When your Prevention fails (and it will) you need
Detection before you can attempt Correction.
Ticketfly
temporarily shuts down to investigate 'cyber incident'
Ticketfly has temporarily shut
down after a "cyber incident" (read: hack) compromised
its systems. An intruder defaced the company's website around
midnight on May 31st with claims that they had compromised the
"backstage" database where festivals, promoters and venues
manage their events. Billboard sources didn't believe this
included credit card data, but the attacker had posted files
supposedly linking to info for Ticketfly "members."
It has always been thus.
Margi Murphy Ben Riley-Smith report:
The European Commission has claimed it is not subject to the strict new data protection law that it has imposed across Europe, following an “embarrassing” leak of personal data on its website.
Officials in Brussels admitted the bureaucracy that designed the rules is not itself compliant with the General Data Protection Regulation (GDPR). A spokesman said the European Commission was “taking and will continue to take all the necessary steps to comply”.
Read more on The
Telegraph.
I think the history of technology helps put
Computer Security and the other subjects I teach in perspective.
Given any technology, someone will use it to cheat.
The crooked
timber of humanity
Nearly two centuries
ago, France was hit by the world’s first cyber-attack. Tom
Standage argues that it holds lessons for us today
… The world’s first national data network
was constructed in France during the 1790s. It was a mechanical
telegraph system, consisting of chains of towers, each of which had a
system of movable wooden arms on top. Different configurations of
these arms corresponded to letters, numbers and other characters.
Operators in each tower would adjust the arms to match the
configuration of an adjacent tower, observed through a telescope,
causing sequences of characters to ripple along the line. Messages
could now be sent much faster than letters, whizzing from one end of
France to the other in minutes. The network was reserved for
government use but in 1834 two bankers, François and Joseph Blanc,
devised a way to subvert it to their own ends.
The Blanc brothers traded government bonds at the
exchange in the city of Bordeaux, where information about market
movements took several days to arrive from Paris by mail coach.
Accordingly, traders who could get the information more quickly could
make money by anticipating these movements. Some tried using
messengers and carrier pigeons, but the Blanc brothers found a way to
use the telegraph line instead. They bribed the telegraph operator
in the city of Tours to introduce deliberate errors into routine
government messages being sent over the network.
The telegraph’s encoding system included a
“backspace” symbol that instructed the transcriber to ignore the
previous character. The addition of a spurious character indicating
the direction of the previous day’s market movement, followed by a
backspace, meant the text of the message being sent was unaffected
when it was written out for delivery at the end of the line. But
this extra character could be seen by another accomplice: a former
telegraph operator who observed the telegraph tower outside Bordeaux
with a telescope, and then passed on the news to the Blancs. The
scam was only uncovered in 1836, when the crooked operator in Tours
fell ill and revealed all to a friend, who he hoped would take his
place. The Blanc brothers were put on trial, though they could not
be convicted because there
was no law against misuse of data networks. But the
Blancs’ pioneering misuse of the French network qualifies as the
world’s first cyber-attack.
For all my students to consider.
The Digital
Poorhouse
In May 2018, a new data and privacy law will take
effect in the European Union. The product of many years of
negotiations, the General Data Protection Regulation is designed to
give individuals the right to control their own information. The
GDPR enshrines a “right to erasure,” also known as the “right
to be forgotten,” as well as the right to transfer one’s
personal data among social media companies, cloud storage providers,
and others.
The European regulation also creates new
protections against algorithms, including the “right
to an explanation” of decisions made through automated processing.
So when a European credit card issuer denies an application, the
applicant will be able to learn the reason for the decision and
challenge it. Customers can also invoke a right to human
intervention. Companies found in violation are subject to fines
rising into the billions of dollars.
Regulation
has been moving in the opposite direction in the United States,
where no federal legislation protects personal data. The American
approach is largely the honor system, supplemented by laws that
predate the Internet, such as the Fair Credit Reporting Act of 1970.
In contrast to Europe’s Data Protection Authorities, the US Federal
Trade Commission has only minimal authority to assess civil penalties
against companies for privacy violations or data breaches. The
Federal Communications Commission (FCC) recently repealed its net
neutrality rules, which were among the few protections relating to
digital technology.
These divergent approaches, one regulatory, the
other deregulatory, follow the same pattern as antitrust enforcement,
which faded in Washington and began flourishing in Brussels during
the George W. Bush administration. But there is a convincing case
that when it comes to overseeing the use and abuse of algorithms,
neither the European nor the American approach has much to offer.
Automated decision-making has revolutionized many sectors of the
economy and it brings real gains to society. It also threatens
privacy, autonomy, democratic practice, and ideals of social equality
in ways we are only beginning to appreciate.
Something for my Software Architecture class.
The Ad Hoc
Government Digital Services Playbook
“The
Ad Hoc Government Digital Services Playbook compiles what we’ve
learned from four years of delivering digital services for government
clients. Our playbook builds on and extends the Digital
Services Playbook by the United States Digital Service. The USDS
playbook is a valuable set of principles, questions, and checklists
for government to consider when building digital services. If
followed, the plays make it more likely a digital services project
will succeed. Today, we’re publishing the opinions we developed
and lessons we learned while implementing the original plays of the
USDS playbook. We want to share our knowledge in hopes that other
teams can continue to build on the progress we and many other
organizations are making in improving government digital services.
In 2014, we founded Ad Hoc with the same catalyst that created the
USDS: the failed launch of HealthCare.gov. Since then, we’ve been
using these plays to help government reform the way it serves users,
who have come to expect more from the digital products and services
they use. Building digital services for government means orienting
and aligning around the user experience, for all audiences and
abilities, and doing so securely, protecting users’ privacy and
data. To the user of digital services, availability and usability
are paramount. Slow, confusing interfaces drive them away and erode
their trust. This essential user-centrism is at the core of
government digital services. It distinguishes them from enterprise
software, where users are expected to have substantial training and
domain knowledge, or conform to confusing
business-processes-as-software. While government had substantial
experience building enterprise software systems prior to 2013, when
HealthCare.gov launched, it didn’t have comparable experience
delivering digital services, such as those users have become
accustomed to in the commercial sector. The challenge of the past
four years has been introducing to government the practices and
processes that set user-centered services up for success. Our
playbook contributes additional detail on how to accomplish this
task…”
What defines CyberWar? What does not.
The
Technicolor Zone of Cyberspace – Part I
The Right Honourable Jeremy Wright’s recent
remarks
at Chatham House on Cyber and International Law in the 21st
Century added a welcome dash of color to the otherwise gray zone of
cyberspace. While full-HD resolution may still be in the offing,
this all-too-rare official pronouncement of opinio juris reinforces
the baseline maxim that existing international law applies to states’
activities in cyberspace and provides some needed clarity on how
certain key provisions of international law govern interstate
relations at and below the threshold of armed conflict.
… As the recently released Command
Vision for US Cyber Command recognizes, the emerging cyber-threat
landscape is marked by adversary states engaging in sustained,
well-constructed campaigns to challenge and weaken western
democracies through actions designed to hover below the threshold of
armed conflict while still achieving strategic effect. And as the
Cyber Command Vision also makes clear, passive, internal cyber
security responses have proved inadequate, ceding strategic
initiative and rewarding bad behavior.
The UK’s position on this is point is now clear:
Both in peacetime and in conflict, states cannot engage in hostile
cyber campaigns free of consequence. “States that are targeted by
hostile cyber operations have the right to respond to those
operations in accordance with the options lawfully available to them
and that in this as in all things, all states are equal before the
law.”
It’s Data Management, not Evidence Destruction!
Guide walks
you through steps to sort and delete sets of Gmail messages
TechRepublic
– Andy Wolber: “You might want to mass delete email from
Gmail for many reasons: To remove non-work-related messages from an
account, to achieve “inbox zero” as part of a personal
productivity effort, or—more mundanely—to reduce the storage
space used by attachments. Some
people pursue #NoEmail—and start to treat email as an ephemeral
communication channel instead of a permanent archive.
Before you start to mass delete items from Gmail, I recommend that
you export your current email data. To do this, use Google Takeout
at https://takeout.google.com.
Choose the “Select None” button, then scroll down the page to
Mail. Move the slider to the right of Mail to “on.” (You may
export just some of your email: Select the down arrow to the left of
the slider, then choose one—or more—Gmail labels to select items
tagged with those labels to export.)…”
Perspective.
Teens,
Social Media & Technology 2018
“Until
recently, Facebook had dominated the social media
landscape among America’s youth – but it is no longer the most
popular online platform among teens, according to a new Pew Research
Center survey. Today, roughly half (51%) of U.S. teens ages 13 to 17
say they use Facebook, notably lower than the shares who use YouTube,
Instagram or Snapchat. This shift in teens’ social media use is
just one example of how the technology landscape for young people has
evolved since the Center’s last
survey of teens and technology use in 2014-2015. Most notably,
smartphone ownership has become a nearly ubiquitous element of teen
life: 95% of teens now report they have a smartphone or access to
one. These mobile connections are in turn fueling more-persistent
online activities: 45% of teens now say they are online on a
near-constant basis. The survey also finds there is no clear
consensus among teens about the effect that social media has on the
lives of young people today. Minorities of teens describe that
effect as mostly positive (31%) or mostly negative (24%), but the
largest share (45%) says that effect has been neither positive nor
negative…”
Perspective.
PwC How
will the global economic order change by 2050?
The
World in 2050 – “This report sets out our latest long-term
global growth projections to 2050 for 32 of the largest economies in
the world, accounting for around 85% of world GDP. Key results of
our analysis (as summarised also in the accompanying video) include:
-
The world economy could more than double in size by 2050, far outstripping population growth, due to continued technology-driven productivity improvements
-
Emerging markets (E7) could grow around twice as fast as advanced economies (G7) on average
-
As a result, six of the seven largest economies in the world are projected to be emerging economies in 2050 led by China (1st), India (2nd) and Indonesia (4th)
-
The US could be down to third place in the global GDP rankings while the EU27’s share of world GDP could fall below 10% by 2050
-
UK could be down to 10th place by 2050, France out of the top 10 and Italy out of the top 20 as they are overtaken by faster growing emerging economies like Mexico, Turkey and Vietnam respectively
-
But emerging economies need to enhance their institutions and their infrastructure significantly if they are to realise their long-term growth potential…”
No comments:
Post a Comment