Tuesday, October 25, 2016

Don’t forget!  The Privacy Foundation at the University of Denver Sturm College of Law is hosting their October Seminar:
Privacy and Encryption: The Clash of Law & Technology
Friday, October 28, 2016.  $30 includes admission to seminar, reception, and 3-hour CLE credit.  To register, contact: Maggie Stephenson, Faculty Support Specialist, 303.871.6044 mstephenson@law.du.ecu

Attention Ethical Hacking students!  We have a new target.
'Driverless' beer run; Bud makes shipment with self-driving truck
Anheuser-Busch hauled a trailer loaded with beer 120 miles in an autonomous-drive truck, completing what's believed to be the first commercial shipment by a self-driving vehicle.
The trip happened last week in Colorado as Anheuser-Busch, collaborated with Otto, a subsidiary of Uber that is developing self-driving truck technology.  The semi drove autonomously on the highway between Fort Collins, Colorado and Colorado Springs, Colorado.

Update.  This was inevitable.  All policies come from and if successful will benefit management.  The proper argument is the unreasonable and unethical bits. 
Former Wells Fargo Employees File $2.6B Lawsuit
by Sabrina I. Pacifici on Oct 24, 2016
Via FindLaw – Alexander Polonsky, et al. v. Wells Fargo, Los Angeles Superior Court, September 22, 2016.
“The lawsuit was filed by two former employees, but seeks compensation for any and all Wells Fargo employees penalized for not meeting sales quotas over the past 10 years.  In September, the bank fired over 5,000 employees for opening some two million accounts in customers’ names without their authorization.  The lawsuit claims Wells Fargo is punishing lower level employees for policies that came from, and were intended to benefit higher level executives: “Wells Fargo knew that their unreasonable quotas were driving these unethical behaviors that were used to fraudulently increase their stock price and benefit the CEO at the expense of the low-level employees.”
·         See also the New York Times DealBook – Voices From Wells Fargo: ‘I Thought I Was Having a Heart Attack’: “The scandal at Wells Fargo over the creation of unauthorized accounts shook its customers’ faith in the bank, but it took an even sharper toll on the company’s workers.  A number of them say they faced a stark choice: Create new accounts by any means possible, or risk being fired for falling short of their sales goals…”

How are users informed of the need to change a default password?  Big red headlines on page one of the installation sheet or a mention in passing on page six?  
Chinese Firm Says It Did All It Could Ahead of Cyberattack
A Chinese electronics maker that has recalled millions of products sold in the U.S. said Tuesday that it did all it could to prevent a massive cyberattack that briefly blocked access to websites including Twitter and Netflix.
Hangzhou Xiongmai Technology has said that millions of web-connected cameras and digital recorders became compromised because customers failed to change their default passwords.
   The hack has heightened long-standing fears among security experts that the rising number of interconnected home gadgets, appliances and even automobiles represent a cybersecurity nightmare.  The convenience of being able to control home electronics via the web also leaves them more vulnerable to malicious intruders, experts say.
   "The issue with the consumer-connected device is that there is nearly no firewall between devices and the public internet," said Tracy Tsai, an analyst at Gartner, adding that many consumers leave the default setting on devices for ease of use without knowing the dangers.

(Related) Check your security!
   Bullguard, an industry-leading developer of security software, has an online tool called IoT Scanner.  It scans any internet-connected device or network to see if there are any vulnerabilities that can be exploited to gain access to said device or network.
If it does find a security vulnerability, it’ll give you details of the problem that you can use as a first step toward bolstering your network security.  Give it a try.  It can’t hurt.  Run the Deep Scan if you can.
Note that even if the IoT Scanner gives you the green light, you should know that there are some internet-capable devices that you should never connect to the Internet of Things.

How to build in a security problem?
Lyft customers face potential hack from recycled phone numbers
Giving up an old cell phone number for a new one may seem harmless.  But for Lyft customers, it can potentially expose their accounts to complete strangers.

That's what happened to Lara Miller, a media relations specialist living in California.  Earlier this month, she discovered two credit card charges made in Las Vegas, over 400 miles away.
"I thought it was legit fraud on my debit card," Miller said.  
But in reality, another woman had accidentally taken over her old Lyft account.  It happened because the phone company had recycled the cell phone number Miller had canceled back in April -- opening the door to the hack.
The problem involves Lyft's login process.  The ride-hailing app does away with the hassle of usernames and passwords, and instead signs up customers with their smartphone's cell number.

Should every communications tool use encryption?  I would say yes!
Amnesty International Reviews IM Applications, Privacy and Human Rights Risks
by Sabrina I. Pacifici on Oct 24, 2016
“Encryption helps protect people’s human rights online.  By rendering digital data unintelligible, encryption helps ensure that private information sent over the internet stays private.  Technology companies play a crucial role in keeping digital information safe.  In this report, Amnesty International ranks 11 technology companies on whether they are meeting their human rights responsibilities by using encryption to protect users’ right to privacy online.  It focuses specifically on instant messaging services, such as Skype, WhatsApp and WeChat, which hundreds of millions of people around the world use to communicate every day.

“Every new technology must revisit the security issues of every old technology.”  Bob’s first rule of security failures.  
U.S. transport agency guidance on vehicle cybersecurity irks lawmakers
Guidance from the National Highway Traffic Safety Administration for improving motor vehicle cybersecurity has attracted criticism from lawmakers who said that mandatory security standards are required.
   On Monday, NHTSA released a document, titled “Cybersecurity best practices for modern vehicles,” that laid out the agency’s “non- binding guidance” to the automotive industry for improving motor vehicle cybersecurity.
Markey and Blumenthal introduced in July last year in the Senate the Security and Privacy in Your Car Act, also known as the SPY Car Act.  This would direct the NHTSA and the Federal Trade Commission to establish federal standards for vehicles made for sale in the U.S. that would protect the vehicles from unauthorized access to their electronic controls or data collected by electronic systems.

No where near $100 billion, but a simple business model for my students to consider.
New York Times Acquires Consumer Guide Sites the Wirecutter and the Sweethome
New York Times Co. has acquired the consumer guide sites the Wirecutter and the Sweethome, as the company moves to firm up its digital footprint amid the continued erosion of print advertising.
The total value of the deal was around $30 million, including retention bonuses and other payouts, a person familiar with the matter said.
The sites, created in 2011 by technology journalist Brian Lam, rate gadgets and tech gear and then link readers to merchants, like Amazon.com, that sell the products.  The company then collects a cut of any sale made through its recommendation.

Because I’m old and my eyesight is going…
First, you’ll need a shortcut for the program. The easiest way to do this is to search for the app you want in the Start Menu, then right-click it and choose Pin to Taskbar.  Right-click on the app’s icon on the Taskbar, then right-click again on the app’s name in the resulting menu and choose Properties.
Now, you can edit the settings for the selected app.  On the Shortcut tab under the Run: field, change the value from Normal Window to Maximized.  That’s all you need to do!

How to stir up an English department?  (and who really cares?)
Oxford says Shakespeare will share credit for Henry VI
Oxford University Press' new edition of William Shakespeare's works will credit Christopher Marlowe as co-author of the three Henry VI plays, underscoring that the playwright collaborated with others on some of his most famous works.

No comments: