patients’ names who allegedly have HIV/AIDS were posted on a female employee’s social media page.
During the investigation, officials say they discovered the information posted on the employee’s Facebook page was not posted by the employee who owns the account. They claim her account was hacked.
Read more on KMOV.

In case you haven't been thinking about it.
Why the Clinton email server story matters — and why it may be worse than you think
… Information security is the most important point in this whole situation, in my opinion. And because of the usual political nonsense, it’s getting lost and we can’t afford for it to get lost: it relates directly to critical matters of national security.
From this point of view, the facts are nearly undisputed. The Secretary of State did not use an email account that was hosted on an official State Department server. Instead, she used an email account on an outside server. All accounts indicate that this email account was used exclusively: the Secretary never used an official State Department email account hosted on State Department servers. And reports indicate that this email account was hosted on a physical server that was not physically under government control or protection. Some reports have even indicated that it was located in the Secretary’s personal residence. Some reports have characterized this as a “homebrew” server, and that’s apt and accurate.
These are the facts that we need to focus on from an information security point of view. Because if these facts are true, this can represent one of the most serious breaches in data handling that we’ve ever heard of.
This matters for three reasons.
  1. The Secretary of State is a very “high value target”
  2. Nation-state threat actors represent the top of the food chain in terms of adversaries in information security.
  3. Take #1 and #2 together and you have ... the best of the best gunning for those people to get their information.
… You can liken this to the CFO of Chase taking billions of dollars in cash home and storing it in the mattress. It’s so inadequate to meeting the risks that it would be laughable if it weren’t so serious.

Who is in charge? Do they have a process to follow? Would any lawyer who reviewed the fact make the same statement?
From the financial-chutzpah dept.:
Bank of America allegedly refuses to reverse an identity theft victim’s bank charges, claiming that she — wait for it — benefited from the withdrawn (read: stolen) funds:
Van Valer said they made her feel responsible for the fraud. Initially, the bank reversed $21,000 of fraudulent charges but it refuses to reverse the remaining nearly $9,000 that was taken. Van Valer showed us a letter from fraud investigators at Bank Of America. The letter states Van Valer benefited from the funds that were taken.
Some of the charges that remain include several payments to bail bondsmen. Van Valer has never been to jail or knows anyone who’s inside.
Read the story on WFMY.

The UK already has the highest camera density in the world – and they want more? Does your security camera put you on the other side of the privacy question? Is there a business opportunity in camera “footage” certification?
Tom McTague reports:
Families and businesses should install their own CCTV cameras to help catch burglars, Britain’s top police officer has said.
Bernard Hogan Howe said people often installed their home surveillance cameras too high – meaning only the tops of the criminals’ heads were caught on film.
The Metropolitan Police Commissioner said Britain needed more cameras to help fight crime and urged people to think about installing them.
Read more on Daily Mail.
What Howe doesn’t address (at least not as covered in this news story) is this question: if your camera caught a thief’s face (which they note is so much better than just the top of the criminal’s head!), would you then have to testify or be a witness in any criminal prosecution to confirm that it was your camera that caught the footage? And could anyone be unhappy with you for that testimony?

Perhaps this is why some teachers think they have unlimited authority to invade student privacy.
The Unprecedented Expansion of School Surveillance Authority Under Cyberbullying Laws
Suski, Emily, Beyond the Schoolhouse Gates: The Unprecedented Expansion of School Surveillance Authority Under Cyberbullying Laws (2014). Case Western Reserve Law Review, Vol. 65, No. 1, 2014. Available for download at SSRN:
For several years, states have grappled with the problem of cyberbullying and its sometimes devastating effects. Because cyberbullying often occurs between students, most states have understandably looked to schools to help address the problem. To that end, schools in forty-six states have the authority to intervene when students engage in cyberbullying. This solution seems all to the good unless a close examination of the cyberbullying laws and their implications is made. This Article explores some of the problematic implications of the cyberbullying laws. More specifically, it focuses on how the cyberbullying laws allow schools unprecedented surveillance authority over students. This authority stands in notably stark contrast to the constraints on government authority in other contexts, including police authority to search cell phones. In June 2014, the Supreme Court recognized in Riley v. California that police searches of cell phones require a warrant because of the particular intrusions into privacy attendant to those searches. While some surveillance authority over students may be warranted, the majority of the cyberbullying laws implicitly give schools unlimited, or nearly unlimited, and unfettered surveillance authority over students’ online and electronic activity whenever, wherever, and however it occurs: at home, in bedrooms, at the mall, on personal cell phones, on tablets, or on laptops. This Article argues that the cyberbullying laws, though well meaning, vastly expand school authority through the broad, if implicit, allowance of surveillance authority over students and implicate privacy harms that are made more acute because the authority lies with schools over students. Although no doctrine yet exists on the limits of school surveillance authority, limits on school authority in other contexts do exist. First and Fourth Amendment doctrine in student-speech and search cases, as well as doctrine on government surveillance more generally, offers some guidance on where the boundaries of school authority lie. The surveillance authority in most cyberbullying laws goes beyond these bounds, indicating that cyberbullying laws expand school authority. To protect students from excessive school surveillance authority and attendant privacy harms, realistic limits need to be imposed on school surveillance authority under the cyberbullying laws both by way of a framework for determining the boundaries of school authority and a cause of action for students. This Article calls for both and draws on the nexus doctrine in First Amendment student-speech cases to develop such a framework.”

Number one? Get rid of DRM!
Seven ways to grow the e-book business while helping libraries and readers: Ideas based on my two decades of writing about it
Via LLRX.comSeven ways to grow the e-book business while helping libraries and readers: Ideas based on my two decades of writing about it – E-book sales are not posting impressive sales increases, at least not among big publishers. One major reason is that much of the technology is difficult to use. Even increased library statistics for e-loans are not resulting in corresponding increases in funding and support for libraries around the country. Based on more than two decades of writing about e-books, David Rothman suggests seven library-and-consumer friendly ways to boost e-book growth.

(Related) The future?
Book review: ‘Bexar BiblioTech: The Evolution of the Country’s First All-digital Public Library’
Via LLRX.comBook review: ‘Bexar BiblioTech: The Evolution of the Country’s First All-digital Public Library’David Rothman describes why the BiblioTech library in Bexar County, Texas is a landmark achievement worthy of implementation and iteration in towns and cities throughout the US. His article describes the success of this variation on a library system detailed in a new book authored by Nelson Wolff, the visionary behind the country’s first all-digital public library system. Wolff is the judge of Bexar County, which includes the city of San Antonio. The title is roughly equivalent to the head of a county board. Judge Wolff and his wife, Tracy, are donors and fund-raisers for BiblioTech and other civic causes, and his book is a how-to pathfinder to “bridge the literacy and technology gaps.”
[Also see: The 3M Cloud Library automatically syncs to all your devices that have the 3M Cloud Library App downloaded to them. You can start reading on your iPad and continue later while waiting some where and reading from your phone - right where you've left off. Smashwords is the world's largest distributor of indie ebooks. We make it fast, free and easy for any author or publisher, anywhere in the world, to publish and distribute ebooks to the major retailers.

Why do people keep sending me these?
Scams That Prey on Older People and How to Avoid Them
… Studies have shown that the elderly can be more trusting, and as such, are more likely to fall for scams. Of course, the advice on this infographic isn’t just for older people, as anyone can fall victim to them, and anyone can face serious damages if they do. Take a look, and share this with anyone you think might find the advice helpful!

Might be something my Business Intelligence students can use.
Three Free Tools for Creating Data Visualizations
Last night I shared the news about Canva's new education site that offers lesson plans the incorporate creating visual representations of information. I realize that Canva is not for everyone as it might be too simple for some applications or there is something else about it that you just don't like. Here are some other tools that I've used over the years to create data visualizations.
Map a List turns Google Spreadsheet information into Google Maps placemarks. The finished product is a Google Map of the information you've selected from your Google Spreadsheets. To create a map from your spreadsheets you need to register for a Map a List account and give it access to your Google Docs account. Map a List then walks you through each step of selecting a spreadsheet, defining the parameters for your map, and choosing placemarks. Just like in Google Maps you can customize the placemark icons that are used in your Map a List displays. Your maps can be shared publicly or privately. Your maps can be downloaded as KML files to use in Google Earth. is an online tool for creating interactive charts and graphs. Soon you will be able to create interactive infographic posters on too. There are four basic chart types that you can create on; bar, pie, line, and matrix. Each chart type can be edited to use any spreadsheet information that you want to upload to your account. The information in that spreadsheet will be displayed in your customized chart. When you place your cursor over your completed chart the spreadsheet information will appear in small pop-up window. Your charts can be embedded into your blog, website, or wiki.
Gapminder is a great tool for creating data visualizations. Gapminder gives users the ability to create graphs of hundreds of demographic and economic indicators. I like Gapminder because it provides a good way for visual learners to see data sets in a context that is significantly different from standard data sets. Gapminder has a page for educators on which they can find thematic animations, graphs, quizzes, model lessons, and a PDF guide to using Gapminder. For teachers working in schools with slow Internet connections or very strict filtering, Gapminder has a desktop application that you can download and install for Mac or Windows computers.

No comments: