Friday, January 19, 2018

Perhaps there is bliss in ignorance? There seems to be no significant downside – so why bother with security?
Security Breaches Don't Affect Stock Price
Interesting research: "Long-term market implications of data breaches, not," by Russell Lange and Eric W. Burger.
Abstract: This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to the performance of the firms' peer industries, as represented through selected indices rather than the market as a whole. Financial performance is considered over a range of dates from 3 days post-breach through 6 months post-breach, in order to provide a longer-term perspective on the impact of the breach announcement.

There are some things it is best NOT to ignore.
A friend tweeted to me tonight:
Commissioner Miner @fanCRTCProfling
.@PogoWasRight you have been beating this drum and saying this for a long time now... years. "report reveals they are instead 'frequently ignored or misunderstood". Now u have a report! ;)…
5:45 PM - Jan 18, 2018
Indeed we do.
Carly Page reports:
One in four ethical hackers have not reported a vulnerability that they found because the company didn’t have a channel to disclose it.
That’s according to HackerOne’s ‘2018 Hacker Report‘, which surveyed 1,698 members of the hacking community – making it the largest documented survey ever conducted of the ethical hacking community.
One of the standout discoveries was that almost 25 per cent of respondents said they were unable to disclose a security flaw because the bug-ridden company in question lacked a vulnerability disclosure policy (VDP).
This doesn’t mean the hackers don’t try – with HackerOne noting that many attempt to contact firms via social media and email but are “frequently ignored or misunderstood.”
Read more on And keep in mind that the rate of reporting will drop and/or be chilled if law enforcement treats ethical hackers or greyhats like blackhats and attempts to prosecute them. Our federal hacking statute, CFAA, needs updating and revision and the revisions need to provide protection to researchers who attempt to responsibly disclose what they have found.

Here’s another thing to ignore?
How to Comply with GDPR
… A recent study from HyTrust, conducted at the VMworld 2017 conference in Las Vegas, found that a whopping 79 percent of companies have no plans in place for GDPR. Another study from Varonis revealed that a whopping 90 percent of IT decision makers saw challenges complying with GDPR a year before the enforcement date.

Businesses must have surveillance cameras tied into the police system.
New year, new surveillance expansion. Chad Livengood reported this on January 3, and Joe Cadillic kindly sent it along for all of us to mutter about:
  • Plan would eventually mandate every retail business in Detroit with late-night hours to have surveillance cameras
  • City will start with requiring camera systems for businesses open midnight-4 a.m.
  • City will then move to businesses open after 10 p.m.
Mayor Mike Duggan’s administration is moving forward with a plan to eventually mandate every retail business in Detroit with late-night hours have surveillance cameras tied into Project Green Light, the Detroit Police Department’s real-time crime monitoring system credited with a decrease in carjackings and overall crime around participating businesses.
In an interview Wednesday with Crain’s, Duggan said he will ask City Council later this year to mandate Project Green Light high-definition video systems for all retail businesses open after 10 p.m.
Read more on Crain’s.

Why would this police officer want to disable the camera? To avoid another ‘through the door” shooting? But shouldn’t they reconnect the camera when done?
From the this-almost-feels-like-opposites-day dept., Meghan McRoberts reports:
An Indian River County man feels his privacy was violated after he captured Vero Beach police disconnecting a surveillance camera outside his front door.
Police were investigating a crime the man says he had nothing to do with.
Vero Beach Police Chief David Currey stands by his officers’ actions.
Of course he does. But this is a weird one – is removing surveillance a privacy violation? I think if we view it as law enforcement damaging or seizing property, then there’s an issue, but is it a privacy issue? Help!
Read more on ABC.

Makes me ask if these guys know how to run a bank.
Wells Fargo apologizes for glitch that emptied out some bank accounts
Reports show a glitch caused some online bill payments to be processed twice. That is triggering overdraft protection fees. Some customers have gotten emails saying their checking accounts had nothing in them.
"Some customers may be having an issue with their Bill Pay transactions. We are working to fix the issue and resolve this tonight. Thanks for your patience," the company tweeted Wednesday evening.
The bank said Thursday morning that technical teams have corrected the errors, but customers should still check to make sure all is well with their accounts.

Did you think of Lebanon as a major hacking nation?
Report links hacking campaign to Lebanese security agency
A major hacking operation tied to one of the most powerful security and intelligence agencies in Lebanon has been exposed after careless spies left hundreds of gigabytes of intercepted data exposed to the open internet, according to a report published Thursday.
Mobile security firm Lookout, Inc. and the Electronic Frontier Foundation, a digital rights group, said the haul, which includes nearly half a million intercepted text messages, had simply been left online by hackers linked to Lebanon’s General Directorate of General Security.
… EFF and Lookout’s report:

Another tease for my students.
What is blockchain? The most disruptive tech in decades
The distributed ledger technology, better known as blockchain, has the potential to eliminate huge amounts of record-keeping, save money and disrupt IT in ways not seen since the internet arrived.

Free tool for business.
WhatsApp officially launches its app for businesses in select markets
WhatsApp today officially launched its new WhatsApp Business app in select markets, including Indonesia, Italy, Mexico, the U.K. and the U.S., ahead of its planned worldwide rollout. The addition of business profiles and new messaging tools aimed at business customers is part of the company’s broader plan to generate revenue by charging larger enterprises for advanced tools to communicate with customers on the platform now used by over a billion people worldwide.
The WhatsApp Business app is the initial entry point in this market.
Aimed at smaller businesses, the free app – Android-only for now – helps companies better connect with their customers and establish an official presence on WhatsApp’s service. Essentially, it’s the WhatsApp version of a Facebook Page.

No one reads the Users Manual.
Guide offer tips and tricks to enhance value of Google Maps
Digital Trends: “Google Maps boasts more than 1 billion active users today, making it the most popular navigation software in the world. It gets millions of us where we need to go every day, but are you sure you’re getting the most out of it? It’s easy to miss new features or hidden options. That’s why we’ve compiled this guide on how to use Google Maps. It’s time to take your first step on the road to mastery with our Google Maps tips and tricks…”

I didn’t know you could still do this.

My students should be interested!
Google Opens Up Its Tech Training Program to All, Giving You a Reason to Learn New Skills
If you want to work at Google someday but aren’t sure you have the resume for it, the company wants to train you. To help prospective employees bridge skills gaps, the tech giant is partnering with online course provider Coursera to offer access to its IT training program, previously only open to existing Googlers.
It may seem counterintuitive for Google to invest in the education of people who don’t and may never work for the company. It could even bolster the skills of individuals who work for competitors, you might imagine. But of the 10,000 U.S. residents who receive scholarships from Google to complete the certificate, Google is betting that it will be able to hire some of them down the road.
… The program will involve 64 hours of video lessons as well as labs and evaluations, and it will teach IT basics such as troubleshooting, customer service, networking, operating systems, system administration, automation and security. It will take about eight months to complete if a student spends eight to 10 hours a week on the program, though students can work at their own pace, according to Coursera.
Those interested in financial aid can apply by Feb. 20, while others may be selected by participating nonprofits. You don’t need an IT background or a four-year college degree to qualify. For those who don’t get a free ride, the full cost of the program is $49 a month.

No comments: