Friday, August 26, 2016

Very interesting, to me anyway.  If I can short a stock and then drive the price down, I better be able to make my information at least reasonably believable.  If I state that the claims are “absolutely untrue” I better not have any information that they might be.  Interesting area to debate. 
Matt Egan reports:
St. Jude Medical rejected claims made by a famous short seller on Thursday that the company’s pacemakers and other lifesaving devices are vulnerable to cyber attacks.
The allegations, made in a detailed 34-page report by Muddy Waters founder Carson Block, were enough to spook investors on Wall Street. St. Jude’s stock plummeted as much as 8% on Thursday.
St. Jude’s chief technology officer Phil Ebeling called the claims “absolutely untrue.”
Read more from CNN Money on WPTZ.

(Update) It’s even worse than I thought.  Was St. Jude’s lying? 
More on a situation I noted yesterday.  This approach to using/monetizing vulnerability discoveries is downright scary…. but will it work to improve security?  Here’s one of your must-reads for today.
Jordan Robertson and Michael Riley report:
When a team of hackers discovered that St. Jude Medical Inc.’s pacemakers and defibrillators had security vulnerabilities that could put lives at risk, they didn’t warn St. Jude.  Instead, the hackers, who work for cybersecurity startup MedSec, e-mailed Carson Block, who runs the Muddy Waters Capital LLC investment firm, in May.  They had a money-making proposal.
MedSec suggested an unprecedented partnership: The hackers would provide data proving the medical devices were life-threatening, with Block taking a short position against St. Jude.
[…]
MedSec is taking a path that some frustrated security experts believe is the only way to create fundamental change: find a way to impose significant monetary penalties on companies it believes are negligent when it comes to protecting consumers.  But the startup is doing so in ways that violate some of the most basic standards of ethical security research and in an industry where the stakes are especially high.
Read it all on Bloomberg.


Did I miss the memo?  Why would Homeland Security investigate this breach?  Is there some national security angle I’m missing?  Did North Korea do it for some reason?  Is this covered by some secret law? 
Jones website hack reveals stars’ tricky cyber landscape
The hateful hack of comedian Leslie Jones’ personal website reveals the tricky cyber landscape celebrities tread and the murky legal protections that exist for personal digital content.
While Jones’ supporters have been vocal with their outrage and Department of Homeland Security investigators are looking into the breach of Jones’ website that exposed intimate photos and personal documents
   Those who broke into Jones’ site and replaced its usual content with naked photos, a driver’s license and racist video are clearly breaking the law, said attorney Jonathan Steinsapir, but “trolling” a celebrity with sexist or racist posts online is not a crime.
   Most often, though, technology moves faster than the law.
“The availability of media now and how quickly information spreads — I don’t think the law has kept up with that,” said Steinsapir, who specializes in intellectual property and copyright law.
For example, once stolen photos are disseminated online, it’s not only tough to track who’s republishing them, it’s practically impossible to prosecute.
   And all the experts agree: Taking naked photos and storing them digitally is probably a bad idea. 

(Related?) What is they were given the information?  What is they had not been “celebrities?”
Ray W writes:
Aller Media, the owner of Danish gossip magazine Se & Hor, was fined 10 million kroner [approximately $1.5 million] – and the magazine’s former managing editor, Kim Bretov, and former news editor, Lise Bondesen, were each given suspended jail sentences –on Thursday for illegally buying the credit card information of celebrities.
Read more on CPH Post.

(Related) This is how we do it in the US.
I approve!
Michael O’Keeffe and Ginger Adams Otis report:
Giants defensive end Jason Pierre-Paul scored a big win Thursday in his invasion-of-privacy lawsuit against ESPN.
A Florida judge said Pierre-Paul can sue the sports news network and reporter Adam Schefter for posting his private medical records online for millions to see.
Read more on NY Daily News.  The NY Post also covers the ruling.


“We have the technology, therefore we must use it!” 
Joe Cadillic writes:
Police State America has devised a new way to track dissidents or person’s of interest, they’re calling it Pay-By-Plate.  Raytheon’s Pay-By-Plate system will allow police to “Hotlist” motorists across the country.
According to the Boston Globe, officials are working with the Executive Office of Public Safety and Security to draft a list of all situations that warrant “Hotlist” use.
[…]
Feds claim they’re only taking pictures of our license plates
image credit: Boston Globe
If you look closely at the above picture, you can see two surveillance cameras, one that takes a picture of the front of the vehicle, and one that’s aimed at the rear of the vehicle.  Raytheon’s Vigilant Solutions, ‘National Vehicle Location Service‘ cameras can identify drivers and passengers faces in “near real time”, flagging any ‘person of interest’.
Read more on MassPrivateI.


Blockchain explained in 19 minutes.  Another technology that removes intermediaries.
How the blockchain is changing money and business
What is the blockchain?  If you don't know, you should; if you do, chances are you still need some clarification on how it actually works.  Don Tapscott is here to help, demystifying this world-changing, trust-building technology which, he says, represents nothing less than the second generation of the internet and holds the potential to transform money, business, government and society.  


This is the field I’m sending my Ethical Hacking students out to conquer.
Startup Manipulated iPhone to Allow Government Spying, Report Says
Security researchers say a little-known Israeli startup exploited previously unknown bugs in Apple Inc. ’s smartphone software to help foreign governments spy on their citizens.
The researchers say the surveillance software was the work of NSO Group Technologies Ltd., which sells primarily to government agencies.  The researchers, at Citizen Lab, a group that investigates surveillance technology, and at mobile-security firm Lookout Inc., say they discovered the software in a link sent earlier this month to the phone of Ahmed Mansoor, a human-rights activist in the United Arab Emirates.
Their report sheds new light on the capabilities of private security companies to produce sophisticated software for state-sponsored spying.  It also suggests that the iOS operating system behind Apple’s iPhones isn't as impregnable as it appeared earlier this year, when the Federal Bureau of Investigation struggled for weeks and ultimately paid $1 million to unlock a phone tied to the San Bernardino terror attack.


A bit technical, but still an interesting read.
This week, the Office of the Director of National Intelligence declassified a Foreign Intelligence Surveillance Court of Review (FISCR) opinion that has important broad implications for privacy and warrantless surveillance.


For my Data Management and Data Architecture students.
How Data Skills Help Firms Create Social Media That Matters
   In her latest paper, “Data Analytics Skills and the Corporate Value of Social Media,” Wu analyzed a large sample of businesses to determine how they derived value from social media.


Eventually we may be able to automate this entire law enforcement thing.  You “register” your face and fingerprints to unlock your phone, anyone else is a crook!   
Apple's Patent Application Collects iPhone Thieves' Fingerprints and Selfies
The U.S. Patent and Trademark Office on Thursday published a patent application filed by Apple describing a method for the company to capture both a thief’s picture, video, and fingerprints from the Touch ID home button, among other identifying data.


This is rather sad actually.  None of the government entities were willing to put this into their budgets, so we need to force them to borrow money to do it? 
US chief information officer ups push to modernize government tech
The United States chief information officer on Thursday boosted his push for Congress to approve $3 billion in loans to modernize government technology.
Tony Scott emphasized the im