Saturday, February 25, 2017
Clearly, they have no idea.
Yahoo has responded to the letter sent by Republican Senators John Thune, Commerce Committee Chairman, and Jerry Moran, Consumer Protection, Product Safety, Insurance and Data Security Subcommittee Chairman. The letter had been sent because the senators felt they weren’t getting enough cooperation from the firm.
You can read Yahoo’s response here (pdf). See what you think. The firm hasn’t yet identified the intrusion associated with the recently revealed 2013 incident that compromised over one billion accounts. They first learned of that one in November 2016 when law enforcement brought them data.
As readers likely know, Yahoo’s claims about state-sponsored actors has been disputed by InfoArmor, who cite evidence from their investigations and operations on the dark web and who provide a different understanding of the breaches. And while Yahoo did not appear to accept InfoArmor’s findings or claims, the proof is somewhat in the pudding, as it was InfoArmor who subsequently brought evidence of the then-undetected 2013 breach to law enforcement that law enforcement then took to Yahoo. InfoArmor seemed to know much more about their breaches than the firm did.
So why is Yahoo still claiming state actors were involved in their response to Congress? Where is that evidence?
Optimistic or naive? IF you know you are in this database and IF you can find your picture and IF you make a request then that particular picture will be deleted UNLESS it is “necessary for a policing purpose.” (Like the entire database is necessary?)
Alan Travis reports:
The home secretary has ordered police forces to delete on request millions of images of innocent people unlawfully retained on a searchable national police database.
A Home Office review published on Friday found that police forces make extensive use of more than 19m pictures and videos, known as custody images, of people they have arrested or questioned on the police national database.
Despite a high court ruling in 2012 that keeping images of innocent people was unlawful, police forces have quietly continued to build up a massive database without any of the controls or privacy safeguards that apply to police DNA and fingerprint databases.
Read more on The Guardian.
Illogical? Have I lost touch? Are soda sales really such a large percentage of profits for supermarkets?
Industry: Philadelphia soda tax killing sales, layoffs loom
Some Philadelphia supermarkets and beverage distributors say they’re gearing up for layoffs because the city’s new tax on soft drinks has cut beverage sales by 30 percent to 50 percent — worse than the city predicted.
Jeff Brown, who owns six local ShopRite supermarkets, told The Philadelphia Inquirer (http://bit.ly/2loWwJi ) he expects to cut 300 jobs. Bob Brockway, chief operating officer of Canada Dry Delaware Valley, has predicted a 20 percent workforce reduction by March.
… Mayor Jim Kenney pushed through the 1.5 cent-per-ounce tax on sweetened and diet beverages to pay for nearly 2,000 pre-kindergarten slots and other programs. The tax amounts to $1.44 on a six-pack of 16-ounce bottles.
In dismissing reports of forthcoming layoffs, the Democratic mayor told the Inquirer he doesn’t think it’s possible for the industry “to be any greedier.” [How to win friends and influence people? Bob]
Friday, February 24, 2017
An update. Not as widely watched as the Apple iPhone vs. FBI case, because there aren’t as many Alexa devices out there yet?
Amazon Asserts Alexa First Amendment Speech Protection For Echo Speaker In Murder Case
Is Amazon’s Alexa protected under the First Amendment of the United States? As part of an ongoing homicide investigation, Amazon argues that any information contained or recorded by the device is protected under “freedom of speech”. The corporation claims that it is not trying to obstruct the investigation, but protect the privacy rights of its customers.
James Andrew Bates of Bentonville, Arkansas has been accused of drowning his friend Victor Collins in a hot tub back in November 2015
… Bates owned an Amazon Echo and the Bentonville police believe that recordings from the device may provide evidence for the case. Amazon Echo speakers technically only record information after hearing their “wake” word, “Alexa”. The devices, however, continuously listen for a command and therefore could potentially also record background noise.
Amazon has so far provided the police with the suspect’s account information and purchase history, but not with the recordings from the Echo. In December 2016 it stated, “Amazon will not release customer information without a valid and binding legal demand properly served on us. Amazon objects to overbroad or otherwise inappropriate demands as a matter of course.” The Bentonville police subsequently responded with a search warrant. Amazon has now filed a 90-page motion to stop the warrant.
Amazon argued that the recordings would reveal too much about the user and their private life.
… For the time being, the warrant has been tabled. Amazon has requested that if the court decides that they do have a “compelling need” for the Echo recordings, that the court review the requested material first to guarantee that it is relevant to the case.
Sarah Lazare writes:
Law enforcement is compelling Apple and Facebook to hand over the personal information of users who were mass arrested at protests against the inauguration of Donald Trump in Washington, D.C., AlterNet has confirmed. The tech giants appear to be complying with the data-mining requests, amid mounting concerns over the heavy-handed crackdown against the more than 200 people detained on January 20, among them journalists, legal observers and medics.
Read more on AlterNet.
For my Computer Security students and the Ethical Hacking geeks, too.
This What Hackers Think of Your Defenses
Billions of dollars are spent every year on cyber security products; and yet those products continually fail to protect businesses. Thousands of reports analyze breaches and provide reams of data on what happened; but still the picture worsens. A new study takes a different approach; instead of trying to prevent hacking based on what hacking has achieved, it asks real hackers, how do you do it?
The hackers in question are the legal pentesters attending last Summer's DEFCON conference. Seventy were asked about what they do, how they do it, and why they do it -- and the responses are sobering. The resulting report, The Black Report by Nuix, is a fascinating read. It includes sections on the psycho-social origins of cybercrime and a view from law enforcement: but nothing is as valuable as the views from the hackers themselves. These views directly threaten many of the sacred cows of cyber security. They are worth considering: "The only difference between me and a terrorist is a piece of paper [a statement of work] making what I do legal. The attacks, the tools, the methodology; it's all the same."
Another swing of the pendulum?
Orin Kerr writes:
A federal magistrate judge in Chicago has rejected a request by the government for a provision in a search warrant that would authorize agents to compel people present to unlock seized phones using biometric readers. I think the judge was right to reject the provision, although I disagree with substantial parts of the reasoning.
Read more on The Volokh Conspiracy.
Are my Data Management students paying attention? Should this be on your Final Exam?
Social Marketing Grows Up
For an article that lands on the social marketer like a proverbial ton of bricks, check out "What's the Value of a Like?" in the March-April issue of the Harvard Business Review.
"Social media doesn't work the way many marketers think it does. The mere act of endorsing a brand does not affect a customer's behavior or lead to increased purchasing, nor does it spur purchasing by friends," concluded authors Leslie K. John, Daniel Mochon, Oliver Emrich, and Janet Schwartz in their report on four years of experiments, 23 in all, that engaged 18,000 people.
If that's all you read, you might believe that everything we've thought and acted upon involving social media marketing was wrong. However, it's not -- though the research clearly signals that we have to adjust our thinking.
Dakota Access developer ‘underestimated’ social media opposition
The chief executive of the company developing the Dakota Access pipeline said he “underestimated the power of social media” in the wake of massive protests agains the project.
On a call with investors on Thursday, Energy Transfer Partners CEO Kelcy Warren said he was surprised by the way Dakota Access opponents could share stories about the project online and “get away with it,” Bloomberg reports.
“There was no way we can defend ourselves,” Warren said, according to the report. “That was a mistake on my part.”
Perhaps we should send it to all our elected officials.
Nuts and Bolts of Encryption: A Primer for Policymakers
Nuts and Bolts of Encryption: A Primer for Policymakers, Edward W. Felten, Center for Information Technology Policy. Department of Computer Science, Woodrow Wilson School of Public and International Affairs, Princeton University, version of February 20, 2017. An up-to-date version of this paper will be available at https://www.cs.princeton.edu/~felten/encryptionprimer.pdf
“This paper offers a straight forward introduction to encryption, as it is implemented in modern systems, at a level of detail suitable for policy discussions. No prior background on encryption or data security is assumed. Encryption is used in two main scenarios. Encrypted storage allows information to be stored on a device, with encryption protecting the data should a malicious party get access to the device. Encrypted communication allows information to be transmitted from one party to another party, often across a network, with encryption protecting the data should a malicious party get access to the data while it is in transit. Encryption is used somewhat differently in these two scenarios, so it makes sense to present them separately. We’ll discuss encrypted storage first, because it is simpler. We emphasize that the approaches described here are not detailed description s of any particular existing system, but rather generic descriptions of how state-of-the-art systems typically operate. Specific products and standards fill in the details differently, but they are roughly similar at the level of detail given here.”
I’ve been out of this too long to have a good read on North Korea, but these events are what we used to call “significant.” Is North Korea coming apart at last?
North Korea Condemns Lone Ally China Publicly for ‘First Time’
North Korea is not a country with a lot of allies.
So when its state-run news agency appeared to lash out at key supporter China — alleging it was "dancing to the tune of the U.S." — it raised eyebrows.
(Related). Is the BBC suggesting it was not Kim Jong Un? (Technically, using VX is the same as using nuclear weapons.)
Kim Jong-nam: Who in North Korea could organise a VX murder?
For my Math students, if they are not too trivial.
Nudge - Interactive Algebra Lessons on iPads and Android Tablets
Nudge is a free iPad and Android app that provides students with interactive, on-demand algebra tutorials. The free app provides students with practice problems that they attempt to solve on their iPads or Android devices. When they get stuck on a problem students can ask for hint or for a demonstration of how to solve the problem. In addition to showing students hints and demonstrations, Nudge will show them where they made their mistakes in solving a problem.
I think I can print a wall sized version of this.
New Yorker magazine goes Russian with cover skewering Trump and Putin
… Mouly also notes that this issue features a sizeable investigation into the two presidents' ties, with the subtitle, "Trump, Putin, and the new Cold War."
Thursday, February 23, 2017
A follow-up to yesterday’s first article. Fortunately, Brian Krebs didn’t let them get away with that.
How to Bury a Major Breach Notification
Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation’s largest companies. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure. This post is an attempt to remedy that.
Something to keep my Computer Security students busy.
Netflix Releases Open Source Security Tool "Stethoscope"
Netflix this week released Stethoscope, an open source web application that gives users specific recommendations for securing their computers, smartphones and tablets.
Stethoscope was developed by Netflix as part of its “user focused security” approach, which is based on the theory that it is better to provide employees actionable information and low-friction tools, rather than relying on heavy-handed policy enforcement.
Netflix believes employees are more productive when they don’t have to deal with too many rules and processes.
… The Stethoscope source code, along with instructions for installation and configuration, are available on GitHub.
Consider this: Self-driving cars will be more “software complex” than the cars in this article.
Technology Hangups Drive Car-Durability Complaints
… In its annual Vehicle Dependability Study, J.D. Power & Associates saw the average number of problems increase for the second year in a row, with the audio, communication, entertainment and navigation issues being the most commonly reported.
I wonder which parts of town they are surveilling?
GE, Intel, AT&T team up to put cameras, mics in San Diego
General Electric will put cameras, microphones and sensors on 3,200 street lights in San Diego this year, marking the first large-scale use of "smart city" tools GE says can help monitor traffic and pinpoint crime, but raising potential privacy concerns.
Based on technology from GE's Current division, Intel Corp and AT&T Inc, the system will use sensing nodes on light poles to locate gunshots, estimate crowd sizes, check vehicle speeds and other tasks, GE and the city said on Wednesday. The city will provide the data to entrepreneurs and students to develop applications.
Companies expect a growing market for such systems as cities seek better data to plan and run their operations. San Diego is a test of "internet of things" technology that GE Current provides for commercial buildings and industrial sites.
… A 2014 estimate by Frost & Sullivan predicted the market for cities could be valued at $1.5 trillion by 2020, she said.
Why is this a bad thing? Should the NSA not use tools that analyze Big Data?
… Palantir has never masked its ambitions, in particular the desire to sell its services to the U.S. government — the CIA itself was an early investor in the startup through In-Q-Tel, the agency’s venture capital branch.
… Palantir Gotham (formerly Palantir Government) is designed for the needs of intelligence, law enforcement, and homeland security customers. Gotham works by importing large reams of “structured” data (like spreadsheets) and “unstructured” data (like images) into one centralized database, where all of the information can be visualized and analyzed in one workspace. For example, a 2010 demo showed how Palantir Government could be used to chart the flow of weapons throughout the Middle East by importing disparate data sources like equipment lot numbers, manufacturer data, and the locations of Hezbollah training camps. Palantir’s chief appeal is that it’s not designed to do any single thing in particular, but is flexible and powerful enough to accommodate the requirements of any organization that needs to process large amounts of both personal and abstract data.
Interesting change in approach. Cheapest is not always bestest?
Federal IT Acquisition Worth $50B Cleared for Takeoff
… Under the "lowest price technically acceptable" (LPTA) method, agencies focused provider selections on cost, as long as the vendor displayed a minimum technical competency.
GSA specifically ruled out the LPTA method with Alliant 2. Instead, GSA appeared to flip the LPTA concept around and instead focused on vendor quality with a selection criteria based on "highest technically rated, with fair and reasonable price."
What that means is that under Alliant 2, GSA first will rank vendors using a quality rating scale for various categories of IT and organizational competency. Then, after developing a list of qualified vendors, GSA will assess whether the prices are fair and reasonable.
I may have my students design a LEGO datacenter.
… Building LEGO in the real world is great, but it can be a pain if you don’t have the right bricks to realize your imagination. Enter LEGO Digital Designer, an entirely free and official tool that allows you to build virtual LEGO creations. You select bricks from the vast sets and can build whatever your heart desires. You can stack, align, rotate and color the bricks, giving you almost endless options.
Wednesday, February 22, 2017
Think about this one, Computer Security students. Why can’t they identify (or at least communicate with) people who purchased their analyzer?
Serious Breach Linked to Chinese APTs Comes to Light
A report published earlier this month by RSA describes Kingslayer, a supply chain attack that apparently targeted system administrators in some large organizations. The attackers breached the systems of a company that offers event log analyzers and replaced a legitimate application and its updates with a backdoored version.
… While it’s unclear exactly how many organizations downloaded the backdoored software in the April 9-25 timeframe, RSA said the portal that hosted it had numerous subscribers, including four major telecoms providers, over ten western military organizations, more than two dozen Fortune 500 companies, five major defense contractors, and tens of IT solutions providers, government organizations, banks and universities.
While RSA has not named the company whose systems were compromised, investigative journalist Brian Krebs determined that it was Canada-based Altair Technologies Ltd.
… The EventID.Net website hosted EvLog, the software hijacked by the attackers. A notice posted on the site on June 2016 provides some details on the incident and recommendations for potentially affected users.
However, as Krebs pointed out, the advisory does not appear to have been shared on social media and there was no link to it from anywhere on the site – a link was added this week after the journalist contacted Altair Technologies. The company told Krebs it had no way of knowing who downloaded the software so potential victims were not notified directly either.
Stealing data is easy!
Before fighting everyone in the room to plug your smartphone into the communal charger: please don’t.
Or at least, beware.
Coffee shops, airports and almost every other kind of public meeting space have become regular safe havens whenever we’re desperate for that extra juice. But with the ubiquity of USB ports built into today’s phone chargers, this flow of “juice” isn’t just power anymore – it’s data. Important data.
All it takes is one easily disguised charging kiosk, or even a power strip, for hackers to hijack your charge, and once you’re juice-jacked, there’s little that can be done to stop it; from installing malware onto your device, to sucking out personal messages, photos and information – all for the simple cost of offering sweet-relief and a fully-powered phone.
Listen to the show on SCPR.org.
Acquiring personal information is even easier.
The Facebook Algorithm Is Watching You
You can tell a lot about a person from how they react to something.
That’s why Facebook’s various “Like” buttons are so powerful. Clicking a reaction icon isn’t just a way to register an emotional response, it’s also a way for Facebook to refine its sense of who you are. So when you “Love” a photo of a friend’s baby, and click “Angry” on an article about the New England Patriots winning the Super Bowl, you’re training Facebook to see you a certain way: You are a person who seems to love babies and hate Tom Brady.
About time. Note that apparently, there was nothing illegal here, it was ‘just’ unethical. No way to recover any money (from bonuses already paid).
Wells Fargo Fires Four Senior Managers Amid Phony Account Scandal Investigation
… Wells Fargo announced Tuesday that it has terminated four current or former senior managers from the community banking division based on the bank's board of directors' investigation into the phony account scandal.
… All four individuals have been terminated for cause by a unanimous vote by the board of directors. None will receive a bonus for 2016, Wells said, and they will forfeit all of their unvested equity awards and vested outstanding options.
… Consumers have exacted their own sort of punishment on the bank: account openings in October, the first full month of results after news of the account scandal broke, plunged 44%. Account openings in November fell 41% and, in a banking activity report released last week, Wells said that account openings in December fell 31% compared to the prior year.
Interesting but futile? “If we can’t operate under these rule, we’ll re-write them!”
I still worry that I will have to have a (several?) smartphones or social media accounts to get back in the country. Currently, I have neither.
A Stand Against Invasive Phone Searches at the U.S. Border
… Senator Ron Wyden, a Democrat from Oregon, has a few questions about that legal authority. He sent a letter to the secretary of the Department of Homeland Security on Monday, expressing dismay at reports that people were being asked to unlock and hand over their smartphones at the border. He also said he’s planning on introducing a bill to require agents to get a warrant before searching a device, and to prevent DHS from implementing a new policy that would require foreign visitors to turn over their online passcodes before visiting the U.S.
… Wyden asked DHS Secretary John Kelly for detailed statistics on the number of times customs agents asked for or demanded a smartphone or computer password in the past five years as well as since Trump took office in January. He also asked how Customs and Border Protection, or CBP, justifies these searches legally, focusing specifically on the Fifth Amendment, which protects people from testifying against themselves. (I’ve written before how the Fifth Amendment prevents law enforcement from demanding that someone give up a password—and how it may not apply to devices that are unlocked via fingerprint, iris scans, or speech patterns.)
… The senator also took aim at a proposal that Kelly put forward in front of the House Homeland Security Committee two weeks ago. He suggested that visitors may be required to turn over passwords to their social-media accounts or risk being denied entry. The idea alarmed privacy advocates, who say such a rule would give CBP agents an overly broad look into travelers’ digital lives.
Issuing a blanket approval for social-media searches at the border could run into thorny legal issues, too. To get a subject’s personal information from a company like Facebook, Google, or Apple, law enforcement must first obtain a subpoena or a search warrant, which it can then use to ask the company to turn over relevant data. Getting social media passwords straight from a traveler would end-run this system.
Another phone search restriction.
Orin Kerr writes:
If a police agency gets a search warrant and seizes a target’s iPhone, can the agency share a copy of all of the phone’s data with other government agencies in the spirit of “collaborative law enforcement among different agencies”? Not without the Fourth Amendment coming into play, a federal court ruled last week in United States v. Hulscher, 2017 WL 657436 (D.S.D. February 17, 2017).
Read more on The Volokh Conspiracy.
Fast managers, not just fast computers.
AI and the Need for Speed
Artificial intelligence (AI) holds substantial promise for organizations to reduce costs and increase quality, but how AI affects organizations’ use of and relationship to time — in reacting, managing, and learning — may be the most jarring.
Another interesting move. Why start in India? A deal with Modi? Need for workers in the smartphone factories?
LinkedIn will help people in India train for semi-skilled jobs
Microsoft has launched Project Sangam, a cloud service integrated with LinkedIn that will help train and generate employment for middle and low-skilled workers.
The professional network that was acquired by Microsoft in December has been generally associated with educated urban professionals, but the company is now planning to extend its reach to semi-skilled people in India.
Having connected white-collared professionals around the world with the right job opportunities and training through LinkedIn Learning, the platform is now developing a new set of products that extends this service to low- and semi-skilled workers, said Microsoft CEO Satya Nadella at an event on digital transformation in Mumbai on Wednesday.
Project Sangam, which is in private preview, is “the first project that is now the coming together of LinkedIn and Microsoft, where we are building this cloud service with deep integration with LinkedIn, so that we can start tackling that enormous challenge in front of us of how to provide every person in India the opportunity to skill themselves for the jobs that are going to be available.”
Will retail banks be replaced by social media?
Bank Accounts for the Unbanked: Evidence from a Big Bang Experiment
Chopra, Yakshup and Prabhala, Nagpurnanand and Tantri, Prasanna L., Bank Accounts for the Unbanked: Evidence from a Big Bang Experiment (February 12, 2017). Available at SSRN: https://ssrn.com/abstract=2919091
“Over 2.5 billion individuals around the world are unbanked. How they can be brought into the formal financial system is a question of policy and academic interest. We provide evidence on this question from India’s PMJDY program, a “big bang” shock that supplied bank accounts to virtually all of its 260 million unbanked. We analyze activity in the new PMJDY accounts using actual transaction data in the accounts. While the newly included individuals are typically poor, unfamiliar with banking, and do not undergo literacy or other training, transaction levels nevertheless increase as accounts age and converge or exceed levels in non-PMJDY accounts of similar vintage. Usage is led by active transactions and is aided but not entirely explained by benefit transfer programs. The results suggest that the unbanked have unmet (possibly latent) demand for banking, or that the supply of banking perhaps stimulates its own demand.”
TransferWise launches Facebook Messenger bot for easy global money transfers
There’s no App for that? Will the first App to check IDs make the author a fortune? Or does the law say it must be a “person?”
Amazon plans to sell beer and wine at its new high-tech convenience store
… “When we start offering beer and wine, there will be an associate checking identification,” an Amazon spokesperson wrote in an email.
I’m going to be watching this one. How could they steal so much without detection?
Switzerland's ABB hit by $100 million South Korean fraud
Swiss engineering group ABB revealed the discovery of what it called a "sophisticated criminal scheme" in its South Korean subsidiary on Wednesday, which it expects will result in a $100 million pre-tax charge.
… The Swiss company said the alleged theft was limited to South Korea, where it employs around 800 people and generated sales of $525 million in 2015. [And this guy stole 20% of everything they sold? Bob]
"The treasurer of the South Korean unit is suspected of forging documentation and colluding with third parties to steal from the company," ABB said.
A “little” change, but a big investment. How do they “Deliver?” Fly over and just drop the package? Fly onto your porch and set it in full view of package thieves? Open the garage door and set it on your work bench?
UPS tests show delivery drones still need work
… The logistics juggernaut specifically launched an octocopter, or multi-rotor drone, from the top of a delivery van. The drone delivered a package directly to a home, then returned to the van which had now moved down the road to a new location.
… The truck for the test was custom-built to be able to launch the HorseFly drone from its roof, then grab it upon its return with robotic arms. A cage suspended beneath the drone extends through a hatch in the truck, where the drone can be lowered down and loaded up with another package. While docked, the drone recharges through a physical connection between its arms and the truck’s electric battery.
Not even as an historical collection? If I faced or used these weapons, shouldn’t I be allowed to show others what they can do? Am I limited to guns labeled “Not for military use?”
Appeals court rules banned assault weapons are designed to kill or disable enemy on battlefield
Slate – Appeals Court Rules that Second Amendment Doesn’t Protect Right to Assault Weapons: “On Tuesday [February 21, 2017] , the U.S. Court of Appeals for the 4th Circuit ruled that the Second Amendment doesn’t protect assault weapons—an extraordinary decision keenly attuned to the brutal havoc these firearms can wreak. Issued by the court sitting en banc, Tuesday’s decision reversed a previous ruling in which a panel of judges had struck down Maryland’s ban on assault weapons and detachable large capacity magazines. Today’s ruling is a remarkable victory for gun safety advocates and a serious setback for gun proponents who believe the Second Amendment exempts weapons of war from regulation…”
Something all my students should read. In particular, those who think our writing center won’t help them.
… this is the story of how a group of bank examiners at the Federal Reserve Bank of Philadelphia, one of 12 banks in the U.S.’s Federal Reserve System, dramatically improved the clarity and impact of their written reports.
Tools for school?
Tools for home?
Tuesday, February 21, 2017
Interesting new malware. Is it Russian?
Dan Goodin reports:
Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including critical infrastructure, news media, and scientific research.
The operation uses malware to capture audio recordings of conversations, screen shots, documents, and passwords, according to a blog post published last week by security firm CyberX. Targets are initially infected using malicious Microsoft Word documents sent in phishing e-mails. Once compromised, infected machines upload the pilfered audio and data to Dropbox, where it’s retrieved by the attackers.
Read more on Ars Technica.
Would you believe none of these things were required before the Department of Financial Services thought them up?
New York financial firms will have to implement cybersecurity programs
… “These strong, first-in-the-nation protections will help ensure this industry has the necessary safeguards in place in order to protect themselves and the New Yorkers they serve from the serious economic harm caused by these devastating cyber crimes,” New York Gov. Andrew M. Cuomo said in a news release.
The state's move comes as the Federal Reserve and Federal Deposit Insurance Corp. are seeking suggestions and comments for potential cybersecurity requirements for U.S. banks.
Requirements under the new regulation include:
- a cybersecurity program based on a risk assessment of each regulated firm;
- a written cybersecurity policy approved by each firm's senior officer or board of directors;
- a chief information security officer appointed by each firm;
- annual testing of cybersecurity systems and biannual system vulnerability assessments;
- an audit trail for all cyber activity;
- multifactor or risk-based authentication procedures for all system users' access; and
- secure processes for data disposal.
The New York DFS cybersecurity regulation is available on the department's website.
For my Data management students.
At Kroger, Technology Is Changing the Grocery-Store Shopping Experience
… For a glimpse of how technology can affect shopping, consider Kroger Co., whose 2,778 stores make it the largest supermarket chain in the U.S. Kroger has deployed cameras and infrared sensors to monitor foot traffic, and is using data algorithms to help schedule cashiers in real time. Its mobile app can analyze shopping habits and produce relevant digital coupons. Kroger’s latest move: testing sensor-laden interactive shelves that detect shoppers in the aisles via their smartphones to offer them personal pricing and product suggestions as they walk along.
… In an interview, Mr. Hjelm discussed the imperative to make store shopping more like online shopping—cutting wait times and creating a more interactive experience—with technology such as the Internet of Things, data analytics and video. Edited excerpts follow:
Interesting. Should my rates drop because I don’t have a smartphone? Is the assumption that everyone has one?
Smartphone addicts driving car insurance rates higher
Distracted by their smartphones, America’s drivers are becoming more dangerous by the day. And as The Wall Street Journal reports, their behavior is pushing auto-insurance rates even higher as insurers struggle to keep up.
Costs associated with crashes are outpacing premium increases for some companies, and insurers say the use of smartphones to talk, text and access the internet while on the road is a new and important factor behind the wrecks.
Apparently, there is money in moving money.
TransferWise launches international money transfers via Facebook
Money transfer company TransferWise has launched a new service that allows users to send money internationally through Facebook Inc's chat application, as competition in the digital payments landscape intensifies.
The London-based startup said on Tuesday that it had developed a Facebook Messenger "chatbot", or an automated program that can help users communicate with businesses and carry out tasks such as online purchases.
Alibaba’s Ant Financial Will Invest $200 Million in This Korean Payment Firm
China's Ant Financial will invest $200 million in Kakao Pay, the mobile payment subsidiary of South Korean messaging platform giant Kakao Corp, extending a major push by the Chinese firm to create a global network of financial assets.
… The firm, the payment affiliate of Chinese e-commerce giant Alibaba Group Holding, announced an $880 million deal for U.S. money-transfer firm MoneyGram International last month.
… "Ant's ultimate goal is to become a global payments monster—the biggest, broadest option for consumers," said Ben Cavender, Shanghai-based principle for China Market Research.
"The challenge is facing strong local players around the world, so it's cheaper to buy into these companies rather than burning money to steal market share from them."
Another large investment area…
Spending spree: Samsung rumored to have $1 billion put aside to buy AI companies
… The massive sum won’t only be used for acquisitions, but also to invest in companies involved in AI. Although there’s no question a billion dollars will buy you plenty of talent and tech, it’s still only a fraction of the $8 billion Samsung recently spent acquiring Harman International. However, while the two may not initially seem connected — Harman is best known for its in-car infotainment systems and other audio/visual equipment — it has divisions hard at work on AI projects, smart cities, and voice control. These are all key applications for AI and machine learning technology.
Monday, February 20, 2017
Perspective. Big data is really big!
Chris Spannos writes:
Widely used metaphors for understanding today’s mass surveillance — such as references to Nazi Germany, the Stasi or George Orwell’s Big Brother — run the risk of distracting attention from the horrors and crimes of past totalitarian regimes. But as measures against present abuses of power, like the fact that the NSA can collect 5 billion cell phone records per day, such comparisons can offer important insight. The Germany-based OpenDataCity compared the volume of records that the Stasi stored to the NSA’s capacity to store data. They determined that Stasi files would fill 48,000 filing cabinets, while just a single NSA server would fill 42 trillion filing cabinets. The organization concludes that the NSA can capture 1 billion times more data than the Stasi could.
Read more on TruthOut.org.
I’ll ask my Indian students what they think.
From the how-shortsighted-can-they-be dept.:
Daniel Stacy reports:
India is leapfrogging into the digital future by offering the world’s largest biometric-identity database for use by tech firms, health-care providers and novice app developers—an opportunity that excites fans of cyber transactions but worries privacy advocates.
The Indian government has gathered digital-identification records, including fingerprint impressions and eye scans, of nearly all of its 1.2 billion citizens. Now a government-backed initiative known as “India Stack” aims to standardize ways to exchange the data digitally to facilitate the transfer of signatures and official documents that citizens need to get jobs, make financial transactions or access government services.
By allowing developers to incorporate use of government identification records in their commercial websites and apps, the initiative envisions Indians—with mobile phones in hand—using iris and fingerprint scans to sign up for insurance, invest in mutual funds, receive health-care subsidies and verify their identity for school examinations.
Read more on WSJ.
So they’re allowing just anyone to get access to the production database or to get the real data? No test database for development purposes? And where are the background/security checks on the businesses/individuals to whom they’re granting access to real data?
WSJ’s headline for the story was “India Begins Building on Its Citizens’ Biometrics.” I changed it to, “India Begins Exposing Its Citizens’ Biometrics to Just Anybody.”
What could possibly go wrong?
Barbie Is Now A Hologram And Can Help With Dental Hygiene
Toys and technology have always blended well together, and now, one of the biggest toy classics has ascended to the next level of entertainment. Barbie, the epitome of girly fun and fashion, has been upgraded to a hologram. Not only is it incredibly fun to play with since it can answer questions from children, it can even function as a decent smart assistant.
Called Hello Barbie, Mattel unveiled their newest offering during the New York Toy Fair, Wired reports. The hologram is contained inside a glass box, where the image is projected in a 3D state. It responds to voice commands as well, which anyone who has ever used Amazon’s Alexa or Google Home will already be familiar with.
It can do things like tell the weather and answer questions, along with giving reminders such as telling kids when to brush their teeth. To wake her up, users must say “Hello Barbie,” which will make her appear. Once she’s out, users will be able to change her appearance, make it stay lit at night, or dance and sing.
Is the ‘right to lie about my age’ similar to the ‘right to be forgotten?’
Nicholas Iovino reports:
A federal judge warned California on Thursday that continuing to defend a seemingly unconstitutional law that restricts the publication of actors’ ages will likely divert more taxpayer dollars to the Internet Movie Database’s attorneys.
“I used to be a lawyer for the government, and I defended a number of laws that were very challenging to defend,” U.S. District Judge Vince Chhabria told a California deputy attorney general at a hearing on Thursday. “I’m trying to remember if I defended a law as challenging to defend as the one you’re defending now.”
Chhabria was referring to AB 1687, a state law passed in September that requires “commercial online entertainment service providers” like the movie industry website IMDb to take down actors’ ages upon request.
Read more on Courthouse News.
New tools my Forensics students need to understand? Possible applications for Marketing?
Left finds new online tools to fight Trump
… Organizers of high-profile events, including the demonstrations against the Dakota Access Pipeline and the record-setting Women's March on Inauguration weekend, are using a new platform from the nonprofit group The Action Network to improve communications with members and organize on the fly.
Another new digital tool is Hustle, a growing mass-texting app, that lets groups better communicate directly with supporters on the ground.
… The Action Network's website offers organizers tools including the ability to send mass emails, promote digital petitions, and encourage letter writing campaigns from a central hub. Organizers can also organize events, track RSVPs and sell tickets.
… Hustle CEO Roddy Lindsay said the app lets organizers maintain “dozens, hundreds or even thousands” of conversations with those interested in their issues.
Hustle CEO Roddy Lindsay said the app lets organizers maintain “dozens, hundreds or even thousands” of conversations with those interested in their issues.
For Generation Z, ‘Live Chilling’ Replaces Hanging Out in Person
Almost every day when they get home from school, Gracie, age 16, and Sarah, age 14, open the app Houseparty , where they can video chat with to up to seven of their friends at once. The sisters, who live in Danville, Calif., use it to socialize and collaborate on homework, for 15 minutes to an hour. When they first open it they may be chatting with just one friend, but everyone they’re connected to on Houseparty gets a push alert that they’re “in the house,” and, soon enough, the room fills up. It might even spill over into other rooms, growing organically, just like a real house party.
Teens have been hanging out online for 20 years, but in 2017 they’re doing it on group video chat apps, in a way that feels like the real thing, not just a poor substitute. Ranging in age from adolescents to their early 20s—the group loosely defined as “Generation Z” —these young people are leaving the apps open, in order to hang out casually with peers in a trend some call “live chilling.”
This phenomenon is made possible by the sudden ubiquity of video chat, in messaging apps such as Kik and Facebook Messenger , as well as stand-alone apps including Houseparty, Fam, Tribe, Airtime and ooVoo.
Hang tough, Kim. Don’t let a bunch of unanimous decisions get you worried.
New Zealand court: Megaupload’s Kim Dotcom can be extradited to U.S. over fraud charges
A New Zealand court ruled on Monday that internet entrepreneur Kim Dotcom could be extradited to the United States to face charges relating to his Megaupload website, which was shutdown in 2012 following an FBI-ordered raid on his Auckland mansion.
The Auckland High Court upheld the decision by a lower court in 2015 on 13 counts, including allegations of conspiracy to commit racketeering, copyright infringement, money laundering and wire fraud, although it described that decision as “flawed” in several areas.
Dotcom’s lawyer Ron Mansfield said in a statement the decision was “extremely disappointing” and that Dotcom would appeal to New Zealand’s Court of Appeal.
… High Court judge Murray Gilbert said that there was no crime for copyright in New Zealand law that would justify extradition but that the Megaupload-founder could be sent to the United States to face allegations of fraud.
Something for all my students?
Keeping up with the White house.
Donald Trump nominations list – New White House administration
Washington Post Graphics – Tracking these 662 executive branch appointments through the nomination process.
Keeping up with DHS.
WaPo – Memos signed by DHS secretary describe sweeping new guidelines for deporting illegal immigrants
David Nakamura, The Washington Post – “Homeland Security Secretary John Kelly has signed sweeping new guidelines that empower federal authorities to more aggressively detain and deport illegal immigrants inside the United States and at the border. In a pair of memos, Kelly offered more detail on plans for the agency to hire thousands of additional enforcement agents, expand the pool of immigrants who are prioritized for removal, speed up deportation hearings and enlist local law enforcement to help make arrests. The new directives would supersede nearly all of those issued under previous administrations, Kelly said, including measures from President Barack Obama aimed at focusing deportations exclusively on hardened criminals and those with terrorist ties.
I learned something new! Hitler’s dial telephone surprised me. But the first patent for a dial phone was issued in the 1890’s.
Telephone owned by Adolf Hitler sells for $243,000