Sunday, August 07, 2016

Looking for soldiers that could be recruited into ISIS?
Helsinki Times reports:
The Finnish Defence Forces’ accusations that researchers have leaked the results of psychological tests conducted on hundreds of thousands of conscripts are exceptional, estimates Reijo Aarnio, the Data Protection Ombudsman of Finland.
The scope of the alleged data leak is very unusual, if not outright unprecedented, says Aarnio.  “But you’re talking about an exceptional case when you take into consideration the kind of information [that was allegedly leaked],” he says in an interview with Uusi Suomi.
Read more on Helsinki Times.

Ever more popular, think of all the ways this can injure a firm.
The Hindu reports:
A diagnostic centre in the national Capital was recently targeted by unknown hackers, who through a ransomware gained illegal access to its servers and encrypted the data.
They demanded ransom from the owner in the form of bitcoins to restore the data.
Based on a complaint from the diagnostic centre, the Central Bureau of Investigation has registered a case under Section 384 (punishment for extortion) of the Indian Penal Code and Section 66 (computer related offences) read with Section 43 (damages and compensation for the offence) of the Information Technology Act.
Read more on The Hindu

This is why I have my Computer Security students read and analyze articles on recent breaches.
F5 Networks: It’s time to rethink security architecture
F5 Networks held its annual industry analyst conference this week within its user conference, Agility in Chicago.  One of the main messages F5 tried to get across to its customer base is that it’s time to rethink security.
I agree with that thesis wholeheartedly, and it is consistent with many of the posts I have written in the past year, including one I wrote about defining the new rules of security in a digital world.
F5 had several interesting supporting data points that show businesses are investing their security dollars in the wrong places.  F5’s director of systems engineering, Gary Newe, pointed out that 90 percent of security budget is focused on the network perimeter, although only 25 percent of the attacks are focused on that point in the network.  Juxtapose that with the fact that 72 percent of attacks now are aimed at the user identity and applications—and only 10 percent of security budget is used for that—and it’s easy to see why F5 is telling its customers their security strategy needs to change.
   Today the world is entirely different.  Workers are mobile, applications are in the cloud, and we’re connecting billions of devices to our networks.  Newe gave an example of a typical worker today who could spend his or her day using applications such as, Office 365, Dropbox, Concur and Service Now.  It’s possible for a worker to spend the entire day working on applications that are not behind the company firewall.  This has been the trend for a while, yet businesses spend billions annually on firewalls.  Security teams now need to protect dozens, maybe hundreds or even thousands, of entry points, but the bad guys need to merely find one way in.

How Cybercrime Has Changed (Infographic)

I’ll ask my Computer Security students to design a much more secure system for poor old Chrysler. 
Houston Car Hackers Suspected Of Theft of More than 100 SUVs and Trucks
Houston police have arrested two men for a string of high-tech thefts of trucks and SUVs in the Houston area.  The Houston Chronicle reports that Michael Armando Arce and Jesse Irvin Zelaya were charged on August 4th, and are believed to be responsible for more than 100 auto thefts.  Police said Arce and Zelaya were shuttling the stolen vehicles across the Mexican border.
   The July video shows the thief connecting a laptop to the Jeep before driving away in it.  A Fiat-Chrysler spokesman told ABC News that the thieves used software intended to be used by dealers and locksmiths to reprogram the vehicle’s keyless entry and ignition system.

A new record, but probably not for long.  (Is $1.39 per person adequate?) 
I’ve had a lot of coverage of Advocate Health’s breaches over the past years that you can access here.  Here’s is HHS’s announcement of the settlement of their charges:
Advocate Health Care Network (Advocate) has agreed to a settlement with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), for multiple potential violations of the Health Insurance Portability and Accountability Act (HIPAA) involving electronic protected health information (ePHI).  Advocate has agreed to pay a settlement amount of $5.55 million and adopt a corrective action plan.  This significant settlement, the largest to-date against a single entity, is a result of the extent and duration of the alleged noncompliance (dating back to the inception of the Security Rule in some instances), the involvement of the State Attorney General in a corresponding investigation, and the large number of individuals whose information was affected by Advocate, one of the largest health systems in the country.
   OCR began its investigation in 2013, when Advocate submitted three breach notification reports pertaining to separate and distinct incidents involving its subsidiary, Advocate Medical Group (“AMG”).  The combined breaches affected the ePHI of approximately 4 million individuals.

Pay for privacy!  What a great business model.
Dan Seitz reports:
There’s no privacy on the internet.  Facebook will only begrudgingly let you talk privately with your friends, the government wants to look at your browsing history without a warrant, and Comcast looks at every piece of data you transmit over the internet to learn more about you.  But the cable company will stop, if you pay them for the privilege.
Comcast is trying to make this change because the FCC is considering new rules that would force internet service providers to disclose all the information they collect and sell.  Comcast wants to be able to charge users who’d rather not be spied on by a large company not well-known for its people skills, which they argue is a perfectly acceptable business practice.
Read more on Uproxx

No more drinking beer in private!
Ron Brown reports:
Alabama wants to know who’s buying beer from it’s craft breweries and taking it home to drink…but industry groups say it’s an invasion of privacy.
The Alabama Alcoholic Beverage Control Board wants to require brewers to collect the name, address, age and phone number from anyone who purchases beer at a brewery.
Read more on Rivet.
[From the article:
The Control Board hasn't publicly explained WHY it wants to collect detailed information...the new rule will be considered in September.

Taking another shot a “harm?”
Natalie Garcia and Charles W. Mondora write:
Two class actions currently pending in the United States Court of Appeals for the Third Circuit, In re Horizon Healthcare Services Inc. Data Breach Litigation (D. N.J. Mar. 31, 2015), appeal docketed, No. 15-2309, and Storm v. Paytime, 90 F.Supp. 3d 359 (M.D. Pa. 2015), appeal docketed, No. 15-3690, are being monitored closely by cybersecurity attorneys and their corporate clients.  In both of these data-breach cases, the plaintiffs are appealing the district court’s dismissal of their respective complaints because the district courts found that the plaintiffs lack Article III standing and suffered no injury-in-fact, relying heavily upon Reilly v. Ceridian Corp., 664 F.3d 38 (3d Cir. 2011), the controlling Third Circuit precedent.
Read more on New Jersey Law Journal.

Are we so na├»ve that we are fooled into thinking that Peyton Manning eats nothing but Papa John’s pizza?
FTC to Crack Down on Paid Celebrity Posts That Aren’t Clear Ads
   This uptick in celebrities peddling brand messages on their personal accounts, light on explicit disclosure, has not gone unnoticed by the U.S. government.
   This means more cases like the one against Warner Bros. Home Entertainment Inc., which last month settled with the FTC over charges that it deceived customers by paying internet influencers such as PewDiePie – who has about 50 million followers on YouTube -- to promote the video game Middle-Earth: Shadow of Mordor with positive reviews, without disclosing that they were paid and told how to promote it.  In March, the FTC issued a complaint against Lord & Taylor for paying fashion influencers to create posts about one of its dresses on Instagram, without disclosing that the retailer paid them and gave them the dresses for free.  Any compensation, including free products, should be disclosed, the FTC says. [Just so you know, I’d be happy to endorse free beer.  Bob] 

PrepFactory - Free SAT & ACT Prep Activities
As autumn approaches many high school students in the United States will turn their attention to college applications and the SAT or ACT exams.  Some students' parents will spend lots of money on test prep materials and or tutors.  But students don't have to spend money to access excellent SAT and ACT preparation materials.
PrepFactory is a free service that offers excellent SAT and ACT preparation activities.  The site offers free guides to SAT and ACT strategy along with a plenty of review activities to help students sharpen their skills and knowledge before taking the ACT or SAT.  
   One of the better ways to prepare for a test is to review small chunks frequently.  PrepFactory provides students with a good review system that breaks SAT and ACT review into bite-sized modules for each of the topics on the tests; each module contains a 3-5 minute video, notes on the video, and a five question video review quiz.

No comments: