Another ‘under the radar’ data aggregation
firm screws the pooch. Another breach the company had to be told
about! Just in time for my new Computer Security class to examine
their errors. (Rather depressing how frequently this happens.)
Exactis
said to have exposed 340 million records, more than Equifax breach
If you're a US citizen, your personal information
– your phone number, home address, email address, even how many
children you have – may have just become easily available to
hackers in an alleged massive data leak.
Florida-based marketing and data aggregation firm
Exactis exposed a database containing nearly 340
million individual records on a publicly accessible
server, Wired
reported. Earlier this month, security
researcher Vinny Troia found that nearly
2 terabytes of data was exposed, which seems to include
personal information on hundreds of millions of US adults and
millions of businesses, the report said.
"It seems like this is a database with pretty
much every US citizen in it," Troia told Wired.
… Because Exactis hasn't confirmed the leak,
and the data is reportedly no longer accessible, it's hard to know
exactly how many people are affected. But Troia found two versions
of the database that each had around 340 million records, with
roughly 230 million on consumers and 110 million on business
contacts, according to Wired. Exactis says on its website that it
has over
3.5 billion consumer, business and digital records.
The data leak is noteworthy not only for its
breadth, but also for the depth of information the records have on
people. Every record
reportedly has entries that include more than 400 variables on
characteristics like whether the person smokes, what their religion
is and whether they have dogs or cats. But Wired noted
that in some instances, the information is inaccurate or outdated.
(Related)
Dan M. Clark reports on six major actions Equifax
agreed to take to settle eight states’ charges against them over
the 2017 data breach. From his report, because I cannot find a copy
of the actual consent decree online just yet:
-
The company’s board members will have to review and approve a written risk assessment plan for future digital threats.
-
Equifax will also have to improve oversight of its information security program.
-
The board is also tasked with reviewing digital security policies and keeping them up to date and applicable to current threats.
-
An audit committee of the Equifax board will also be tasked with evaluating information technology controls at the company.
-
Similar rules apply to vendors with the company.
Read more on New
York Law Journal.
(Related)
Dan Clark reports:
Credit reporting agencies will now be required to register with the state and comply with its cybersecurity regulations, the state Department of Financial Services announced Monday.
The new rules are the state’s response to last year’s data breach at Equifax, a credit reporting agency, that exposed the personal information of 143 million people. If a credit reporting agency is found to have violated the new regulations, the DFS will now have the power to block them from serving New York state residents.
Under the new rules, any credit reporting agency that ran more than 1,000 credit reports in New York state in the last year will have to register with the DFS by the beginning of September and then again at the beginning of February each year.
Read more on New
York Law Journal (free sub. Required)
The ignorant leading the incompetent?
UK
Publishes Minimum Cyber Security Standard for Government Departments
The UK government's Cabinet Office has published
the first iteration of its Minimum Cyber Security Standard, which
will be incorporated into the Government Functional Standard for
Security. The standard is mandatory for all government departments
(which includes 'organizations, agencies, Arm’s Length Bodies and
contractors'); but provides an excellent security checklist/framework
for all commercial organizations.
It is a surprisingly short document (PDF);
just seven pages comprising 10 sections under five categories:
Identify, Protect, Detect, Respond and Recover. It largely follows
the wider European approach of mandating
outcomes rather than specific means to achieve those outcomes
– but is not entirely devoid of specific instructions.
An increase suggests they are getting better. A
decrease would signal that they have won the battle.
Twitter’s
spam removal is up 214 percent compared to 2017
Twitter dropped
a blog post yesterday explaining how it’s currently handling
malicious spam and bots. The company says that in May, its system
found and questioned over 9.9 million accounts for spamming or being
automated.
Twitter says it’s also
monitoring its APIs more strictly. During Q1 this year, it suspended
more than 142,000 apps that violated rules and tweeted out over 130
million spam tweets, and kept up the momentum in the following
months, removing an average of 49,000 apps each month.
Compared to last year,
Twitter says it has removed 214 percent more accounts for violating
spam policies. It also notes that the average number of spam reports
has dropped from 25,000 a day in March to 17,000 a day in May, which
Twitter is taking to mean that spam is being effectively combatted,
but it could really just mean that people are getting tired of
reporting spam.
(Related)
Facebook’s
fight against fake news has gone global. In Mexico, just a handful of
vetters are on the front lines.
This spring, a doctored image claiming that the
wife of the leading Mexican presidential candidate was the
granddaughter of a Nazi ricocheted across Facebook and its messaging
service, WhatsApp.
The post, shared 8,000 times before it was
disproved, was part of a flood of fabricated stories that have spread
on Facebook and its other services, including Instagram, ahead of
Mexico’s July 1 presidential election — the country’s own
version of the divisive misinformation that sought to influence the
2016 campaign across the border.
Determined to prevent a repeat of the abuses of
its platform ahead of the U.S. midterm elections in November,
Facebook has poured resources into election integrity, hiring
thousands of content
moderators and fact-checkers, deploying artificial intelligence,
and conducting large sweeps of problematic accounts. Each new
election is a test: Facebook’s security and civic teams are
actively tracking 50
different elections in 2018 — and triaging for those
deemed “high risk” — amounting
to a national election practically every week.
(Related)
Facebook’s
Latest Problem: It Can’t Track Where Much of the Data Went
Company’s
internal probe finds that some developers who scooped up data are now
out of business, and others won’t cooperate
… Three months after CEO Mark Zuckerberg
pledged to investigate all apps that had access to large amounts of
Facebook data, the company is still combing its system to locate the
developers behind those products and find out how they used the
information between 2007 and 2015, when the company officially cut
data access...
Should be interesting.
Mike Stunson reports:
Lexington must release information about the city’s surveillance cameras and the policies surrounding their use, a judge ordered last week.
Mike Maharrey, an activist and organizer for “We See You Watching Lexington,” said his victory over the city is huge for the people of Lexington.
“Now, hopefully, we will get the kind of transparency we deserve,” Maharrey wrote.
Read more on Kentucky.com.
So, Google will be listening on even more phones.
Paranoia?
Google
invests in OS that will put its Assistant on feature phones
Google has just invested $22 million in KaiOS, the
company that built an app-packed operating system for feature
phones. The move, which gives Google access to
previously-untapped markets, will see KaiOS integrate Google services
such as maps, Assistant, YouTube and search into devices, which are
considered mid-point phones between basic phones and smartphones.
Perspective.
Facebook,
Google Manipulate Users to Share Personal Data Despite GDPR
Despite the new GDPR regulation entering into
effect across Europe, Facebook and Google are manipulating users into
sharing personal data by leveraging misleading wording and confusing
interfaces, according to a report
released today by the Norwegian Consumer Council (NCC).
In its 44-page
report, the Norwegian agency accuses Google and Facebook of using
so-called "dark
patterns" user interface elements into "nudging"
users towards accepting privacy options.
These dark patterns include misleading
privacy-intrusive default settings, misleading wording, giving users
an illusion of control, hiding away privacy-friendly choices,
take-it-or-leave-it choices, and choice architectures where choosing
the privacy-friendly option requires more effort for the users.
Perspective. Is Amazon Uber-izing the delivery
business?
Amazon’s
new blue crew: Tech giant enlists entrepreneurs to own the ‘last
mile,’ delivering packages in Prime vans and uniforms
Amazon is expanding further into package delivery
and promising to support a new wave of small business owners with the
launch of a program that helps entrepreneurs start and run their
own companies — delivering items purchased on Amazon.com in
distinctive blue Prime-branded shirts and vans.
It’s “the next big building block of our
end-to-end supply chain,” said Dave
Clark, the Amazon executive who oversees the worldwide delivery
logistics infrastructure for the e-commerce giant
… The new program lets anyone run their own
package delivery fleet of up to 40 vehicles with up to 100 employees.
Amazon works with the entrepreneurs — referred to as “Delivery
Service Partners” — and pays them to deliver packages while
providing discounts on vehicles, uniforms, fuel, insurance, and more.
They operate their own businesses and hire their own employees,
though Amazon requires them to offer healthcare, paid time off, and
competitive wages. Amazon said entrepreneurs can get started with as
low as $10,000 and earn up to $300,000 annually in profit.
Perspective.
Distracted
Driving Is Out of Control, and There's No Single Cure
One study found that young drivers spend 12
percent of time behind the wheel looking at their phones. This is
getting bad, people.
… a new, small study released today by AAA’s
Foundation for Traffic Safety suggests that those infotainment
systems built into vehicles’ consoles make driving a bit more
dangerous, by demanding too much of those who are supposed to be
watching the road.
Perspective. Give up Michael Porter? Never!
Well, maybe….
https://sloanreview.mit.edu/article/why-companies-need-a-new-playbook-to-succeed-in-the-digital-age/
Why
Companies Need a New Playbook to Succeed in the Digital Age
… A new playbook requires companies to move
beyond Michael Porter’s idea of controlled
value chains, where companies focus on control and doing one
thing really well. In a value chain, companies know a lot about
their products, including where they are physically and when they are
sold.
In the digital world, companies need to move to
more complex, networked systems. They must create ecosystems or webs
of relationships with partners that help them become a go-to for
customers. The key is using digital to differentiate a company,
offering customers something new and compelling — to create a
destination they want to visit.
A resource to draw from.
BBC
releases computer history archive
BBC
Technology – “A slice of computing history has been made
public, giving people the opportunity to delve into an archive that
inspired a generation of coders. The
Computer Literacy Project led to the introduction of the BBC
Micro alongside programmes which introduced viewers to the principles
of computing. It included interviews with innovators such as Bill
Gates and Steve Wozniak. The BBC hopes the 1980s archive will
encourage today’s youngsters to become involved in computing. With
the release of the archive, viewers can now search and browse all of
the programmes from the project. They will be able to:
-
watch any of the 267 programmes
-
explore clips by topic or text search
-
run 166 BBC Micro programmes that were used on-screen
-
find out the history of the Computer Literacy Project…”
The new ROTC uniform?
Make The
Galaxy Great Again T-Shirt
No comments:
Post a Comment