Drive by (actually fly by) hacking? One of the
fundamentals of military strategy today is to disrupt command and
control at the source. Drones are merely a technology that lets us
reach beyond the trenches. Much cheaper than dropping in special
operations teams or having SEALS swim up rivers.
Jacob Bogage reports:
Drone have been used to drop bombs, spy on foreign countries and monitor how farmers work their fields. Now they could help hack into personal computers.
According to e-mails posted by WikiLeaks, military contractors may want to do just that. Boeing and Hacking Team — a Milan-based company criticized for selling surveillance software to repressive governments — were in talks earlier this year to plant malware on drones to perform such activities, according to the e-mails, which were stolen from Hacking Team in July.
Read more on Washington
Post.
Closer to home...
Anna C. Watterson and Sean B. Hoar write:
Higher education institutions are treasure troves for hackers. Colleges and universities are huge repositories of research data, sensitive information for large populations of applicants and enrolled students (personal, academic, financial and health data), as well as sensitive personal and tax information for all faculty and staff. Higher education information systems are particularly valuable targets for cyberattacks.
In the wake of a series of cyberattacks on several prominent colleges and universities, higher education institutions would be well-advised to review their current security posture, breach preparedness, and cyber insurance coverage.
Read more on DavisWrightTremaine Privacy
& Security Law Blog.
And just imagine what might happen if the U.S.
Education Department and/or the FTC actually did any enforcement on
data security and privacy?
Searching for the next OPM? Just read the audit
reports to find the low-hanging fruit.
Sean Higgins reports:
The Labor Department has several gaps in its cybersecurity protections that could be exploited by hackers, according to a report publicly released Tuesday by its inspector general’s office. Several of the gaps were identified three years ago, the report noted, but the department has done very little to prevent potential data theft.
Read more on Washington
Examiner.
“Any sufficiently significant outage is
indistinguishable from terrorism” (With apologies to Arthur C,
Clark) It must be investigated and documented for security
follow-up, with the idea that if someone can do this by accident,
someone can do it deliberately. Note that all of these companies go
through the same vulnerable choke point.
Cell
service out for thousands across the American Southeast
Cellular service appears
to be down across every
major provider throughout Tennessee, Alabama and Kentucky
with Nashville, Chattanooga, and Knoxville being the hardest hit.
According to the website Down
Detector, more than 10,000 AT&T, 1,000 Verizon, 7,000
T-Mobile and 300 Sprint customers are without internet or phone
access. None of the affected companies have disclosed the specific
reason for the outage yet, though they all have already issued vague
statements about how they're working on the issue.
[Sprint said:
… This appears to
be an issue caused by a local exchange provider and our network team
is working with the provider to restore service to impacted customers
as quickly as possible.
You wouldn't drive a car without insurance. Why
face the risks of using the Internet without it? (The term “capital
holds” is new to me.)
Smoke and
Mirrors: Cyber Security Insurance
Data breaches have become a daily occurrence.
However, their cost to organizations goes far beyond reputational
damage in the media. Boards and businesses are subject to regulatory
mandates that carry fines
and capital holds, and increasingly face litigation from
class-action suits. Cyber security insurance has emerged as a
stop-gap to protect stakeholders from the shortcomings of siloed risk
management processes. However, insurance policies are not a
replacement for improving a company’s cyber security posture. So
what do you need to know when it comes to the effectiveness of cyber
security insurance?
… Not
surprisingly, the U.S. cyber security insurance market is growing
approximately 30 percent per year. Some surveys even suggest that 30
percent of large enterprises in the U.S. have some type of cyber
security insurance coverage. These numbers include both first-party
and third-party cyber security insurance policies. First-party
policies typically cover losses incurred from business interruption,
destruction of data and property, and reputational harm. Third-party
policies, in contrast, cover losses incurred by a company’s
customers and others, such as damages resulting from the exposure of
personally identifiable information (PII) through a data breach.
More theater than threat?
China to
tighten grip over country’s internet users
China has tightened its grip over the country’s
650m internet users by announcing moves to station police officers
inside large internet companies to try to heighten censorship and
prevent subversion, according to a senior security official.
The move follows a spate of recent efforts to
tighten
the screws on social media users, as well as a draft cyber
security law that will grant authorities broad new powers to control
the internet in the country and force web companies to share more
data with the government.
Chen Zhimin, the deputy minister of public
security, revealed a plan to set up “network security offices” in
major internet companies — such as Tencent
and Alibaba
— “in order to be able to find out about illegal internet
activity more quickly”, although he did not specify how the
initiative would work.
Meanwhile, the US is loosening it's grip.
ICANN
reveals plan for ending America's control of the internet
Though it's called the "world wide web,"
the US Commerce Department has held the keys to the internet since
its inception in the '90s. Last year, it agreed to hand
them over to worldwide bodies and asked ICANN, the group that
manages internet addresses, to come
up with a plan. ICANN unveiled the much anticipated report
yesterday, and has given the public until September 8th to comment
on it. The gist of the 100-page document? Internet control
functions will be given to ICANN and an oversight body made up of
"interested parties" that has no connection to any world
governments.
Perhaps we need a video watermarking technology?
This may be
the biggest threat to Facebook right now
Facebook’s engineers completely retooled the
site’s interface to make videos as easy as possible to watch and
share. All you have to do is scroll through your News Feed and
you’ll be introduced to countless videos that start to play as they
pop up on your screen.
Because of this unprecedented ease in discovering
and watching video content, Facebook is giving Google-owned YouTube a
run for its money. Literally.
As Fortune’s Erin
Griffith reports:
Facebook drives nearly a quarter of all web traffic. The company’s recent video improvements will likely push those numbers even higher.
… But Facebook’s video efforts are drawing
controversy lately. Some observers say the social network is
littered in video content lifted
from its original source, meaning the content creators aren’t
seeing a dime for their work. And while YouTube has built-in
mechanism for content creators to report such theft, Facebook has no
such solution.
YouTube star Hank Green wrote a blog post about
this issue, known as “freebooting,” entitled “Theft,
Lies, and Facebook Video.” In it, he outlines why he believes
Facebook’s video practices are unethical. Green cites a report
from ad agency Ogilvy and Tubular that found over 70% of Facebook’s
top performing posts came from other sources like YouTube.
If those users had embedded the YouTube videos on
Facebook, this wouldn’t be an issue. Instead, these are videos
that have been taken from other sites and uploaded to Facebook’s
native player, giving that Facebook page the credit rather than the
rightful copyright holder. Facebook’s algorithm favors videos that
are uploaded natively, a setup that Green says encourages
intellectual
property theft.
(Related) I'm sure this only looks
like extortion. Just a confused representative, Facebook would never
really do that, right?
Facebook
kills proposed user data policy after game and app publishers
panicked
… They said that Facebook representatives had
told them verbally that they could get back the data that they had
lost, if they participated in Facebook programs where the mobile
publisher had to share data about their users with the social network
— including users who came to the publisher without seeing a
Facebook ad. The publishers were upset about this alternative, which
they felt gave them no choice in the matter, because it forced them
to disclose proprietary information to Facebook. On top of that, the
publishers said it would amount to a privacy violation, since they
had never asked their users if they could hand over their data to
Facebook.
“Things” are getting interesting.”
G.E. Plans
App Store for Gears of Industry
… G.E. is announcing on Wednesday a push into
computer-based services, connecting sensors that are on machines to
distant computing centers where data will be scanned for insights
around things like performance, maintenance and supplies. The
company plans to spend about $500 million annually building the
business, according to the executive in charge.
… The move
highlights how important the so-called Internet
of Things, a term for matching sensors with cloud-computing
systems, has become for some of the world’s biggest companies.
G.E. expects revenue of $6 billion from software in 2015, a 50
percent increase in one year. Much of this is from a pattern-finding
system called Predix.
How quickly can the FBI “clear” Hillary? Too
quickly and there will be cries of “coverup.” Too slow and Joe
Biden will enter the race.
FBI looking
into the security of Hillary Clinton’s private e-mail setup
The FBI has begun looking into the security of
Hillary Rodham Clinton’s private e-mail setup, contacting in the
past week a Denver-based
technology firm that helped manage the unusual system, according to
two government officials.
Also last week, the FBI contacted Clinton’s
lawyer, David Kendall, with questions about the security of a thumb
drive in his possession that contains copies of work e-mails Clinton
sent during her time as secretary of state.
The FBI’s interest in Clinton’s e-mail system
comes after the intelligence community’s inspector general referred
the issue to the Justice Department in July. Intelligence
officials expressed concern that some sensitive information was not
in the government’s possession and could be “compromised.” The
referral did not accuse Clinton of any wrongdoing, and the two
officials said Tuesday that the FBI is not targeting her.
… A lawyer for the Denver company, Platte
River Networks, declined to comment, as did multiple Justice
Department officials.
For my Computer Security students. You have to
act fast, which suggest you had better have a plan!
Adam Klasfeld reports:
In a case involving sex, cyberbullying and the statute of limitations, a schoolteacher filed her lawsuit just in time to accuse of (sic) her ex-boyfriend of taking over her Facebook account to post obscene messages, the Second Circuit ruled on Tuesday.
The court warned in its opinion that the case demonstrates the “troubling” predicament of victims of hacking who are unable to learn the identity of their attackers within two years.
Read more on Courthouse
News.
“We already have this data, let's see what else
a bit of clever Data Analysis can reveal. Then we can ask for a
warrant based on what we already know exists” Did I read that
correctly?
William
W. Hellmuth writes:
On July 29, 2015, BakerHostetler filed an amicus brief with the Second Circuit on behalf of the Center for Democracy and Technology, joined by five prominent nonprofit public interest groups, for the en banc rehearing of United States v. Ganias, Case No. 12-240. In Ganias, the Court will grapple with arguments centering on whether the government, after seizing a large volume of digital data pursuant to a warrant, may retain that data indefinitely and later use it in ways outside the scope of the original warrant, including bringing charges against individuals not originally under investigation. Recognizing the huge impact the Second Circuit’s en banc decision will have for anyone subject to a warrant, the amicus brief urges the Court to ensure that Fourth Amendment protections remain strong in the face of ever-evolving technologies.
Read more on BakerHostetler Data
Privacy Monitor.
Perspective. If Warren Buffet won't, who will?
(Wadda ya say we each chip in $10...)
Twitter May
Be a Takeover Target, but Google Is Unlikely to Take It Over
As markets closed yesterday, Twitter’s stock
sank to its lowest level ever — a drop that raised speculation, yet
again, that another company would take it over. At only a $19
billion market valuation, that’s not a surprise.
Neither is the other company most often cited as
its obvious buyer: Google.
Some day, I want to take or teach a class on
social media.
Social
Media Done Right: Advertising You’ll Actually Want to See
… In today’s world, having a social media
presence for your company just makes sense.
Creating a profile on any of the major social
media networks (such as Facebook, Pinterest, Instagram, Twitter, or
Tumblr) is free, posting content is easy, and there is the potential
for any post to go absolutely viral — sharing your brand far
further than any television, radio, or print ad ever could.
With that being said, there’s more to
advertising on social media than just having a profile – companies
have to understand the tone and purpose of the platform they are
trying to use.
A challenge for my students. What would you
automate with Siri? The Help Desk? Create a personal shopper? 911?
Hey, Siri -
Get Out Your Steno Pad
… When a call is placed to a phone that has
iCloud Voicemail enabled and you don't answer it, Siri will pick it
up for you. Depending on who the caller is, Siri can provide
information about where you are and why you can't answer the call,
according to the report. If your caller leaves a voice message, Siri
will notify you and send you a transcription.
… Why transcribe voice mail messages?
"A lot of people like to leave voice mail,
but very few people like to listen to it," said Roger Kay,
president of Endpoint
Technologies Associates.
Reading transcripts of voice mail messages can be
a productivity booster.
Perspective.
The Most
Popular Programming Languages of 2015
… With so many options to choose from, each
with their own pros and cons, senior editor Stephen Cass discussed
the top 10 languages for 2015 in a recent
article for IEEE Spectrum.
No comments:
Post a Comment