It’s never “if,” it’s always “when.”
Security
flaws put virtually all phones, computers at risk
Security researchers on Wednesday disclosed a
set of security flaws that they said could let hackers steal
sensitive information from nearly every modern computing device
containing chips from Intel Corp, Advanced Micro Devices Inc and ARM
Holdings.
… Intel and ARM insisted that the issue was
not a design flaw, but it will require users to download a patch and
update their operating system to fix.
… The first, called Meltdown, affects Intel
chips and lets hackers bypass the hardware barrier between
applications run by users and the computer’s memory, potentially
letting hackers read a computer’s memory and steal passwords. The
second, called Spectre, affects chips from Intel, AMD and ARM and
lets hackers potentially trick otherwise error-free applications into
giving up secret information.
[More details: https://meltdownattack.com/
Governments don’t do IT well. (I may have said
that a few times.)
India's
National ID Database With Private Information Of Nearly 1.2 Billion
People Was Reportedly Breached
… The Tribune, a local Indian newspaper,
published a
report claiming its reporters paid Rs. 500 (approximately $8) to
a person who said his name was Anil Kumar, and who they contacted
through WhatsApp. Kumar was able to create a username and password
that gave them access to the demographic information of nearly 1.2
billion Indians who have currently enrolled in Aadhaar, simply by
entering a person’s unique 12-digit Aadhaar number. Regional
officers working with the Unique Identification Authority of India
(UIDAI), the government agency responsible for Aadhaar, told the
Tribune the access was “illegal,” and a “major national
security breach.”
A second
report, published on Thursday by the Quint, an Indian news
website, revealed that anyone
can create an administrator account that lets them access the Aadhaar
database as long as they’re invited by an existing administrator.
[Think: Hackers
inviting hackers. Bob]
(See the comment above.)
If you were part of a Department of Homeland
Security Office of the Inspector General investigation at some time
between 2002 through 2014, DHS wants you to know that you may be a
breach victim. Unfortunately, due
to “technological” issues, it seems that DHS can’t directly
contact you to alert you, so read on…..
A few more details have emerged in the matter of a
breach involving the Department of Homeland Security. The
breach, which involved the May discovery of an unauthorized copy of
DHS’s investigative case management system in the possession of a
former DHS OIG employee, was first reported in November by USA
Today.
Joseph Marks reports
that the Inspector General has now confirmed that the breach affected
more approximately 247,167 DHS employees, but DHS has now also
revealed that the breach impacted non-employees who contacted or
interacted with the department: “individuals (i.e., subjects,
witnesses, and complainants) associated with DHS OIG investigations
from 2002 through 2014 (the “Investigative Data”).”
DHS’s statement
can be found on their site. Of note, DHS writes:
The privacy incident did not stem from a cyber-attack by external actors, and the evidence indicates that affected individual’s personal information was not the primary target of the unauthorized exfiltration.
Affected individuals are being offered 18 months
of free credit monitoring and identity protection services.
But of course, there are lots of raised eyebrows
that the agency responsible for protecting our homeland from
terrorist attacks and the like had an insider breach that went
unprevented and undetected until May of this year. In
response to the incident, DHS notes:
The Department of Homeland Security takes very seriously the obligation to serve the Department’s employees and is committed to protecting the information in which they are entrusted. Please be assured that we will make every effort to ensure this does not happen again. DHS is implementing additional security precautions to limit which individuals have access to this information and will better identify unusual access patterns. We will continue to review our systems and practices in order to better secure data. DHS OIG has also implemented a number of security precautions to further secure the DHS OIG network.
Will their changes also enable them to identify
and notify any non-employees who might get caught up in any future
breaches? Shouldn’t the agency have some way of doing that unless
someone was a confidential witness who did not provide their real
details in dealing with the agency – or something like that?
The Security implications are clear, but there are
also significant Data Management challenges. Hint: Every
Presidential Tweet is an “Official Record.”
White House
bans personal cellphones from the West Wing
The White House on Thursday banned the use of
personal cellphones and other personal devices from the West Wing,
citing security concerns.
...Officials said the decision was made because
too many devices were connected to the White House network,
and because personal devices are not as secure.
The White House said staffers will still be able
to use their government-issued devices.
But some staffers
are worried that it will be harder for them to reach family and
friends when they need to at work.
An article for my Data Management class. What to
do with the data you have.
In the age of rapid advances in data science and
artificial intelligence, many organizations still struggle to
incorporate advanced analytics capabilities into their business
models. True incorporation requires bold decisions about
reorganizing the business to make analytics a key component of
strategy. Here we present the case of Grupo Financiero Banorte
(GFNorte), a large Mexican financial group, where the analytics
transformation has been a success story.
… GFNorte recently established a Central
Analytics Business Unit (ABU) with the mandate to convert information
into profits at a rate of 10X cost and to lead the adoption of a
customer-centric approach within the organization. The results
significantly exceeded expectations: In its first year the ABU
yielded profits 46X its costs, in the second year 106X (equivalent to
$275 million of net income), and during its third year it is on
course to produce 200X. These results, along with other
transformational initiatives, have contributed to GFNorte
leapfrogging its competitors within three years to attain second
place in profit generation (up from fourth) in the Mexican financial
system.
I can’t keep up now.
Something for my geeks?
Apple
Developer Program fee waivers are now available for nonprofits,
schools and government
No comments:
Post a Comment