Friday, July 17, 2015

Incentive for my Ethical Hacking students?
United Airlines rewards hackers with millions of miles for spotting IT flaws
Two hackers scored one million air travel miles for uncovering security flaws in United Airlines' software systems and privately disclosing them to the company.
Through United's "bug bounty" program -- so called because it offers monetary incentives for revealing software defects -- the hackers will now be able to fly from the continental United States to Europe 33 times.

A very nice summary.
What Is the OPM Hack, and What Does it Mean For You?

(Related) To me, this reads like a carefully worded “Don't get your hopes up.”
Is There a Judicial Remedy for Victims of Federal Data Breaches?
by Sabrina I. Pacifici on Jul 16, 2015
“The scope of information believed to have been compromised by a series of cyber-intrusions at the Office of Personnel Management (OPM) continues to grow. OPM recently announced that further investigation of the initial breach affecting 4.2 million current and former federal employees has led officials to conclude that sensitive information on 21.5 million individuals had been stolen from separate OPM databases used in connection with background investigations. In addition to the potential effects on domestic and foreign policy that may result from these breaches, which are discussed here, two recently filed lawsuits raise questions regarding what redress, if any, is due to affected individuals beyond the free credit monitoring that has been offered by OPM. The two suits, filed separately by the American Federation of Government Employees (AFGE) and the National Treasury Employees Union (NTEU) allege a number of legal theories under which the plaintiffs believe recovery may be available, including claims citing the Privacy Act, the Federal Information Security Management Act (FISMA), common law negligence, and the Due Process clause of the Constitution. While, procedural obstacles to such suits, such as whether the plaintiffs have suffered a sufficiently concrete injury to have a right to sue, are important and may end up being dispositive, this post focuses instead on the extent to which selected sources of statutory, common, and constitutional law may provide a judicially enforceable remedy for current and former federal employees whose personal information may have been exposed during the breach of a federal information technology system.”

It would not surprise me if this was common practice everywhere. reports:
Dutch police now automatically intercept internet traffic when setting up a telephone tap, online magazine Computerworld reports on Thursday. The news was buried in the justice ministry’s annual report which was published in May and has only now been made public, the website states.

SC Magazine reports:
As part of its bid to increase transparency about the terms under which it operates in different countries, Vodaphone has published the overarching processes and policies in place regarding lawful interception of communications data required by domestic authorities on a country by country basis.
Read more on SC Magazine.

This is what happens when amateurs rely on the information they are given without considering how it got to them.
Tom Whitehead reports:
Innocent people were wrongly investigated as suspected paedophiles, including one who was arrested, because of snooping blunders by police and internet companies.
Five people had their homes searched and computers seized last year after errors in requests for email and phone records meant they were wrongly targeted, a watchdog has revealed.
Read more on The Telegraph.
[From the article:
Blunders in another case meant three genuine suspects escaped justice because their records had been deleted by the time the errors were discovered.
Information of dozens of other innocent people was also wrongfully disclosed to officers investigating child sex abuse or pornography because of error in requests.
The mistakes were revealed in Sir Anthony’s final report before stepping down and he found a total of 998 errors were made in communications data requests last year.
Police, councils and other public bodies made a total of 517,208 applications to spy on email, internet and phone records last year – the equivalent of one request every minute.

What's the worst that could happen? You get shamed for not eating your vegetables?
Jack Broom reports:
A group of privacy advocates is suing the city of Seattle, arguing that having garbage collectors look through people’s trash — to make sure food scraps aren’t going into the garbage — “violates privacy rights on a massive scale.”
“A person has a legitimate expectation that the contents of his or her garbage cans will remain private and free from government inspection,” argues the lawsuit filed Thursday in King County Superior Court by the Pacific Legal Foundation.
Since January, Seattle residents have been directed to place food scraps in the same bins as their yard waste, so that the material can be composted, instead of into garbage cans, where it would end up in a landfill.
Read more on The Seattle Times.

Worth reading. The Internet, the world wide web, Deepweb and Darkweb.
CRS Report – The Dark Web
by Sabrina I. Pacifici on Jul 16, 2015
Dark Web, Kristin Finklea, Specialist in Domestic Security. July 7, 2015:
“The layers of the Internet go far beyond the surface content that many can easily access in their daily searches. The other content is that of the Deep Web , content that has not been indexed by traditional search engines such as Google. The furthest corners of the Deep Web, segments known as the Dark Web, contain content that has been intentionally concealed. The Dark Web may be used for legitimate purposes as well as to conceal criminal or otherwise malicious activities. It is the exploitation of the Dark Web for illegal practices that has garnered the interest of officials and policy makers. Individuals can access the Dark Web by using special software such as Tor (short for The Onion Router). Tor relies upon a network of volunteer computers to route users’ web traffic through a series of other users’ computers such that the traffic cannot be traced to the original user. Some developers have created tools—such as Tor2web—that may allow individuals access to Tor-hosted content without downloading and installing the Tor software, though accessing the Dark Web through these means does not anonymize activity. Once on the Dark Web, users often navigate it through directories such as the “Hidden Wiki,” which organizes sites by category, similar to Wikipedia. Individuals can also search the Dark Web with search engines, which may be broad, searching across the Deep Web, or more specific, searching for contraband like illicit drugs, guns, or counterfeit money. While on the Dark Web, individuals may communicate through means such as secure email, web chats, or personal messaging hosted on Tor. Though tools such as Tor aim to anonymize content and activity, researchers and security experts are constantly developing means by which certain hidden services or individuals could be identified or “deanonymized.”

Just a thought, but are humans going to have trouble sharing the road with cars that always follow every traffic rule? (And have recordings they can show the judge to prove you were at fault!)
Google's self-driving cars crash 'surprisingly often,' but it's not their fault

This is how businesses are transforming. Why wouldn't it work for a government agency if they really wanted to change? (i.e. If they had managers rather than politicians running the agencies?)
Should The IRS Become a Consumer Agency Instead of a Tax Cop?
In her latest report to Congress, IRS Taxpayer Advocate Nina Olson made the provocative suggestion that her agency completely rethink its mission:
“It should transform itself as a tax agency from one that is designed around nabbing the small percentage of the population that actively evades tax to one that aims first and foremost to meet the needs of the overwhelming majority of taxpayers who are trying to comply with the tax laws.”
She made the suggestion even as she notes the agency may be headed the other way.
… Olson is absolutely right when she says that IRS staffers need to be accessible and knowledgeable enough to answer basic questions or resolve uncomplicated problems. Taxpayer disputes are often due to simple misunderstandings that could be easily and quickly addressed with the help of a human at the agency.
There also are political consequences to the enforcement-only image that worries Olson. The agency already is facing withering fire from Congress and getting little cover from the White House. It is hard to see why lawmakers would go to bat for an agency their constituents know only in the context of disputes and enforcement cases.

Interesting statistics, how should we interpret them?
In the era of super PACs and nonprofit political groups, the money presidential candidates raise for their own campaigns is often dwarfed by what outside groups raise and spend to support them. But the ability of candidates to raise money from individuals is still an important indication of how much support they have. And the nature of their donors tells us a great deal, too, about their political appeal. Are candidates raising money from many people of modest means, who make small donations, or from a smaller group of wealthier donors, who give the maximum allowed by law?

Eliminating the need for lawyers, one search at a time.
Google strengthens its patent search
Google announced Thursday it was strengthening its “Google Patents” search to help in determining whether a new patent application is valid.
The search giant announced it will now allow people to search in one place for both previously patented material and other "prior art" that may be relevant to a new patent application.

Something to get my Risk Management students thinking. Lloyd's says, “Cyber is an underinsured risk.”
Cyber Attack on Power Grid Could Top $1 Trillion in Damage: Report
Lloyd's and the Cambridge Centre for Risk Studies at University of Cambridge Judge Business School examined the implications of a fictional attack where adversaries damaged 50 generators supplying power to the electrical grid and caused a blackout across 15 states along the East Coast and Washington D.C. and affected 93 million people. Lloyd's produced the Business Blackout report to help insurance underwriters understand how cyberattacks impact insurance and risk.
Lloyd's identified six primary categories of insurance claims in its report. Power generation companies would likely file claims for property damage to generators, business interruptions as a result of not being able to sell electricity, and costs incurred from incident response and regulatory fines. Power companies may try to recover a proportion of the losses incurred by filing claims against partner companies' liability insurance policies. Businesses who lost power may file claims to recover losses stemming from property damage, such as perishable cold storage, business interruption, the inability to comply with existing regulations. Homeowners could also conceivably file claims for property damage under contents insurance.
Companies indirectly affected by the blackout can also be due for insurance payments, for business interruption or supply chain disruptions. Companies with inadequate contingency plans may generate claims under their directors' and officers' liability insurance, Lloyd's noted in the report. The final category covered specialty covers, such as event cancellations.

In some circumstances, this could also apply to student research.
Should Journalists Use or Ignore Social Media? Two Examples to Think About

For my students who program.
The Best Places to Learn Swift, Apple’s Programming Language
When Apple announced their brand new programming language Swift, the programming community rejoiced.
… And then Apple went ahead and announced that Swift would soon be open source, bringing in a new wave of support from developers all over the planet. It wouldn’t surprise me if Swift rose up and became the world’s most popular language within the next decade.
SoSoSwift (Free)
The best way to get started is to click on the Tutorials link and browse through the Collections. For example, Swift Tutorial: Introduction Series is great for an absolute beginner while iOS 8 Game Development is ideal for aspiring game developers.
SkipCasts (Free)
Swifty (Free)

There goes the neighborhood.
An Angry Birds Sequel Is Officially Happening

No comments: