Monday, April 02, 2018

Many of the things I hate about a breach. Not detected internally. Probably operated for almost a year.
Matt O’Brien reports:
A data breach at department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores.
The chains’ parent company, Canada-based Hudson’s Bay Co., announced the breach of its store payment systems on Sunday. The company said it was investigating and taking steps to contain the attack.
Read more on SacBee. What’s of special note is that it was a security firm, Gemini Advisory LLC , who picked up on this one and made the Hudson Bay aware:
Gemini Advisory LLC revealed on Sunday that a hacking group known as JokerStash or Fin7 began boasting on dark websites last week that it was putting up for sale up to 5 million stolen credit and debit cards.
  • We estimate the window of compromise to be May 2017 to present.
  • Based on the analysis of the available data, the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations have been compromised. The majority of stolen credit cards were obtained from New York and New Jersey locations.
You’ll probably want to read the entire advisory on this one.

Nothing in the article suggests they need a password. I wonder if the FBI knows about this one?
Hayley Dixon reports:
Police forces across country have been quietly rolling out technology which allows them to download the entire contents of victim’s phone without a warrant.
At least 26 forces now use technology which allows them to to extract location data, conversations on encrypted apps, call logs, emails, text messages, photographs, passwords and internet searches among other information.
Read more on The Telegraph.
[From the article:
The searches can be done instantly at a local police station and are used by many forces for low level crime – regardless of whether or not someone is charged – and can be used on victims and witnesses as well as suspects.
The Metropolitan Police, which was the first force to introduce the extraction devices during the London 2012 Olympics, has admitted that when a single photograph is required from a victim's phone every one is downloaded.
The revelations have led to concern that it could prevent victims coming forward, particularly in domestic abuse or rape cases.
… Some forces, each of which provide different guidance, have even equipped officers with portable mobile phone extraction kits which can be used on the go.
… Though guidelines say consent should be obtained from a witness before their phone is accessed, it is possible for this need to be overridden.

That’s a change!
Gert-Jan Fraeyman and Peter Craddock of DLA Piper write:
On 22 February 2018, the European Court of Human Rights (ECHR) decided a case concerning the alleged violation of Article 8 of the European Convention on Human Rights (the Convention) in the context of controlling an employee’s personal files stored on the hard drive of his work computer. The judgment of the ECHR (in French) can be accessed here and the press release (in English) can be accessed here.
The applicant, Eric Libert, is a French national who had been working at the French railway company SNCF. In 2007, Mr Libert had been temporarily suspended from his duties because his employer found that Mr. Libert’s work computer contained, inter alia, address change certificates drawn up for third persons and bearing the official Surveillance unit logo, and a large number of files containing pornographic images and films. He was dismissed from his post on 17 July 2008. After being unsuccessful before the national courts, Mr. Libert lodged an application with the ECHR against the French Government while primarily relying on Article 8 (right to respect for private and family life) of the Convention.
Read more on DLA Piper Privacy Matters.

Amazon Exec: IoT Reverses the Internet
… The Internet today is designed to deliver mass volumes of content, particularly video, from the center to "masses of endpoints" that want to consume that content, Cooper said. IoT does the opposite – it requires bringing masses of data from the edge inward. And that requires fundamental changes to Internet technology.

Something for my Students. Determine if this is a fact.
Hand-crafted fact-checking matters in an algorithmic world
Inside Higher Education: “It’s International Fact-Checking Day, a project of the Poynter Institute. What a quaint concept! It’s intrinsic to good journalism, but it can’t be done by algorithm or en masse – it’s lovingly hand-crafted work in pursuit of nailing down something that’s often ambiguous and needs to be considered in context and without confirmation bias. In an era when the deadline is eternally now (newspapers are no longer put to bed, they have to be up and at ‘em 24/7) and lies travel to the top of Google search results before the truth can get its pants on, there’s little time to check the facts and few staff to do. The efforts librarians and media literacy folks have launched to help citizens sort it all out are needed, but outsourcing the work to individuals isn’t a solution any more than privacy self-defense is the fix for surveillance capitalism. Yes, we need to know how to weigh information we encounter every day, but we also need to acknowledge that it’s coming at us fast and at volume. We need some quality fact-checkers working in critical places, which means we need to support trustworthy human gatekeepers…”

Something to compliment my next spreadsheet class.

No comments: