Tuesday, June 16, 2015
A breach at a basket (site) where (some) users store all their eggs.
LastPass Breached, Users Advised to Update Master Passwords
Officials at password manager LastPass revealed the company has been compromised in a data breach.
According to LastPass CEO Joe Siegrist, an investigation into suspicious activity detected and blocked on the company's network Friday has revealed that LastPass user account email addresses, password reminders, server per user salts and authentication hashes were compromised.
"We are confident that our encryption measures are sufficient to protect the vast majority of users," he blogged. "LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed." [Which I read as a jargon laced admission that eventual compromise is inevitable. Bob]
… Rapid7 Security Engineering Manager Tod Beardsley said that he was pleased to see that LastPass disclosed the breach in a weekend's time. He added however that the attackers apparently have all they need to start brute-forcing master passwords.
"The fact that the attackers are now armed with a list of LastPass users by e-mail means that we may see some targeted phishing campaigns, presenting users with fake “Update your LastPass master password” links," said Beardsley.
I wonder how many times I have urged organizations to turn on their logs. Without them it is very difficult to determine what happened during breaches. That's why so many organizations have difficulty determining what information was compromised.
Log management is leading use case for Big Data
Companies that have deployed Big Data solutions are most likely to be using them for log management, according to a study released last week by the SANS Institute. This security use case was followed closely by data archiving, operational data storage, advanced analytics, data discovery, and search.
According to the survey of more than 200 professionals in IT, security and compliance, more than half of the 55 percent of organizations that have deployed Big Data projects use the technology for log management. In addition, of those who plan to deploy Big Data in the next two years, 58 percent said that log management is a priority.
Log data, intrusion alerts, and other types of security-related information is a perfect fit for Big Data systems, said Sam Heywood, director of the Cloudera Security Center of Excellence at Cloudera, which sponsored the report.
The volumes are large, the information comes in a variety of data types, and it's coming in at a high velocity.
… The study shows the level of trust that companies are starting to put in their Big Data platforms, said Heywood.
“Just letting you know we're serious.”
Facebook taken to court by Belgian privacy watchdog
The country's Privacy Protection Commission (CPP) also accused Facebook of tracking the browsing habits of non-users, as well as its own members.
The action follows criticism of Facebook by the same body in May.
Facebook said it was surprised that the CPP had taken the "theatrical action" because it was due to meet the watchdog this week to discuss its concerns.
The CPP said it took the decision because Facebook did not provide "satisfactory answers" to the questions it raised last month, according to a spokeswoman.
Facial Recognition Stalemate Convinces Privacy Groups To Walk Out Of Tech Industry Talks
Nine civil liberties and consumer groups have abandoned talks with trade associations after the two sides failed to find common ground over facial recognition technology. Privacy groups have said companies like Facebook should obtain an individuals' authorization before putting someone's face in a database linked to their name and other personal details.
Industry and privacy groups have spent 18 months negotiating at the National Telecommunications and Information Administration, a division of the U.S. Department of Commerce, to create a voluntary code of conduct around the implementation of facial recognition software. That ended Tuesday when the Electronic Frontier Foundation, the Center for Democracy & Technology, the American Civil Liberties Union and six others walked away, citing a lack of cooperation.
“At a base minimum, people should be able to walk down a public street without fear that companies they've never heard of are tracking their every movement – and identifying them by name – using facial recognition technology,” the groups said in a statement to the New York Times. “Unfortunately, we have been unable to obtain agreement even with that basic, specific premise.”
Asia To Surpass North America As Wealthiest Region In 2016; Fintech Set To Change Wealth Management
Fast growth in Asia and strong market performance drove much of the wealth growth in 2014, when worldwide assets reached a record-high $164.3 trillion, according to the 2015 Global Wealth Report by the Boston Consulting Group, Winning the Growth Game. Wealth managers and advisory firms are also anticipating the coming digital revolution in financial services, though a tangible impact has yet to be felt.
… wealth in North America grew 5.6% to $50.8 trillion, making it the wealthiest region, but Asia-Pacific, not including Japan, grew at 29.4% to $47.3 trillion. (Japan grew 2.5% in 2014.)
In fact, Asia-Pacific is expected to surpass North America as the wealthiest region in 2016, with China (at 25% growth) and India (at 44% growth) being the main catalysts.
Number of super rich in India tripled in 2014
One possible future?
What the Office of the Future Might Look Like (Infographic)
Your Jetsons-esque future could arrive sooner than you think, according to a recent study from Johnson Controls, a Milwaukee, Wis.-based tech and engineering firm that specializes in sustainable products. The company put together a study that looks ahead 25 years to predict what our offices and work days will look like in the future.
The authors of the study foresee a future that is dominated by adaptable technology and physical spaces.
Something I can use in many classes. I wish my Data Management students thought about social media this way!
How Do You Use Social Media? A 20-Something’s Theory of Social Media Niches
With the widespread use of major social media platforms, it can be hard to understand why new ones keep being created. Could this be because each social network actually only fills one or two specific niches for users?
… How Many Apps Do We Need?
The fact of the matter is, if Facebook (or an equivalent) was truly able to meet all of our online communication needs there would be a limited market for other social media platforms, and it would be unlikely for them to become successful.
Obviously, there are niches in communication that major social media platforms have not been able to fill — leading to the development and widespread use of new social media platforms.
Theory: A lot of these social media niches exist because the development of any communication feature comes at the expense of others.
For example, Facebook is impossible for other social networks to compete with directly because its popularity and use of your real name, real photos, and real-life friend groups makes it an unparalleled resource for sharing life events quickly with the people you care about. However, this same functionality can make it an impossible platform for discussing current events candidly, sharing photos as an event is occurring, or for meeting people who have similar interests to you. Twitter, Snapchat, and Tumblr, respectively, are three examples of apps that have been developed to meet these communication needs.
… What Niche Does Each Social Media Platform Fill?
[Nice summary of 15 social media types follows Bob]
This is why I read Science Fiction. (Because the future does not frighten SciFi authors.)
The Earliest Accurate Predictions of Wikipedia, Skype, Netflix, Online Learning, and The Internet Itself