An all too common security failure.
Today’s episode of Incident Response Fail
involves a cybersecurity professional/bug bounty hunter, Mohamed
Suwaiz, and a driver training company in Texas, Smith
System, that seemed to stubbornly resist his efforts to alert
them to a data leak.
Although Suwaiz (@Msuwaiz
on Twitter) describes himself as being motivated by bug bounties,
when there’s no bounty to be had, he just gives information that he
finds to companies to help them secure their data.
A few days after we first met online while I was
investigating the Leon County Schools case, Suwaiz reached out to me
to tell me that he needed to talk to me.
“@drive_different is having huge data leak,”
he told me. He had already tried unsuccessfully to contact them via
emails, Facebook, Twitter, and by contacting an intermediary to help
him call the CTO, he explained. Calling from his part of the world
is not easy, he said, so he had enlisted the help of someone who
might help him get through.
So far, all of his attempts had failed to produce
any results.
[Details
follow… Bob]
What is interesting is why they didn’t do this
years ago. Should make for some interesting discussions with my
students.
Read Mark
Zuckerberg's Full Statement on Facebook's Data Scandal
(Related) If my students haven’t been doing
this, I’ll make it an assignment.
Tools to
understand and monitor the collection of your data by Facebook and
Twitter
Fast Co. Design: Creative technologists are
developing their own tools for investigating, nudging, and altering
the world’s largest social network. “..To understand the kind of
information the platform may have on you, and how it may use it, turn
to Data
Selfie, a project developed by the artists Hang
Do Thi Duc and Regina
Flores Mir last
year with funding from the New York City Economic Development
Corporation, the Mayor’s Office of Media and Entertainment, and the
NYC Media Lab. The Chrome extension generates a “selfie,” or
profile, of your Facebook activity and uses machine learning to
analyze that behavior in a way similar to Facebook itself. Are your
likes more liberal leaning? What does your behavior imply about your
psychological profile? Data Selfie–which doesn’t actually record
any data from you–offers a glimpse into the kind of behavioral
profiling that’s come to light through new revelations about
Cambridge Analytica and the leak of data of 50
million Facebook users. Check it out here…
-
J. Nathan Matias, who founded the citizen behavioral science platform CivilServant at MIT and is now a postdoc at Princeton University, has blogged about his so-called “audits” over the past year on Medium–for instance, running his own experiments on how Facebook promotes images versus texts with colored backgrounds and an earlier experiment on the Pride reaction button. “How much can a single person learn about Facebook with a little patience and a spreadsheet?” he writes. “More than you might expect!” Matias’s posts include instructions on how to run your own Facebook audit, and he even offers to help you do the statistics or coding if you want to run your own test. “I have often argued that we need independent testing of social tech, especially when a company’s promises are great or the risks are substantial,” he writes. “Sometimes when I suggest this, academics respond that independent evaluations require long, complex work by experts. That’s not always the case.” Learn more here.
-
Ben Grosser, an artist and professor at University of Illinois at Urbana-Champaign’s School of Art & Design, has written about how these ubiquitous user interface elements deeply influence user behavior. He has also built several Chrome extensions that throw Facebook’s carefully honed algorithms into chaos–like lobbing a digital smoke bomb on your News Feed…also he has just launched a version of the Demetricator for Twitter–a reminder that Facebook isn’t the only social network worthy of our critical thought as users. Check it out here…”
For my
Software Architecture class.
5 Steps to
a Painless Checkout Process
Perspective. Apparently, I have trouble digesting
big numbers because I had to read this article several times before I
understood exactly how much money we’re talking about. How can a
company be worth $50 billion less than its assets?
Tencent’s
60,000% Runup Leads to One of the Biggest VC Payoffs Ever
South African media company Naspers
Ltd. is cashing in a tiny sliver of one of the greatest
venture-capital investments ever.
… Naspers might have remained an obscure
publisher of South African newspapers and operator of pay-TV services
if not for its decision
in 2001 to invest $32 million in Tencent, a then little-known Chinese
startup. The stake is now
worth $175 billion and given that Naspers has a market value of about
$125.5 billion, it means investors place no value on
Naspers’ other operations and investments.
… The sale of 190 million shares, worth $10.6
billion based on Tencent’s closing price in Hong Kong on Thursday,
will cut the stake held by Naspers to 31.2 percent from 33.2 percent.
For our Python students.
No comments:
Post a Comment