Friday, January 27, 2017

What do you disclose and when do you disclose it?  ‘Who; will always be everyone. 
I don’t think investors’ lawsuits related to data breaches have been a particularly winning strategy to date, but if any investors’ suit has a chance, this one might – or at least, should have a chance.  Maria Dinzeo reports that those who invested in Yahoo! are suing the company:
A proposed class of hundreds of thousands of Yahoo shareholders led by investor Mark Madrack says Yahoo’s quarterly financial statements filed with the Securities and Exchange Commission made false and misleading claims about the effectiveness of its encryption system and caused them to buy Yahoo shares at artificially inflated prices.
The lawsuit, which also names Yahoo CEO Marissa Mayer and CFO Kenneth Goldman as defendants, seeks an unspecified amount in damages on behalf of all investors who purchased shares between Nov. 13, 2013, and Dec. 14, 2016.
Read more on Courthouse News.
I think their strongest argument might ultimately be the delays in discovering and disclosing the massive breaches to investors – apart from what seems to be less than appropriate security like encryption.  I’m not a Yahoo! investor, but if I had invested, I think I’d be arguing that I never would have purchased the stock at the price I purchased it at if I known that the company had not timely disclosed a major breach that it had become aware of, had not properly addressed it by forcing a password reset, had not then timely discovered an even larger breach that had occurred earlier because it dismissed reports by a security firm and only paid attention when the government came to them with the same information, etc.  All of those factors, I think, would be material to any decision to invest.  But then, IANAL, of course.

I am thankful that President Trump is supplying me with so much information for my Computer Security students!  I love bad examples!
Trump administration is giving us a good lesson on Twitter security
   It turns out that several White House-related Twitter accounts -- including the president's official account, @POTUS -- until recently were revealing sensitive information that hackers might be able to exploit.
The problem revolves around the service’s password reset function.  If the account holder doesn't take certain steps to secure it, Twitter exposes information that anyone with the right skills can use to uncover what email address -- in redacted form -- was used to secure a Twitter account.
   Exposing your email address to the public may seem harmless.  But for government officials or business executives, it can be asking for trouble.   
That’s what happened in last year’s election.  An aide to presidential candidate Hillary Clinton was hacked by suspected Russian cyberspies through a phishing attack sent to his Gmail address.  His emails were eventually stolen and leaked to the public.
   To prevent exposing your email address over Twitter, you can go into your account’s security settings and click “Require personal information to reset my password.”  That’ll force anyone trying to reset your password to enter the correct email address or phone number to continue.  
   Securing a presidential Twitter account with a Gmail address highlights another problem: Why are White House officials using third-party email providers?
   He also suggests that people secure their Twitter accounts with two-factor authentication.  This requires the user to enter both a password and a one-time special code sent to their mobile phone or generated over an authenticator app.
   On Thursday, White House Press Secretary Sean Spicer was found tweeting and then deleting what appeared to be a password, although it’s still unclear what really happened.

More for my Computer Security students.
4.2 Billion Records Exposed in Data Breaches in 2016: Report
The latest release of Risk Based Security’s annual Data Breach QuickView report shows that there were 4,149 data breaches reported during 2016, down from the 4,326 data breaches reported in 2015.  The number of exposed records, however, reached an all-time high that might not be easily equaled: 4.281 billion.  The previous record was established in 2013 at 1.106 billion.
   According to Risk Based Security’s report (PDF), no less than 94 breaches in 2016 had exposed one million or more records.

They are not us! 
Thomas Fox-Brewster reports:
Amongst president Trump’s many decrees in the last week was an ostensibly shocking order to ensure non-Americans wouldn’t get the same privacy rights as U.S. citizens.  But Trump didn’t actually make any significant changes to U.S. law.  Instead, according to one legal expert, he sent a message to immigrants: the Obama administration’s plans to guarantee better privacy for individuals travelling or moving to the U.S. are being canned.
The wording in the Enhancing Public Safety executive order signed yesterday caused immediate, inevitable panic: “Privacy Act. Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”
Read more on Forbes.

Amazing how many ‘content creators’ are finding President Trump valuable. 
TrumpBeat: There Is No Pivot
Welcome to TrumpBeat, FiveThirtyEight’s new weekly feature looking at how developments in Washington affect people in the real world.  We’re still experimenting with the format, so tell us what you think.  Email us or drop a note in the comments.

Dilbert is exploring the downside of Tweeting this week.

At last!  Something worth it’s price!
Unless you’ve been living under a rock, you’ve probably already heard of Marie Kondo’s book, The Life-Changing Magic of Tidying Up.  The self-improvement title walks readers through how purging possessions that don’t bring you joy can make for a more organized life.
So if you want this audiobook for free how do you go about getting it?  You will need an Audible account to download it, but if you don’t already have one, you can just log in with your Amazon credentials (and also take advantage of select free content available through Amazon.)  If you already have an Audible account, you’re already one step closer to getting this audiobook for free.  And you don’t need to sign up for an Audible subscription to take advantage of this giveaway.
After you’ve logged into Audible you can search for the title or just use this link while logged in

No comments: