Wednesday, October 21, 2015

How should I classify this article? It's not really computer security nor is it a privacy violation. Should we call it 'being a corporate good citizen?' I would not have seen the need to scan for child porn, but maybe I need to change my thinking. This article makes it sound much more common than I would have believed. Is there a threshold level (some statistical level of occurrence) such that if I have no indication a crime is being committed I should still look for evidence of that crime?
First Firms Blocked Porn. Now They Scan for Child Sex Images
The first alarm came within a week. It meant an Ericsson AB employee had used a company computer to view images categorized by law enforcement as child sexual abuse.
“It was faster than we would have wanted,” says Nina Macpherson, Ericsson’s chief legal officer.
In a bid to ensure none of its 114,000 staff worldwide were using company equipment to view illegal content, in 2011 the Swedish mobile networks pioneer installed scanning software from Netclean Technologies AB. While many companies since then have adopted similar measures, few have been willing to discuss their experience publicly.
… Since installing the system, Ericsson says it has been dealing with around one alarm each month – each one flagging an act that could lead to prosecution.
… The alerts – invisible to the person who triggers them – are sent via e-mail and text message to Ericsson’s group security adviser, Patrik HÃ¥kansson, a former detective chief inspector from Sweden’s National Police IT Crime Squad. He’s confident that the digital fingerprint system means the software only raises the alarm when it detects images already on an international child abuse blacklist.
“There are no false positives; the technology won’t show up any pictures of children on the beach,” says HÃ¥kansson.
His job is to confirm that the illegal pictures have indeed been handled on company equipment, and by whom. In the U.S. the FBI must be called immediately. In other markets Ericsson can carry out some internal investigations before involving law enforcement.
… Ericsson employees sign a form consenting to being observed. Does that equate to spying on staff? As long as companies are upfront and explain to employees they are being monitored, there “can’t be any expectation of privacy,’’ says Stuart Neilson, a London-based employment lawyer.
That’s important, because there are also risks for any company that knows its equipment is being used illegally and doesn’t act. “If the organization has evidence that an employee has been accessing these sites but has done nothing with that evidence, then the employer might be liable,’’ Neilson says.

For my Computer Security students. If you block sites like Reddit, then you need to watch for people using these “work arounds.” (What we really need is a system to reduce an employees work hours by the time they spend on non-work tasks.)
How to Browse Reddit at Work Without Getting Caught
Reddit is addictive — so much so that many people can’t even go 24 hours without it. That kind of addiction is bad news when you work in an office environment. It’s just too tempting and too easy to Reddit while you work.
So if you want to make it less obvious that you’re wasting so much of your employer’s time, you should think about using MSOutlookit:
This site replicates the content of Reddit but wraps it up in the aesthetics of Outlook 2007. Each email displays the username, title, and score of each post. You can switch subreddits by changing the email category, but the selection is a bit limited.

For my Chrome using students.
Meet eFast: This Malware REPLACES Your Browser With Adware
Malware that targets the browser is nothing new. But malware that replaces an already existing browser with one designed to track online movements, hijack search traffic, and fill each page with unwanted adverts? Yeah, that’s pretty interesting.
The eFast Browser was discovered by the MalwareBytes team a few days ago, and it does all of the above, and more.
Perhaps the worst thing about eFast Browser is that unless you’re especially observant, you might not even notice it’s there, as it takes great pains to camouflage itself.
For starters, it looks and feels like the bona-fide Chrome browser, as it’s built on the Chromium Browser.

These take time and then the company doesn't want to see reminders of its breach back in the news so I don't always catch these settlements. As usual, they make a good case for attending law school.
Sony's Settlement With Employees Over Hacked Data Worth More Than $5.5 Million
Sony Pictures will be paying somewhere in the neighborhood of $5.5 million to $8 million to resolve a class action lawsuit over a large hack attack last winter that left the personal information of employees and ex-employees vulnerable. The details of the settlement were revealed in court papers on Monday night.
… The proposed deal contemplates a $2 million cash fund to reimburse class members up to $1,000 each for preventive measures taken to protect against identity theft. Meanwhile, the class action lawyers who represented the plaintiffs would be getting almost $3.5 million.

Might be useful. Download a copy and see.
The California County Superintendents Educational Services Association has produced a data privacy guide for districts containing a range of best practices, sample vendor contracts, and steps to take when a data breach occurs.

This may just be Fox being Fox. On the other hand, it may be another indication that the government is about to dump on Hillary. How much has she irritated people? Stay tuned.
FBN Exclusive: DOJ Officials Fear Foreign Telecoms Hacked Clinton Emails, Server
Officials close to the matter at the Department of Justice are concerned the emails Hillary Clinton sent from her personal devices while overseas on business as U.S. Secretary of State were breached by foreign telecoms in the countries she visited—a list which includes China.
… The Justice Department officials also used the words “reckless", “stunning,” and “unbelievable” in discussing the controversy swirling around Clinton’s use of a private, nongovernment email account, as well as her use of a personal Blackberry, an Apple iPad, and home server while U.S. Secretary of State. The officials did not indicate they have any knowledge of a breach at this point.
As for the effort to designate Clinton’s emails as classified or unclassified, the Justice Department officials agreed that, as one put it: “Every email she sent is classified because she herself is classified, because she is both Secretary of State and a former first lady.”
… FOX News recently reported that an intelligence source familiar with the FBI’s probe into Clinton’s server said that the FBI is now focused on whether there were violations of the federal Espionage Act pertaining to "gross negligence" in the safeguarding of national defense information. Sets of emails released show that Clinton and top aides continuously sent information about foreign governments and sensitive conversations with world leaders, among other things, FOX News reported.

If you really want to protect your communication, don't rely on someone else to encrypt your data. Do it yourself (it's fast and free) then if these bozos decrypt their “unbreakable” encryption for law enforcement or for their own amusement, they will find apparent gibberish. Let them ask you for the encryption key like good little boys and girls.
Apple Tells Judge It Can’t Unlock New iPhones
Apple Inc. told a federal judge that it “would be impossible” to access user data on a locked iPhone running one of the newer operating systems, but that it could likely help the government unlock an older phone.
In a brief filed late Monday, the company said “in most cases now and in the future” it will be unable to assist the government in unlocking a password-protected iPhone. The brief was filed at the invitation of U.S. Magistrate Judge James Orenstein, who is considering a request from the Justice Department that he order Apple to help government investigators access a seized iPhone.
Judge Orenstein, in an earlier ruling in the case, was doubtful that he had the authority to force Apple to help the government. The Justice Department has said in this case and others that federal judges have such power under the All Writs Act, an 18th-century law.

Think about cats out of bags. I may not tell you everything I know, but I have no problem discussing any published facts. Speculation is just that and I can come up with more scenarios than you can possibly imagine. It's one of the things I was trained to do.
Four weeks ago, Bart Gellman of the Century Foundation delivered a keynote address at Purdue University’s “Dawn or Doom?” colloquium. His topic was “The NSA, Edward Snowden, and National Security Journalism.” As part of his lecture, Gellman displayed slides of a handful of the documents that Snowden leaked (some of which Gellman published in the Washington Post), which describe certain NSA mass data collection programs, including Upstream and PRISM. Purdue live-streamed the lecture, and told Gellman it would be posted online shortly.
But Purdue has not posted the Gellman lecture video. Nor, in all probability, will the video ever be posted ... because it no longer exists: Purdue apparently “wiped” all copies of the lecture video from university servers because it contained screen shots of the Snowden documents. On October 8, the organizer of the conference, Dr. Gerry McCartney, from Purdue’s Chief Information Office, posted this statement on behalf of the university, offering an alarming excuse for Purdue’s actions:
Purdue has been recognized as a national leader in its commitment to freedom of expression and free and open inquiry and debate. We reject entirely the notion that complying with clear federal law is in any way an abridgment of those principles. We have already acknowledged that perhaps a better way to comply would have been to block only the classified information in question. And if we can correct that situation, we will. But a speaker’s decision to exercise civil disobedience does not obligate Purdue to join him in that act.

I like anything that helps me understand the law – God© knows I need all the help I can get.

Perspective. It occurred to me recently that I am no longer subjected to the dreaded, “Let me show you the slides of our vacation!” Now the send me an email with pictures attached, which I can ignore at my leisure.
Google Photos hits 100 million monthly users after five months
Google Photos is less than half a year old, but it's already hit a major milestone with more than 100 million monthly active users, the company announced today. The unlimited photo service comes with apps available on iOS, Android, and on the web, and it was spun off from the company's Google+ social network in May, to much rejoicing. Google Photos was hailed at launch for its simplicity and for combining many of the disparate features of competitors like Dropbox's Carousel, Apple's iCloud, and Yahoo's Flickr into a single service.
To hit 100 million users in just five months is no easy feat. It took both Pinterest and Twitter about five years to hit that benchmark. Even Instagram's explosive popularity back in 2010 meant it still took the startup around two and a half years to reach the 100 million mark.

Useful for my students or their children? Either way, thanks Facebook! I need to explre this more, but it really does look useful.
Announcing the Launch of TechPrep
… At Facebook, we’re working on a number of initiatives to widen the pipeline and build an inclusive culture. After looking closely at the data, we realized that one challenge is a lack of exposure to computer science and careers in technology, as well as a lack of resources for parents, guardians, and others who want to learn more. In the US, this lack of access is prevalent in a number of underrepresented groups including Black and Hispanic communities.
Today, we’re excited to introduce TechPrep, a resource hub where underrepresented people and their parents and guardians can learn more about computer science and programming and find resources to get them started. TechPrep brings together hundreds of resources, curated based on who you are and what you need, such as age range, skill level and what kind of resource you are looking for. The website is designed for both English and Spanish speakers.

For any of my students who care.
100+ Animated Philosophy Lessons
Wireless Philosophy AKA Wi-Phi is a project produced by philosophy students and professors from Duke, Yale, Northern Illinois University, MIT, and Duquesne University. The purpose of the project is to philosophy through animated videos. There are currently more than 100 videos available in the Wireless Philosophy YouTube channel. The videos are organized into twelve playlists covering topics like critical thinking and biases, political philosophy, religion, Descartes, and linguistics.

This could be my students discussing homework.

No comments: