For my Risk Management students. The “attack”
does not have to be aimed at you.
SF Bay Area
Residents Cut Off from the Internet by Unidentified Attackers
Federal investigators are currently conducting an
investigation on a series of attacks directed at high-capacity
Internet cables located in San Francisco Bay Area, in California.
Federal agents said that the latest attack was reported this Tuesday,
but other acts of vandalism date back a year.
… But the first attacks in the area occurred
July 6, 2014, according to the FBI.
… Cyber security experts believe that the
series of attacks underscore the vulnerability of the “critical”
internet infrastructure in the region.
… Five years ago, California’s internet
cables were sliced in four sites, leaving tens of thousands with no
cell phone connectivity and Internet service for several hours. The
FBI believes that California attackers may test the capabilities,
impact and response time of authorities. [Translation:
“We're unlikely to catch these guys.” Bob]
… The agency also disclosed that cutting the
cables required dedicated tools because they have a tough protective
outer layer although their diameter is not larger than that of a
pencil.
For my Computer Security students. “We're
changing the definition of 'Secure.'” So change your set-up
procedures to “uncheck” the default opt-in.
Simon Rockman reports:
A Windows 10 feature, Wi-Fi Sense, smells like a significant security risk: it shares access to password-protected Wi-Fi networks with the user’s contacts. So giving a wireless password to one person grants access to everyone who knows them.
[…]
Wi-Fi Sense doesn’t reveal the password to your family, friends, acquaintances, and the chap at the takeaway who’s an Outlook.com contact, but it does allow them, if they are also running Wi-Fi Sense, to log in to your Wi-Fi. The password must be stored by Microsoft, and transferred to a device for it to work; Microsoft just tries to stop you looking at it.
Read more on The
Register.
[From
the article:
… There is method in the Microsoft madness –
it saves having to shout across the office or house “what’s the
Wi-Fi password?” – but ease of use has to be teamed with
security.
… In theory, someone who wanted access to your
company network could befriend an employee or two, and drive into the
office car park to be in range, and then gain access to the corporate
wireless network.
The feature has been on Windows Phones since
version 8.1. If you type the password into your Lumia, you won’t
then need to type it into your laptop, because you are a friend of
yourself. Given the meagre
installed base of Windows Phones it's not been much of a threat –
until now.
With every
laptop running Windows 10 in the business radiating access, the
security risk is significant. A second issue is that by
giving Wi-Fi Sense access to your Facebook contacts, you are giving
Microsoft a list of your Facebook friends, as well as your wireless
passwords.
… In an attempt to address
the security hole it has created, Microsoft offers a kludge of a
workaround: you must add
_optout to the
SSID (the name of your network) to prevent it from working with Wi-Fi
Sense.
(So if you want to opt
out of Google Maps and Wi-Fi Sense at the same time, you must
change your SSID of, say,
myhouse to
myhouse_optout_nomap. Technology is
great.)
Microsoft
enables Windows 10's Wi-Fi Sense by default, and access to
password-protected networks are shared with contacts unless the user
remembers to uncheck a box when they first connect. Choosing to
switch it off may make it a lot less useful, but would make for a
more secure IT environment.
Also for my Computer Security students.
FTC- Start
with Security: A Guide for Business
by Sabrina
I. Pacifici on Jun 30, 2015
… Companies that consider security from the
start assess their options and make reasonable choices based on the
nature of their business and the sensitivity of the information
involved. Threats to data may transform over time, but the
fundamentals of sound security remain constant. As the Federal Trade
Commission outlined in Protecting
Personal Information: A Guide for Business, you should know what
personal information you have in your files and on your computers,
and keep only what you need for your business. You should protect
the information that you keep, and properly dispose of what you no
longer need. And, of course, you should create a plan to respond to
security incidents. In addition to Protecting
Personal Information, the FTC has resources to help you think
through how those principles apply to your business. There’s an
online
tutorial to help train your employees; publications
to address particular data security challenges; and news releases,
blog posts, and guidance to help you identify – and possibly
prevent – pitfalls.
Using Social Media to engage. A model for the
rest of us?
Treasury Public Engagement Pages
AGENCY: Departmental Offices, Treasury
ACTION: Notice and request for comment.
SUMMARY: The Department of the Treasury (Treasury) is issuing this notice to inform the public and solicit comments about a new method it is using to collect information and opinions posted on social media platforms. Relying on Treasury-generated “hashtags” and other social media identifiers, Treasury is aggregating public posts relating to Treasury activities and missions from third-party social media websites. Treasury is collecting and, in some cases, republishing this material to facilitate public engagement and awareness of Treasury and bureau initiatives. In this manner, social media will enable Treasury to interact with the public in effective and meaningful ways; encourage the broad exchange of and centrally locate a variety of viewpoints on proposed and existing Treasury missions; and educate the general public about evolving Treasury initiatives.
The pendulum swings...
Charlie Savage reports:
The
Foreign Intelligence Surveillance Court ruled late Monday that the
National Security Agency may temporarily resume its once-secret
program that systematically collects records of Americans’ domestic
phone calls in bulk.
But
the American Civil Liberties Union said Tuesday that it would ask the
United States Court of Appeals for the Second Circuit, which had
ruled that the surveillance program was illegal, to issue an
injunction to halt the program, setting up a potential conflict
between the two courts.
Read more on NY
Times.
This seems to be a common strategic goal. Perhaps
they shouldn't let the machines set the strategy?
Mark
Zuckerberg on how Facebook's AI will be "better than humans"
… In a question
and answer session on Facebook, the Facebook founder and CEO
wrote about why the social media company is developing AI tools
focused on areas such as facial and voice recognition.
… Facebook has various projects developing AI
to improve the services the social network offers. It runs AI labs
looking at how to use deep learning to do everything from voice
translation to image recognition in New York, Silicon Valley, and
Paris, and earlier this year acquired
voice-recognition AI startup Wit.ai.
"In order to do this really well, our goal is
to build AI systems that are better than humans at our primary
senses: vision, listening, etc.
"For vision, we're building systems that can
recognize everything that's in an image or a video. This includes
people, objects, scenes, etc. These systems need to understand the
context of the images and videos as well as whatever is in them.
"For listening and language, we're focusing
on translating speech to text, text between any languages, and also
being able to answer any natural language question you ask."
Gosh, maybe Apple should hire a lawyer. Or not
believe everything the book publishers (or music labels) tell them.
Apple
conspired to fix ebook prices: US court
Apple violated
antitrust laws by colluding with publishers to raise electronic book
prices when it entered a market in 2010 that had been dominated by
Amazon.com, a divided federal appeals court panel said.
A three-judge panel of the 2nd US Circuit Court of
Appeals in Manhattan ruled 2-to-1 that a lower-court judge correctly
found Apple Inc violated the law to upset Amazon.com Inc 's control
of the market.
Something for my Data Analysis students?
The New
Data Republic: Not Quite a Democracy
… Lack of data knowledge hamstrings people in
two ways: First, they are unable to use the readily accessible data
well themselves, and second, they are unable to tell when others are
using
data poorly or disingenuously. Consequently, people with limited
understanding of how to use and assess data (as well as evaluate the
insights derived from data analytics) become second-class citizens in
a data-ocracy.
Interesting article. Are we looking at a new type
of “undue reliance?”
… Radio stations run on ratings, and Nielsen
is by far the dominant ratings provider, as it is in television. It
has a near-monopoly on the biggest markets in the U.S. But many in
the industry are starting to wonder if Nielsen has been getting the
ratings wrong.
What if people kept listening, but weren’t all
being counted anymore? What if a new Nielsen counting method wasn’t
working as it was intended to? That failing would hurt many stations
in the ratings, but some more than others, and possibly none more
than smooth jazz.
That, at least, is how an alternative theory goes.
And it’s a theory that’s gaining supporters because of a new
device that’s helping stations of all types regain some of the
listeners they lost. All they have to do is turn it on.
So, have I become obsolete – again?
Have
LinkedIn and Medium Killed the Old-Fashioned Blog?
… Twitter has made it possible to demonstrate
expertise by sharing
links and short insights, 140 characters at a time. If you’re
in a visual field—whether that’s fashion, design or even real
estate—sites like Pinterest, Instagram, and Houzz may offer the
fastest route to establishing a vision, following and clientele. For
folks who like to talk or shoot more than write, creating a podcast
or YouTube channel can be a better fit than a blog, and just as
effective at sharing your ideas.
But the real blog-killer isn’t any of these
alternatives: it’s the hosted publishing that’s emerged on sites
like LinkedIn and Medium, where anyone can just log in and start
posting. In a world where you can now showcase your ideas on the
site where you’re hosting your virtual résumé—LinkedIn—do you
really need to have your own independent publishing platform?
No comments:
Post a Comment