Wednesday, August 05, 2015

Drive by (actually fly by) hacking? One of the fundamentals of military strategy today is to disrupt command and control at the source. Drones are merely a technology that lets us reach beyond the trenches. Much cheaper than dropping in special operations teams or having SEALS swim up rivers.
Jacob Bogage reports:
Drone have been used to drop bombs, spy on foreign countries and monitor how farmers work their fields. Now they could help hack into personal computers.
According to e-mails posted by WikiLeaks, military contractors may want to do just that. Boeing and Hacking Team — a Milan-based company criticized for selling surveillance software to repressive governments — were in talks earlier this year to plant malware on drones to perform such activities, according to the e-mails, which were stolen from Hacking Team in July.
Read more on Washington Post.

Closer to home...
Anna C. Watterson and Sean B. Hoar write:
Higher education institutions are treasure troves for hackers. Colleges and universities are huge repositories of research data, sensitive information for large populations of applicants and enrolled students (personal, academic, financial and health data), as well as sensitive personal and tax information for all faculty and staff. Higher education information systems are particularly valuable targets for cyberattacks.
In the wake of a series of cyberattacks on several prominent colleges and universities, higher education institutions would be well-advised to review their current security posture, breach preparedness, and cyber insurance coverage.
Read more on DavisWrightTremaine Privacy & Security Law Blog.
And just imagine what might happen if the U.S. Education Department and/or the FTC actually did any enforcement on data security and privacy?

Searching for the next OPM? Just read the audit reports to find the low-hanging fruit.
Sean Higgins reports:
The Labor Department has several gaps in its cybersecurity protections that could be exploited by hackers, according to a report publicly released Tuesday by its inspector general’s office. Several of the gaps were identified three years ago, the report noted, but the department has done very little to prevent potential data theft.
Read more on Washington Examiner.

“Any sufficiently significant outage is indistinguishable from terrorism” (With apologies to Arthur C, Clark) It must be investigated and documented for security follow-up, with the idea that if someone can do this by accident, someone can do it deliberately. Note that all of these companies go through the same vulnerable choke point.
Cell service out for thousands across the American Southeast
Cellular service appears to be down across every major provider throughout Tennessee, Alabama and Kentucky with Nashville, Chattanooga, and Knoxville being the hardest hit. According to the website Down Detector, more than 10,000 AT&T, 1,000 Verizon, 7,000 T-Mobile and 300 Sprint customers are without internet or phone access. None of the affected companies have disclosed the specific reason for the outage yet, though they all have already issued vague statements about how they're working on the issue.
[Sprint said:
… This appears to be an issue caused by a local exchange provider and our network team is working with the provider to restore service to impacted customers as quickly as possible.

You wouldn't drive a car without insurance. Why face the risks of using the Internet without it? (The term “capital holds” is new to me.)
Smoke and Mirrors: Cyber Security Insurance
Data breaches have become a daily occurrence. However, their cost to organizations goes far beyond reputational damage in the media. Boards and businesses are subject to regulatory mandates that carry fines and capital holds, and increasingly face litigation from class-action suits. Cyber security insurance has emerged as a stop-gap to protect stakeholders from the shortcomings of siloed risk management processes. However, insurance policies are not a replacement for improving a company’s cyber security posture. So what do you need to know when it comes to the effectiveness of cyber security insurance?
Not surprisingly, the U.S. cyber security insurance market is growing approximately 30 percent per year. Some surveys even suggest that 30 percent of large enterprises in the U.S. have some type of cyber security insurance coverage. These numbers include both first-party and third-party cyber security insurance policies. First-party policies typically cover losses incurred from business interruption, destruction of data and property, and reputational harm. Third-party policies, in contrast, cover losses incurred by a company’s customers and others, such as damages resulting from the exposure of personally identifiable information (PII) through a data breach.

More theater than threat?
China to tighten grip over country’s internet users
China has tightened its grip over the country’s 650m internet users by announcing moves to station police officers inside large internet companies to try to heighten censorship and prevent subversion, according to a senior security official.
The move follows a spate of recent efforts to tighten the screws on social media users, as well as a draft cyber security law that will grant authorities broad new powers to control the internet in the country and force web companies to share more data with the government.
Chen Zhimin, the deputy minister of public security, revealed a plan to set up “network security offices” in major internet companies — such as Tencent and Alibaba — “in order to be able to find out about illegal internet activity more quickly”, although he did not specify how the initiative would work.

Meanwhile, the US is loosening it's grip.
ICANN reveals plan for ending America's control of the internet
Though it's called the "world wide web," the US Commerce Department has held the keys to the internet since its inception in the '90s. Last year, it agreed to hand them over to worldwide bodies and asked ICANN, the group that manages internet addresses, to come up with a plan. ICANN unveiled the much anticipated report yesterday, and has given the public until September 8th to comment on it. The gist of the 100-page document? Internet control functions will be given to ICANN and an oversight body made up of "interested parties" that has no connection to any world governments.

Perhaps we need a video watermarking technology?
This may be the biggest threat to Facebook right now
Facebook’s engineers completely retooled the site’s interface to make videos as easy as possible to watch and share. All you have to do is scroll through your News Feed and you’ll be introduced to countless videos that start to play as they pop up on your screen.
Because of this unprecedented ease in discovering and watching video content, Facebook is giving Google-owned YouTube a run for its money. Literally.
As Fortune’s Erin Griffith reports:
Facebook drives nearly a quarter of all web traffic. The company’s recent video improvements will likely push those numbers even higher.
… But Facebook’s video efforts are drawing controversy lately. Some observers say the social network is littered in video content lifted from its original source, meaning the content creators aren’t seeing a dime for their work. And while YouTube has built-in mechanism for content creators to report such theft, Facebook has no such solution.
YouTube star Hank Green wrote a blog post about this issue, known as “freebooting,” entitled “Theft, Lies, and Facebook Video.” In it, he outlines why he believes Facebook’s video practices are unethical. Green cites a report from ad agency Ogilvy and Tubular that found over 70% of Facebook’s top performing posts came from other sources like YouTube.
If those users had embedded the YouTube videos on Facebook, this wouldn’t be an issue. Instead, these are videos that have been taken from other sites and uploaded to Facebook’s native player, giving that Facebook page the credit rather than the rightful copyright holder. Facebook’s algorithm favors videos that are uploaded natively, a setup that Green says encourages intellectual property theft.

(Related) I'm sure this only looks like extortion. Just a confused representative, Facebook would never really do that, right?
Facebook kills proposed user data policy after game and app publishers panicked
… They said that Facebook representatives had told them verbally that they could get back the data that they had lost, if they participated in Facebook programs where the mobile publisher had to share data about their users with the social network — including users who came to the publisher without seeing a Facebook ad. The publishers were upset about this alternative, which they felt gave them no choice in the matter, because it forced them to disclose proprietary information to Facebook. On top of that, the publishers said it would amount to a privacy violation, since they had never asked their users if they could hand over their data to Facebook.

“Things” are getting interesting.”
G.E. Plans App Store for Gears of Industry
… G.E. is announcing on Wednesday a push into computer-based services, connecting sensors that are on machines to distant computing centers where data will be scanned for insights around things like performance, maintenance and supplies. The company plans to spend about $500 million annually building the business, according to the executive in charge.
… The move highlights how important the so-called Internet of Things, a term for matching sensors with cloud-computing systems, has become for some of the world’s biggest companies. G.E. expects revenue of $6 billion from software in 2015, a 50 percent increase in one year. Much of this is from a pattern-finding system called Predix.

How quickly can the FBI “clear” Hillary? Too quickly and there will be cries of “coverup.” Too slow and Joe Biden will enter the race.
FBI looking into the security of Hillary Clinton’s private e-mail setup
The FBI has begun looking into the security of Hillary Rodham Clinton’s private e-mail setup, contacting in the past week a Denver-based technology firm that helped manage the unusual system, according to two government officials.
Also last week, the FBI contacted Clinton’s lawyer, David Kendall, with questions about the security of a thumb drive in his possession that contains copies of work e-mails Clinton sent during her time as secretary of state.
The FBI’s interest in Clinton’s e-mail system comes after the intelligence community’s inspector general referred the issue to the Justice Department in July. Intelligence officials expressed concern that some sensitive information was not in the government’s possession and could be “compromised.” The referral did not accuse Clinton of any wrongdoing, and the two officials said Tuesday that the FBI is not targeting her.
… A lawyer for the Denver company, Platte River Networks, declined to comment, as did multiple Justice Department officials.

For my Computer Security students. You have to act fast, which suggest you had better have a plan!
Adam Klasfeld reports:
In a case involving sex, cyberbullying and the statute of limitations, a schoolteacher filed her lawsuit just in time to accuse of (sic) her ex-boyfriend of taking over her Facebook account to post obscene messages, the Second Circuit ruled on Tuesday.
The court warned in its opinion that the case demonstrates the “troubling” predicament of victims of hacking who are unable to learn the identity of their attackers within two years.
Read more on Courthouse News.

“We already have this data, let's see what else a bit of clever Data Analysis can reveal. Then we can ask for a warrant based on what we already know exists” Did I read that correctly?
William W. Hellmuth writes:
On July 29, 2015, BakerHostetler filed an amicus brief with the Second Circuit on behalf of the Center for Democracy and Technology, joined by five prominent nonprofit public interest groups, for the en banc rehearing of United States v. Ganias, Case No. 12-240. In Ganias, the Court will grapple with arguments centering on whether the government, after seizing a large volume of digital data pursuant to a warrant, may retain that data indefinitely and later use it in ways outside the scope of the original warrant, including bringing charges against individuals not originally under investigation. Recognizing the huge impact the Second Circuit’s en banc decision will have for anyone subject to a warrant, the amicus brief urges the Court to ensure that Fourth Amendment protections remain strong in the face of ever-evolving technologies.
Read more on BakerHostetler Data Privacy Monitor.

Perspective. If Warren Buffet won't, who will? (Wadda ya say we each chip in $10...)
Twitter May Be a Takeover Target, but Google Is Unlikely to Take It Over
As markets closed yesterday, Twitter’s stock sank to its lowest level ever — a drop that raised speculation, yet again, that another company would take it over. At only a $19 billion market valuation, that’s not a surprise.
Neither is the other company most often cited as its obvious buyer: Google.

Some day, I want to take or teach a class on social media.
Social Media Done Right: Advertising You’ll Actually Want to See
… In today’s world, having a social media presence for your company just makes sense.
Creating a profile on any of the major social media networks (such as Facebook, Pinterest, Instagram, Twitter, or Tumblr) is free, posting content is easy, and there is the potential for any post to go absolutely viral — sharing your brand far further than any television, radio, or print ad ever could.
With that being said, there’s more to advertising on social media than just having a profile – companies have to understand the tone and purpose of the platform they are trying to use.

A challenge for my students. What would you automate with Siri? The Help Desk? Create a personal shopper? 911?
Hey, Siri - Get Out Your Steno Pad
… When a call is placed to a phone that has iCloud Voicemail enabled and you don't answer it, Siri will pick it up for you. Depending on who the caller is, Siri can provide information about where you are and why you can't answer the call, according to the report. If your caller leaves a voice message, Siri will notify you and send you a transcription.
… Why transcribe voice mail messages?
"A lot of people like to leave voice mail, but very few people like to listen to it," said Roger Kay, president of Endpoint Technologies Associates.
Reading transcripts of voice mail messages can be a productivity booster.

The Most Popular Programming Languages of 2015
… With so many options to choose from, each with their own pros and cons, senior editor Stephen Cass discussed the top 10 languages for 2015 in a recent article for IEEE Spectrum.

No comments: