Well golly gee willikers, we were never hacked before!
Equifax
data breach FAQ: What happened, who was affected, what was the
impact?
We
spent a good amount of time in the cybersecurity forum today talking
about the Equifax breach. Here’s a summary of some of their key
failures, reported by Josh Fruhlinger and based on A U.S.
General Accounting Office’s report,
and an in-depth
analysis from Bloomberg
Businessweek.
Here
are just two of the findings, as reported by Fruhlinger:
- The attackers were able to move from the web portal to other servers because the systems weren’t adequately segmented from one another, and they were able to find usernames and passwords stored in plain text that then allowed them to access still further systems.
- The attackers pulled data out of the network in encrypted form undetected for months because Experian had crucially failed to renew an encryption certificate on one of their internal security tools.
Not always after the new or one of a kind
technologies, just the tools to make China less dependent on outside
firms.
Building
China's Comac C919 airplane involved a lot of hacking, report says
The aim of this hacking operation was to acquire
intellectual property to narrow China's technological gap in the
aviation industry, and especially to help Comac, a Chinese
state-owned aerospace manufacturer, build its own airliner, the C919
airplane, to compete with industry rivals like Airbus and Boeing.
A Crowdstrike report published today shows how
this coordinated multi-year hacking campaign systematically went
after the foreign companies that supplied components for the C919
airplane.
The end goal, Crowdstrike claims, was to acquire
the needed intellectual property to manufacture all of the C919's
components inside China.
The opposite of bribes for admission? Could
“gaming” social media even get you a scholarship?
Student
tracking, secret scores: How college admissions offices rank
prospects before they apply
To learn more about prospective students,
admissions officers at the University of Wisconsin-Stout turned to a
little-known but increasingly common practice: They installed
tracking software on their school website.
When one student visited the site last year, the
software automatically recognized who she was based on a piece of
code, called a cookie, which it had placed on her computer during a
prior visit. The software sent an alert to the school’s assistant
director of admissions containing the student’s name, contact
information and details about her life and activities on the site,
according to internal university records reviewed by The Washington
Post. The email said she was a graduating high school senior in
Little Chute, Wis., of Mexican descent who had applied to UW-Stout.
The admissions officer also received a link to a
private profile of the student, listing all 27 pages she had viewed
on the school’s website and how long she spent on each one. A map
on this page showed her geographical location, and an “affinity
index” estimated her level of interest in attending the school.
Her score of 91 out of 100 predicted she was highly likely to accept
an admission offer from UW-Stout, the records showed.
Learn.
Webinar
Invitation – CCPA Draft Regulations: What You Need to Know
Please join Hogan Lovells on October 17 for a
discussion of the much-anticipated proposed California Consumer
Privacy Act (CCPA) regulations released recently by the California
Attorney General.
While the proposed regulations may change,
including based on public input, they provide valuable signals of how
the California Attorney General may ultimately approach a wide array
of CCPA requirements.
Thursday,
October 17, 2019 Time:
9:00
PST, 12:00 EST
The UN as a tool of global politics.
Cyber
Governance Issues Take on High-Profile Status at the UN
If this year’s General Assembly at the United
Nations is any indication, then the next two years are going to be
absolutely fundamental to the future development of cyberspace. On
one hand, there are nations such as Russia and China that are pushing
their own view of “state sovereignty” for cyberspace. And, on
the other hand, there is the United States and its allies that are
pushing for a “free, open and secure” cyberspace. While there is
some overlap between these two competing visions of the future of
cyber governance, there are some important distinctions.
“Those who do not study history are doomed to
repeat it.”
Santayana
“Each new technology must relearn the lessons every
earlier technology had to learn.” Bob
AI
development has major security, privacy and ethical blind spots
Security is the most serious blind spot. Nearly
three-quarters (73 per cent) of respondents indicated they don’t
check for security vulnerabilities during model building. More than
half (59 per cent) of organizations also don’t consider fairness,
bias or ethical issues during ML development.
Privacy is similarly neglected, with only 35 per
cent checking for issues during model building and deployment.
(Related) Have a nice flight!
Almost All
Systems Used in Aviation Are Vulnerable to Attack, Researchers Say
… Researchers have outlined how attackers can
compromise almost every element and system used in aviation.
Access Control Systems
Building Management Systems
HVAC
Check-in desks
Baggage
Flight Displays and CCTV
Airport WiFi
“Here’s
looking at you very intently, kid.”
Starting
December 1st, China’s new MLPS 2.0 cybersecurity laws will require
submission of a facial scan to receive internet access
China’s
new MLPS (Multi-level Protection of Information Security) 2.0
cybersecurity laws goes into full effect on December 1st, 2019 and
will see all internet service providers (ISPs) and mobile data
providers requiring facial
scans to
sign up for new service. This means every new mobile phone number
assigned in China will be associated with a facial scan. On top of
this, the new rules by the Chinese Ministry of Public Security
mandate that all data on Chinese networks and systems be available
for the Chinese government to sift through at will – and by default
through the use of big data techniques. The government emphasized
that the new law is meant to help the populace, not suppress it
further.
Would
you like my Blog?
How
to stop Facebook from stealing your data after you die
The
Next Web –
“Inevitably,
one day you’re going to die. While you may think your online
identity will go to the grave with you, that’s not always how it
works out. Without setting your account to self-implode or handing
your login details to a trusted person, companies like Facebook and
Google will carry on storing your data and everything else they’ve
got on you. Facebook gives you multiple options for what you can do
with your profile once you die. One thing you can do is select
someone from your friends list to manage your account once you die.
Another thing you can do is set a switch to automatically delete your
account — but Facebook doesn’t exactly know when you’ve died,
so let us explain…”
Some
interesting questions.
A
Guide to the Big Ideas and Debates in Corporate Governance
Corporate
governance has become a topic of broad public interest as the power
of institutional investors has increased and the impact of
corporations on society has grown. Yet ideas about how corporations
should be governed vary widely. People disagree, for example, on
such basic matters as the purpose of the corporation, the role of
corporate boards of directors, the rights of shareholders, and the
proper way to measure corporate performance.
Available at my local library.
Why
Technologists Fail to Think of Moderation as a Virtue and Other
Stories About AI
… With so many authors, Possible Minds
covers lots of ground. Its main themes revolve around
zeitgeist-level concerns with how narrow AI (which performs well in
discrete tasks) is shaping society now and how artificial general
intelligence (which can learn across domains and think for itself)
might shape it in the future.
Perspective. When we say Big Data, we mean more
data than you can imagine.
Zipping
Past the Zettabyte Era: What’s Next for the Internet?
In 2016 the world reached a digital milestone: One
zettabyte of internet traffic.
… So
what’s a zettabyte? Easy! It’s one trillion gigabytes or
1,000,000,000,000,000,000,000 bytes.
It
took a while to reach this mark — large-scale commercial use of the
internet didn’t start until the 1980s and it took a decade more for
consumer applications to catch up. The widespread adoption of mobile
phones and wireless broadband networks increased the pace of
information creation, and in 2016 the world finally crossed the
one-zettabyte threshold, heralding a new era for (very) big data.
But
as noted by IT
Pro Portal,
we didn’t stop there: Current predictions suggest that by 2022
there will be more than 12 billion connected devices worldwide
generating 4.8 zettabytes of data per year. And that’s just for
starters — according to a recent IDC
report,
the “global datasphere” will grow to 175
zettabytes by
2025. While that number seems absurd on paper, it makes sense in
context: The development of 5G mobile networks, fiber optic
connections, peer-to-peer
internet connections and
the uptick in mobile device use has conspired to create a massive
data deluge.
… According
to Tech
Republic,
experts anticipate that by 2022 there will be 4.8 billion internet
users worldwide on 28.5 billion devices accessing the internet at
75.4 mbps on average with 82% of all traffic used to view or create
videos. The result? The
zettabyte era is almost over.
The new future of the internet? Yottabytes.
So
what’s a yottabyte? It’s
1,000,000,000,000,000,000,000,00 bytes or 1,000
zettabytes
No comments:
Post a Comment