Wednesday, February 01, 2017
Imagine that. I wonder how long he has been reading my Blog?
Trump expected to put agency heads in charge of cyber security for their organizations
U.S. President Donald Trump on Tuesday postponed signing an executive order that is expected to require the heads of government agencies to play a more direct role in reviewing and managing risks to networks under their control.
Trump, at a White House event with top officials to discuss his order, said his initiative would “hold my Cabinet secretaries and agency heads accountable, totally accountable, for the cyber security of their organizations.”
Why hackers succeed. Think a global population of hackers looking at whatever catches their fancy. Compare that to an infinite number of monkeys pounding on typewriters.
Graham Cluley writes:
A security researcher has described how he uncovered a severe security hole in dozens of different Netgear routers, meaning that “hundreds of thousands, if not over a million” devices could be at risk of having their admin passwords stolen by hackers.
Simon Kenin, a researcher at Trustwave, has explained how sheer laziness on a cold and rainy winter night stopped him from getting out of bed and going downstairs to reboot his router.
Instead, he stayed under the covers and investigated whether he could find a way to hack into the device’s web admin panel, having forgotten the access password.
Shockingly, Kenin discovered that all he had to do was send a simple web request to the router’s management software to retrieve its admin password, using two security flaws previously disclosed on other Netgear routers back in 2014.
Read more on We Live Security.
For my Computer Security students.
The State of Malware: 1 Billion Samples Under the Microscope
… Anti-virus firm Malwarebytes examined almost 1 billion malware instances from June to November 2016. Data was drawn from nearly 100 million Windows and Android devices in more than 200 countries, together with additional data from its own honeypots. The ensuing report (PDF) looked at six threat categories: ransomware, ad fraud malware, Android malware, botnets, banking trojans, and adware.
The two standout malware categories are ransomware and ad fraud. Malwarebytes suggests this indicates a growing trend among cybercriminals -- the desire to realize monetary return as quickly and easily as possible.
A Privacy perspective on the (potentially) new court?
FourthAmendment.com points us to two articles about how Supreme Court nominee Gorsuch might impact privacy:
I hope liberals don’t just oppose Gorsuch just because Trump nominated him. Remember that conservatives can be very good friends when it comes to privacy. Then again, if they’re anti-abortion, this might be a serious problem. So start reading up, folks, and let’s see what opinions he’s written about privacy issues of concern to you.
This is what my Data Management students will face.
The Flood of Data From IoT Is Powering New Opportunities — for Some
… Recently, Stephanie Jernigan, David Kiron, and I researched the effect that IoT is having on organizations. A combination of interview and survey responses from 1,480 managers resulted in a summary report of this research, “Data Sharing and Analytics Drive Success With IoT”.
The cost of investigation is a ‘loss.’ Will that transfer to individuals whose accounts have been breached?
Carol Mongtgomery of Butler Snow LLP writes:
The Eleventh Circuit ruled last week in a wrongful discharge turned Computer Fraud and Abuse Act (“CFAA”) case, spinning the employee’s case against his employer on its head. The facts of Brown Jordan International, Inc. v. Carmicle stemmed from the employment of Christopher Carmicle by Brown Jordan, a furniture manufacturer. Carmicle was an executive at Brown Jordan, but his relationship with the company deteriorated with the hiring of a new CEO, Gene Moriarty. Moriarty had doubts about Carmicle based on excessive entertainment expenses, and Carmicle, in turn, had doubts about Moriarty’s trust in him.
In the year prior to Carmicle’s termination, Brown Jordan switched to a new email service. This switch (and the corresponding provision of a generic password—Password1—to all employees) was what Carmicle used to investigate his suspicions of Moriarty and others. Over the course of several months, Carmicle repeatedly hacked into the accounts of Brown Jordan employees, including his superiors, and took hundreds of screenshots on his personal iPad.
Read more on JDSupra.
[From the article:
Applying a plain language approach, and noting that “loss” is defined in the disjunctive, the Eleventh Circuit held that there can be two types of loss. While the first type requires an interruption of service, the second type does not. Brown Jordan’s use of the consultants to investigate the unauthorized access after the fact is sufficient to constitute “loss” under CFAA.
Isn’t this just a ‘minimum wage’ taken to an extreme?
Indians Are Freaking Out Over Plans To Change The US Visa System
India’s biggest technology companies lost more than $7 billion in market value in a single hour of trading Tuesday, after news reports of proposals in the US to restrict the availability of skilled worker visas for foreigners.
… On January 24, Democratic Congresswoman Zoe Lofgren, whose district encompasses much of Silicon Valley, introduced a new bill that sought to reform the H-1B program. Her proposal — which is unlikely to be passed by a Republican-led Congress — would more than double the minimum annual wage for H-1B visa holders, from $60,000 to $130,000.
Works for me!
Google Wins ‘Right to Be Forgotten’ Case in Japan
The country’s top court says scrubbing search results could be seen as a restriction on speech
All I have to say is, ‘Guard your pet pigs!’
Americans Are Eating So Much Bacon That Reserves Are at a 50-Year Low
The Trump cartoons are priceless.
The Enduring Humor of New Yorker Cartoons
In the wake of the November election, election-related New Yorker cartoons (Clinton– and Trump-specific) have kept people laughing and spreading the humor via social media.
Dilbert continues to explain how ‘automated lawyering’ will work.