Wanna stop WannaCrypt? Don't pay ransoms, backup data, and
train employees
A common refrain: What did they know and when did they
know it?
Via EPIC.org:
In Freedom of Information Act
lawsuit EPIC
v. FBI, EPIC has obtained the FBI notification procedures that would have applied to the
Russian cyberattacks during the 2016 Presidential election. The documents obtained by EPIC establish that
the FBI Cyber Division is to “notify and disseminate meaningful information to
victims and the CND [Computer Network Defense] community.” The Cyber Division specifically notifies the
“individual, organization, or corporation that is the owner or operator of the
computer at the point of compromise or intrusion.” The
analysis to determine whether or not to notify the victim, as well as FBI
procedures for approval or deferral of notification, the timing of
notification, the method of notification, and more were all redacted by the
agency. EPIC intends to
challenge theses withholdings. The FBI’s
response raises questions about whether the agency fulfilled the obligation to
properly notify the victims of the Russian cyberattacks. The Intelligence Community assessed
that both major US political parties were attacked. The FBI also produced notification procedures for threats to life or serious bodily injury,
and certain procedures under the Foreign
Intelligence Surveillance Act. Next
in the case, EPIC anticipates the release, on May 26, of FBI communications
with political organizations and federal agencies concerning the Russian
interference.
Amusing. Makes you
wonder where their lawyers were trained.
(Is there a Trump School of Law?)
Some interesting details in this long post!
On May 3, Kromtech Security’s research team, conducting
routine research, found that confidential and sensitive patient
information was exposed on a misconfigured rsync backup device. As best as they could determine, the data
were from patients of Bronx-Lebanon Hospital Center in New
York City, but the vendor responsible for the backup device was iHealth
Solutions.
As is also their practice, Kromtech downloaded some of the
data for verification and research purposes, then attempted to notify the
entities. Kromtech generally does not go
public with their findings until after they have been able to reach an entity
to ensure that the data are secured.
When Kromtech was not able to reach anyone on May 3
to notify them, they contacted DataBreaches.net to request assistance in trying
to contact the vendor or the hospital. It
took some time – including some frustratingly long calls to the
hospital to try to reach an actual person – but eventually, messages were
left for both the vendor and the hospital that they had a problem requiring
urgent attention.
On May 4, I was gratified to receive several phone calls
confirming that the data had been secured and thanking me for my efforts
to notify them.
It was a brief honeymoon. On May 9, Kromtech published their
report and I published my first
report on the incident without any statement from the hospital or vendor,
neither of whom had provided a promised statement.
Then on May 12, coordinated threat letters arrived via
email from external counsel for both iHealth and Bronx-Lebanon Hospital. DataBreaches.net understands that Kromtech
Security also received similar letters.
Some good, some bad.
What you should know about Twitter’s latest privacy policy
update
When you visit a site that features a tweet button or an
embedded tweet, Twitter is able to recognize that you’re on that site and use
that information to target you with ads. And now it’s going to hang onto that
information for a bit longer but give you more control over it.
Twitter updated its privacy policy
on Wednesday so that it can use the information it collects about people’s
off-Twitter web browsing for up to 30 days, as opposed to the previous 10-day
maximum, according to the
updated document that takes effect on June 18.
… Coinciding with
the update, Twitter has also added
a new section to the settings menu on its site and in its mobile apps that
details the information Twitter uses to target a person with ads and lets that person deselect individual interest
categories and request a list of the companies that use Twitter’s
Tailored Audiences option to target them with ads based on
information like their email address, Twitter handle or whether they visited
the advertiser’s site or used its mobile app.
At the same time Twitter is giving people more control
over how they are targeted, it is removing
support for Do Not Track, which people can use to ask every website
they visit not to track their behavior in order to target them with ads.
What will be “the next big thing?” Here are a couple of possibilities.
The five big announcements from Google I/O
1/ Google Lens
It will be a while before Google Lens is available, but
today it was the centrepiece of the keynote.
The app uses image recognition to identify objects
appearing in your camera lens in real-time. It means you can point a smartphone
at a flower and be told exactly what it is.
Or, and this feature drew a massive cheer here, you can
point it at the sticker on the back of a wifi router - the one containing the
long password you need to enter - and the app
will know it’s a wifi password and automatically connect you to the network
without the need for manual input. [A “must have” for my Ethical Hacking
students! Bob]
Other uses could be pointing it at a restaurant and
getting instant reviews or menus, or even scanning a menu in a different
language, having it translated, and being able to ask “what does that dish look
like?” and be shown a photograph of the meal.
4/ VPS - visual positioning system
Most of us are familiar with GPS - global positioning
system - but that technology can only get you so far. Though terrific for travelling around large
areas outside, GPS has real limitations when you need something more accurate.
Google thinks VPS - visual positioning system - is how to
fill that gap. Using Tango, a 3D
visualisation technology, VPS looks for recognisable objects around you to work
out where you are, with an accuracy of a few centimetres.
A day late and a dollar short? Does this mean taxis will charge like
Uber?
Square Will Replace Meters in Washington Taxis
Washington, D.C., is enlisting Square Inc.’s
help as its taxi commission tries to help the city’s cabbies compete with Uber
drivers. By the end of August, all of
the taxis in Washington have to tear out their traditional meters and start
using smartphones or tablets, in what the city government has been describing
as a complete reimagining of how the cab system works. On Wednesday, the Department of For-Hire
Vehicles is announcing that Square will process the payments going through
those mobile devices.
How to add a few million potential customers in countries where
smartphones are a bottleneck…
Google and Indian e-taxi giant Ola unveil Progressive Web App
that brings native experience to low-end smartphones
Ola, the Uber of
India, has announced a partnership with Google to launch a so-called Progressive
Web App (PWA) designed to open its platform to millions of users who don’t
yet have the latest and greatest smartphones.
… Basically, they
offer many benefits over traditional native apps, including being lightweight
and requiring less data to operate. This
is key in emerging markets where access to affordable mobile internet and
powerful smartphones is limited.
(Related). Keeping the
flow of cheap phones coming?
Apple Is Now Assembling a Low-Cost iPhone in Southern India
Perspective. How do
we make money from this?
Pew – Tech Adoption Climbs Among Older Adults
by Sabrina
I. Pacifici on May 17, 2017
“A record 46 million seniors live in the United States
today, and older Americans – those age 65 and older – now account for 15% of
the overall U.S. population. By 2050,
22% of Americans will be 65 and older, according to U.S. Census Bureau projections.
At the same time America is graying, recent Pew Research Center surveys find
that seniors are also moving towards more digitally connected lives. Around four-in-ten (42%) adults ages 65 and
older now report owning smartphones, up from just 18% in 2013. Internet use and home broadband adoption among
this group have also risen substantially. Today, 67% of seniors use the internet – a
55-percentage-point increase in just under two decades. And for the first time, half of older
Americans now have broadband at home.”
Apparently, not a big deal?
E.U. Fines Facebook $122 Million Over Disclosures in WhatsApp
Deal
Europe’s love affair with Facebook may be coming to an
end.
On Thursday, the European Union’s powerful
antitrust chief fined the social network 110 million euros, or about $122
million, for giving misleading statements during the company’s $19
billion acquisition of the internet messaging service WhatsApp in 2014.
The fine — one of
the largest regulatory penalties against Facebook — comes days after
Dutch and French privacy watchdogs ruled that the company had broken
strict data protection rules. Other
European countries, notably Germany, are
clamping down on social media companies, including issuing potentially
hefty penalties for failing to sufficiently police hate speech and
misinformation.
The European Union’s antitrust
chief, Margrethe Vestager, said that Facebook had told the European Commission, the
executive arm of the European Union, that the social network would not combine
the company’s data with that of WhatsApp, which has more than one billion
users.
Yet last August,
Facebook announced that it would
begin sharing WhatsApp data with the rest of the company. That could
allow it to gain an unfair advantage over rivals, by giving it
access to greater amounts of data to help support its online advertising
business.
… In response,
Facebook said that it had acted in good faith in its deliberations with
Europe’s antitrust officials, and that it would not appeal the financial
penalty.
“The errors we
made in our 2014 filings were not intentional,” Facebook said in a
statement. “The commission has
confirmed that they did not impact the outcome of the merger review.”
Trends are trending!
US Courts – Interactive Database Aids the Study of Judiciary
Trends
by Sabrina
I. Pacifici on May 17, 2017
“A recently enhanced database that houses information
about civil and criminal federal cases dating to 1970 is now available to
researchers and the public on the Federal Judicial Center’s website
as part of a partnership with the Administrative Office of the U.S. Courts. The interactive database contains docket
information from district, appellate, and bankruptcy court filings and
terminations, including plaintiff and defendant names, filing date, termination
date, disposition of the case, type of lawsuit, jurisdiction, and docket
number. It excludes judges’ names as a
preventative measure against judge-shopping by plaintiffs. Use of the
database is free and it allows for multiyear data analyses. Data can be downloaded in annual and
multi-year batches, or users can select their target cases using the database’s
interactive feature. For several decades
it has been a frequent tool for academic researchers studying workload trends
in the federal Judiciary. For example,
it’s been used in the past to examine how plea bargaining and charging outcomes
have changed over time in response to changes in sentencing laws and to analyze
the market impacts of corporate lawsuits involving publicly traded companies. It is also useful as a sort of “shopping list”
for the PACER database, the federal Judiciary’s online service that makes
judicial opinions, motions, pleadings and other actual records of cases
available to the public. Using the
database on the FJC’s site in conjunction with PACER can help users zero in on
the types of records sought, saving unnecessary document downloads. The revamped database adds in some data sets
that were not in earlier versions: civil-case plaintiff and defendant names and
docket numbers. It will also be updated
with recent case information more frequently than in the past.
Tools for geeks?
Google opens Android Instant Apps SDK to all developers
At its I/O 2017 developer conference today, Google
launched the Android
Instant Apps SDK. Now all developers
can write Android Instant Apps, as opposed to just a handful of partners.
For the toolkit.
… Along with
biking directions that take you along the friendliest routes, Google Maps can
display elevation levels, which are pulled from geographical
data. If you are searching for the most
bicycle-friendly routes, take advantage of this information!
… Serious cyclists
don’t mind a hill or two. Because they know that if there’s a tough climb, then
there’s also a pleasant descent. Either
way, give Google Maps a try the next time you decide to push the pedals. There are many bicycling websites and bike apps that can help you find the best bike paths, and Google Maps should be one of
them.
I’m not a big fan either, but this may help me communicate
with my students. Also, Colorado seems
to be mentioned a lot.
The Emoji States of America – a new way to present government
data
by Sabrina
I. Pacifici on May 17, 2017
I admit to not being and emjoi aficionado, so to make up
for this apparent deficit, I offer you The Emoji States of America – via
Axios Visuals Editor Lazaro Gamio:
“This visualization is a modified version
of Chernoff Faces, a technique that maps multiple statistical values to the
features of a face. Because it’s 2017, we expanded on the technique and made
Chernoff Emojis. Each part of the emoji is controlled by the state’s ranking in
a given metric, which range from the uninsured rate to the percent of adults
who report getting enough sleep.”
- Eyebrows: The more furrowed the brow, the lower a state ranks in the unemployment rate. (Worst: New Mexico; best: Colorado)
- Eye size: The larger the eyes in each face, the larger the share of adults over 25 with a bachelor’s degree. (First: Colorado; last: West Virginia)
- Chin: The more noticeable this feature is, the higher this state ranks in obesity rates. (Highest: Louisiana; lowest: Colorado).”
No comments:
Post a Comment