Wells Fargo: There were nearly 70 percent more potentially
fake accounts opened than originally thought
… On Thursday, the
bank said the review of 165 million retail accounts opened from January 2009 to
September 2016 identified 3.5 million as potentially unauthorized. That is up from the 2.1 million accounts
originally identified in a narrower review that only covered 93.5 million
accounts opened from May 2011 to mid-2015.
Didn’t they have backups?
Drew Tripp reports:
Dorchester School District 2
officials say no student or staff member’s identity information was stolen or
compromised in a ransomware attack on the district’s computer network servers
over the summer, but that some files were corrupted and lost, and the district
was forced to pay a ransom to regain access to other data.
In a letter sent to parents and
staff Wednesday, DD2 officials revealed its operating system and database were
left disabled on 25 of the 65 servers for the district’s computer network after
they were infected with a ransomware virus during the summer.
Read more on ABC4.
Just another “Thing” on the Internet of Things.
TheNewsaper.com reports:
The push to connect vehicles to
one another and to the Internet has created a role for federal agencies to
clarify its privacy protection role, the Government Accountability Office (GAO)
concluded in a report released on Monday. The government watchdog agency is worried that vehicles will continue to collect more
and more data while federal standards continue to fall behind, failing
to keep up with the pace of change in the industry.
[…]
GAO researchers contacted the
sixteen automakers responsible for 90 percent of the cars and trucks sold in
the United States and found that thirteen of them offered automobiles that
connected to the Internet. In 2014, GAO
released a report focusing on the privacy of in-car navigation devices (view report), but this
report focused specifically on systems that use a SIM card to connect to
wireless data providers to provide services such as roadside assistance or
automatic crash notification.
Read more on TheNewspaper.com.
A
copy of the report is available in a 3mb PDF file at the source link below.
Source:
Vehicle Data Privacy (Government
Accountability Office, 8/28/2017)
Too busy to follow all the rules? Does that suggest the rules are poorly written
or just time consuming? Do we need the
rules at all?
From HHS, clarification during these difficult times:
In response to Hurricane Harvey, U.S. Department of Health
and Human Services (HHS) Secretary Tom Price, M.D., declared a public health
emergency in Texas and Louisiana and has exercised the authority to waive
sanctions and penalties against a Texas or Louisiana covered hospital that does
not comply with the following provisions of the Health Insurance Portability
and Accountability Act (HIPAA) Privacy Rule:
- The requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care
- The requirement to honor a request to opt out of the facility directory
- The requirement to distribute a notice of privacy practices
- The patient’s right to request privacy restrictions
- The patient’s right to request confidential communications
Other provisions of the Privacy Rule continue to apply,
even during the waiver period.
For more detailed information regarding HIPAA privacy and
disclosures in emergency situations, click
here.
For more detailed information regarding emergency
situation preparedness, planning, and response, click
here.
To utilize the Disclosures for Emergency Preparedness
Decision Tool, click
here.
Making Artificial Intelligence deliberately stupid?
Researchers Poison Machine Learning Engines
The more that artificial intelligence is incorporated into our computer
systems, the more it will be explored by adversaries looking for weaknesses to
exploit. Researchers from New York
University (NYU) have now demonstrated (PDF)
that convolutional neural networks (CNNs) can be backdoored to produce false
but controlled outputs.
Poisoning the machine learning (ML) engines used to detect
malware is relatively simple in concept. ML learns from data. If the data pool is poisoned, then the ML
output is also poisoned -- and cyber criminals are already attempting
to do this.
… CNNs, however, are at a
different level of complexity -- and are used, for example, to recognize and
interpret street signs by autonomous
vehicles.
A shame this is limited to rural areas…
Rural America Is Building Its Own Internet Because No One
Else Will
… About 19 million Americans still don't have access to broadband
internet, which the Federal Communication Commission defines as offering a
minimum of 25 megabits per second download speeds and 3mbps upload speeds. Those who do have broadband access often find
it's too expensive, unreliable, or has prohibitive data caps that make it unusable for modern
needs.
In many cases, it's not financially viable for big
internet service providers like Comcast and CharterSpectrum to expand into
these communities
… Here, a look at
three rural counties, in three different states, demonstrates how country folk
are leading their communities into the digital age the best way they know how:
ingenuity, tenacity, and good old-fashioned hard work.
Amusement for my Ethical hacking students. Nice and secure, except for the override
tool.
The Hotel Room Hacker
… Onity didn’t
patch the security flaw in its millions of vulnerable locks. In fact, no software patch could fix
it. Like so many other hardware
companies that increasingly fill every corner of modern society with tiny
computers, Onity was selling a digital product
without much of a plan to secure its future from hackers. It had no update mechanism for its locks. Every one of the electronic boards inside of
them would need to be replaced. And long
after Brocious’ revelation, Onity announced that it wouldn’t pay for those
replacements, putting the onus on its hotel customers instead. Many of those customers refused to shell out
for the fix—$25 or more per lock depending on the cost of labor—or seemed to
remain blissfully unaware of the problem.
And so instead of Brocious’ research protecting millions
of hotel rooms from larceny-minded hackers, it served up a rare, wide-open
opportunity to criminals.
Something for our Criminal Justice students to dive into?
Bureau of Justice Statistics Arrest Data Analysis Tool
by on
Bureau of Justice Statistics Arrest Data Analysis Tool:
“This dynamic data analysis tool allows you to generate tables and figures of
arrest data from 1980 onward. You can
view national arrest estimates, customized either by age and sex or by age
group and race, for many offenses. This
tool also enables you to view data on local arrests. Select National Estimates or Agency-Level
Counts from the menu above. Use
the Annual Tables to view tables of arrest data broken down by
sex, race, age, or juvenile and adult age groups. Select Trend Tables by Sex or
Trend Tables by Race to create customized tables of long-term
trends. In National Estimates, you can also view figures of
long-term trends by sex or by race and age-arrest curves for many offenses. The underlying data are from the FBI’s Uniform Crime
Reporting (UCR) Program. BJS has
expanded on the FBI’s estimates to provide national arrest estimates detailed
by offense, sex, age, and race. The Methodology
tab describes estimation procedures and the limitations of the arrest data. The Terms & Definitions tab
explains the meaning or use of terms, including the FBI’s offense definitions. You can download output to Excel format. This User’s Guide provides
everything you need to get started.”
No comments:
Post a Comment