Tuesday, October 27, 2015

It's bad enough that you get hacked. Now you have to explain how a 15-year-old could out smart the best security you could install. For TalkTalk's sake, let's hope this kid is the one demanding ransom and had nothing to do with the hack.
Teenager in Northern Ireland Is Arrested in TalkTalk Hacking Case
The British police have arrested a 15-year-old boy in Northern Ireland in connection with a recent hacking attack on the telecommunications operator TalkTalk.
The company, which provides fixed-line and broadband services to roughly four million customers in Britain, said last week that it had been the victim of a significant data breach, and that hackers who claimed responsibility for the data breach had demanded ransom.
The teenager was taken into custody Monday afternoon, and the police were searching his residence as part of a criminal investigation, according to a statement from the Metropolitan Police. On Tuesday, the police said the boy had been released on bail.
… Shares of TalkTalk are down 8 percent since the hacking attack was confirmed on Friday.

(Related) Here's a scarier alternative theory.
Did The Cyber Jihadi Holy War Start With TalkTalk And iTunes?
… That attack, we were told, was perpetrated by Russian cyber jihadists. The BBC reported the claims of a “cyber expert” and former police officer Adrian Culley, who found a post on a very secret cyber site called Pastebin, where the jihadis claimed they were the ones who had taken those cyber guns and plundered TalkTalk. Culley warned they were a particularly nasty strain of jihadi – Russian cyber jihadis.
The Daily Mirror, the self-proclaimed genius of the British tabloid playground, somehow managed to locate that Pastebin post too. This was, the paper relayed, the beginnings of a “cyber holy war”, with every single TalkTalk customer embroiled in the opening melee. How else would such a war begin than with a binary air strike on one of the smaller telecoms providers in the UK?

An article for my Computer Security students (and my Ethical Hacking students). Is the FBI saying they can't find the hackers fast enough to stop them from carrying out their threats? Perhaps they are saying, “If your security is so bad that hackers can own your system, they have probably erased the evidence we need to find them?” Or maybe, “Don't bother us with this trivial stuff?”
When I saw the headline, “The FBI recommends that you pay up if hackers infect your computer with ransomware,” my first thought was that someone goofed and omitted a “not” before “pay up.” I was wrong.
Tess Danielson reports:
If a hacker hijacks your computer with malware and holds your data for ransom, it’s probably best to just pay up, at least that’s the latest advice the FBI is giving out concerning ransomware.
Reported last week by Security Ledger, Joseph Bonavolonta, the Assistant Special Agent who oversees the FBI’s CYBER and Counterintelligence Program in Boston, spoke at the 2015 Cyber Security Summit and advised that companies infected with ransomware may want to give in to the criminal’s demands.
“The ransomware is that good,” Bonavolonta explained to an audience of business and technology leaders. “To be honest, we often advise people just to pay the ransom.”
Read more on Business Insider.

As I count them, that's seven out of 45. Well, they've only been working on this since June of 3007, so I guess that's fast for a government agency.
Kieren McCarthy reports:
US watchdog the Federal Trade Commission (FTC) has signed an agreement with seven countries to share cross-border information relating to privacy.
The new “alert” system will let regulators from America, UK, Australia, Canada, Ireland, the Netherlands, New Zealand, and Norway share confidential information about ongoing investigations, and the FTC is very excited about it.
“Today, data is increasingly crossing borders, and our privacy investigations and enforcement must do the same,” said FTC chair Edith Ramirez at the signing on Sunday. “GPEN Alert is an important, practical cooperation tool that will help GPEN [Global Privacy Enforcement Network] authorities protect consumer privacy across the globe.”
The other signatories are notably less excited however. Of the seven other countries, just one – the UK – has even bothered to announce the news. And the GPEN website has yet to update itself to contain information about its own new alert system.
Read more on The Register.

AN interesting debate.
Adam Klasfeld reports that the NYCLU, the NYU Law Chapter of the American Constitution Society, the New York State Association of Criminal Defense Lawyers, and four tech companies – FourSquare, Kickstarter, Meetup and Vimeo – have filed an amicus brief asking the New York Court of Appeals to overturn a ruling that allowed prosecutors to rummage through the accounts of 381 Facebook users.
As Klasfeld reviews the history of the case:
A little more than two years ago, the Manhattan District Attorney’s office presented Facebook with a bulk warrant, part of a large-scale investigation into the fraudulent filing of Social Security disability claims.
Prosecutors wanted to pin down whether a group of retired police officers and firefighters faked mental illness triggered by the Sept. 11, 2001, attacks.
As of a few months ago, the probe led to charges against 62 people, but the bulk warrants named hundreds of Facebook accounts – and gagged the website from informing the targets about the requests.
Read more on Courthouse News.
[From the article:
"This case raises important questions that impact the digital privacy and expressive rights of every New Yorker, including the threshold question of whether companies like Facebook have the right to challenge an order to produce its customers' records on the basis of its customers' privacy rights," the New York Civil Liberties Union wrote in its 38-page amicus brief.
… "Facebook was conscripted to perform a dragnet search and produce massive amounts of data contained in 381 user accounts and prohibited from notifying its users that their personal information had been targeted," the tech companies noted in a separate brief.
… "To act as custodians of their users' private information, such companies must have the choice to either object to unlawful government intrusions or notify users of such intrusions. The First Department's decision, as well as the trial court order it left in place, denies both options. The double bind in which these decisions leave online platforms is unlawful," the brief says.

(Related) Maybe. Or maybe the police just found the information online? But that might raise some “chain of custody” questions...
In response to allegations (noted in this blog post) that police had obtained Nicky Hager’s account information from Westpac without any court order, the following news release by Felix Geiringer on Hager’s behalf was issued today. Via Scoop:
Several people, including news media, have been seeking comment from Nicky Hager and his legal team about the revelation on the weekend that Westpac Bank gave the Police his private banking information (including over 10 months of his banking transactions from all of his accounts).
It is difficult for Mr Hager to comment at this time. The part of his claim that deals with the legality of these Police information requests was deferred during the first hearing and has not yet been argued. However, Mr Hager is keen to clarify the position and answer the public’s questions as much as he is able.
Until this weekend, Mr Hager only knew about the privacy breach by Westpac through court discovery. Documents provided through discovery are not allowed to be used for any other purpose until they are relied on in open Court. Since this part of Mr Hager’s case has not yet been argued, he has not been able to make use of his knowledge of this breach, not even to raise the matter with Westpac or the Privacy Commissioner.
Mr Hager had also requested documents from the Police under the Official Information Act and the Privacy Act. Had he been provided with documents under those Acts he would have been able to use them to take this matter further. However, the Police have not been willing to provide the documents under those Acts. Indeed, the Police have refused even to acknowledge the existence of correspondence with Westpac under those Acts. This is despite Mr Hager expressly asking the Police to list all of the documents they were wholly withholding under those Acts.
Mr Hager has complained to the Privacy Commission and the Office of the Ombudsman about the Police failure to respond fully to his requests for documents. Representatives of both of those organisations have met with Mr Hager’s lawyers and have been liaising with Police over these complaints.
Now that the fact of this breach of privacy has been made public, Mr Hager intends to seek a full and frank disclosure of the extent of the breach from Westpac. He looks forward to receiving Westpac’s response to that request and will be considering his options to take this matter further.
Mr Hager is very concerned by this breach. His case before the High Court includes a claim against the Police under the Bill of Rights Act for seeking and obtaining that information without a production order. He fully intends to explore all options open to him now that he is free to do so.
In the circumstances, neither Mr Hager nor his lawyers are able to give interviews on this topic at this time. However, it is hoped that we will be free to do so in the future.

This really is “pre-crime” without the Minority Report. If policing has been biased in the past (e.g. focusing on specific neighborhoods or ethnic groups) does that form the basis for predicting future activity?
Joe Cadillic writes:
Predictive HotSpot mapping began in 2012, the National Institute of Justice (NIJ) or really DHS, calls it “Mapping and Analysis for Public Safety.” Click here, here & here to see how the NIJ is really DHS.
NH police officer Derek Cataldo saw a 2000 Honda Accord parked at 5:35 p.m. on Merrimack Street, a “predictive hot spot.” Deleire was sitting in the driver’s seat. Cataldo drove by the car and then circled the block to get a better look and determine if Deleire was there for legitimate purposes, officer Cataldo approached the car and began talking with Deleire, who police said was physically shaking.
Everyone should be asking, why are police approaching people for no good reason? But wait, it gets worse…
Read more on MassPrivateI.
[From the article:
Interestingly the NIJ claims not every community has a "HOT SPOT" and they (police) should use OTHER forms of geographic analysis.
What you're not being told is a private metadata collection company (LexisNexis) is giving police their data.
BAIR Analytics invented the money making crime prediction software being used by police, BAIR was recently purchased by LexisNexis.

I can see Congress going wild! Imagine if Siri refused to answer questions about certain politicians! (The ones who don't think Apple is the best thing since sliced bread.) Or only responded to questions about technology with Apple's marketing department propiganda.
Siri is refusing to answer certain questions from people who aren't Apple Music subscribers
Apple Music listeners are starting to end their three-month free trials — and Siri has begun to play hardball.
On Monday, angel investor Tom Conrad pointed out on Twitter that if you ask Siri to tell you the top songs in the US, and you aren’t an Apple Music subscriber, she’ll basically stick her virtual tongue out at you and refuse to respond.
We checked it out and it reads the same for other fallen Apple Music subscribers. “Sorry, Nathan,” Siri told me. “I can’t look up the music charts for you. You don’t seem to be subscribed to Apple Music.”
… When I asked Siri about the top movie rentals in the US, she was much more forthcoming, and tried to get me to rent it on iTunes.
But the “give the customer information and then nudge them to buy” tactic doesn’t seem to be the way Apple wants to go at it in music.
Maybe that is because Apple hasn’t exactly been driving Spotify out of the market. Spotify’s CEO claims his service has seen even greater user growth since the launch of Apple Music.

(Related) Same strategy, different approach?
Facebook wants to be the only thing you look at on your phone

I wonder if there is really a significant economic benefit to drones or if this is seen as marketing?
Exclusive: Wal-Mart seeks to test drones for home delivery, pickup
Wal-Mart Stores Inc applied Monday to U.S. regulators for permission to test drones for home delivery, curbside pickup and checking warehouse inventories, a sign it plans to go head-to-head with Amazon in using drones to fill and deliver online orders.

Lawyer technology. Mostly marketing, but they mention evidence in passing. I guess this won’t be the basis for a new law school course.
New on LLRX – How Can Lawyers Use Social Media to Their Advantage?
by Sabrina I. Pacifici on Oct 26, 2015
Via LLRX.comHow Can Lawyers Use Social Media to Their Advantage? – Lawyers are no strangers to social media, but that doesn’t mean that everyone in the legal arena is familiar with how to use it effectively, proactively and consistently. If you are a lawyer who has not yet launched a social media presence, Mike Wallagher’s article provides actionable ways that document how social media can benefit you and your career.

One stat leaps out.
Google Turning Its Lucrative Web Search Over to AI Machines
… RankBrain uses artificial intelligence to embed vast amounts of written language into mathematical entities -- called vectors -- that the computer can understand. If RankBrain sees a word or phrase it isn’t familiar with, the machine can make a guess as to what words or phrases might have a similar meaning and filter the result accordingly, making it more effective at handling never-before-seen search queries.
Unique Questions
The system helps Mountain View, California-based Google deal with the 15 percent of queries a day it gets which its systems have never seen before, he said. [That seems remarkably high to me. Which is why I am remarking on it. Bob]

Perspective. I'm surprised this hasn't (yet?) been a hot market area.
Kangaroo is an amazing $99 Windows 10 portable PC
InFocus today debuted the Kangaroo, a $99 Windows 10 portable PC that “goes anywhere and works with any screen.” The term “mobile desktop” may seem like an oxymoron, but that really is the best description: Picture your typical desktop PC tower shrunk down to the size of a phablet sans screen; just like any desktop, you’ll still need to connect a mouse, keyboard, and monitor. Kangaroo is available on Newegg now, and will go on sale at the Microsoft Store by mid-November.
The pitch is simple: Kangaroo offers the power of a cheap full-sized computer with the convenience and mobility of a cell phone.

Perspective. Teachers and students too.
Parents and Teens Don’t Understand Each Other’s Internets

Something similar happens in the classroom, Dilbert's theory may explain a lot!

No comments: