Tuesday, September 26, 2017

Another attempt to find information for insider trading?
Nick Hopkins reports:
One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal.
Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.
One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.
Read more on The Guardian, and then see Brian Krebs’ report for additional details that dispute some of Deloitte’s statements, perhaps?

Update. When you have lost faith in management ability, offer the pretense of “retirement?” Say what you mean (and we all know you mean), fire the bum!
Equifax CEO retires after data breach
The chief executive officer of Equifax retired from the company after a data breach affecting approximately 143 million people was reported earlier this month.
Equifax’s board announced Richard Smith’s retirement, which is effective Tuesday, in a statement that also appointed an interim CEO.

No security by default? Probably as backwards as it can be!
Catalin Cimpanu reports:
During the past year, there has been a surge in data breach reporting regarding Amazon S3 servers left accessible online, and which were exposing private information from all sorts of companies and their customers.
In almost all cases, the reason was that companies, through their staff, left Amazon S3 “buckets” configured to allow “public” access. This means that anyone with a link to the S3 server could access, view, or download its content.
Read more on BleepingComputer.

It’s pretty simple to determine what was wrong based on the “fixes” management(?) immediately implements. Of course, they may still lack the understanding needed to really protect their data.
The SEC is hiring more cybersecurity help after breach that may have allowed hackers to profit from stock trades
… In the wake of the breach, the SEC is immediately hiring additional personnel to aid in its cybersecurity efforts, Clayton plans to tell the committee. “I also directed the staff to enhance our escalation protocols for cybersecurity incidents in order to enable greater agencywide visibility and understanding of potential cyber vulnerabilities and attacks,” he plans to testify.

It’s hard to be Big Brother. Narrowing the scope and eliminating pesky encryption makes the job far easier.
China Blocks WhatsApp, Broadening Online Censorship
… In mid-July, Chinese censors began blocking video chats and the sending of photographs and other files using WhatsApp, and they stopped many voice chats, as well. But most text messages on the app continued to go through normally. The restrictions on video, audio chats and file sharing were at least temporarily lifted after a few weeks.
WhatsApp now appears to have been broadly disrupted in China, even for text messages, Nadim Kobeissi, an applied cryptographer at Symbolic Software, a Paris-based research start-up, said on Monday. The blocking of WhatsApp text messages suggests that China’s censors may have developed specialized software to interfere with such messages, which rely on an encryption technology that is used by few services other than WhatsApp, he said.
“This is not the typical technical method in which the Chinese government censors something,” Mr. Kobeissi said. He added that his company’s automated monitors had begun detecting disruptions of WhatsApp in China on Wednesday, and that by Monday the blocking efforts were comprehensive.
… The censorship has prompted many in China to switch to communications methods that function smoothly and quickly but that are easily monitored by the Chinese authorities, like the WeChat app of the Chinese internet company Tencent, which is based in Shenzhen.

Is anything that a President of the United States says NOT newsworthy? The least they could do is point to the news President Trump is attempting to distract us from (and succeeding all too often).
Twitter pledges to update public policies after Trump threatens North Korea
Twitter didn’t act to remove President Donald Trump’s tweet threatening North Korea in part because it is newsworthy, the company said today. Twitter says it will update its public guidance on what factors may lead to a tweet being pulled from the platform — or allowed to stay on it — to include a consideration of newsworthiness, as part of an effort to make the rules clearer to users.

Okay, some people are more easily amused than I am.
Paper – Lawyers’ Abuse of Technology
by Sabrina I. Pacifici on Sep 25, 2017
Preston, Cheryl B., Lawyers’ Abuse of Technology (August 11, 2017). Cornell Law Review, Forthcoming; BYU Law Research Paper No. 17-25. Available at SSRN: https://ssrn.com/abstract=3037079
“The Article is a thorough analysis of how the current scheme for regulating lawyers has failed to adapt to technology and why that failure is disastrous. It discusses (1) why technology, electronic communications, and social media require specialized attention in lawyer regulation, (2) what mechanisms can be harnessed to meet this need, and (3) the (sometimes entertaining) ways in which lawyers’ use of emails, tweets, texts, social media, data storage, computerized research, and so forth cross the lines of ethical and professional values. The ABA recently amended the Model Rules to add the following language to the Comment of Rule 1.1: “[A] lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” A few lawyers are still behind in embracing the many technological tools available to assist in their practice. Others are taking full advantage of the benefits of technology – while turning a blind eye to the significant ethical and professionalism risks. In an area where the mistakes are easy to make and the resultant harms can be extensive and severe, lawyers need to be warned and trained; expectations need to be standardized, and those standards enforced. The need for formal guidance on the lines between appropriate and inappropriate electronic behavior is much more acute than the need for training with respect to long recognized practice hazards. As the recent ABA 20/20 Commission’s failures amply illustrate, the ABA cannot be expected to address the risks of technology within any reasonable time. While increasing pressure on the ABA to shore up the Model Rules, bar associations must take action now. One option is formal ethics opinions that a lawyers can research by jurisdiction, if the lawyer is alert enough to ask questions. A better option is a statement of best practices standards adopted by state, local, and practice group bar associations. Some jurisdictions already have professionalism and civility creeds, but almost all of these are devoid of guidance on technology use, as well as fraught with drafting and definitional problems. Standards need to be rewritten to clarify the nuances of technology use and ethics. This Article offers specific language to serve this purpose.”

Why we have so many Criminal Justice majors?
FBI Releases 2016 Report On Crime In The United States
by Sabrina I. Pacifici on Sep 25, 2017
“The Federal Bureau of Investigation today released the 2016 edition of its Crime in the United States (CIUS) report, a part of the FBI’s Uniform Crime Reports (UCR). The report, which covers January-December 2016, reaffirms that the worrying violent crime increase that began in 2015 after many years of decline was not an isolated incident. The violent crime rate increased by 3.4 percent nationwide in 2016, the largest single-year increase in 25 years. The nationwide homicide rate increased by 7.9 percent, for a total increase of more than 20 percent in the nationwide homicide rate since 2014…

It probably won’t help my Spreadsheet class.
The ultimate guide to searching CIA’s declassified archives
by Sabrina I. Pacifici on Sep 25, 2017
“While the Agency deserves credit for compiling a basic guide to searching their FOIA reading room, it still omits information or leaves it spread out across the Agency’s website. In one egregious example, the CIA guide to searching the records lists only three content types that users can search for, a review of the metadata compiled by Data.World reveals an addition ninety content types. This guide will tell you everything you need to know to dive into CREST and start searching like a pro.”

Free is good.
Get Office 365 for free
It's not a trial! Students and teachers are eligible for Office 365 for Education, which includes Word, Excel, PowerPoint, OneNote, and now Microsoft Teams, plus additional classroom tools. All you need to get started is a valid school email address. Get started.

Some free is better than others.
A Tribute to Our Readers
Today and tomorrow, we are offering open access to all of the articles, reports, videos, blogs, and essays we have published on our site. We do this as a show of appreciation for our readers, both old and new, without whom MIT SMR would not exist. There’s over 30 years’ worth of material on the site, so I encourage you to explore!

No comments: