Friday, June 01, 2018

When your Prevention fails (and it will) you need Detection before you can attempt Correction.
Ticketfly temporarily shuts down to investigate 'cyber incident'
Ticketfly has temporarily shut down after a "cyber incident" (read: hack) compromised its systems. An intruder defaced the company's website around midnight on May 31st with claims that they had compromised the "backstage" database where festivals, promoters and venues manage their events. Billboard sources didn't believe this included credit card data, but the attacker had posted files supposedly linking to info for Ticketfly "members."




It has always been thus.
Margi Murphy Ben Riley-Smith report:
The European Commission has claimed it is not subject to the strict new data protection law that it has imposed across Europe, following an “embarrassing” leak of personal data on its website.
Officials in Brussels admitted the bureaucracy that designed the rules is not itself compliant with the General Data Protection Regulation (GDPR). A spokesman said the European Commission was “taking and will continue to take all the necessary steps to comply”.
Read more on The Telegraph.




I think the history of technology helps put Computer Security and the other subjects I teach in perspective. Given any technology, someone will use it to cheat.
The crooked timber of humanity
Nearly two centuries ago, France was hit by the world’s first cyber-attack. Tom Standage argues that it holds lessons for us today
… The world’s first national data network was constructed in France during the 1790s. It was a mechanical telegraph system, consisting of chains of towers, each of which had a system of movable wooden arms on top. Different configurations of these arms corresponded to letters, numbers and other characters. Operators in each tower would adjust the arms to match the configuration of an adjacent tower, observed through a telescope, causing sequences of characters to ripple along the line. Messages could now be sent much faster than letters, whizzing from one end of France to the other in minutes. The network was reserved for government use but in 1834 two bankers, Fran├žois and Joseph Blanc, devised a way to subvert it to their own ends.
The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements. Some tried using messengers and carrier pigeons, but the Blanc brothers found a way to use the telegraph line instead. They bribed the telegraph operator in the city of Tours to introduce deliberate errors into routine government messages being sent over the network.
The telegraph’s encoding system included a “backspace” symbol that instructed the transcriber to ignore the previous character. The addition of a spurious character indicating the direction of the previous day’s market movement, followed by a backspace, meant the text of the message being sent was unaffected when it was written out for delivery at the end of the line. But this extra character could be seen by another accomplice: a former telegraph operator who observed the telegraph tower outside Bordeaux with a telescope, and then passed on the news to the Blancs. The scam was only uncovered in 1836, when the crooked operator in Tours fell ill and revealed all to a friend, who he hoped would take his place. The Blanc brothers were put on trial, though they could not be convicted because there was no law against misuse of data networks. But the Blancs’ pioneering misuse of the French network qualifies as the world’s first cyber-attack.




For all my students to consider.
The Digital Poorhouse
In May 2018, a new data and privacy law will take effect in the European Union. The product of many years of negotiations, the General Data Protection Regulation is designed to give individuals the right to control their own information. The GDPR enshrines a “right to erasure,” also known as the “right to be forgotten,” as well as the right to transfer one’s personal data among social media companies, cloud storage providers, and others.
The European regulation also creates new protections against algorithms, including the “right to an explanation” of decisions made through automated processing. So when a European credit card issuer denies an application, the applicant will be able to learn the reason for the decision and challenge it. Customers can also invoke a right to human intervention. Companies found in violation are subject to fines rising into the billions of dollars.
Regulation has been moving in the opposite direction in the United States, where no federal legislation protects personal data. The American approach is largely the honor system, supplemented by laws that predate the Internet, such as the Fair Credit Reporting Act of 1970. In contrast to Europe’s Data Protection Authorities, the US Federal Trade Commission has only minimal authority to assess civil penalties against companies for privacy violations or data breaches. The Federal Communications Commission (FCC) recently repealed its net neutrality rules, which were among the few protections relating to digital technology.
These divergent approaches, one regulatory, the other deregulatory, follow the same pattern as antitrust enforcement, which faded in Washington and began flourishing in Brussels during the George W. Bush administration. But there is a convincing case that when it comes to overseeing the use and abuse of algorithms, neither the European nor the American approach has much to offer. Automated decision-making has revolutionized many sectors of the economy and it brings real gains to society. It also threatens privacy, autonomy, democratic practice, and ideals of social equality in ways we are only beginning to appreciate.




Something for my Software Architecture class.
The Ad Hoc Government Digital Services Playbook
The Ad Hoc Government Digital Services Playbook compiles what we’ve learned from four years of delivering digital services for government clients. Our playbook builds on and extends the Digital Services Playbook by the United States Digital Service. The USDS playbook is a valuable set of principles, questions, and checklists for government to consider when building digital services. If followed, the plays make it more likely a digital services project will succeed. Today, we’re publishing the opinions we developed and lessons we learned while implementing the original plays of the USDS playbook. We want to share our knowledge in hopes that other teams can continue to build on the progress we and many other organizations are making in improving government digital services. In 2014, we founded Ad Hoc with the same catalyst that created the USDS: the failed launch of HealthCare.gov. Since then, we’ve been using these plays to help government reform the way it serves users, who have come to expect more from the digital products and services they use. Building digital services for government means orienting and aligning around the user experience, for all audiences and abilities, and doing so securely, protecting users’ privacy and data. To the user of digital services, availability and usability are paramount. Slow, confusing interfaces drive them away and erode their trust. This essential user-centrism is at the core of government digital services. It distinguishes them from enterprise software, where users are expected to have substantial training and domain knowledge, or conform to confusing business-processes-as-software. While government had substantial experience building enterprise software systems prior to 2013, when HealthCare.gov launched, it didn’t have comparable experience delivering digital services, such as those users have become accustomed to in the commercial sector. The challenge of the past four years has been introducing to government the practices and processes that set user-centered services up for success. Our playbook contributes additional detail on how to accomplish this task…”




What defines CyberWar? What does not.
The Technicolor Zone of Cyberspace – Part I
The Right Honourable Jeremy Wright’s recent remarks at Chatham House on Cyber and International Law in the 21st Century added a welcome dash of color to the otherwise gray zone of cyberspace. While full-HD resolution may still be in the offing, this all-too-rare official pronouncement of opinio juris reinforces the baseline maxim that existing international law applies to states’ activities in cyberspace and provides some needed clarity on how certain key provisions of international law govern interstate relations at and below the threshold of armed conflict.
… As the recently released Command Vision for US Cyber Command recognizes, the emerging cyber-threat landscape is marked by adversary states engaging in sustained, well-constructed campaigns to challenge and weaken western democracies through actions designed to hover below the threshold of armed conflict while still achieving strategic effect. And as the Cyber Command Vision also makes clear, passive, internal cyber security responses have proved inadequate, ceding strategic initiative and rewarding bad behavior.
The UK’s position on this is point is now clear: Both in peacetime and in conflict, states cannot engage in hostile cyber campaigns free of consequence. “States that are targeted by hostile cyber operations have the right to respond to those operations in accordance with the options lawfully available to them and that in this as in all things, all states are equal before the law.”




It’s Data Management, not Evidence Destruction!
Guide walks you through steps to sort and delete sets of Gmail messages
TechRepublic – Andy Wolber: “You might want to mass delete email from Gmail for many reasons: To remove non-work-related messages from an account, to achieve “inbox zero” as part of a personal productivity effort, or—more mundanely—to reduce the storage space used by attachments. Some people pursue #NoEmail—and start to treat email as an ephemeral communication channel instead of a permanent archive. Before you start to mass delete items from Gmail, I recommend that you export your current email data. To do this, use Google Takeout at https://takeout.google.com. Choose the “Select None” button, then scroll down the page to Mail. Move the slider to the right of Mail to “on.” (You may export just some of your email: Select the down arrow to the left of the slider, then choose one—or more—Gmail labels to select items tagged with those labels to export.)…”




Perspective.
Teens, Social Media & Technology 2018
Until recently, Facebook had dominated the social media landscape among America’s youth – but it is no longer the most popular online platform among teens, according to a new Pew Research Center survey. Today, roughly half (51%) of U.S. teens ages 13 to 17 say they use Facebook, notably lower than the shares who use YouTube, Instagram or Snapchat. This shift in teens’ social media use is just one example of how the technology landscape for young people has evolved since the Center’s last survey of teens and technology use in 2014-2015. Most notably, smartphone ownership has become a nearly ubiquitous element of teen life: 95% of teens now report they have a smartphone or access to one. These mobile connections are in turn fueling more-persistent online activities: 45% of teens now say they are online on a near-constant basis. The survey also finds there is no clear consensus among teens about the effect that social media has on the lives of young people today. Minorities of teens describe that effect as mostly positive (31%) or mostly negative (24%), but the largest share (45%) says that effect has been neither positive nor negative…”




Perspective.
PwC How will the global economic order change by 2050?
The World in 2050 – “This report sets out our latest long-term global growth projections to 2050 for 32 of the largest economies in the world, accounting for around 85% of world GDP. Key results of our analysis (as summarised also in the accompanying video) include:
  • The world economy could more than double in size by 2050, far outstripping population growth, due to continued technology-driven productivity improvements
  • Emerging markets (E7) could grow around twice as fast as advanced economies (G7) on average
  • As a result, six of the seven largest economies in the world are projected to be emerging economies in 2050 led by China (1st), India (2nd) and Indonesia (4th)
  • The US could be down to third place in the global GDP rankings while the EU27’s share of world GDP could fall below 10% by 2050
  • UK could be down to 10th place by 2050, France out of the top 10 and Italy out of the top 20 as they are overtaken by faster growing emerging economies like Mexico, Turkey and Vietnam respectively
  • But emerging economies need to enhance their institutions and their infrastructure significantly if they are to realise their long-term growth potential…”


No comments: