Saturday, February 10, 2018

For my Computer Security and my Data Management students. Organizations rarely know what information has been accessed or downloaded immediately following the breach.
Equifax hack exposed more information than we thought, documents show
The credit-reporting company announced in September that the personal information of 145.5 million consumers had been compromised in a data breach. It originally said that the information accessed included names, Social Security numbers, birth dates, addresses and — in some cases — driver's license numbers and credit card numbers. It also said the personal information from thousands of dispute documents was accessed.
However, Atlanta-based Equifax Inc. recently disclosed in a document submitted to the Senate Banking Committee, which was shared with Associated Press, that a forensic investigation found criminals accessed other information from company records. That included tax identification numbers, email addresses and phone numbers. Details, such as the expiration dates for credit cards or issuing states for driver's licenses, were also included in the list.
… Equifax waited months to disclose the hack. After it did, anxious consumers experienced jammed phone lines and uninformed company representatives. An Equifax website set up to help people determine their exposure was described as sketchy by security experts and provided inconsistent and unhelpful information to many. The company blamed the online customer help page's problems on a vendor's software code after it appeared that it had been hacked as well.

I suspect US numbers would be similar.
The Canadian Press reports:
A new study suggests nearly 90 per cent of Canadian organizations suffered at least one security breach last year and sensitive data was exposed almost half of the time.
The survey found that one in five breaches was classified as “high impact” because sensitive customer or employee information was exposed.
Read more on Canadian Business.

Not sure I agree with the ECHR. I think Spain got it right.
DAC Beachcroft writes:
The use of hidden cameras did violate the right to privacy of employees who were dismissed for theft, according to the European Court of Human Rights.
The facts
A Spanish supermarket, MSA, identified discrepancies between stock levels and what was supposedly being sold in store. The monthly losses ranged from around €7,500 to €24,000. As part of an investigation, it installed surveillance cameras. Some of these cameras, aimed at detecting customer theft, were pointed towards the entrances and exits of the supermarket, and were visible. Other cameras, which zoomed in on the checkout counters and covered the area behind the cash desk, were hidden. These were aimed at detecting thefts by employees. MSA gave its workers prior notice of the installation of the visible cameras. Neither the workers nor the company’s staff committee were informed of the hidden cameras.
Read more on Lexology.

Similar to a case the US Supreme Court will decide soon.
Newfoundland Provincial Court refuses to issue production order for data stored in the U.S., expressly disagreeing with recent BCCA decision on point
Judge Wayne Gorman of the Newfoundland Provincial Court recently issued a decision on the extraterritorial reach of production orders seeking stored data. In the Matter of an application to obtain a Production Order pursuant to section 487.014 of the Criminal Code of Canada involved an investigation by the Royal Newfoundland Constabulary into an alleged case of cyber-extortion, in which nude pictures of a child were sent from somewhere in Newfoundland, via Facebook, and threats made to release the pictures publicly if money was not paid. The police applied for a production order compelling a company located in the United States (not Facebook, it would appear) to produce data, despite the fact that the company has no physical presence in Canada.

Free Money! Trust me!
'Nigerian Prince' Financial Scam Roars Back To Life In The Bitcoin Cryptocurrency Age
If you're well-seasoned internet user, surely you have seen scams over the years that revolved around a Nigerian prince who needs your help to move money out of the country. We all know that it is a scam, yet for a long time, people have fallen for it. That Nigerian Prince scam is now back and has a new twist while spreading via Twitter.
The scam sees nefarious users making Twitter handles that are very close to legitimate and well-known Twitter users. The scammer then responds to one of the real poster's tweets to give the appearance that they started the thread. The scammer then puts up a tweet offering to provide a Bitcoin "reward" to anyone who sends a smaller amount of cryptocurrency to a specific wallet.
Shockingly, people are falling for the scam, and then the scammer is reaping all the Bitcoin sent to the wallet without paying anything out. One of the scams impersonated Elon Musk and with his oddball persona it might be easy for some to see Musk giving away Bitcoin.
… "It's like a social media impersonation mixed with a classic Nigerian prince scam," says Crane Hassold, a threat intelligence manager at the security firm PhishLabs. "Twitter will likely start blocking the accounts making the posts, but the level of effort needed for this scam is so low that it'll probably be a cat and mouse game, and the return on investment at the beginning will be pretty good for the actor."

Will this be as much fun if it’s legal?
EFF Files For DMCA Exemption To Jailbreak Amazon Echo, Google Home, Apple HomePod
The jailbreaking community is alive and well, and people frequently install "unauthorized" software on their smartphones and tablets once they’ve cracked the bootloader. This practice is often frowned upon by device OEMs (especially Apple), but it is legal to do so under an exemption in Section 1201 of the Digital Millennium Copyright Act (DMCA).
The Electronic Frontier Foundation (EFF), however, wants to extend the exemption to include another hot segment in the consumer electronics market: smart AI speakers. That would means that owners of devices like the Amazon Echo, Google Home, and Apple HomePod would be free to hack into these devices to see what makes them tick without fear of retribution.

It’s a slapdown for management, but no managers were harmed?
Wells Fargo's Hard Slap From the Fed Is Going to Hurt
Wells Fargo was stunned by a blow dealt by the Federal Reserve at the beginning of February. In an unprecedented move, the Fed has prohibited the bank from growing its assets from the level they reached at the end of 2017, among other penalties.
… Wells Fargo's reputation has been in the doghouse since late 2016, when it was discovered that the bank opened millions of new accounts for existing customers. That wouldn't be a problem, except those clients apparently neither requested nor authorized them. Before long, it came to light that this "fake accounts scandal" was more widespread than first reported. All told, the bank admitted that around 3.5 million bogus accounts were created.
Wells Fargo soon dropped the ball again, and more than once. It was also accused of malfeasance with auto insurance products and, worse, mortgages – a crucial segment for the company.

Interesting idea. I’ll have to think about this one.
The End of Scale
For more than a century, economies of scale made the corporation an ideal engine of business. But now, a flurry of important new technologies, accelerated by artificial intelligence (AI), is turning economies of scale inside out. Business in the century ahead will be driven by economies of unscale, in which the traditional competitive advantages of size are turned on their head.
Economies of unscale are enabled by two complementary market forces: the emergence of platforms and technologies that can be rented as needed. These developments have eroded the powerful inverse relationship between fixed costs and output that defined economies of scale. Now, small, unscaled companies can pursue niche markets and successfully challenge large companies that are weighed down by decades of investment in scale — in mass production, distribution, and marketing.

Something I’ll point my student to when they complain that I take points off for poor writing.
Oxford comma dispute is settled as Maine drivers get $5 million
Ending a case that electrified punctuation pedants, grammar goons and comma connoisseurs, Oakhurst Dairy settled an overtime dispute with its drivers that hinged entirely on the lack of an Oxford comma in state law.
The dairy company in Portland, Maine, agreed to pay $5 million to the drivers, according to court documents filed Thursday.
The relatively small-scale dispute gained international notoriety last year when the U.S. Court of Appeals for the 1st Circuit ruled that the missing comma created enough uncertainty to side with the drivers, granting those who love the Oxford comma a chance to run a victory lap across the internet.
… The case began in 2014, when three truck drivers sued the dairy for what they said was four years’ worth of overtime pay they had been denied. Maine law requires time-and-a-half pay for each hour worked after 40 hours, but it carved out exemptions for:
The canning, processing, preserving, freezing, drying, marketing, storing, packing for shipment or distribution of:
(1) Agricultural produce.
(2) Meat and fish products.
(3) Perishable foods.
What followed the last comma in the first sentence was the crux of the matter: “packing for shipment or distribution of.” The court ruled that it was not clear whether the law exempted the distribution of the three categories that followed, or if it exempted “packing for” the shipment or distribution of them.
… Since then, the Maine Legislature addressed the punctuation problem. Here’s how it reads now:
The canning; processing; preserving; freezing; drying; marketing; storing; packing for shipment; or distributing of:
(1) Agricultural produce.
(2) Meat and fish products.
(3) Perishable foods.
So now we get to replace Oxford comma pedantry with semicolon pedantry.

These tools might help create an interesting project. Write about a Computer Security breach, pointing out all the obfuscation, blame shifting, lack of planning, etc.
Newspaper Templates for Google Docs & Word
This morning I answered an email from a reader who was looking for suggestions on tools that his students can use to collaboratively create a newspaper. My first suggestion was to try LucidPress. My second thought was to try using some Google Docs templates.
I didn't have any Google Docs templates of my own so I did a quick Google search for "newspaper templates Google Docs" and I found this collection put together by students at Westlake Girls High School in Auckland, New Zealand. There are ten newspaper templates in the collection. You can make your own copy of the templates by opening them and then selecting, "file" and "make a copy" in Google Docs.
If you're a Microsoft Word user, you can try these templates to create newsletters and newspapers. Word Online is free and supports collaborative writing too.
The person who emailed me this morning was going to use the newspaper templates in a history class to have students write articles as news reports about historical events.

No comments: