Monday, February 15, 2016

A small business concern. Large organizations should question requests like this. Why would a CEO request a spreadsheet like this? More likely, one of his subordinates would create the spreadsheet and explain it to him.
Magnolia Health Corporation in Tulare, California has begun sending out notification letters after someone impersonated their CEO and “using what appeared to be his email address,” obtained personal information for all active employees of the corporation and each of the facilities managed by MHC [Twin Oaks Assisted Living, Inc., Twin Oaks Rehabilitation And Nursing Center, Inc., Porterville Convalescent, Inc., Kaweah Manor, Inc. and Merritt Manor, Inc.].
The notification to employees does not explain whether the criminal acquired control of the CEO’s email account or just faked an address that looked remarkably similar. has sent an inquiry to MHC asking about that.
The breach occurred on February 3, but was not detected until February 10.
The personal information disclosed was in the form of an Excel spreadsheet that contained the following identifying information for each person: Employee Number, Name, Address, City, State, Zip, Sex, Date of Birth, Social Security Number, Hire Date, Seniority Date, Salary/Hourly, Salary/Rate, Department, Job Title, Last Date Paid, and [name of applicable] Facility.
MHC reported the matter to law enforcement, but as of the time of the notification letter dated February 12, they did not know the identity of the individual(s) responsible for the breach.
Affected employees were offered one year of complimentary enrollment in Experian’s ProtectMyID service. Given the nature of this attack, it seems clear that the criminal(s) were intent on getting personal information for misuse, so I’m not sure a one-year enrollment will be satisfactory to employees, but we’ll see, I guess.
According to the metadata for MHC’s submission to the California Attorney General’s Office, 563 California residents were affected by the breach.

How did this not come up in testing? Oh, yeah, we forgot to test with a full Mac system.
Fury after Adobe Creative Cloud deletes files
After customers updated Creative Cloud, it accessed their hard drive and deleted the first folder that appeared in alphabetical order.
Due to file-naming conventions on Mac computers, the bug often deleted hidden system folders or data backup files.
… The problem came to light on Thursday after Backblaze, which makes data backup software, started receiving hundreds of support requests from its customers.
… In a statement, Adobe said: "On the 12 Feb we were notified that some customers had an issue with an update to the Creative Cloud Desktop application.
"We removed the update from distribution and deployed a new one which addresses the issue."

“We're the government. Spending money with no hope of success is what we do best.”
FBI Seeks $38 Million Infusion To Gather Advanced Encryption-Busting Tools
… according to the agency's 2017 budget request, the FBI is seeking another $38.3 million (on top of $31 million already appropriated) to "develop and acquire tools for electronic device analysis, cryptanalytic capability, and forensic tools."
… To further its efforts, the FBI hides behind the guise of battling terrorism, even though it's been proven time and time again that encryption has had little or no effect on major terrorist acts (no encryption was used to orchestrate the Paris attacks in November, for example). Regardless of that, the FBI is going to continue feeding money to the anti-encryption beast

What voters want in a president today, and how their views have changed

No comments: