Saturday, July 07, 2018

See? You can tell when your data was accessed. Why don’t more companies do this?
There is a follow-up to an incident involving exposed Los Angeles County 211 call logs. The misconfiguration had been discovered by UpGuard and was reported in May.
Now the County has submitted its report to the California Attorney General’s Office. It states, in part:
Our investigation determined that the incident was caused by an employee who inadvertently misconfigured the settings during a recent upgrade, which caused a database file to be accessible from the internet. Our investigation also confirmed that the only unauthorized access was by the security firm who initially reported this incident to us, which access took place between March 14 and April 23, 2018. The security firm has assured us that all copies of the data have been destroyed. Based on our investigation to date, we have no evidence of any misuse of your information.
What Information Was Involved
The database contained information related to a call to 211 LA County that included your name and Social Security number, and driver’s license number provided during the course of the phone call.
Interestingly (to me, anyway), they don’t mention whether any medical information was involved, although UpGuard’s report had provided redacted examples of people calling for help getting resources for mental health issues, etc.

For my Computer Security students.
Survey identifies three types of consumer attitudes to data privacy
… A poll of 11,474 consumers commissioned by market intelligence consortium DMA has revealed that 51% are more than happy to hand over their personal data to businesses that can offer a clear benefit in exchange.
The report – Global data privacy: What the consumer really thinks – places these 51% into a category called “data pragmatists,” a group described as those who exchange their data as long as there’s a clear benefit.
Another important demographic is the “data unconcerned” (26%), described by the surveyors as those who do not mind how and why their data is used. The remaining 23% are the so-called “data fundamentalists,” or those who never share their data for any reason.

Perspective. Lots and lots of evil? But, is it enough?
Twitter is sweeping out fake accounts like never before, putting user growth at risk
Twitter has sharply escalated its battle against fake and suspicious accounts, suspending more than 1 million a day in recent months, a major shift to lessen the flow of disinformation on the platform, according to data obtained by The Washington Post.
The rate of account suspensions, which Twitter confirmed to The Post, has more than doubled since October, when the company revealed under congressional pressure how Russia used fake accounts to interfere in the U.S. presidential election. Twitter suspended more than 70 million accounts in May and June, and the pace has continued in July, according to the data.
… But Twitter’s increased suspensions also throw into question its estimate that fewer than 5 percent of its active users are fake or involved in spam, and that fewer than 8.5 percent use automation tools that characterize the accounts as bots. (A fake account can also be one that engages in malicious behavior and is operated by a real person. Many legitimate accounts are bots, such as to report weather or seismic activity.)

Perspective. Because my students are interested.
Long Road Ahead: The Promise — and Perils — of Self-driving Cars
Listen to the podcast:
Wharton management professor John Paul MacDuffie describes the state of play – and the future – of the self-driving car industry.

For the student resource toolkit.

No comments: