Tuesday, August 25, 2015

This is such a great “example of bad.” It will be interesting to see if they structured their corporation(s) to 'break away” (into bankruptcy) as they get swamped with lawsuits.
Ashley Madison hauled to court in class action suits over data breach
… Suits filed in federal courts in California and Texas by people using John Doe as a pseudonym, claim for damages, alleging that Avid Life Media, the parent company based in Toronto, did not have adequate and reasonable measures to secure the data of users from being compromised, and failed to notify users in time of the breach.
… At least five suits seeking class-action status have been filed in Canada and in U.S. courts in California, Texas and Missouri, according to NBC.
… The Rosen Law Firm, for example, last week announced it had initiated a class action lawsuit investigation regarding a potential debit and credit card breach at Ashley Madison, and was also looking at consumer fraud claims in connection with the website's “Full Delete” service, which purported to eliminate user profiles and traces on its website and database in exchange for a fee.

(Related) You see why I want to collect all this stuff?
Can feds be fired for adultery? The government is combing through thousands of e-mail addresses that turned up in the Ashley Madison leak
Now that the Ashley Madison hack has outed as many as 15,000 federal employees and active duty military, government agencies say they’re combing through the e-mail addresses of possible adulterers to see if their extramarital activity on work time amounts to anything punishable.
The rules of the game for morality in federal offices may be straightforward for pornography (watching it can definitely get you fired) — but the kind of skeleton in the closet that showed up in the trove of 36 million users exposed on the cheating Web site presents officials with a murkier problem, experts say.

(Related) Probably best to do your hacking away from the office systems. (Could AM's hackers have used the same security hole?)
Leaked AshleyMadison Emails Suggest Execs Hacked Competitors
Hacked online cheating service AshleyMadison.com is portraying itself as a victim of malicious cybercriminals, but leaked emails from the company’s CEO suggests that AshleyMadison’s top leadership hacked into a competing dating service in 2012.
… On Nov. 30, 2012, Raja Bhatia, the founding chief technology officer of AshleyMadison.com, sent a message to Biderman notifying his boss of a security hole discovered in nerve.com, an American online magazine dedicated to sexual topics, relationships and culture.
At the time, nerve.com was experimenting with its own adult dating section, and Bhatia said he’d uncovered a way to download and manipulate the nerve.com user database.
“They did a very lousy job building their platform. I got their entire user base,” Bhatia told Biderman via email, including in the message a link to a Github archive with a sample of the database. “Also, I can turn any non paying user into a paying user, vice versa, compose messages between users, check unread stats, etc.”

For my IT Governance students. Makes what you are learning even more valuable! (You're welcome)
Appeals Court Upholds FTC’s Data Security Authority
by Sabrina I. Pacifici on Aug 24, 2015
EPIC – “A federal appeals court ruled that the Federal Trade Commission can enforce data security standards. In FTC v. Wyndham, the agency sued Wyndham hotels after the company exposed financial data of hundreds of thousands of customers. The company argued that the FTC lacked authority to enforce security standards, but the court disagreed. EPIC filed an amicus brief, joined by leading technical experts and legal scholars, defending the FTC’s “critical role in safeguarding consumer privacy and promoting stronger security standards.”

This is not for “every day” backups. This is for that first transfer of data or for a huge bump in your data flow. Think of a small law firm that suddenly has to handle a few petabytes of digital evidence. Then think who you would trust to handle that data.
Google Expands Cloud Storage with Offline Import/Export Service
Backing up data is one of the most important parts of running a company. The problem arises when a business has too much data and too little time to get it all into the cloud.
To help businesses get their data under control, Google is expanding its Cloud Storage service by allowing third party-providers to upload data to the platform on a business's behalf.
First launched in 2013, businesses were previously only allowed to use the feature to back up their hard drives into Google Cloud Storage. Now expanded into a major feature called Offline Media Import/Export, this update now lets businesses physically mail all types of storage devices — such as hard drives, tapes and USB flash drives — to companies that will back up their data for them.

Not everyone can block a specific page on a website. (Their tools lack granularity.)
Moscow lifts ban on Russian Wikipedia
Moscow on Tuesday lifted a ban on the Russian-language version of Wikipedia less than a day after imposing it.
Internet regulator Roskomnadzor said an article about Charas, a form of hashish, ruled illegal by a local court in June, had now been sufficiently edited on Russian Wikipedia to put the online encyclopedia in compliance with the ruling.
The webpage has therefore been excluded from its internet blacklist, it added.
Several Russian internet service providers started blocking access to the Russian-language Wikipedia site after the regulator added it to its registry of forbidden information on Monday.
Internet users in some Russian regions saw a notice from the registry instead of the Wikipedia page when trying to access it.
Wikipedia said the outlawing of some information triggered a blacklisting of the entire service because the website uses the secure protocol HTTPS which prevents the filtering and censoring of its content from the outside. [Some ISPs had no problem blocking only the target page... Bob]

Are we becoming a nation afraid of our own shadows or is this another case of “we gotta do something!”? What is the probability that any of these locations will experience a terrorist-like attack? Are Movie theaters more dangerous than driving to work?
Another reason NOT to go to the movies.
Joe Cadillic writes:
The Regal Entertainment Group – the nation’s largest movie theater chain just added a bag and purse check policy as a so-called security measure in some of its theaters, which undoubtedly will include every theater soon!
Regal Entertainment’s website uses public safety as a reason to ILLEGALLY search everyone’s handbag, backpacks etc.
“Security issues have become a daily part of our lives in America. Regal Entertainment Group wants our customers and staff to feel comfortable and safe when visiting or working in our theatres. To ensure the safety of our guests and employees, backpacks and bags of any kind are subject to inspection prior to admission. We acknowledge that this procedure can cause some inconvenience and that it is not without flaws, but hope these are minor in comparison to increased safety.”
Jim Davis, a public safety expert who served as Homeland Security advisor to Governor John Hickenlooper promises soon EVERYONE will be TSA searched at movie theaters:.
“There is no question in my mind that there are meetings going on as we speak, talking about improving security and associated liability. I think it will take time to happen… By necessity now – from a liability standpoint, movie theaters are going to have to step up.” [Really? Bob]
On July 29th., I reported how AMC and SMG movie theaters are working with DHS to establish TSA checkpoint searches at movie theaters across the country!
Don’t think TSA security searches are coming to a theater near you? Senator Tony Avella is working on legislation to introduce metal detectors at theaters, malls and sports stadiums.
Read more on MassPrivateI

This drives up the “Big Brother Index” (Yeah, I made that up)
Mike Masnick writes:
Over the last few years, we’ve published a ton of stories about the growing police reliance on Stingray cell site simulator devices (also known as IMSI catchers), that mimic a real cell phone tower and help provide the location of a certain mobile phone. As we’ve written, these devices have been super popular with police departments, who often receive them from the federal government with strict non-disclosure agreements, which means law enforcement has been known to lie to courts or simply drop cases where the usage is at risk of coming out in court.
It seems that this story is getting more and more national attention.

For my Computer Security and Ethical Hacking students.
Mandatory Minimum Sentencing: Federal Aggravated Identity Theft
by Sabrina I. Pacifici on Aug 24, 2015
CRS report vai FAS – Mandatory Minimum Sentencing: Federal Aggravated Identity Theft – Charles Doyle, Senior Specialist in American Public Law. August 20, 2015.
“Aggravated identity theft is punishable by a mandatory minimum sentence of imprisonment for two years or by imprisonment for five years if it relates to a terrorism offense. At least thus far, the government has rarely prosecuted the five-year terrorism form of the offense. The two-year offense occurs when an individual knowingly possesses, uses, or transfers the means of identification of another person, without lawful authority to do so, during and in relation to one of more than 60 predicate federal felony offenses (18 U.S.C. 1028A). Section 1028A has the effect of establishing a mandatory minimum sentence for those predicate felony offenses, when they involve identity theft. A sentencing court has the discretion not to “stack” or pancake multiple aggravated identity theft counts and, as with other mandatory minimums, may impose a sentence of less than the mandatory minimum at the request of the prosecution based on the defendant’s substantial assistance. More than half of the judges responding to a United States Sentence Commission survey felt the two-year mandatory minimum penalty was generally appropriate. The Commission’s report on mandatory minimum sentencing statutes is mildly complimentary of the provision.”

Some low hanging fruit for recruiters?
Law Firms’ Grueling Hours Are Turning Defectors into Competitors
In this latest flurry of debate about working long hours, some have intimated that overwork is inevitable in highly competitive industries such as law, finance, and high tech.
But that’s just not true.
We’ve all heard by now that productivity decreases with overwork, while attrition and health care costs increase. What you may not have heard is that businesses who drive people relentlessly create competitors who poach top talent by offering a more humane way to work.
A new study from the Center for WorkLife Law reports on this phenomenon in the legal profession. The report identifies over 50 entrepreneurial businesses that offer lawyers jobs with better work-life balance than large law firms offer. Big Law, meet New Law.

(Related) Making life easier for those poor suffering lawyers.
App adds features to Westlaw and Lexis – makes legal research faster and easier
by Sabrina I. Pacifici on Aug 24, 2015
Bestlaw, a robot for legal research [via Bob Ambrogi]
“Features – When you read a document—like a case, statute, or law review article—Bestlaw adds a toolbar with these features:
  • Copy a perfect Bluebook citation with one click
  • Read documents in a clean, readable view with beautiful typography
  • Prevent getting automatically signed off
  • Collapse and expand statutory sections
  • Automatically generate a clickable table of contents for any document
  • One-click copying for citations, titles, docket numbers, and full text
  • Highlight hard-to-see page numbers
  • Jump between footnotes and the main text without losing your place
  • Instantly look up information about a case on Wikipedia and other sources
  • Share the document by email or on Facebook, Twitter, and Google+…”

Always sad to see less humor in the world. But, you gotta keep your politicians happy.
Twitter kills project that saved politicians' deleted tweets
Twitter is effectively killing off a project in 30 countries that archives the deleted tweets of politicians and diplomats — months after doing the same thing in the United States.
The Open State Foundation, which runs the projects, said Twitter informed it over the weekend that it was revoking access to its Application Programming Interface (API), which allowed programmers to use the tool that automatically archives the deleted tweets of politicians.
… The social media company did the same thing to the U.S.-based Politwoops project run by the Sunlight Foundation back in May. At the time, Twitter said the project violated the company’s developer agreement related to privacy.

Mobile Messaging and Social Media 2015
by Sabrina I. Pacifici on Aug 24, 2015
Pew Report – Mobile Messaging and Social Media 2015 – August 19, 2015: “In today’s world, people — particularly young people — are continually finding and adapting new ways of communicating electronically to fit their needs. Case in point: 2015 marks the first time Pew Research Center has asked specifically about mobile messaging apps as a separate kind of mobile activity apart from cell phone texting. And already, according to a new survey, 36% of smartphone owners report using messaging apps such as WhatsApp, Kik or iMessage, and 17% use apps that automatically delete sent messages such as Snapchat or Wickr. Both of these kinds of apps are particularly popular among young adults. Half (49%) of smartphone owners ages 18 to 29 use messaging apps, while 41% use apps that automatically delete sent messages. These apps are free, and when connected to Wi-Fi, they do not use up SMS (Short Messaging Service) or other data. Furthermore, they offer a more private kind of social interaction than traditional social media platforms such as Facebook or Twitter.”

Tor Increasingly Used by Malicious Actors: IBM
IBM Security’s X-Force Threat Intelligence report for the third quarter of 2015 reveals that the Tor (The Onion Router) anonymity network is increasingly leveraged for malicious purposes.
The Tor network, created with support from the U.S. government, is often used by journalists, activists, and whistleblowers to protect their identities and their communications. However, the anonymity network is also utilized by intelligence operatives, cybercriminals and other malicious actors.
The use of Tor for malicious purposes has increased over the past period with millions of malicious events originating from Tor exit nodes every year. According to IBM, roughly 180,000 malicious events originated from United States exit nodes between January 1 and May 10, 2015. A large number of malicious events were also traced in this period to exit nodes in the Netherlands (150,000), Romania (80,000), France (60,000), Luxembourg (55,000), and Uruguay (53,000). It’s worth noting that the Netherlands and the United States account for the largest number of exit notes.
The complete IBM X-Force Threat Intelligence report for Q3 2015, which also details ransomware-as-a-service and vulnerability disclosures, is available for download in PDF format.

For all my students.
Participant Questions From the Recent “Internet of Things” Webinar
On July 30th, 2015, we held a free, live webinar on “Managing Data in the Age of the Internet of Things.” If you missed the webinar live, the recorded version is available for online viewing or download the presentation (PDF).

For my 3D printing students. Coming soon to a smartphone near you!
MobileFusion: Research project turns regular mobile phone into 3D scanner
A new Microsoft Research project lets people to create high-quality 3D images in real time, using a regular mobile phone, with about the same effort it takes to snap a picture or capture a video.
"What this system effectively allows us to do is to take something similar to a picture, but it's a full 3D object," said Peter Ondruska, a Ph.D. candidate at Oxford University who worked on the project while he was an intern at Microsoft Research.
The researchers say the system, called MobileFusion, is better than other methods for 3D scanning with a mobile device because it doesn't need any extra hardware, or even an Internet connection, to work. That means scientists in remote locations or hikers deep in the woods can capture their surroundings using a regular cell phone without a Wi-Fi connection.
… The scans are high-quality enough to be used for things like 3D printing and augmented reality video games.
… The researchers will present MobileFusion in early October at the International Symposium on Mixed and Augmented Reality.
… Currently, the researchers are working on making sure the system works with all types of mobile devices, including Windows Phone, Android and iPhone devices. Izadi said they hope to eventually make it available to the general public in some form, but there are no firm plans right now.

No comments: