I read this as, “only 90,000 out of 2.4 million
were encrypted.” Why not use the tool you have to protect
everything?
Data
watchdog investigates Carphone Warehouse hacking
The UK’s data watchdog is investigating a
security breach at Carphone
Warehouse, after the mobile phone retailer revealed that up to
2.4m customers may have had their personal information and bank
details stollen by hackers.
… As many as 90,000 customers may also have
had their encrypted credit card details accessed by the hackers.
… For Carphone
Warehouse, the hack is embarrassing given the company’s ambition to
become a leader in the so-called “internet of things”, or market
for connected devices.
Another OPM update. My IT Governance students
should find there is always more to discover.
Fox News reports:
The Office of Personnel Management’s inspector general is accusing a senior agency official of hindering their investigation into the massive breach of security clearance and personal information for millions of federal employees.
Inspector General Patrick McFarland claimed that OPM Chief Information Officer Donna Seymour slowed his investigation into the breach, and that while he has had a positive relationship with the OCIO in the past, recent events made him “question whether the OCIO is acting in good faith.”
[I
particularly liked:
It appears that this breach will be amusing for
quite a while. Grab some popcorn, sit back and enjoy the fireworks!
Joseph F. Welborn III discusses possible theories
of liability for lawsuits against Ashley Madison in the wake of its
massive databreach. He writes, in part:
One interesting theory of liability comes from an old common law tort that has been phased out legislatively in all but seven states – alienation of affections. In fact, this theory had been used against Ashley Madison on at least one occasion even before the data beach. In 2012, a man from North Carolina sued Ashley Madison after his wife used the website to meet another man, ultimately resulting in a divorce. While similar claims could exist even without the data breach, a release of the confidential information allegedly taken would very likely bring the website into the crosshairs of individuals who previously had no idea where their former spouse had connected with a paramour. The good news for Ashley Madison is that proximate causation and intent to alienate affections as to any one scorned husband or wife could present proof problems for potential plaintiffs. Plus, the fact that only seven states recognize such a claim will likely limit any perceived risk.
The more troubling issue of potential liability is based on a contractual or quasi-contractual theory that may be asserted by individuals who decided to delete their Ashley Madison account in the past.
Read more on Butler
Snow.
When you really want to mess with someone... Kill
them! Claim your inheritance/the insurance early?
Rush to Put
Death Records Online Lets Anyone be 'Killed'
… The
process of having someone officially stamped dead by getting a death
certificate issued typically involves a doctor filling out one form
and a funeral home filling out another, according to Rock's research.
Once
forms are submitted online, certificates declaring the listed person
legally dead are generated.
A
fatal flaw in the system is that people can easily pose as real
doctors and funeral directors, Rock demonstrated to a rapt audience.
Doctors
practising general medicine often don't bother setting up accounts at
online portals for filling out information for death certificates.
An
aspiring online assassin can step into that void, and borrow the
identity of a doctor.
Setting
up accounts requires a doctor's name, address, and medical license
number. A basic Internet search will turn up that information, which
is publicly available for the well-intended purpose of letting people
check that physicians are legitimate before seeking care.
Drop
down boxes containing illness categories and online guides are
available for filling in "doctor speak" on forms and
avoiding medical causes or circumstances that might trigger needs for
autopsies or investigations, Rock's demonstration showed.
For my Ethical Hacking students. What would you
pay to secure your $100,000+ Tesla?
This
Hacker’s Tiny Device Unlocks Cars And Opens Garages
The next time you press your wireless key fob to
unlock your car, if you find that it doesn’t beep until the second
try, the issue may not be a technical glitch. Instead, a hacker like
Samy Kamkar may be using a clever radio hack to intercept and record
your wireless key’s command. And when that hacker walks up to your
vehicle a few minutes, hours, or days later, it won’t even take
those two button presses to get inside.
At the hacker conference DefCon in Las Vegas
tomorrow, Kamkar plans to present the details of a gadget he’s
developed called “RollJam.” The $32
radio device, smaller than a cell phone, is designed to
defeat the “rolling codes” security used in not only most modern
cars and trucks’ keyless entry systems, but also in their alarm
systems and in modern garage door openers.
(Related) Amuse yourself by dumping those
annoying neighbor kids.
Hackers Can
Seize Control of Electric Skateboards and Toss Riders
… Healey, who works on security for payments
company Stripe,
teamed up with fellow researcher Mike Ryan, who works on security for
eBay, to examine his and other electric skateboards to see if they
could be hacked. The result is an exploit they developed called
FacePlant [Very
descriptive Bob] that can give them complete control of
someone’s digital board.
“[The attack] is basically a synthetic version
of the same RF noise [at that intersection in Melbourne],” he says,
and allows them to cold stop a board or send it flying in reverse,
tossing the rider in either case.
Interesting. Do Psychiatrists have the same
prohibition? Ethics or PR?
By an overwhelming vote of 156-1 (with seven
abstentions and one recusal)–so lopsided that it stunned
even its proponents–the American Psychological Association’s
Council of Representatives yesterday approved a resolution
that the APA describes
as “prohibit[ing] psychologists from participating in national
security interrogations.”
Anything you do today can become a headline
tomorrow. (And even criminals can read)
Leicestershire
police 'ignore' attempted burglaries at odd-numbered houses
Attempted break-ins at odd-numbered houses were
not fully investigated by one police force as part of an experiment
to save money.
Leicestershire Police said the pilot scheme had
had no adverse effect on public satisfaction or crime rates.
Results of the three-month trial are being
evaluated and could see it rolled out throughout the East Midlands.
… He said: "This pilot suggests that we
may need to reconsider how best to deploy crime scene investigators,
especially if we are currently sending them automatically to scenes
where, despite their professionalism and expertise, there is no
evidence for them to retrieve."
… But Sir Clive Loader said he was not aware
of the trial and "should have been informed" before it was
put in place.
"Had I been consulted, I would have advised
against it, particularly in light of the controls chosen which, to me
at least, are unlikely to inspire much public confidence.
… Eric Tindall of Melton Mowbray Neighbourhood
Watch said: "If you live on one side of the street you're going
to get the 100% support and services from our police force, and on
the other side you're going to get what's left over.
"It does announce to the criminal element,
that they can go down one side of the street not being so cautious as
to what they get up to, but on the other side they are going to be
more cautious."
Competition is good. (This one is designed to
work with MS Office)
Microsoft
challenges Google with its own translator app
Watch out, Google. Microsoft now has its own
translator app available for a variety of devices.
Released Thursday, Microsoft Translator is a new
app designed by the software giant for iOS
and Android
users. The app supports phones and tablets as well as the Apple
Watch and smartwatches that run Android Wear, Google's adaptation of
its mobile software for wearables.
You can type or speak the word or phrase you want
translated. In response, the app shows you the translated text on
the screen and then speaks it for you. You can also and copy and
paste text from and to other apps for translation
No comments:
Post a Comment