Friday, January 20, 2017

Not the richest target, but perhaps an easy one.  
WTAE reports:
Hackers have infected every public computer in the St. Louis Public Library system, stopping all book borrowing and cutting off internet access to those who rely on it for computers.
[…] According to the library, hackers demanded $35,000 in the electronic currency Bitcoin — but the library refuses to pay.  Instead, it’ll wipe the entire computer system and reset it, which could take days or weeks.
Read more on WTAE.

Ethical Hacking for fun and ….  for fun!
You can learn to be an ethical hacker and possibly launch a new career with these courses from MakeUseOf Deals for a limited time!  We have three bundles that will teach you all the skills you need to know!  And they’re all heavily discounted!

For my Computer Security students. 
How to get fired in 2017: Have a security breach
There are many reasons why IT professionals can be fired, but six out of the top nine are related to security, said a survey released this morning.
For example, having a tech investment that leads to a security breach was considered a fireable offense by 39 percent of organizations, according to Osterman Research, which conducted the survey.
A data breach that becomes public was a fireable offense for 38 percent of companies.
Other fireable offenses included failing to modernize a security program, data breaches with unknown causes, data breaches that do not become public, and the failure of a security product or program investment.

Failing to meet regulatory compliance and getting a large fine or penalty, was the top offense, with 68 percent of organizations considering it reason for dismissal.
Some of this may not, strictly speaking, be the employee's fault.  If a very dedicated attacker, such as a foreign country, is committed to getting the data, there's very little that an organization can do to stop them.

More information just in time for my Computer Security class.  
Number of U.S. Data Breaches Increased in 2016: Report
The number of data breaches disclosed by organizations in the United States has increased by 40 percent in 2016 compared to the previous year, according to a report released on Thursday by CyberScout (formerly IDT911) and the Identity Theft Resource Center (ITRC).
ITRC has counted 1,093 breaches and more than 36 million exposed records across sectors such as financial, business, education, government and military, and healthcare.  While this is an all-time record high and a significant increase from the 780 breaches reported in 2015, experts believe this upwards trend is also due to more states disclosing incidents on their websites.
It’s also worth noting that while 36 million records might not seem much, ITRC has pointed out that half of the breach notifications did not disclose the number of exposed records.
   The complete list of breached organizations and information on each incident are available in ITRC’s 2016 Data Breach Report.

Another article for my Computer Security students.
DHS Publishes National Cyber Incident Response Plan
   The NCIRP has three main goals: define the responsibilities and roles of government agencies, the private sector and international stakeholders; identify the capabilities required to respond to a significant incident; and describe how the government will coordinate its activities with the affected entity.

I bet no one is ready to train their employees.  Who does this kind of training?
Christian B. Nagel, Todd R. Steggerda, Ronald L. Fouse, David G. Dargatis, and Edwin O. Childs of McGuireWoods LLP write:
Beginning January 19, federal government contracts will contain additional training requirements for contractors who deal with personally identifiable information (PII) or with a system of records.
Affected contractors must provide privacy training to their employees, and be prepared to provide documentation of the training to the appropriate contracting officer.
Read more on Lexology.

Why did you keep asking, “Where’s the best place to hide a body?” 
How to find, view, and delete everything the Amazon Echo and Google Home know about you
   In order to fulfill your requests, however, both of these voice-activated digital assistants must upload your verbal commands to the cloud.  Just what does that entail?  The short answer is that your commands are saved to your Amazon or Google account respectively.  And the more you use these devices, and the more services you link to them, the more their respective manufacturers will know about you.  Those insights can range from what kinds of movies and music you like to what time you go to bed.

Is this really the first lawsuit asking for this information?
EPIC Sues FBI for Details of Russian Interference with 2016 Election
by Sabrina I. Pacifici on Jan 19, 2017
“EPIC today filed a Freedom of Information Act lawsuit against the Federal Bureau of Investigation in federal district court in Washington, DC.  The case is designated EPIC v. FBI, No. 17-127 (D.D.C. filed Jan. 18, 2017).  The complaint states “EPIC challenges the FBI’s failure to make a timely decision concerning EPIC’s request for expedited processing of the FOIA request for records about the Russian interference with the 2016 Presidential Election.”

I can see the ads now: “Government tested, government approved!”  
NHTSA’s full final investigation into Tesla’s Autopilot shows 40% crash rate reduction
The U.S. National Highway Traffic Safety Administration has released its full findings following the investigation into last year’s fatal crash involving a driver’s use of Tesla’s semi-autonomous Autopilot feature.  The report clears Tesla’s Autopilot system of any fault in the incident, and in fact at multiple points within the report praises its design in terms of safety, and highlights its impact on lowering the number of traffic incidents involving Tesla vehicles overall.
The full report is embedded below, but some sections of note include a section where NHTSA notes that crash rates involving Tesla cars have dropped by almost 40 percent since the wide introduction of Autopilot.  It also notes that its investigation did not find any defects in the design or implementation of Tesla’s automatic emergency braking systems (AEB) or its Autopilot cruise features.  The report also states that Tesla properly anticipated the potential for driver misuse in the design of Autopilot, studied those potential effects and incorporated it into the product’s final design before broad rollout.

One of the new business models in the Automotive industry.  Just a step down the road to an all ‘transportation by App’ economy? 
Cadillac wants to eliminate the headache of car ownership
Cadillac is diving into the world of premium subscription services with Book — a program that removes some of the minutiae of owning a car.  Much like subscription services including Spotify and Netflix, Cadillac Book will let you enjoy the car without having to put in the legwork usually associated with ownership.  Sure, the price — $1,500 a month — might make dealing with insurance companies, paying taxes and registration fees slightly more attractive but you also get open access to the entire line of brand-new Cadillacs.
   Car requests are made via smartphone app and delivered to the customer by a concierge service … which means you could jump from commuting in a CT6 during the week to ruining the tires on a CTS-V for the weekend.

Not all transitions of power are smooth.
Gambia crisis: Jammeh given last chance to resign as troops close in
Mr Jammeh was given until noon to leave office or be forced out by UN-backed regional forces, but the deadline was extended to allow last-ditch talks.
Troops have been told to halt their advance until the talks are over.
The Economic Community of West African States (Ecowas) is acting in support of new President Adama Barrow, who was sworn in on Thursday.
His legitimacy as president has been recognised internationally, after he was voted in last month.

"When in trouble or in doubt, run in circles, scream and shout."  You can send me my consulting fee in Euros.  This is not the ‘Bully Pulpit’ Teddy Roosevelt was using.
Companies drafting emergency plans for Trump tweets
Companies and industry groups are turning to lobbyists with a pressing question: What should we do if President-elect Donald Trump attacks us on Twitter?
   “The Washington ecosystem has had no catch-up time to understand it and learn how to engage it in an effective way,” he said.
Murray said companies used to have a window of time to figure out their response to criticism from lawmakers and public officials.  Thanks to social media, that time is gone. 

I toss this in because our system of teaching seems broken to me.
Should all countries use the Shanghai maths method?
The life of a teacher in a Shanghai primary school differs quite a bit from that of teachers in most other countries.  For one thing each teacher specialises in a particular subject - if you teach maths, you teach only maths.
These specialist teachers are given at least five years of training targeted at specific age groups, during which they gain a deep understanding both of their subject and of how children learn.
After qualifying, primary school teachers will typically take just two lessons per day, spending the rest of their time assisting students who require extra help and discussing teaching techniques with colleagues.
"If you compare that to an English practitioner in a primary school now, they might have five days of training in their initial teacher training year, if they're doing the School Direct route, for example," says Ben McMullen, head teacher of Ashburnham Community School, London.

Have I mentioned that I like lists?  I like seeing what others consider important.  Occasionally I learn new things. 
In no particular order, let’s step through twelve Windows apps everyone should install right away, along with alternatives for each category.

No comments: