When is a hack not a hack? When it would
embarrass the hackee.
Hackers Get
Employee Records at Justice and Homeland Security Depts.
In the latest
cyberattack targeting the federal government, an intruder gained
access to information for thousands of employees at the Justice
Department and the Department
of Homeland Security, but officials said Monday that there was no
indication that sensitive information had been stolen.
Most of the information appeared to have been
culled from internal government directories, including employees’
email addresses, phone numbers and job titles.
… The new breach does not appear to have
resulted from an attack using an outside computer to penetrate the
system. Instead, officials said, they believe that the intruder
impersonated a government employee and used that information to get
into other parts of the system.
Scary yes. New? Not so much. But I'll ad the
article to my Computer Security student reading list.
Scott Allan Morrison writes:
…. now, new cross-device technologies are enabling the advertising industry to combine all our information streams into a single comprehensive profile by linking each of us to our desktop, mobile phone, and iPad. Throw in wearable devices like a Fitbit, connected TVs, and the Internet of Things, and the concept of cross-device tracking expands to potentially include anything that gives off a signal.
[…]
There are two methods to track people across devices. The more precise technique is deterministic tracking, which links devices to a single user when that person logs into the same site from a desktop computer, phone, and tablet.
Read more on Daily
Beast.
(Related) Also for my Computer Security students.
It’s time
that you – the vulnerable human – brush up on your social
engineering skills with Pluralsight
… I’ve just wrapped up Ethical
Hacking: Social Engineering and when reflecting on what I should
write here, it was honestly hard to know where to even start. I’ll
start somewhere that’s familiar to a lot of people – with this:
https://www.youtube.com/watch?v=kjKjyMKj3n4
It’s now four years since I recorded this and it
has well over a million views.
All this comes down to “do what you are supposed
to do.” Nothing revolutionary.
Report: 100
Ways to Improve Federal Cybersecurity
… The initiative generated 127 recommendations
for strengthening federal cyber protections.
In the process of gathering suggestions, a panel
ACT-IAC assembled turned up five major factors at work in the federal
cyber environment:
-
Not rocket science: While improved technology is crucial, much of what is required for boosting protection is already known but hasn't been fully or properly implemented government-wide.
-
Talk to each other: Cybersecurity experts and federal agency business executives need to improve communications "more directly and diligently" about the connection between cybersecurity and agency missions.
-
Risk and IT connections: It seems logical, but ACT-IAC found that emerging cadres of executive-level risk managers such as chief risk officers and chief data officers need to work with their traditional counterparts in IT, such as agency CIOs.
-
Boosting cyber IQ: Cybersecurity-related training in government is largely deficient. Greater emphasis is needed on competencies, practice sessions and drills, and shared cyber knowledge management.
-
See something, say something: "Enhanced and timely operational information sharing (threats, incidents, solutions and responses) between industry and government" is critical to improving cyber safeguards, ACT-IAC found.
… More generally, contributors to the report
noted the potential value to government agencies of the National
Institute of Standards and Technology's Framework for Improving
Critical Infrastructure Cybersecurity. Issued in 2014, the NIST
framework has gotten traction in the private sector as a sound
baseline reference for dealing with cyberthreats – and it has
relevance to government agencies as well.
(Related) Take your own advice? What a concept!
Danny Yadron reports:
On Tuesday, the White House is expected to announce that it is seeking to hire its first chief information security officer, a role filled at many companies and local governments but one that has long been absent at the federal level, despite complaints for security experts and lawmakers.
Read more on The
Guardian.
For the discussion in my Data Management class.
It ain't simple.
A simple
guide to Facebook’s complicated problem in India
… To participate in Free Basics, these groups
have to agree to play by Facebook's rules — what it calls the Free
Basics participation
guidelines.
… The biggest problem, as the Indian
government has said, is that companies who aren't a part of the
program could get left behind while others who've hitched their wagon
to Facebook get promoted to Indian consumers — for free.
… Some consumer advocates claim Facebook has
an even darker agenda: To centralize people's experience of the Web
so that, for all intents and purposes, they think Facebook
is the Internet.
… Virtually everyone who works on Internet
policy is watching this unfold. India is one of the world's biggest
potential Internet markets, and its decision marks a turning point in
a major struggle for Facebook and other tech companies as they seek
to gain more traction in developing countries. It also comes amid an
intense debate over the same issue in the United States.
(Related) As goes India, so goes …?
Facebook's
India stumble could embolden other regulators
… In Facebook posts
after Monday's ruling, founder Mark Zuckerberg said Free Basics was
just one part of a larger initiative that includes solar-powered
planes, satellites and lasers, and pairing with local entrepreneurs
to provide wireless hotspots.
… Facebook could
also challenge the ruling in the courts, but a more likely move, said
Marc Einstein, Asia-Pacific director at Frost and Sullivan, would be
to sit down with the TRAI "to try to come up with a solution
that's deemed a little more neutral."
(Related) The French didn't even wait for India.
(Perhaps Mark Zuckerberg should have learned French.)
Horia Ungureanu reports:
The French data-protection regulator threatened Facebook with financial sanctions, should the company keep invading the privacy of its own users, as well as others.
The Commission Nationale de l’Informatique et des Libertés (CNIL) published a paper detailing the charges last Monday. The 17-page document points out how Facebook collects and uses information about its users or about others who do even not have a Facebook account.
Read more on TechTimes.
Perhaps tasers should be mandatory?
Study:
Suspects shocked by Taser “more likely” to waive Miranda Rights
A new study says the obvious: suspects' brains are
briefly scrambled when they are on the receiving end of a Taser stun
gun and its 50,000-volt delivery. But the study, "TASER
Exposure and Cognitive Impairment: Implications for Valid Miranda
Waivers and the Timing of Police Custodial Interrogations,"
(PDF) questions whether suspects who were just shocked have the
mental capacity to validly waive their Miranda
rights and submit to police questioning.
I wonder if we could make an App to identify
“legal issues” for any technologies? Questions like, “Do you
capture images of faces?” would lead to “Right of Publicity”
issues, etc. (We really need one for Academia)
Legal
Warnings for Small Businesses Using Periscope
… Periscope is a great tool to promote
your small business and build your brand. Household brands like
Doritos
and Red
Bull are using Periscope to engage consumers in real time, and so
can you. However, as with most things in business, there are some
legal considerations that you should think about before you dive into
the world of live streaming. Just because everyone is doing it,
doesn’t mean you’re not at risk.
Copyright Matters in Live Streaming
Right of Publicity Affects Live Streaming
Trade Secrets and Proprietary Information Should Stay Secret in Live
Streaming
Some legal issues are easy to identify.
Ross Todd reports:
A coalition of technology companies is backing Twitter Inc.’s legal push to expand what companies can divulge about government surveillance requests in national security investigations.
In an amici curiae brief filed on Friday, a group that includes the operators of WordPress, Medium, Reddit, and Wikipedia contend that their free speech rights are violated by regulations that permit them to disclose the number of national-security requests they receive, but only in wide bands.
“Reporting national security requests under the rubric approved by the United States government obfuscates rather than illuminates the volume” of requests, wrote Marcia Hofmann of Zeitgeist Law PC on behalf of eight separate organizations.
Read more on The
Recorder.
Should laws be written for future possibilities?
Does new technology change the underlying basis of a law?
Prominent
Authors Join Amicus Brief in Google Book Scanning Case
by Sabrina
I. Pacifici on Feb 8, 2016
Via FindLaw
via WSJ
Law Blog – “Several famous authors filed
a brief with the Supreme Court, asking it to hear a lawsuit over
Google digital book library. Malcolm Gladwell, Margaret Atwood, Yann
Martel, Steven Sondheim and others lent their names to the brief,
contending Google is guilty of “massive copyright infringement…
One of the writers’ main arguments contends that copyright law and
recent court decisions could not have foreseen the growth of the
Internet or the mass digitization of millions of documents, written
works included. According to the brief, “the technological changes
of the past 20 years, especially the mass digitization of works and
their easy and fast transmission over the Internet, was never
contemplated by either the Congress that enacted the 1976 [Copyright]
Act.” The Supreme Court has yet to decide whether it will hear an
appeal from the Second Circuit Court’s decision..
So, have a woman write your sales pitch?
Women Raise
More Money With Crowdfunding, Research Shows
… Women generally use words that talk about
positive emotions -- for example, “excited” and “happy” --
and inclusivity -- such as preferring the pronoun “we” and words
such as “together.” That kind of language is associated with
crowdfunding campaigns that, all other factors being relatively
equal, raise more money, says
UC Berkeley Haas School of Business Assistant Professor Andreea
Gorbatai.
I might know a few students who could supplement
their income this way.
We’re
Hiring Now – Available Vacancies
The following positions are available to be filled
immediately. If interested, please follow the application
instructions below.
Just because this sums things up perfectly.
Cam Newton
Never Had A Chance
No comments:
Post a Comment