Thursday, September 01, 2016
Protecting Miss Daisy.
Dating-Website Users Fall Prey to Fake Profiles
… Cyber-swindlers lift photos of real people from the internet, and use the images to create fictitious profiles on dating sites such as Match.com, part of Match Group Inc. and the dominant brand in the U.S.’s $2.5 billion dating-services industry.
Victims lost nearly $120 million to “romance scams” in the first six months of 2016, up 23% from the year-earlier period, according to the FBI’s Internet Crime Complaint Center, which collects data on crimes primarily reported in the U.S. The $203 million in losses from romance scams in 2015 exceeded most other internet crimes tracked by the center.
… Romance scammers often claim to be Americans temporarily working overseas, said Monica Whitty, a professor at the Cyber Security Centre at the University of Warwick in England and a romance-scam expert. After a sometimes extended “grooming” process, the suitor manufactures emergencies and requests “loans,” saying his own funds are temporarily tied up, said Ms. Whitty. Once hooked, victims struggle to cut ties because they become emotionally attached and because they often have “lent” large sums of money and want to get it back. Scammers typically target people middle-aged and up, said U.S. authorities.
Risk Based Security reports:
Risk Based Security and RPS Executive Lines are pleased to announce the release of the latest installment of the Data Breach QuickView Report. The MidYear 2016 Report shows that, while the number of data breaches for the year is down approximately 17% compared to the same time last year, the number of records compromised is off the charts, with over 1.1 billion – yes billion – records exposed in the first six months of 2016. With another 6 months still to go, this year is already the worst year on record for the amount of sensitive information compromised.
Read more on RBS, where you can also request a copy of their report.
[NOTE: “This page (https://www.riskbasedsecurity.com/) is currently offline.” I’ll try again later. Bob]
(Related) With lots of pretty graphs.
From the Information Commissioner’s Office, an interesting report with data for Q1 of 2016/17 by sector and attack type.
· Not surprisingly, the greatest number of breaches were reported by the healthcare sector:
· Analysis of the types of health data security incidents revealed that the most common sources were errors involving paper records, such as mailing or faxing errors, or loss or theft of paperwork:
· Health data security incidents, which had decreased in 2015, appear to be increasing again:
· Apart from healthcare, the general business and local government sectors showed the sharpest increase in reported incidents:
· Cyber-incidents were the fifth most frequent source of a data security incident:
· An analysis of the cyber incidents revealed that human error and exfiltration accounted for approximately half of reported incidents:You can find additional details and analyses on the ICO’s web site.
in action inaction.
Naomi Jagoda reports:
The Internal Revenue Service identified close to 1.1 million taxpayers who were victims of employment-related identity theft from 2011 through 2015, but almost none of the victims were informed, a Treasury Department watchdog found in a report made public this week.
“Employment-related identity theft can cause significant burden to taxpayers, including the incorrect computation of taxes based on income they did not earn,” said J. Russell George, the Treasury inspector general for tax administration, whose office issued the report.
Read more on The Hill.
“Any sufficiently advanced technology is indistinguishable from magic.” Arthur C. Clarke
Paper – Human identification using WiFi signal
Full text only available to subscribers, but the abstract alone will illuminate the extensive power of Wi-Fi sensing technology: “WiFi devices are now pervasive in our environment. Recent research has demonstrated that it is possible to sense the perturbations created by human motion in the WiFi spectrum to identify basic activities, gestures and even keystrokes. In this demo, we address the yet unsolved problem of human identification using WiFi spectrum sensing. We present WiFi-ID, a device-free system that uses off-the-shelf equipment to uniquely identify individuals as they walk through urban spaces that are filled with WiFi transmissions. Our system exploits the fact that each individual has a unique walking style which causes unique disturbances in the WiFi signals. WiFi-ID analyses the Channel State Information and extracts unique features that allow us to identify individuals. We will demonstrate a functioning prototype of our system and use conference attendees as test subjects.”
Andrew Couts reports:
The light surrounding you this very second may be used to expose how much money you make, where you live, when you’re home, and much more.
That’s the big takeaway from a new analysis of ambient light sensors by Lukasz Olejnik, a London-based security and privacy consultant and a researcher at University College London. He warns that the data created by device light sensors may betray user privacy far more than anyone previously imagined.
Read more on the Daily Dot.
[From the article:
Because these values are so specific, a website or a hacker could use this data to identify specific users. More troubling, writes Olejnik, this data could be used to “map the user's home arrangement,” and “discover its size, number or rooms” or more about the user's environment, including the time of day a user is working, how frequently a user moves around the house or leaves altogether, or simply the type of lighting a particular person prefers.
For the Computer Security book shelf.
The NIST Cybersecurity Framework and the FTC
Via Andrea Arias at the FTC: “…The Framework provides organizations with a risk-based compilation of guidelines that can help them identify, implement, and improve cybersecurity practices. The Framework does not introduce new standards or concepts; rather, it leverages and integrates cybersecurity practices that have been developed by organizations like NIST and the International Standardization Organization (ISO). The Framework terms this compilation of practices as the “Core.” This Core is composed of five concurrent and continuous functions—Identify, Protect, Detect, Respond, and Recover—that provide a strategic view of the lifecycle of an organization’s management of cybersecurity risk. Each function is further divided into categories tied to programmatic needs and particular activities. In addition, each category is broken down into subcategories that point to informative references. Those references cite specific sections of standards, guidelines, and practices that illustrate a method to achieve the outcomes associated with each subcategory. The five functions signify the key elements of effective cybersecurity. Identify helps organizations gain an understanding of how to manage cybersecurity risks to systems, assets, data, and capabilities. Protect helps organizations develop the controls and safeguards necessary to protect against or deter cybersecurity threats. Detect are the steps organizations should consider taking to provide proactive and real-time alerts of cybersecurity-related events. Respond helps organizations develop effective incident response activities. And Recover is the development of continuity plans so organizations can maintain resilience—and get back to business—after a breach….”
Perspective. Think this could happen in the US?
Reliance’s Ambani Lays Out Plan for Low-Cost Mobile Data in India
Mukesh Ambani, India’s richest man, on Thursday outlined his plans to shake up the country’s telecommunications industry through his new cellular company, which aims to steal customers from the competition and bring millions of Indians online for the first time by offering data at unprecedented rates.
The chairman of Reliance Industries Ltd. , told its annual general meeting that its wireless phone unit, Reliance Jio Infocomm Ltd., will undercut its competitors by offering data for 50 rupees (75 cents) per gigabyte and monthly plans for as little as 149 rupees ($2.23). The first group of users signing up for the new platform, which launches Monday, will be offered free service until next year, Mr. Ambani said.
… His foray into cellular services began in 2002 with the launch of Reliance Infocomm Ltd., which triggered cutthroat price competition and a shake out. Analysts expect he is trying to do the same with high-speed data connectivity.
At stake is potentially hundreds of millions of customers who—thanks to smartphones that now cost as little as $50—are getting online for the first time. Consultancy McKinsey & Co. reckons roughly one billion people in India are still without internet access. By next year it should overtake the U.S. as the world’s second-biggest smartphone market behind China, according to research firm IDC.
… Bharti Airtel Ltd. , India’s largest cellular company, this week began offering one-gigabyte data packages for $0.76 with a $22 upfront charge.
This is a polite way of saying that our government lied to us about the “agreement” they were so proud they had negotiated.
Exclusive: U.S., others agreed to 'secret' exemptions for Iran after nuclear deal - report
The United States and its negotiating partners agreed "in secret" to allow Iran to evade some restrictions in last year's landmark nuclear agreement in order to meet the deadline for it to start getting relief from economic sanctions, according to a report reviewed by Reuters.
The report is to be published on Thursday by the Washington-based Institute for Science and International Security, said the think tank’s president David Albright, a former U.N. weapons inspector and co-author of the report.
… Among the exemptions were two that allowed Iran to exceed the deal's limits on how much low-enriched uranium (LEU) it can keep in its nuclear facilities, the report said. LEU can be purified into highly enriched, weapons-grade uranium.
… The U.S. administration has said that the world powers that negotiated the accord -- the United States, Russia, China, Britain, France and Germany -- made no secret arrangements.
A “reality show” for my students? We need to move quick!
Jessica Alba Joins Apple’s ‘Planet of the Apps’ Reality Series
… Producers have invited up to 100 aspiring app developers to submit proposals at PlanetOfTheApps.com for a chance to appear in the show, and extended the deadline to Wednesday, Sept. 21.
For history buffs.
LC – Chronicling America through historic newspapers
“Chronicling America is a website providing access to information about historic newspapers and select digitized newspaper pages, and is produced by the National Digital Newspaper Program (NDNP). NDNP, a partnership between the National Endowment for the Humanities (NEH) and the Library of Congress (LC), is a long-term effort to develop an Internet-based, searchable database of U.S. newspapers with descriptive information and select digitization of historic pages. Supported by NEH, this rich digital resource will be developed and permanently maintained at the Library of Congress. An NEH award program will fund the contribution of content from, eventually, all U.S. states and territories. More information on program guidelines, participation, and technical information can be found at http://www.neh.gov/projects/ndnp.html or http://www.loc.gov/ndnp/.
Worth a look!
Most schools will provide you with a sparkling new “.edu” email address, like email@example.com or firstname.lastname@example.org. This email is your gateway to a world of discounted and free programs for which you’d need to shell out some big bucks otherwise. Here’s just some of the stuff you can look forward to.