Thursday, January 04, 2018

It’s never “if,” it’s always “when.”
Security flaws put virtually all phones, computers at risk
Security researchers on Wednesday disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp, Advanced Micro Devices Inc and ARM Holdings.
… Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix.
… The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer’s memory, potentially letting hackers read a computer’s memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.

Governments don’t do IT well. (I may have said that a few times.)
India's National ID Database With Private Information Of Nearly 1.2 Billion People Was Reportedly Breached
… The Tribune, a local Indian newspaper, published a report claiming its reporters paid Rs. 500 (approximately $8) to a person who said his name was Anil Kumar, and who they contacted through WhatsApp. Kumar was able to create a username and password that gave them access to the demographic information of nearly 1.2 billion Indians who have currently enrolled in Aadhaar, simply by entering a person’s unique 12-digit Aadhaar number. Regional officers working with the Unique Identification Authority of India (UIDAI), the government agency responsible for Aadhaar, told the Tribune the access was “illegal,” and a “major national security breach.”
A second report, published on Thursday by the Quint, an Indian news website, revealed that anyone can create an administrator account that lets them access the Aadhaar database as long as they’re invited by an existing administrator. [Think: Hackers inviting hackers. Bob]

(See the comment above.)
If you were part of a Department of Homeland Security Office of the Inspector General investigation at some time between 2002 through 2014, DHS wants you to know that you may be a breach victim. Unfortunately, due to “technological” issues, it seems that DHS can’t directly contact you to alert you, so read on…..
A few more details have emerged in the matter of a breach involving the Department of Homeland Security. The breach, which involved the May discovery of an unauthorized copy of DHS’s investigative case management system in the possession of a former DHS OIG employee, was first reported in November by USA Today.
Joseph Marks reports that the Inspector General has now confirmed that the breach affected more approximately 247,167 DHS employees, but DHS has now also revealed that the breach impacted non-employees who contacted or interacted with the department: “individuals (i.e., subjects, witnesses, and complainants) associated with DHS OIG investigations from 2002 through 2014 (the “Investigative Data”).”
DHS’s statement can be found on their site. Of note, DHS writes:
The privacy incident did not stem from a cyber-attack by external actors, and the evidence indicates that affected individual’s personal information was not the primary target of the unauthorized exfiltration.
Affected individuals are being offered 18 months of free credit monitoring and identity protection services.
But of course, there are lots of raised eyebrows that the agency responsible for protecting our homeland from terrorist attacks and the like had an insider breach that went unprevented and undetected until May of this year. In response to the incident, DHS notes:
The Department of Homeland Security takes very seriously the obligation to serve the Department’s employees and is committed to protecting the information in which they are entrusted. Please be assured that we will make every effort to ensure this does not happen again. DHS is implementing additional security precautions to limit which individuals have access to this information and will better identify unusual access patterns. We will continue to review our systems and practices in order to better secure data. DHS OIG has also implemented a number of security precautions to further secure the DHS OIG network.
Will their changes also enable them to identify and notify any non-employees who might get caught up in any future breaches? Shouldn’t the agency have some way of doing that unless someone was a confidential witness who did not provide their real details in dealing with the agency – or something like that?

The Security implications are clear, but there are also significant Data Management challenges. Hint: Every Presidential Tweet is an “Official Record.”
White House bans personal cellphones from the West Wing
The White House on Thursday banned the use of personal cellphones and other personal devices from the West Wing, citing security concerns.
...Officials said the decision was made because too many devices were connected to the White House network, and because personal devices are not as secure.
The White House said staffers will still be able to use their government-issued devices.
But some staffers are worried that it will be harder for them to reach family and friends when they need to at work.

An article for my Data Management class. What to do with the data you have.
In the age of rapid advances in data science and artificial intelligence, many organizations still struggle to incorporate advanced analytics capabilities into their business models. True incorporation requires bold decisions about reorganizing the business to make analytics a key component of strategy. Here we present the case of Grupo Financiero Banorte (GFNorte), a large Mexican financial group, where the analytics transformation has been a success story.
… GFNorte recently established a Central Analytics Business Unit (ABU) with the mandate to convert information into profits at a rate of 10X cost and to lead the adoption of a customer-centric approach within the organization. The results significantly exceeded expectations: In its first year the ABU yielded profits 46X its costs, in the second year 106X (equivalent to $275 million of net income), and during its third year it is on course to produce 200X. These results, along with other transformational initiatives, have contributed to GFNorte leapfrogging its competitors within three years to attain second place in profit generation (up from fourth) in the Mexican financial system.

I can’t keep up now.

Something for my geeks?
Apple Developer Program fee waivers are now available for nonprofits, schools and government

No comments: