Incentive for my Ethical Hacking students?
United
Airlines rewards hackers with millions of miles for spotting IT flaws
Two hackers scored one million air travel miles
for uncovering security flaws in United Airlines' software systems
and privately disclosing them to the company.
Through
United's "bug bounty" program -- so called because it
offers monetary incentives for revealing software defects -- the
hackers will now be able to fly from the continental United States to
Europe 33 times.
A very nice summary.
What Is the
OPM Hack, and What Does it Mean For You?
(Related) To me, this reads like a carefully
worded “Don't get your hopes up.”
Is There a
Judicial Remedy for Victims of Federal Data Breaches?
by Sabrina
I. Pacifici on Jul 16, 2015
CRS Legal Sidebar – Is
There a Judicial Remedy for Victims of Federal Data Breaches?
“The scope of information believed to have been
compromised by a series of cyber-intrusions at the Office of
Personnel Management (OPM) continues to grow. OPM recently announced
that further investigation of the initial breach affecting 4.2
million current and former federal employees has led officials to
conclude that sensitive information on 21.5 million individuals had
been stolen from separate OPM databases used in connection with
background investigations. In addition to the potential effects on
domestic and foreign policy that may result from these breaches,
which are discussed here, two recently filed lawsuits raise questions
regarding what redress, if any, is due to affected individuals beyond
the free credit monitoring that has been offered by OPM. The two
suits, filed separately by the American Federation of Government
Employees (AFGE) and the National Treasury Employees Union (NTEU)
allege a number of legal theories under which the plaintiffs believe
recovery may be available, including claims citing the Privacy Act,
the Federal Information Security Management Act (FISMA), common law
negligence, and the Due Process clause of the Constitution. While,
procedural obstacles to such suits, such as whether the plaintiffs
have suffered a sufficiently concrete injury to have a right to sue,
are important and may end up being dispositive, this post focuses
instead on the extent to which selected sources of statutory, common,
and constitutional law may provide a judicially enforceable remedy
for current and former federal employees whose personal information
may have been exposed during the breach of a federal information
technology system.”
It would not surprise me if this was common
practice everywhere.
DutchNews.nl reports:
Dutch police now automatically intercept internet traffic when setting up a telephone tap, online magazine Computerworld reports on Thursday. The news was buried in the justice ministry’s annual report which was published in May and has only now been made public, the website states.
Read more on DutchNews.nl.
(Related)
SC Magazine reports:
As part of its bid to increase transparency about the terms under which it operates in different countries, Vodaphone has published the overarching processes and policies in place regarding lawful interception of communications data required by domestic authorities on a country by country basis.
Read more on SC
Magazine.
This is what happens when amateurs rely on the
information they are given without considering how it got to them.
Tom Whitehead reports:
Innocent people were wrongly investigated as suspected paedophiles, including one who was arrested, because of snooping blunders by police and internet companies.
Five people had their homes searched and computers seized last year after errors in requests for email and phone records meant they were wrongly targeted, a watchdog has revealed.
Read more on The
Telegraph.
[From
the article:
Blunders in another case meant three genuine
suspects escaped justice because their records had been deleted by
the time the errors were discovered.
Information of dozens of other innocent people was
also wrongfully disclosed to officers investigating child sex abuse
or pornography because of error in requests.
The mistakes were revealed in Sir Anthony’s
final report before stepping down and he found a total of 998 errors
were made in communications data requests last year.
Police, councils and other public bodies made a
total of 517,208 applications to spy on email, internet and phone
records last year – the equivalent of one request every minute.
What's the worst that could happen? You get
shamed for not eating your vegetables?
Jack Broom reports:
A group of privacy advocates is suing the city of Seattle, arguing that having garbage collectors look through people’s trash — to make sure food scraps aren’t going into the garbage — “violates privacy rights on a massive scale.”
“A person has a legitimate expectation that the contents of his or her garbage cans will remain private and free from government inspection,” argues the lawsuit filed Thursday in King County Superior Court by the Pacific Legal Foundation.
Since January, Seattle residents have been directed to place food scraps in the same bins as their yard waste, so that the material can be composted, instead of into garbage cans, where it would end up in a landfill.
Read more on The
Seattle Times.
Worth reading. The Internet, the world wide web,
Deepweb and Darkweb.
CRS Report
– The Dark Web
by Sabrina
I. Pacifici on Jul 16, 2015
Dark
Web, Kristin Finklea, Specialist in Domestic Security. July 7,
2015:
“The layers of the Internet go far beyond the
surface content that many can easily access in their daily searches.
The other content is that of the Deep Web , content that has not been
indexed by traditional search engines such as Google. The furthest
corners of the Deep Web, segments known as the Dark Web, contain
content that has been intentionally concealed. The Dark Web may be
used for legitimate purposes as well as to conceal criminal or
otherwise malicious activities. It is the exploitation of the Dark
Web for illegal practices that has garnered the interest of officials
and policy makers. Individuals can access the Dark Web by using
special software such as Tor (short for The Onion Router). Tor
relies upon a network of volunteer computers to route users’ web
traffic through a series of other users’ computers such that the
traffic cannot be traced to the original user. Some developers have
created tools—such as Tor2web—that may allow individuals access
to Tor-hosted content without downloading and installing the Tor
software, though accessing the Dark Web through these means does not
anonymize activity. Once on the Dark Web, users often navigate it
through directories such as the “Hidden Wiki,” which organizes
sites by category, similar to Wikipedia. Individuals can also search
the Dark Web with search engines, which may be broad, searching
across the Deep Web, or more specific, searching for contraband like
illicit drugs, guns, or counterfeit money. While on the Dark Web,
individuals may communicate through means such as secure email, web
chats, or personal messaging hosted on Tor. Though tools such as Tor
aim to anonymize content and activity, researchers and security
experts are constantly developing means by which certain hidden
services or individuals could be identified or “deanonymized.”
Just a thought, but are humans going to have
trouble sharing the road with cars that always follow
every traffic rule? (And have recordings they can show the judge to
prove you were at fault!)
Google's
self-driving cars crash 'surprisingly often,' but it's not their
fault
This is how businesses are transforming. Why
wouldn't it work for a government agency if they really wanted to
change? (i.e. If they had managers rather than politicians running
the agencies?)
Should The
IRS Become a Consumer Agency Instead of a Tax Cop?
In her latest report
to Congress, IRS Taxpayer Advocate Nina Olson made the
provocative suggestion that her agency completely rethink its
mission:
“It should transform itself as a tax agency from one that is designed around nabbing the small percentage of the population that actively evades tax to one that aims first and foremost to meet the needs of the overwhelming majority of taxpayers who are trying to comply with the tax laws.”
She made the suggestion even as she notes the
agency may be headed the other way.
… Olson is absolutely right when she says that
IRS staffers need to be accessible and knowledgeable enough to answer
basic questions or resolve uncomplicated problems. Taxpayer disputes
are often due to simple misunderstandings that could be easily and
quickly addressed with the help of a human at the agency.
There also are political consequences to the
enforcement-only image that worries Olson. The agency already is
facing withering fire from Congress and getting little cover from the
White House. It is hard to
see why lawmakers would go to bat for an agency their constituents
know only in the context of disputes and enforcement cases.
Interesting statistics, how should we interpret
them?
In the era of super PACs and nonprofit political
groups, the money presidential candidates raise for their own
campaigns is often dwarfed by what outside groups raise and spend to
support them. But the ability of candidates to raise money from
individuals is still an important indication of how much support they
have. And the nature of their donors tells us a great deal, too,
about their political appeal. Are candidates raising money from many
people of modest means, who make small donations, or from a smaller
group of wealthier donors, who give the maximum allowed by law?
Eliminating the need for lawyers, one search at a
time.
Google announced Thursday it was strengthening its
“Google Patents” search to help in determining whether a new
patent application is valid.
The search giant announced it will now allow
people to search in one place for both previously patented material
and other "prior art" that may be relevant to a new patent
application.
Something to get my Risk Management students
thinking. Lloyd's says, “Cyber is an underinsured risk.”
Cyber
Attack on Power Grid Could Top $1 Trillion in Damage: Report
… Lloyd's
and the Cambridge
Centre for Risk Studies
at University of Cambridge Judge Business School examined the
implications of a fictional attack where adversaries damaged 50
generators supplying power to the electrical grid and caused a
blackout across 15 states along the East Coast and Washington D.C.
and affected 93 million people. Lloyd's produced the Business
Blackout report to help insurance underwriters understand how
cyberattacks impact insurance and risk.
… Lloyd's
identified six primary categories of insurance claims in its report.
Power generation companies would likely file claims for property
damage to generators, business interruptions as a result of not being
able to sell electricity, and costs incurred from incident response
and regulatory fines. Power companies may try to recover a
proportion of the losses incurred by filing claims against partner
companies' liability insurance policies. Businesses who lost power
may file claims to recover losses stemming from property damage, such
as perishable cold storage, business interruption, the inability to
comply with existing regulations. Homeowners could also conceivably
file claims for property damage under contents insurance.
Companies
indirectly affected by the blackout can also be due for insurance
payments, for business interruption or supply chain disruptions.
Companies with inadequate contingency plans may generate claims under
their directors' and officers' liability insurance, Lloyd's noted in
the report. The final category covered specialty covers, such as
event cancellations.
[Get
the report from Lloyds:
https://www.lloyds.com/news-and-insight/risk-insight/library/society-and-security/business-blackout
In some circumstances, this could also apply to
student research.
Should
Journalists Use or Ignore Social Media? Two Examples to Think About
For my students who program.
The Best
Places to Learn Swift, Apple’s Programming Language
When Apple announced their brand
new programming language Swift, the programming community
rejoiced.
… And then Apple went ahead and announced that
Swift
would soon be open source, bringing in a new wave of support from
developers all over the planet. It wouldn’t surprise me if Swift
rose up and became the world’s most popular language within the
next decade.
SoSoSwift
(Free)
The best way to get started is to click on the
Tutorials link and browse through the Collections. For example,
Swift
Tutorial: Introduction Series is great for an absolute beginner
while iOS
8 Game Development is ideal for aspiring game developers.
SkipCasts
(Free)
Ray
Wenderlich’s Tutorials (Free)
Learn
Swift Tips (Free)
Swift
Programming on Medium (Free)
Swifty
(Free)
Swift
Essential Training ($25)
There goes the neighborhood.
An Angry
Birds Sequel Is Officially Happening
No comments:
Post a Comment