Tuesday, February 09, 2016

When is a hack not a hack? When it would embarrass the hackee.
Hackers Get Employee Records at Justice and Homeland Security Depts.
In the latest cyberattack targeting the federal government, an intruder gained access to information for thousands of employees at the Justice Department and the Department of Homeland Security, but officials said Monday that there was no indication that sensitive information had been stolen.
Most of the information appeared to have been culled from internal government directories, including employees’ email addresses, phone numbers and job titles.
… The new breach does not appear to have resulted from an attack using an outside computer to penetrate the system. Instead, officials said, they believe that the intruder impersonated a government employee and used that information to get into other parts of the system.

Scary yes. New? Not so much. But I'll ad the article to my Computer Security student reading list.
Scott Allan Morrison writes:
…. now, new cross-device technologies are enabling the advertising industry to combine all our information streams into a single comprehensive profile by linking each of us to our desktop, mobile phone, and iPad. Throw in wearable devices like a Fitbit, connected TVs, and the Internet of Things, and the concept of cross-device tracking expands to potentially include anything that gives off a signal.
There are two methods to track people across devices. The more precise technique is deterministic tracking, which links devices to a single user when that person logs into the same site from a desktop computer, phone, and tablet.
Read more on Daily Beast.

(Related) Also for my Computer Security students.
It’s time that you – the vulnerable human – brush up on your social engineering skills with Pluralsight
… I’ve just wrapped up Ethical Hacking: Social Engineering and when reflecting on what I should write here, it was honestly hard to know where to even start. I’ll start somewhere that’s familiar to a lot of people – with this: https://www.youtube.com/watch?v=kjKjyMKj3n4
It’s now four years since I recorded this and it has well over a million views.

All this comes down to “do what you are supposed to do.” Nothing revolutionary.
Report: 100 Ways to Improve Federal Cybersecurity
… The initiative generated 127 recommendations for strengthening federal cyber protections.
In the process of gathering suggestions, a panel ACT-IAC assembled turned up five major factors at work in the federal cyber environment:
  • Not rocket science: While improved technology is crucial, much of what is required for boosting protection is already known but hasn't been fully or properly implemented government-wide.
  • Talk to each other: Cybersecurity experts and federal agency business executives need to improve communications "more directly and diligently" about the connection between cybersecurity and agency missions.
  • Risk and IT connections: It seems logical, but ACT-IAC found that emerging cadres of executive-level risk managers such as chief risk officers and chief data officers need to work with their traditional counterparts in IT, such as agency CIOs.
  • Boosting cyber IQ: Cybersecurity-related training in government is largely deficient. Greater emphasis is needed on competencies, practice sessions and drills, and shared cyber knowledge management.
  • See something, say something: "Enhanced and timely operational information sharing (threats, incidents, solutions and responses) between industry and government" is critical to improving cyber safeguards, ACT-IAC found.
… More generally, contributors to the report noted the potential value to government agencies of the National Institute of Standards and Technology's Framework for Improving Critical Infrastructure Cybersecurity. Issued in 2014, the NIST framework has gotten traction in the private sector as a sound baseline reference for dealing with cyberthreats – and it has relevance to government agencies as well.

(Related) Take your own advice? What a concept!
Danny Yadron reports:
On Tuesday, the White House is expected to announce that it is seeking to hire its first chief information security officer, a role filled at many companies and local governments but one that has long been absent at the federal level, despite complaints for security experts and lawmakers.
Read more on The Guardian.

For the discussion in my Data Management class. It ain't simple.
A simple guide to Facebook’s complicated problem in India
… To participate in Free Basics, these groups have to agree to play by Facebook's rules — what it calls the Free Basics participation guidelines.
… The biggest problem, as the Indian government has said, is that companies who aren't a part of the program could get left behind while others who've hitched their wagon to Facebook get promoted to Indian consumers — for free.
… Some consumer advocates claim Facebook has an even darker agenda: To centralize people's experience of the Web so that, for all intents and purposes, they think Facebook is the Internet.
… Virtually everyone who works on Internet policy is watching this unfold. India is one of the world's biggest potential Internet markets, and its decision marks a turning point in a major struggle for Facebook and other tech companies as they seek to gain more traction in developing countries. It also comes amid an intense debate over the same issue in the United States.

(Related) As goes India, so goes …?
Facebook's India stumble could embolden other regulators
… In Facebook posts after Monday's ruling, founder Mark Zuckerberg said Free Basics was just one part of a larger initiative that includes solar-powered planes, satellites and lasers, and pairing with local entrepreneurs to provide wireless hotspots.
… Facebook could also challenge the ruling in the courts, but a more likely move, said Marc Einstein, Asia-Pacific director at Frost and Sullivan, would be to sit down with the TRAI "to try to come up with a solution that's deemed a little more neutral."

(Related) The French didn't even wait for India. (Perhaps Mark Zuckerberg should have learned French.)
Horia Ungureanu reports:
The French data-protection regulator threatened Facebook with financial sanctions, should the company keep invading the privacy of its own users, as well as others.
The Commission Nationale de l’Informatique et des Libert├ęs (CNIL) published a paper detailing the charges last Monday. The 17-page document points out how Facebook collects and uses information about its users or about others who do even not have a Facebook account.
Read more on TechTimes.

Perhaps tasers should be mandatory?
Study: Suspects shocked by Taser “more likely” to waive Miranda Rights
A new study says the obvious: suspects' brains are briefly scrambled when they are on the receiving end of a Taser stun gun and its 50,000-volt delivery. But the study, "TASER Exposure and Cognitive Impairment: Implications for Valid Miranda Waivers and the Timing of Police Custodial Interrogations," (PDF) questions whether suspects who were just shocked have the mental capacity to validly waive their Miranda rights and submit to police questioning.

I wonder if we could make an App to identify “legal issues” for any technologies? Questions like, “Do you capture images of faces?” would lead to “Right of Publicity” issues, etc. (We really need one for Academia)
Legal Warnings for Small Businesses Using Periscope
… Periscope is a great tool to promote your small business and build your brand. Household brands like Doritos and Red Bull are using Periscope to engage consumers in real time, and so can you. However, as with most things in business, there are some legal considerations that you should think about before you dive into the world of live streaming. Just because everyone is doing it, doesn’t mean you’re not at risk.
Copyright Matters in Live Streaming
Right of Publicity Affects Live Streaming
Trade Secrets and Proprietary Information Should Stay Secret in Live Streaming

Some legal issues are easy to identify.
Ross Todd reports:
A coalition of technology companies is backing Twitter Inc.’s legal push to expand what companies can divulge about government surveillance requests in national security investigations.
In an amici curiae brief filed on Friday, a group that includes the operators of WordPress, Medium, Reddit, and Wikipedia contend that their free speech rights are violated by regulations that permit them to disclose the number of national-security requests they receive, but only in wide bands.
“Reporting national security requests under the rubric approved by the United States government obfuscates rather than illuminates the volume” of requests, wrote Marcia Hofmann of Zeitgeist Law PC on behalf of eight separate organizations.
Read more on The Recorder.

Should laws be written for future possibilities? Does new technology change the underlying basis of a law?
Prominent Authors Join Amicus Brief in Google Book Scanning Case
by Sabrina I. Pacifici on Feb 8, 2016
Via FindLaw via WSJ Law Blog – “Several famous authors filed a brief with the Supreme Court, asking it to hear a lawsuit over Google digital book library. Malcolm Gladwell, Margaret Atwood, Yann Martel, Steven Sondheim and others lent their names to the brief, contending Google is guilty of “massive copyright infringement… One of the writers’ main arguments contends that copyright law and recent court decisions could not have foreseen the growth of the Internet or the mass digitization of millions of documents, written works included. According to the brief, “the technological changes of the past 20 years, especially the mass digitization of works and their easy and fast transmission over the Internet, was never contemplated by either the Congress that enacted the 1976 [Copyright] Act.” The Supreme Court has yet to decide whether it will hear an appeal from the Second Circuit Court’s decision..

So, have a woman write your sales pitch?
Women Raise More Money With Crowdfunding, Research Shows
… Women generally use words that talk about positive emotions -- for example, “excited” and “happy” -- and inclusivity -- such as preferring the pronoun “we” and words such as “together.” That kind of language is associated with crowdfunding campaigns that, all other factors being relatively equal, raise more money, says UC Berkeley Haas School of Business Assistant Professor Andreea Gorbatai.

I might know a few students who could supplement their income this way.
We’re Hiring Now – Available Vacancies
The following positions are available to be filled immediately. If interested, please follow the application instructions below.

Just because this sums things up perfectly.
Cam Newton Never Had A Chance

No comments: