Steve Ragan reports:
Full data enrichment profiles for
more than 200 million people have been placed up for sale on the Darknet. The person offering the files claims the data
is from Experian, and is looking to get $600 for everything.
Details of this incident came to
Salted Hash via
the secure drop at Peerlyst, where someone uploaded details surrounding the
sale and the data. The data was first
vetted by the technical review board at Peerlyst, who confirmed its legitimacy.
Once it was cleared by the technical
team, a sample of the data was passed over to Salted Hash for additional
verification and disclosure.
Read more on Salted Hash. Note that this is the same database/situation that
DataBreaches.net reported on last week, after it was first
reported by HackRead. DataBreaches.net’s report had
included Experian’s denial that the data were hacked from their system. They apparently have sent Steve the same
statement.
Attribution aside (and yes, figuring out who got
compromised is important), the fact that so much information about over 200
million people is in the wild should concern everyone. Not all of the data will be accurate, but much
of it will be, and that poses a variety of risks, as Steve appropriately notes.
Do
read his article to find out more about the more than 80 types of
information in this database.
[From the
article:
Moreover, the data holds enough information to develop a
sustained Phishing campaign, which could open the door to numerous other
crimes.
“This data set alone (and there are many more) tells us
who makes more than $100,000 a year in a given zip code and address; what
allergies each member may have; how many home loans they have taken out in 15
years; how many pets; how often they shop; and about 80 other attributes.
Data enrichment is a value adding process, where
external data from multiple sources is added to the existing data set to
enhance the quality and richness of the data. This process provides more
information of the product to the customer.
Now that’s amusing!
Okay, not really, but what happened to their backups?
Massive
Australian Taxation Office data loss feared after Hewlett Packard Enterprise
equipment crash
Fleur Anderson and Paul Smith report:
The Australian Taxation
Office has restored access to some of its online services, but
concerns remain that large amounts of data have been lost after it suffered a
“world-first” technical glitch to equipment from Hewlett Packard Enterprise
more than 24 hours earlier.
Tax officials were reportedly
told to work from home for the second successive day, due to inability to
access some key internal systems, and citizens were unable to access its
website after a failure in the hardware that stores the ATO’s data.
The systems went down on Monday
after a failure of the HPE storage network, which was upgraded in November 2015
with technology news website ITNews reporting the
loss of 1 petabyte of data,
which it is still attempting to recover.
Read more on AFR.
I like it! Suggests
they will need to plan this before the breach.
Note that there is no time limit on detecting the breach.
From PayBefore:
The European Banking Authority
(EBA) working with the European Central Bank (ECB) recently released a consultation
paper on guidelines for payment service providers (PSPs) to follow in
the event of security breaches. Among
the suggested mandates is notifying authorities of an incident within two hours
from the moment the breach is detected—that’s significantly faster than the
breach notification requirements set to go into force next year under the General
Data Protection Regulation (GDPR), which requires notice within 72 hours of
breach detection.
Read more on PayBefore.
Minor? At least it
shows what kind of “tools” sell.
Joe Cadillic writes:
A recent article
in the News Gazette, reveals how the University of Illinois police tracked
a stolen cell phone to a specific classroom.
How did the police, track a
stolen cell phone to a specific classroom, you ask?
Police across the country
are using cell phone detectors, like the ‘Wolfhound-Pro‘
or the “PocketHound”
that can track cell phones from 150 feet away indoors and up to one
mile outdoors (line-of-sight).
Read more on MassPrivateI.
[From the
Wolfhound-Pro website:
Wolfhound-Pro’s passive receiver technology does
NOT intercept or “listen-in” on any phones calls making it fully
legal and the tool of choice for law
enforcement trying to avoid sluggish court orders and search warrants.
I’ll add this to my Computer Security handouts.
IEEE puts out a first draft guide for how tech can achieve
ethical AI design
The document, called Ethically
Aligned Design, includes a series of detailed recommendations based on the input
of more than 100 “thought leaders” working in academia, science, government and
corporate sectors, in the fields of AI, law and ethics, philosophy and policy.
(Related)
How AI can bring on a second
Industrial Revolution
"The actual path of a raindrop as it goes down the
valley is unpredictable, but the general direction is inevitable," says
digital visionary Kevin Kelly — and technology is much the same, driven by
patterns that are surprising but inevitable. Over the next 20 years, he says, our penchant
for making things smarter and smarter will have a profound impact on nearly
everything we do. Kelly explores three
trends in AI we need to understand in order to embrace it and steer its
development.
The world we live in…
US privacy rules stir confusion
The United States has a uniquely convoluted way of
regulating privacy.
In the European Union, for example, all private
information is treated the same, whether it’s collected by Facebook or by a
doctor in a hospital.
But things are murkier in the U.S., thanks to an
overlapping structure involving an alphabet soup of federal agencies.
The Federal Trade Commission (FTC) regulates privacy, but
so does the Food and Drug Administration (FDA), the Federal Communications
Commission (FCC) and the Department of Health and Human Services (HHS), just
for starters.
“We are more or less the only country approaching privacy
in a sectoral fashion,” said Sharon Klein, who heads the privacy, security and
data protection practice at the law firm Pepper Klein. “And it’s getting harder to be sectoral.”
Maybe I will allow my students to comment on my blog.
Backpage.com CEO and co-founders cleared of pimping charges
The executives of classified listings site Backpage.com
have been cleared
of criminal charges relating to adult services advertised on the site.
… Last Friday,
though, Sacramento County Superior Court Judge Michael Bowman found in favor of
the defendant, with Bowman’s ruling (which can be seen
here, courtesy of Ars Technica) stating that Backpage’s business
is shielded by the Communications Decency Act.
I wondered how the government would keep older cars off
the highways, this is it. If your car
can not ask the highway to open the gate at the on-ramp, you won’t be allowed
to drive on the highway.
New Cars Could Be Required To 'Talk' To Each Other As Soon As
2020
More than two years after the National Highway Traffic
Safety Administration first issued an advanced notice of proposed rulemaking to
mandate vehicle-to-vehicle (V2V) communications in the U.S., the agency is
finally ready to move forward. Following
an extended comment and testing period, NHTSA today published the notice of
proposed rulemaking (NPRM) for what is expected to become Federal Motor Vehicle
Safety Standard (FMVSS) 150.
If the NPRM makes it to the FMVSS stage without
significant changes, all manufacturers would be required to install dedicated
short-range communication (DSRC) radios into new vehicles, probably starting in
about 2020.
Does this strike anyone else as being a bit too much?
Microsoft’s latest AI powered service aims to help you with
your busy schedule
Setting up a meeting with someone outside your company can
be a time-consuming process since you can’t see other’s calendars and free/busy
information. Generally, we email them to
know their free timings and try to work out the meeting time. To solve this issue, Microsoft has started an
incubation project code-named “Calendar.help.” This
project gives Cortana the ability to arrange meetings on your behalf.
By delegating scheduling tasks to
Cortana, you can focus on getting things done rather than wasting time emailing
back and forth. This service is based on
Genee, a scheduling AI startup that Microsoft acquired in August.
Think of it as a lack of standards?
Here’s your first tech buzzword of 2017: ‘Brownfield’
There’s a lot of hype and activity surrounding IoT, which
is very positive and can help expedite its growth and proliferation. However, the approach being embraced by most
newcomers and early adopters leaves a lot to be desired. Usually, designers and manufacturers are
inclined to hop on the IoT bandwagon through “greenfield development” —
creating products from scratch — rather than “brownfield development” —
connecting existing devices, systems and infrastructure to the cloud.
… Meanwhile, we’re
seeing manufacturers “reinvent the wheel” by creating proprietary hardware and
software to power their IoT devices. They
face, and fail to deal with, the multitude of IoT development challenges —
often simultaneously.
The unintended consequence is a fragmented IoT landscape
plagued by an endemic lack of standards, creating products that are insecure,
unreliable, unmanageable and weak at communicating with one another. Interoperability is a huge issue, since the
future of IoT is not devices that can be remotely controlled and send data back
to the cloud, but rather devices and systems that can autonomously communicate
between each other and reliably coordinate their actions.
New data centers everywhere as each country wants to control
(or at least hold) its own data.
Amazon Opens Data Centers to Boost U.K. Cloud Services
Amazon Web Services, the
cloud-hosting arm of Amazon.com Inc., opened new data centers in the U.K. as
it seeks to stay abreast of competitors in offering cloud computing services to
government and health-care customers.
… The U.K. data
region, which comprises two zones, each consisting of multiple data
centers, is the 16th Amazon Web
Services operates worldwide and its third in Europe. A fourth in France has already been announced
and will open next year.
Governments are increasingly moving computing functions
into the cloud. But they are often
required for regulatory and security purposes to hold data within their
national borders. The same applies for
sensitive health-care information.
I’ll have to ask Indian students what is really happening.
India is in the throes of an unprecedented social
experiment in enforced digital disruption, and the world has much to learn from
it.
Prime Minister Narendra Modi launched a surprise in early
November, demonetizing
500 and 1,000 rupee bank notes. Modi’s
war on cash is not without international precedent: Singapore, for example, withdrew its largest currency recently; the European
Central Bank eliminated the 500-euro bank note; South Korea plans to eliminate at least all coins by 2020.
And yet India’s initiative had the potential for chaos. Here’s why: the government effectively took
86% of cash out of circulation in an economy that is close to 90% cash-reliant.
No comments:
Post a Comment