Thursday, February 02, 2017
Data Breach: The ‘never-ending story’ of management nightmares.
It ain’t over until…. well, no body-shaming here, but Target is not out of the woods on litigation from their massive 2013 breach.Law360 is reporting:
The Eighth Circuit decided Wednesday to send back to lower court the $10 million deal that let Target Corp. out of multidistrict litigation over its notorious 2013 data breach, after two men raised concerns about inadequate class representation and compensation.You’ll need a subscription to read the article, but if I find other coverage, I’ll add it here.
What do the Dutch know? Are we missing something or is this just paranoia?
Dutch to Count Election Votes by Hand to Thwart Hackers
Dutch authorities will count by hand all the votes cast in next month's general elections, ditching "vulnerable" computer software to thwart any cyber hacking bid, a top minister said Wednesday.
"I cannot rule out that state actors may try to benefit from influencing political decisions and public opinion in The Netherlands," Interior Minister Ronald Plasterk said in a letter to parliament.
Should I teach my Computer Security students how to monitor these sites?
You’ve probably heard of Alpha Bay and some other dark web marketplaces. But have you ever heard about Kick Ass Marketplace or The Stock Insiders? Mohit Kumar reports that there are dark web marketplaces where one can buy and sell stolen insider data.
According to a new report from the US-based risk security firm RedOwl and Israeli threat intelligence firm IntSights, staff at corporations are selling company’s internal secrets for cash to hackers on one of the most famous dark web markets Kick Ass Marketplace (Onion URL).
Besides selling their company’s secret information, researchers also found evidence of rogue staff, in some cases, even working with hackers to infect their company networks with malware.
Read more on The Hacker News and then think some more about your protection against insider threats.
An amusing debate for my Computer Security students?
A dumpster diver in Harlingen, Texas hit pay dirt:
“Social Security numbers, birthdays, home addresses, home telephone numbers, you name it,” he said.
Channel 5 News tracked the documents back to Harlingen Texas Motors, which closed last year. But wait…. it’s probably not what you’re guessing. Read on:
We spoke to the owner of the business. He said the files were held in a storage unit.
“They told me I had a new credit card and the chip changed on it so they didn’t run it. So they sold it out or foreclosed on it or whatever they call it. So somebody purchased it on Saturday and they threw my files away,” Andre Cano, the owner of Harlingen Texas Motors, said.
Read more on KRGV.
So, assuming for now that the owner is telling the truth, who’s responsible for or accountable for the incident?
Try to learn from the failures of others – it’s much less painful.
GitLab Learns Hard Lessons After Production Data Accidentally Gets Nuked
… What happened here is that an IT manager working a late night accidentally deleted the wrong folder, and by the time the mistake was recognized, only a few gigabytes of data was able to be saved (of a few hundred). Following this accident, the company took to Twitter to announce that the server was being taken offline, and then followed-up not long after with an admission of what happened.
This kind of transparency is great to see, and we hope GitLab's admittance inspires future companies to not waste time in coming forward. Unfortunately for GitLab, even though it took precautions to backup its data, multiple restore methods failed. Imagine being the person having to deal with this reality - it's painful.
When all was said and done, it appears that the company didn't end up losing much data at all (if any - it's hard to tell), and as such, the service has been put back online. Throughout the entire restore process, the company left nothing to the imagination, going as far as sending a new tweet out after the restore process went up a few more percentage points.
While GitLab was able to recover, it ultimately got very lucky. But this is another lesson to learn not only about the importance of keeping backups, but making sure those backups work.
If you over-promise, be sure not to under-lawyer.
New York Attorney General Sues Charter Over Dismal Internet Speeds, Defrauding Customers
New York Attorney General Eric Schneiderman’s office is suing Charter-owned Spectrum (previously Time Warner Cable) for knowingly failing to live up to its promise of ‘blazing fast’ and ‘super reliable’ service.
Schneiderman conducted a statewide study in 2015 to measure broadband speeds after receiving thousands of complaints from Time Warner Cable customers. The study discovered that at least 640,000 customers who signed up for high-speed internet received much slower speeds. It was also unveiled that customers were often unable to access Facebook, Netflix, YouTube and gaming platforms that had been promised to them. The lawsuit seeks full restitution for affected customers.
We knew all of this, right?
New powers of FBI made public to shine light on threats to civil liberties
by Sabrina I. Pacifici on Feb 1, 2017
The Intercept: “In the wake of President Donald Trump’s inauguration, the FBI assumes an importance and influence it has not wielded since J. Edgar Hoover’s death in 1972. That is what makes today’s batch of stories from The Intercept, The FBI’s Secret Rules, based on a trove of long-sought confidential FBI documents, so critical: It shines a bright light on the vast powers of this law enforcement agency, particularly when it comes to its ability to monitor dissent and carry out a domestic war on terror, at the beginning of an era highly likely to be marked by vociferous protest and reactionary state repression. In order to understand how the FBI makes decisions about matters such as infiltrating religious or political organizations, civil liberties advocates have sued the government for access to crucial FBI manuals — but thanks to a federal judiciary highly subservient to government interests, those attempts have been largely unsuccessful. Because their disclosure is squarely in the public interest, The Intercept is publishing this series of reports along with annotated versions of the documents we obtained…”
For my Data Management students.
Powering-up Digital Transformation in Industrial Sectors
Why is it that when Forrester polled global enterprises, 83% of energy respondents and 74% of respondents in manufacturing put digital transformation at the top of their business priorities? It’s because business and IT decision makers in both sectors see digital transformation as the path to growth and innovation.
… Traditionally, the operational technology (OT) components controlling the physical processes at the core of these organizations have been completely separate from their IT counterparts that handle the flow of business information. But as OT assets increasingly collect data that’s critical in today’s decision making processes, IT and OT are converging. Companies need access to all available data to monitor changes occurring in their business environment, to optimize their customer experiences and operations, and to capture new market opportunities. Here are just three ways in which energy companies and manufacturers can use this data to their advantage.
1. Predictive Maintenance.
2. Production Optimization.
(Related). Another job opportunity for my Data Managers?
Legal industry embracing trend to employ technology assisted document review
by Sabrina I. Pacifici on Jan 31, 2017
Via Quartz – “Academically trained attorneys are increasingly being replaced by technology to analyze evidence and assess it for relevance in investigations, lawsuits, compliance efforts, and more. Forty percent of more than 100 in-house attorneys in major American corporations told the industry publication Corporate Counsel, in a survey published on Jan. 23, that they rely on technology assisted review (TAR). Technology assisted review (TAR) is a term that covers many different aspects of machine reading, including analytics, predictive coding, and more. Predictive coding uses patterns of human responses to “train machines to read” and decide if documents are relevant to a legal matter, ostensibly as attorneys would. So, rather than having many lawyers read a million documents, a few review a percentage of the possible evidence and predictive coding technology uses those answers to guide a computer review of the rest. This eliminates the need for all but a few lawyers to review evidence and assess it, then train machines, rather than lawyers with training eyeballing all the documents….”
A tool our techies swear by…
Despite its ubiquity, many people still don’t have a basic grasp on how to use the internet properly. Often, these folks ask their friends for help with basic questions that could easily be answered with a Google search.
Longtime site Let Me Google That For You (LMGTFY) has just received an update, and it’s worth keeping in mind for those times when someone asks you to search the internet for them.
To keep up with Google’s many changes, LMGTFY has added a big number of new features. It now supports Bing, Yahoo, AOL, Ask, and DuckDuckGo search engines if you want to send someone to a service other than Google. For Google searches, you can choose to search images, videos, news, and other categories in addition to a normal web search.
Finally, you’ll notice a new Include internet Explainer check box below the search bar. If you enable this, the link includes a little explanation about how search engines let you search the web for whatever you need. The service also works better on mobile now, and changing the language directs the link to the proper international version of Google.
… Need to send your friends more guides to the internet? Show them how to use Twitter without screwing up.
A tool for the age of ‘fake news?’
… The problem arises when a site is so driven by its bias that it begins to misrepresent reality, such as by distorting the opposition’s viewpoint or producing fake news and conspiracy theories. This is what you want to avoid, and that’s where Media Bias Fact Check comes in.
… You can read about their methodology if you’re skeptical. If you don’t see a particular site being tracked, you can submit a source. If there’s a particular claim or article that doesn’t seem credible or true, you can submit a fact check request.