Dating-Website Users Fall Prey to Fake Profiles
… Cyber-swindlers
lift photos of real people from the internet, and use the images to create
fictitious profiles on dating sites such as Match.com, part of Match Group
Inc. and the dominant brand in
the U.S.’s $2.5 billion dating-services industry.
Victims lost nearly $120 million to “romance scams” in the
first six months of 2016, up 23% from the year-earlier period, according to the
FBI’s Internet Crime Complaint Center, which collects data on crimes primarily
reported in the U.S. The $203 million in
losses from romance scams in 2015 exceeded most other internet crimes tracked
by the center.
… Romance scammers
often claim to be Americans temporarily working overseas, said Monica Whitty, a
professor at the Cyber Security Centre at the University of Warwick in England
and a romance-scam expert. After a
sometimes extended “grooming” process, the suitor manufactures emergencies and
requests “loans,” saying his own funds are temporarily tied up, said Ms.
Whitty. Once hooked, victims struggle to
cut ties because they become emotionally attached and because they often have
“lent” large sums of money and want to get it back. Scammers typically target people middle-aged
and up, said U.S. authorities.
Perspective.
Risk Based Security reports:
Risk Based Security and RPS
Executive Lines are pleased to announce the release of the latest installment
of the Data Breach QuickView Report. The
MidYear 2016 Report shows that, while the number of data breaches for the year
is down approximately 17% compared to the same time last year, the number of
records compromised is off the charts, with over 1.1 billion – yes
billion – records exposed in the first six months of 2016. With
another 6 months still to go, this year is already the worst year on record for
the amount of sensitive information compromised.
Read more on RBS,
where you can also request a copy of their report.
[NOTE: “This page (https://www.riskbasedsecurity.com/) is currently
offline.” I’ll try again later. Bob]
(Related) With lots of pretty graphs.
From the Information Commissioner’s Office, an interesting
report with data for Q1 of 2016/17 by sector and attack type.
·
Not surprisingly, the greatest number of
breaches were reported by the healthcare sector:
·
Analysis of the types of health data
security incidents revealed that the most common sources were errors involving
paper records, such as mailing or faxing errors, or loss or theft of paperwork:
·
Health data security incidents, which had
decreased in 2015, appear to be increasing again:
·
Apart from healthcare, the general business and
local government sectors showed the sharpest increase in reported incidents:
·
Cyber-incidents were the fifth most frequent
source of a data security incident:
·
An analysis of the cyber incidents revealed that
human error and exfiltration accounted for approximately half of reported
incidents:
You can find additional details and analyses on the ICO’s
web site.
My government in action inaction.
Naomi Jagoda reports:
The Internal Revenue Service
identified close to 1.1 million taxpayers who were victims of
employment-related identity theft from 2011 through 2015, but almost none of the
victims were informed, a Treasury Department watchdog found in a report made
public this week.
“Employment-related identity
theft can cause significant burden to taxpayers, including the incorrect
computation of taxes based on income they did not earn,” said J. Russell
George, the Treasury inspector general for tax administration, whose office
issued the report.
Read more on The
Hill.
“Any sufficiently advanced technology is indistinguishable
from magic.” Arthur C. Clarke
Paper – Human identification using WiFi signal
by Sabrina
I. Pacifici on Aug 31, 2016
Full text only available to subscribers, but the abstract
alone will illuminate the extensive power of Wi-Fi sensing technology: “WiFi
devices are now pervasive in our environment. Recent research has demonstrated that it is
possible to sense the perturbations created by human motion in the WiFi
spectrum to identify basic activities, gestures and even keystrokes. In this demo, we address the yet unsolved
problem of human identification using WiFi spectrum sensing. We present WiFi-ID, a device-free system that
uses off-the-shelf equipment to uniquely identify individuals as they walk
through urban spaces that are filled with WiFi transmissions. Our system exploits the fact that each
individual has a unique walking style which causes unique disturbances in the
WiFi signals. WiFi-ID analyses the Channel State Information and extracts
unique features that allow us to identify individuals. We will demonstrate a functioning prototype of
our system and use conference attendees as test subjects.”
(Ditto)
Andrew Couts reports:
The light surrounding you this
very second may be used to expose how much money you make, where you live, when
you’re home, and much more.
That’s the big takeaway from
a new
analysis of ambient light sensors by Lukasz Olejnik, a London-based
security and privacy consultant and a researcher at University College London. He warns that the data created by device light
sensors may betray user privacy far more than anyone previously imagined.
Read more on the Daily
Dot.
[From the
article:
Because these values are so specific, a website or a
hacker could use this data to identify specific users. More troubling, writes Olejnik, this data
could be used to “map the user's home arrangement,” and “discover its size,
number or rooms” or more about the user's environment, including the time of
day a user is working, how frequently a user moves around the house or leaves
altogether, or simply the type of lighting a particular person prefers.
For the Computer Security book shelf.
The NIST Cybersecurity Framework and the FTC
by Sabrina
I. Pacifici on Aug 31, 2016
Via Andrea Arias at the FTC: “…The
Framework provides organizations with a risk-based compilation of guidelines
that can help them identify, implement, and improve cybersecurity practices. The Framework does not introduce new standards
or concepts; rather, it leverages and integrates cybersecurity practices that
have been developed by organizations like NIST and the International
Standardization Organization (ISO). The
Framework terms this compilation of practices as the “Core.” This Core is composed of five concurrent and
continuous functions—Identify, Protect, Detect,
Respond, and Recover—that provide a strategic
view of the lifecycle of an organization’s management of cybersecurity risk. Each function is further divided into categories
tied to programmatic needs and particular activities. In addition, each category is broken down into
subcategories that point to informative references. Those references cite specific sections of
standards, guidelines, and practices that illustrate a method to achieve the
outcomes associated with each subcategory.
The five functions signify the key elements of effective cybersecurity. Identify helps organizations
gain an understanding of how to manage cybersecurity risks to systems, assets,
data, and capabilities. Protect
helps organizations develop the controls and safeguards necessary to protect
against or deter cybersecurity threats. Detect
are the steps organizations should consider taking to provide proactive and
real-time alerts of cybersecurity-related events. Respond helps organizations
develop effective incident response activities. And Recover is the
development of continuity plans so organizations can maintain resilience—and
get back to business—after a breach….”
Perspective. Think
this could happen in the US?
Reliance’s Ambani Lays Out Plan for Low-Cost Mobile Data in
India
Mukesh
Ambani, India’s richest man, on Thursday outlined his plans to shake up the
country’s telecommunications industry through his new cellular company, which
aims to steal customers from the competition and bring millions of Indians online
for the first time by offering data at unprecedented rates.
The chairman of Reliance Industries Ltd. , told its annual general
meeting that its wireless phone unit, Reliance Jio Infocomm Ltd., will undercut
its competitors by offering data for 50 rupees (75 cents) per gigabyte and
monthly plans for as little as 149 rupees ($2.23). The first group of users signing up for the
new platform, which launches Monday, will be offered free service until next
year, Mr. Ambani said.
… His foray into
cellular services began in 2002 with the launch of Reliance Infocomm Ltd.,
which triggered cutthroat price
competition and a shake out. Analysts expect he is trying to do the same
with high-speed data connectivity.
At stake is potentially hundreds of millions of customers who—thanks to
smartphones that now cost as little as $50—are getting online for the first
time. Consultancy McKinsey & Co.
reckons roughly one billion people in India are still without internet access. By next year it should overtake the U.S. as the
world’s second-biggest smartphone market behind China, according to
research firm IDC.
… Bharti Airtel Ltd. , India’s largest
cellular company, this week began offering one-gigabyte data packages for $0.76
with a $22 upfront charge.
This is a polite way of saying that our government lied to
us about the “agreement” they were so proud they had negotiated.
Exclusive: U.S., others agreed to 'secret' exemptions for
Iran after nuclear deal - report
The United States and its negotiating partners agreed
"in secret" to allow Iran to evade some restrictions in last year's
landmark nuclear agreement in order to meet the deadline for it to start
getting relief from economic sanctions, according to a report reviewed by
Reuters.
The report is to be
published on Thursday by the Washington-based Institute for Science and
International Security, said the think tank’s president David Albright, a
former U.N. weapons inspector and co-author of the report.
… Among the
exemptions were two that allowed Iran to exceed the deal's limits on how much
low-enriched uranium (LEU) it can keep in its nuclear facilities, the report
said. LEU can be purified into highly enriched, weapons-grade uranium.
… The U.S.
administration has said that the world powers that negotiated the accord -- the
United States, Russia, China, Britain, France and Germany -- made no secret
arrangements.
A “reality show” for my students? We need to move quick!
Jessica Alba Joins Apple’s ‘Planet of the Apps’ Reality
Series
… Producers have
invited up
to 100 aspiring app developers to submit proposals at PlanetOfTheApps.com
for a chance to appear in the show, and extended the deadline to Wednesday,
Sept. 21.
For history buffs.
LC – Chronicling America through historic newspapers
by Sabrina
I. Pacifici on Aug 31, 2016
“Chronicling America is a website
providing access to information about historic newspapers and select digitized
newspaper pages, and is produced by the National Digital Newspaper Program
(NDNP). NDNP, a partnership between the
National Endowment for the Humanities (NEH) and the Library of Congress (LC),
is a long-term effort to develop an Internet-based, searchable database of U.S.
newspapers with descriptive information and select digitization of historic
pages. Supported by NEH, this rich
digital resource will be developed and permanently maintained at the Library of
Congress. An NEH award program will fund
the contribution of content from, eventually, all U.S. states and territories. More information on program guidelines,
participation, and technical information can be found at http://www.neh.gov/projects/ndnp.html or http://www.loc.gov/ndnp/.
Worth a look!
Most schools will provide you with a sparkling new “.edu”
email address, like john.doe@stanford.edu
or john.doe@nyu.edu. This email is your gateway to a world of
discounted and free programs for which you’d need to shell out some big bucks
otherwise. Here’s just some of the stuff
you can look forward to.
No comments:
Post a Comment