The FAA has been trying to update their systems
for years (decades?) Didn't we have a single airline with exactly
this same (flight plan) problem last week? Coincidence?
D.C., New
York flight delays caused by air traffic glitch, FAA says
A computer problem at a Virginia air traffic
control center led to significant flight delays Saturday at airports
in the Washington and New York City areas, the Federal Aviation
Administration said.
… An unspecified problem emerged in a computer
system that processes flight plans at the Washington Air Route
Traffic Control Center in Leesburg, Virginia, and forced the FAA to
temporarily halt departures for all planes at the D.C.-area's three
major airports, the agency said.
I hope none of my Computer Security students would
make this mistake. They could provide secure computers if they
tried. Expecting these to remain un-hacked is really fantasy.
Paul Peachey reports:
The welcome screen on the prison laptop was simple to navigate. Prison officials clicked on the dog icon, inmates clicked on the cat. Clicking on the dog – and entering the password – allowed access to a section with administrator privileges and access to the internet. The cat was a gateway to little more than a basic word processor.
Unlocking the “dog” was key to the plotters’ attempts to use the computer to smuggle drugs. Using an east European hacker inside the prison, the gang obtained a coded pen drive that was smuggled into the prison by a visitor.
Read more on The
Independent.
And they can do this without a backdoor into
encrypted emails? Amazing! The article does mention methods that
have some potential for maintaining anonymity, but there is no
guarantee.
More on the risks of identification and
re-identification in large databases, from The Economist:
Frequent visitors to the Hustler Club, a gentlemen’s entertainment venue in New York, could not have known that they would become part of a debate about anonymity in the era of “big data”. But when, for sport, a data scientist called Anthony Tockar mined a database of taxi-ride details to see what fell out of it, it became clear that, even though the data concerned included no direct identification of the customer, there were some intriguingly clustered drop-off points at private addresses for journeys that began at the club. Stir voter-registration records into the mix to identify who lives at those addresses (which Mr Tockar did not do) and you might end up creating some rather unhappy marriages.
Read more on The
Economist.
Once upon a time, AT&T was a monopoly – in
other words, “One stop shopping.” So I don't find this shocking.
The National
Security Agency’s ability to spy on vast quantities of Internet
traffic passing through the United States has relied on its
extraordinary, decades-long partnership with a single company: the
telecom giant AT&T.
New tech, new sin? OR New ways to commit the
same old ones?
Periscope
complies to 71 percent of copyright takedown requests
… In a newly
released Transparency Report, its owner Twitter says it has
received 1,391 notices under the Digital Millennium Copyright Act for
illegal streams on Periscope.
Since its launch in late March, the number of
requests has increased dramatically from fewer than 20 in April to
nearly 1,000 in June. Periscope has complied with 71 percent of
requests, affecting 864 accounts and removing 1,029 streams.
… Periscope’s live-streaming abilities has
companies worried that users could illegally watch events without
them paying for it, such as the case with the boxing match between
Floyd Mayweather and Manny Pacquiao in May.
… When it first launched, HBO slammed
Periscope as a possible app that promotes “mass
copyright infringement” because people were using it to stream
the premiere of ‘Game of Thrones.’
Compared to Twitter and Vine, Periscope has the
highest compliance rate, writes
VentureBeat, although that data is measured from January to June.
Vine has received 2,405 notices with a 68 percent compliance rate
and Twitter has garnered 14,694 takedown requests with a 67 percent
compliance rate.
They already have Best Practices? You bet. After
all, 99% of the risks they face are the same as those faced by mobile
devices or laptops or desktops or mini-computers or mainframes. The
trick is getting managers to insist on implementing Best Practices
even on the new stuff.
Libbie Canter writes:
Earlier this week, the Online Trust Alliance released a draft framework of best practices for Internet of Things device manufacturers and developers, such as connected home devices and wearable fitness and health technologies. The OTA is seeking comments on its draft framework by September 14.
The framework acknowledges that not all requirements may be applicable to every product due to technical limitations and firmware issues. However, it generally proposes a number of specific security requirements, including encryption of personally identifiable data at rest and in transit, password protection protocols, and penetration testing.
Read more on Covington & Burling
InsidePrivacy.
I think
we are headed to a “National ID Card” of some type, so it makes
sense to learn what others are doing right or wrong. Look on the
Unique
Identification Authority of India
website if you want more.
India’s national ID system, Aadhaar, has been
promoted as ensuring access to public benefits. But from Day One, it
has also raised significant privacy and data security concerns, as
this blog has tried to point out over the past few years. Today,
Malavika Jayaram, a fellow at the Berkman Center, writes about
Aadhaar:
Privacy is breached at several levels; at the time of data collection (especially when biometrics are involved); at the time of its storage by multiple actors (which federated and decentralised enrollment apparatus facilitates by design); at the time of use (especially when Aadhaar is tagged for banal everyday activities that are low-risk from an identity theft or benefits fraud point of view, risking an allegedly secure system being devalued through ubiquity, and compromised through biometric overuse). All of this is compounded by the lack of a statutory frame for the Unique Identification Authority of India and/or a dedicated privacy law.
When the Attorney General contends, as he did during the ongoing matter before the Supreme Court, and as referenced in Tuesday’s order, that there is no privacy violation if the data is not shared, this fails to acknowledge the very complex network of transactions and uses that the scheme is predicated on. When the Supreme Court misses the opportunity to put the brakes on the continued collection of data, it opens the door for the government relying on the Too Big To Fail, Too Late to Turn Back rhetoric.
Read more on Scroll.in
Russian strategy probably does not include
expanding NATO. Or do they think they can stay below 49%?
Sweden’s
Russia Problem
… Incursions into Swedish territory by the
Russian air force have been problematic as Stockholm discovered its
military wasn’t able to detect the foreign aircraft for hours after
their cross border transgressions. Russian naval patrols have also
been rather active off the coast of Sweden in the Baltic Sea and the
Gulf of Bothnia.
On the diplomatic scene, Russia has been rather
inflammatory in verbiage. In June of this year polling in Sweden
indicated a surge in public support for joining NATO which was
primarily driven by Russian actions. In 2012 public support for
joining NATO stood at 17 percent, but June’s poll put the support
at 34 percent. Keep in mind this is a nation that hasn’t been at
war for 200 years, but a portion of Sweden’s public is sufficiently
concerned enough to jettison a long standing policy of neutrality
because of Moscow’s actions.
(Looks like this is not dying down – too many
people having too much fun?) We put procedures in place because not
everyone understands security. “I don't want to do it that way”
is a recipe for disaster.
Clinton
Defies the Law and Common Sense
… It is a misdemeanor punishable by
imprisonment for not more than a year to keep “documents or
materials containing classified information ... at an unauthorized
location.” Note that it is the information that is protected; the
issue doesn’t turn on whether the document or materials bear a
classified marking. This is the statute under which David
Petraeus—former Army general and Central
Intelligence Agency director—was prosecuted for keeping classified
information at home. Mrs. Clinton’s holding of classified
information on a personal server was a violation of that law. So is
transferring that information on a thumb drive to David Kendall, her
lawyer.
… Mrs. Clinton herself, in a now famous email,
cautioned State Department employees not to conduct official business
on personal email accounts. The current secretary of state, John
Kerry, testified that he assumes that his
emails have been the object of surveillance by hostile foreign
powers.
(Related)
Clinton's
deleted emails scrubbed from server
Hillary Clinton's private server had been stored
in New Jersey since 2013 and has been wiped clean of all records,
including the emails she deleted.
… The Department of Justice took possession of
the server Wednesday from Platte River Networks.
… Up until that time, the server had been in
the basement of Clinton's Chappaqua, New York home.
… It is also now being reported that Clinton's
attorney, David Kendall, turned over three thumb drives, not one, to
the Department of Justice.
… The IG determined the two emails that
contained top-secret information could have only originally come from
intelligence agencies.
(Related)
New details
about classified information in Clinton's emails
… The inspector general for the Intelligence
Community revealed last month that a review of a "limited
sample" of 40 Clinton emails yielded four that "contained
classified information."
But by then the State Department had already
released one of them in full as part of a court-mandated release of
296 Clinton emails, all pertaining to Libya and the 2012 Benghazi
attacks.
I had several Italian friends as a kid. I'm sure
they could communicate quite a lot with just a few gestures – words
are superfluous.
Yahoo’s
Audio-Free Video Messaging App Livetext Is Now Available Worldwide
If you were intrigued by Livetext, the
audio-free video messaging app launched by Yahoo last month, but
don’t live in the U.S. or the
handful of test markets where it was available, then we have news
for you. The
app is now live worldwide, which means anyone with an iOS and
Android device can get hold of it.
No comments:
Post a Comment