Wednesday, September 14, 2016

Hear this, Computer Security students?
   Liability for data breaches that affect customers leads directly to the C-suite.  Executives need to personally know how strong their company’s cyber defenses are, as well as the expected responses for attacks or breaches.  But according to the survey, 40% admitted that they lacked a clear understanding of the cybersecurity protocols within their organizations.  This should be an urgent wake-up call to executives that cybersecurity needs to be taken seriously throughout the organization.

Something for my IT Governance students to debate.  When Cyber War comes, you need to know what your Cyber Weapons can do.  Should you have extra Cyber Defenses on hand, ready to install?   
Someone Is Learning How to Take Down the Internet
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet.  These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down.  We don't know who is doing this, but it feels like a large a large nation state. China and Russia would be my first guesses.
   What can we do about this?  Nothing, really.  We don't know where the attacks come from.  The data I see suggests China, an assessment shared by the people I spoke with.  On the other hand, it's possible to disguise the country of origin for these sorts of attacks.  The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the U.S. decides to make an international incident over this, we won't see any attribution.
But this is happening. And people should know.

(Related) If we assume that politicians are not the only ones looking for backdoors, who might want this information and what could they do with it? 
Joel Connelly reports:
A yawning back-end pathway into the state’s voter registration database, through which private information could have been accessed, has been closed, thanks to the candidate challenging Secretary of State Kim Wyman.
“Anyone with basic programming skills and knowledge about these weaknesses could conceivably (access) this data, look up and harvest private data from millions of Washingtonians,” Tina Podlodowski wrote Wednesday to the state’s chief information security officer (CISO).
The information accessible via the back-end pathway included voters’ personal cell phone numbers, personal email addresses, ballot delivery types, and the coding used to message military and overseas voters.
Read more on Seattle PI.

Why Computer Security is a frustrating field: Even when they get something right, they get it wrong.
U.S. Healthwork has notified HHS and 1400 patients after a laptop with protected health information was stolen from an employee.  Although the laptop was encrypted, the password was stolen with the laptop.

(Related) And some don’t even make the effort.
Clinton email server company warned about security
   Last summer, as the FBI was beginning what would become a yearlong investigation into the private server Clinton used while secretary of State, a Connecticut company in charge of backing up her server sent a warning to Platte River Networks, the Colorado-based firm that had managed her primary machine since 2013.
“[W]e have some concerns relative to data security,” the Connecticut storage firm, Datto, told Platte River Networks in an August 2015, email
Platte has not enabled encryption at the local device.  Given the sensitive, high-profile nature of the data which is alleged in press reports to potentially reside on the Datto device, it may be the target of cyber attack from a multitude of highly sophisticated and capable entities or individuals,” it added.  “We believe such an event could place the unencrypted data itself at risk, as well as expose both Datto and Platte River systems to collateral damage.

Is all wholesale crime by definition organized crime?
State consumer protection officials warn about card skimmers
Consumer protection officials have issued a warning about card skimmers that have shown up at gas pumps across Wisconsin.
Thieves that have attached the skimmers at the pumps are stealing credit or debit card information.  The Department of Agriculture, Trade and Consumer Protection says state investigators found at least 15 skimmers during inspections of gas pumps over the past five weeks.
The devices were found at stations in Edgerton, Janesville, Milton, Random Lake, Camp Douglas, Madison, Lake Delton, Franklin, Brookfield, Appleton and Oshkosh.

Was this deliberate or were they just not thinking at all? 
Hasbro, Mattel and others pay $835,000 settlement for tracking children online
Four media companies agreed to a $835,000 settlement for knowingly tracking children online, which is illegal in the United States.
Viacom, Mattel, Hasbro, and JumpStart Games all settled with New York Attorney General Eric T. Schneiderman today, after an investigation called “Operation Child Tracker”.  Schneiderman, in a statement:
Operation Child Tracker revealed that some of our nation’s biggest companies failed to protect kids’ privacy and shield them from illegal online tracking.

So, buy it.
NSA Chief 'Perplexed' that Twitter Won't Share Key Data
   McCain queried Rogers about a Wall Street Journal report in May that Twitter had blocked intelligence agencies from using Dataminr, which uses algorithms and location tools to reveal patterns among tweets.
The veteran senator said the report indicated that Dataminr had alerted its clients minutes before this year's Brussels attacks and at the time the November Paris attacks began to unfold.
"So we have a situation where we have the ability to detect terror attacks...  Yet in order to for us to anticipate these attacks we have to have certain information, and Twitter is refusing to allow them to have certain information which literally could prevent attacks?" the senator who heads the Armed Services Committee asked.
Rogers replied: "Yes sir, and at the same time (Twitter is) still willing to provide that information to others for business, for sale, for revenue."

Oh no!  Now China will know what our eyes look like!  
Alibaba Pays $100 Million For Eye-Scan Firm Used by U.S. Banks
Alibaba’s payments arm, Ant Financial, has acquired EyeVerify, a maker of optical recognition technology used by Wells Fargo along with dozens of regional banks and credit unions across the country.
Bloomberg reported the purchase price as around $70 million, but a person close to EyeVerify says this is incorrect and that the actual amount was $100 million, and that it was an all-cash transaction.

Seems improbable that no one has regulated bank cybersecurity before… 
New York Proposes Cybersecurity Regulations for Banks
New York Gov. Andrew Cuomo and the state’s top banking regulator proposed regulations Tuesday that would be among the first in the U.S. to require banks to establish cybersecurity programs.
If implemented, the regulations would increase the onus on some of the world’s largest banks to invest in cyber protections that could cost them and insurers millions of dollars, according to experts.  Banks would be required to hire a chief information security officer and implement measures that detect and deter cyber intrusions and protect consumer data.

For my IT Governance students.
McAfee Labs Threats Report: September 2016
Analysis of recent threat topics and trends
Read Report             View Infographic

For my IT Architecture students.  As goes IBM, so goes IT?
IBM cloud chief: The next phase of cloud is a race to add value
   In an interview with Network World Senior Editor Brandon Butler and IDG Chief Content Officer John Gallant, LeBlanc talked about how IBM is tailoring its cloud services to specific vertical industries and what Big Blue is doing to enhance its Platform- and Infrastructure-as-a-Service capabilities.  He also discussed why partnerships with companies ranging from VMware, Box, SAP and Workday are strengthening IBM’s cloud play.

(Related) Because some new hardware is going to be connected to Cloud services by default.  Like this one.
Got a flat surface? Lampix can turn it into a display
Lampix looks like a regular lamp, but using a Raspberry Pi, camera, and projector, it can make most flat surfaces interactive.

For our Criminal Justice students.
Managing a police department is a tough job, and the legitimacy crisis currently facing American policing has made it even tougher.  Today’s police managers — from chiefs and sheriffs to sergeants and watch commanders — risk losing officer morale and productivity in the form of de-policing (withdrawing from their duties), and are beginning to witness recruitment and retention problems.

Even if it’s “not quite a war,” listening to the war fighters makes sense.
Details of Syria Pact Widen Rift Between John Kerry and Pentagon
The agreement that Secretary of State John Kerry announced with Russia to reduce the killing in Syria has widened an increasingly public divide between Mr. Kerry and Defense Secretary Ashton B. Carter, who has deep reservations about the plan for American and Russian forces to jointly target terrorist groups.

No comments: