Wednesday, March 29, 2017

The scam does not have to be very sophisticated as long as you try it on enough potential victims.  Remember, when it comes to IQ, “Half the world is below average.” 
Scammers scare iPhone users into paying to unlock not-really-locked Safari
   "One of our users alerted us to this campaign, and said he had lost control of Safari on his iPhone," Andrew Blaich, a Lookout security researcher, said in a Tuesday interview.  "He said, 'I can't use my browser anymore.'"
The criminal campaign, Blaich and two colleagues reported in a Monday post to Lookout's blog, exploited a bug in how Safari displayed JavaScript pop-ups.  When the browser reached a malicious site implanted with the attack code, the browser went into an endless loop of dialogs that refused to close no matter who many times "OK" was tapped.  The result: Safari was unusable.

At the same time, the attack showed a message, purportedly from a law enforcement agency, demanding payment to unlock the browser for, in one instance at least, simply steering to a URL that suggested the site's content was pornographic.  Payment was to be made by texting a £100 ($125) iTunes gift card code to a designated number.
Blaich stressed that the attack was as much scam as scare: To regain control of Safari, all one had to do was head to Settings, tap Safari, then Clear History and Website Data.
"This was a scareware attack, where [the attackers] were trying to get people to not think and just pay," said Blaich.

Those phony tax refunds must be costing the state money too. 
Liisa M. Thomas, Robert H. Newman, and Eric J. Shinabarger of Winston Strawn LLP write:
With little fanfare, Virginia recently amended its data breach notification law, requiring employers and payroll service providers to notify the Virginia Attorney General if they are subject to a W2 phishing scam.  More specifically, the law requires that they notify the Virginia AG if they discover “unauthorized access and acquisition of unencrypted computerized data containing a taxpayer identification number in combination with the income tax withhold for an individual” if there is compromise to the data and it will cause identity theft or fraud.  This requirement is the first of its kind, and will be effective July 1, 2017.
Read more on Lexology.

The US may not get around to this for a few years.  Say, one Presidential term. 
Jenny David reports:
Companies doing business in Israel will soon face mandatory data security and data breach notification requirements under regulations recently cleared by lawmakers.
The data security and breach notice had been governed by voluntary guidelines issued in 2012 by the country’s privacy regulator, the Israeli Law, Information and Technology Authority (ILITA).  Companies that didn’t implement measures when the voluntary guidelines were issued, including data breach notification, will have difficulty coming into compliance when the new regulations take full effect in 12 months, lawyers said.
Read more on Bloomberg BNA.

Just keeps growing the job market for my Computer Security students.
1.4 Billion Records Compromised in 2016: Report
Nearly 1.4 billion records were compromised in 2016 as a result of roughly 1,800 data breaches, according to Gemalto’s latest Breach Level Index report.
The company said the number of compromised records increased by 86 percent compared to the previous year.  The report also shows that more than 1,000 incidents, or 59 percent of the total, involved theft of identity information, while nearly 30 percent involved financial and account data.
Data collected by Gemalto shows that 68 percent of data breaches were the work of malicious external hackers, while 19 percent of incidents were classified as accidental leaks.  Malicious insiders accounted for 9 percent of breaches.
For a full summary of data breach incidents by industry, source, type and geographic region, download the  2016 Breach Level Index Report
Download the infographic here.

Can we wait for AI to learn on the job? 
It doesn’t take a tremendous amount of training to begin a job as a cashier at McDonald’s.  Even on their first day, most new cashiers are good enough.  And they improve as they serve more customers
   We don’t often think of it, but the same is true of commercial airline pilots.
   The difference between cashiers and pilots in what constitutes “good enough” is based on tolerance for error.  Obviously, our tolerance is much lower for pilots.
   The same is true of machines that learn.
Artificial intelligence (AI) applications are based on generating predictions.  Unlike traditionally programmed computer algorithms, designed to take data and follow a specified path to produce an outcome, machine learning, the most common approach to AI these days, involves algorithms evolving through various learning processes.  A machine is given data, including outcomes, it finds associations, and then, based on those associations, it takes new data it has never seen before and predicts an outcome.

A resource for Privacy, Ethics, and Artificial Intelligence.
European Data Protection Supervisor – New Website
by Sabrina I. Pacifici on Mar 28, 2017
“Our website has undergone quite a makeover!  With new features and drop down menus, we present you our new look website to share information about who we are and what we do.  Read how the EDPS is organised under the About EDPS section; for detailed information on our data protection work, Ethics, IPEN, Big Data and more, go to our Data Protection section.  Look in our Press & Publications section for our newsletter, blog, press releases, press kit and speeches. Happy browsing!”

I’d really like to see a full accounting of this.  As I understand it, employees created fake accounts and got paid for each one.  Then they cancelled the fake accounts, costing Wells Fargo again.  It seems there was no income to match against all this outgo.  Now they have to pay fines and settle lawsuits.  A good auditing department would have been far cheaper. 
Wells Fargo Reaches $110 Million Fake Accounts Settlement
Wells Fargo & Co. reached a $110 million settlement with customers nationwide over claims its employees set up fraudulent accounts to boost their own pay, a deal that moves the bank another step toward closing the books on last year’s scandal.
Revelations that Wells Fargo employees may have opened more than 2 million deposit and credit-card accounts without customers’ permission has prompted sweeping changes at the San Francisco-based lender.  The bank eliminated a system of sales targets that regulators said encouraged workers to create fake accounts.  It also fired or demoted five people who had served as senior managers in the consumer business.
Wells Fargo agreed six months ago to pay $185 million in fines and penalties as part of a settlement with federal regulators and the Los Angeles city attorney’s office.

Broader implications for ISPs? 
   According to the RIAA, Cloudflare should stop offering its services to all MP3Skull websites, arguing that the CDN provider was “in active concert or participation” with the pirates.
Cloudflare disagreed and countered that the DMCA protects it from liability for the copyright infringements of its customers, limiting the scope of anti-piracy injunctions.
   After hearing the arguments from both sides, the court has now ruled against Cloudflare’s DMCA defense, opening the door for an injunction against the CDN provider itself.

Should I assume these are the Brits who did not vote to leave the EU?
Estonia e-residency applications from U.K. surge as Britain prepares to trigger Brexit talks
If there’s a silver lining to the looming start of the contentious Brexit process, it can be found in the Eastern European country of Estonia.
The country, which two years ago launched a program to allow anyone to apply for digital residency, said this week that it has seen a surge of applications from people living in the U.K. over the past several months.  And it’s expecting that pace to accelerate again, with the U.K. government expected on Wednesday to announce it has taken the steps to officially trigger the start of talks for it withdraw from the European Union.

For my Spreadsheet students.
Calculating the right amount of tax is important. It can also be difficult.  With that in mind, I’ve tracked down two Excel tax calculators to ensure you don’t miss a single penny.
I’ve made every effort to ensure these tax calculators work as they should — and they do — but your taxes are your responsibility.  We’re just helping you on the way.

For the toolkit.  Install it on your thumb drive. 
   occasionally you find an app so ordinary that it feels lost among the crowd of shiny new tools.  But give AutoSaver a chance to impress you because it’s all about that everyday productivity.
   AutoSaver automatically saves your work in any file or tool you’re using according to a pre-set interval (minimum is one minute).
There are two other good things about this app:
  • It’s a tiny freeware download of 21 KB.
  • It’s a portable app that you don’t need to install.

This is why Wally is my role model.

No comments: