Thursday, March 22, 2018

An all too common security failure.
Today’s episode of Incident Response Fail involves a cybersecurity professional/bug bounty hunter, Mohamed Suwaiz, and a driver training company in Texas, Smith System, that seemed to stubbornly resist his efforts to alert them to a data leak.
Although Suwaiz (@Msuwaiz on Twitter) describes himself as being motivated by bug bounties, when there’s no bounty to be had, he just gives information that he finds to companies to help them secure their data.
A few days after we first met online while I was investigating the Leon County Schools case, Suwaiz reached out to me to tell me that he needed to talk to me.
“@drive_different is having huge data leak,” he told me. He had already tried unsuccessfully to contact them via emails, Facebook, Twitter, and by contacting an intermediary to help him call the CTO, he explained. Calling from his part of the world is not easy, he said, so he had enlisted the help of someone who might help him get through.
So far, all of his attempts had failed to produce any results.
[Details follow… Bob]

What is interesting is why they didn’t do this years ago. Should make for some interesting discussions with my students.
Read Mark Zuckerberg's Full Statement on Facebook's Data Scandal

(Related) If my students haven’t been doing this, I’ll make it an assignment.
Tools to understand and monitor the collection of your data by Facebook and Twitter
Fast Co. Design: Creative technologists are developing their own tools for investigating, nudging, and altering the world’s largest social network. “..To understand the kind of information the platform may have on you, and how it may use it, turn to Data Selfie, a project developed by the artists Hang Do Thi Duc and Regina Flores Mir last year with funding from the New York City Economic Development Corporation, the Mayor’s Office of Media and Entertainment, and the NYC Media Lab. The Chrome extension generates a “selfie,” or profile, of your Facebook activity and uses machine learning to analyze that behavior in a way similar to Facebook itself. Are your likes more liberal leaning? What does your behavior imply about your psychological profile? Data Selfie–which doesn’t actually record any data from you–offers a glimpse into the kind of behavioral profiling that’s come to light through new revelations about Cambridge Analytica and the leak of data of 50 million Facebook users. Check it out here
  • J. Nathan Matias, who founded the citizen behavioral science platform CivilServant at MIT and is now a postdoc at Princeton University, has blogged about his so-called “audits” over the past year on Medium–for instance, running his own experiments on how Facebook promotes images versus texts with colored backgrounds and an earlier experiment on the Pride reaction button. “How much can a single person learn about Facebook with a little patience and a spreadsheet?” he writes. “More than you might expect!” Matias’s posts include instructions on how to run your own Facebook audit, and he even offers to help you do the statistics or coding if you want to run your own test. “I have often argued that we need independent testing of social tech, especially when a company’s promises are great or the risks are substantial,” he writes. “Sometimes when I suggest this, academics respond that independent evaluations require long, complex work by experts. That’s not always the case.” Learn more here.
  • Ben Grosser, an artist and professor at University of Illinois at Urbana-Champaign’s School of Art & Design, has written about how these ubiquitous user interface elements deeply influence user behavior. He has also built several Chrome extensions that throw Facebook’s carefully honed algorithms into chaos–like lobbing a digital smoke bomb on your News Feed…also he has just launched a version of the Demetricator for Twitter–a reminder that Facebook isn’t the only social network worthy of our critical thought as users. Check it out here…”

For my Software Architecture class.
5 Steps to a Painless Checkout Process

Perspective. Apparently, I have trouble digesting big numbers because I had to read this article several times before I understood exactly how much money we’re talking about. How can a company be worth $50 billion less than its assets?
Tencent’s 60,000% Runup Leads to One of the Biggest VC Payoffs Ever
South African media company Naspers Ltd. is cashing in a tiny sliver of one of the greatest venture-capital investments ever.
… Naspers might have remained an obscure publisher of South African newspapers and operator of pay-TV services if not for its decision in 2001 to invest $32 million in Tencent, a then little-known Chinese startup. The stake is now worth $175 billion and given that Naspers has a market value of about $125.5 billion, it means investors place no value on Naspers’ other operations and investments.
… The sale of 190 million shares, worth $10.6 billion based on Tencent’s closing price in Hong Kong on Thursday, will cut the stake held by Naspers to 31.2 percent from 33.2 percent.

For our Python students.

No comments: