Does this mean we have a working
definition of “An Act of CyberWar?” Where do we draw the line?
If some kids tries to access the Pentagon's servers, mistakenly
searching for “World of Warcraft” tips, will the NSA fry his
computer? (Or send a drone over with a missile?)
"Congress has recently
authorized
the use of offensive military action in cyberspace. From the
December 12th conference on the National Defense Authorization Act,
it states,
'Congress
affirms that the Department of Defense has the capability, and upon
direction by the President may conduct offensive operations in
cyberspace to defend our Nation, Allies and interests, subject to:
(1) the policy principles and legal regimes that the Department
follows for kinetic capabilities, including the law of armed
conflict; and (2) the War Powers Resolution.'
According to the FAS, 'Debate
continues on whether using the War Powers Resolution is effective as
a means of assuring congressional participation in decisions that
might get the United States involved in a significant military
conflict.'"
Everyone has an opinion. (and a list)
The
six worst data breaches of 2011
December 24, 2011 by admin
If you’re looking for the biggest
breaches of the year in terms of numbers affected, you can find them
over on DataLossDB.org or in others’ reviews. Certainly there were
some really big breaches this year, but those were not necessarily
the worst, in my opinion. So here’s my short list of the year’s
worst breaches involving personally identifiable information. In
chronological order:
1. The HBGary Federal hack.
I don’t claim to
be a security expert, but if you’re making the claim, then having
your server successfully attacked and all
your professional correspondence exposed on the web should be
seriously embarrassing. Not only should HBGary Federal have been
embarrassed, but the February attack also exposed – and brought
into negative public light – a well-known
law firm. From a public relations standpoint, this breach was an
in-your-face and up-your-left nostril attack that should have put
everyone on notice that both data security and the collective known
as Anonymous needed to be taken more seriously. In terms of
immediate impact, after the firm’s emails became public, the
Chamber of Commerce and Bank of America cut all ties with HBGary.
Two other firms that had collaborated with them – Berico
Technologies and Palantir – also cut ties with them. By the end of
the year, however, HBGary CEO Gary Hoglund said that the breach had
actually helped
their business. Good for them, but not so good for others,
perhaps?
2. Texas Comptroller’s Office
web exposure incident.
In April, Texas
Comptroller Susan Combs reported that the personal
information of 3.5 million people had been accidentally disclosed on
the web for quite a while – including Social Security numbers,
dates of birth and other personal information. No hack necessary to
get a goldmine of information for identity theft. Talk about
shooting yourself in the foot…
3. The Arizona Department of
Public Safety hack.
A hack by LulzSec
in June also makes my list of worst breaches of the year. In a
politically
motivated attack that presaged other “AntiSec” or political
attacks, the hackers released personal information on members of
Arizona law enforcement and their families. For the rest of the
year, releasing personal information on employees and their families
became almost routine, despite the fact that the hackers occasionally
recognized that calling the exposure of innocent uninvolved people
“collateral damage” was not particularly acceptable to many
members of the public.
4. The stolen SAIC/TRICARE
backup tapes.
There were some
massive health care sector breaches this year, but the SAIC
breach was particularly bad for a few reasons. Unencrypted
backup tapes with medical data on 5.1 million members of the military
and their dependents were left
in an employee’s car for 8 hours and were stolen. This was not
the first time SAIC had unencrypted backup tapes stolen. In fact, it
was the second time since 2010. Despite that and other breaches they
have had in recent years, they continue to get huge government
contracts. Members of Congress have now asked
why.
5. Insurance Corporation of
British Columbia insider breach.
There’s a lot we
don’t know about this
breach as yet, but it seems that an employee of the insurance
company accessed and then disclosed information on 13 people who were
later either shot at or were the victims of arson. Scarily, the
employee also accessed information on 52 other people. Will they
become victims, too? The RCMP are investigating, but this appears to
be one of those breaches where there can be real and serious harm
that has nothing to do with ID theft.
6. Hemmelig.com hack.
Hackers downloaded
the entire database of over 26,000 users of Hemmelig.com, a
Norwegian site that includes the sex trade. The downloaded material,
which includes images and very personal messages, was dumped on the
web. It seems only a matter of time before we start seeing
embarrassing revelations about public figures as well as private
citizens.
So that’s my short list. Did I leave
out your candidate for worst of the year? If so, what was it?
This is going to be really popular!
“Would you like some candy, little girl?”
"What do you do when you spend
over a billion dollars on products targeted specifically for adults?
Simple, just put a device on your pudding dispensing vending machines
that scans faces, and denies the delicious food to the kiddies. The
Minority Report-like device will apparently judge the
age of the individual based on the space between their eyes and ears.
If the criteria is not met, the vending machine will shut down and
ask the individual to step away from the machine. There are some
vending machine combos that this makes sense for, but seriously —
pudding?"
[From the Comments:
The Japanese Cigarette vending machines with facial recognition were
pulled, when they discovered that holding up a scale photo or
magazine picture would pass the age check.
Clearly, DA's need guidance and not
just about clinging to antediluvian technologies. Perhaps a paper
explaining things like the Streisand Effect, Social Networks that
don't toss their customers under the bus, etc. We already have
plenty of truly bad examples...
Twitter
gets subpoena for account info related to OccupyBoston, notifies
users
December 23, 2011 by Dissent
This is getting ridiculous. Really.
Twitter received an administrative
subpoena via fax [Patented 1843 Bob] on
December 14 from the District Attorney of Suffolk County,
Massachusetts. The subpoena
indicates that pursuant to a criminal investigation by the Suffolk
County D.A.’s office and the Boston Police Department, Twitter is
to provide, within 14 days,
All available
subscriber information, for the account or accounts associated with
the following information, including IP address logs for account
creation and for the period December 8, 2011 – December 13, 2011:
Guido
Fawkes
@p0isAn0N
@OccupyBoston
#BostonPD
#d0xcak3
@p0isAn0N
@OccupyBoston
#BostonPD
#d0xcak3
Yes, you read that correctly. The
D.A.’s office is seemingly seeking account information associated
with hashtags.
And yes, the account for Occupy Boston
is @Occupy_Boston and not @OccupyBoston.
And yes, there are over 30 “Guido
Fawkes” accounts on Twitter. Is the D.A. demanding non-content
account information on all of them?
If ADA Benjamin Goldberger and Sgt.
Detective Joseph Dahlbeck get a lot of ridicule, they may want to
consider whether they did their homework before issuing the subpoena.
Unlike the DOJ/Twitter Order, which
barred Twitter from notifying users of the order for their
non-content data, the D.A.’s subpoena asks Twitter not to
disclose the subpoena to users to protect the “confidentiality and
integrity of the ongoing criminal investigation.” Twitter notified
the users, however, and the Twitterverse is lighting
up with protests over what appears to be an attempt to invade the
privacy of users who engaged in protected political speech.
As to the stern caution on the cover
page of the fax that dissemination, distribution, or copying of the
contents of the fax is “strictly prohibited,” well, suffice to
say that copies of the subpoena are already posted on a few sites.
When will law enforcement learn that if
tries to go after Twitter users’ information, Twitter will do what
it can to notify users, and once it has done so, the situation will
be broadly disseminated and discussed?
You can keep up with some of the
developments on http://privacysos.org/blog
and on Twitter, of course. And of course, I’ll be watching this
matter, too, and wondering again why Twitter doesn’t make itself
less useful to law enforcement by rolling over IP logs after 24
hours.
(Related) Obviously, you can find
experts to help you use technology...
"Brandon Rittiman reports that
White House officials launched
a Twitter campaign Tuesday to put pressure on Congress to reach a
deal extending the payroll-tax cut. Using the Twitter hashtag
#40dollars, the White House successfully
got thousands of people to respond and explain what a $40 cut to
each paycheck would mean to them personally. By Wednesday morning,
the #40dollars hashtag started 'trending,' which is what happens when
Twitter's algorithms see a topic suddenly surge. It's not easy to
create that kind of surge, but the White House
has 2.5 million Twitter followers to call upon.
Macon Phillips,
the President's Director of Digital Strategy, says his team has
managed to get a few Twitter topics to rise to the level of
'trending' before — most notably when they began tweeting about the
death of Osama bin Laden. 'What's very important about a
social-media campaign like this is that regular people are making the
point about how this would affect them. It's not us here in
Washington trying to argue on their behalf.' says Phillips. 'The
#40dollars campaign puts a face on that amount to demonstrate the
payroll tax cut's real-world impact on middle-class families.'"
(Related) Can Facebook predict the
nominees/winners?
Ron
Paul Is The Second Most Popular Republican Candidate On Facebook (And
He’s Gaining)
… Paul
currently has 655,000 fans, half of Romney’s
1.23 million, and a fraction of Obama’s
24.3 million, but he’s well ahead of third-place primary candidate
Michele
Bachmann. Meanwhile, Newt
Gingrich, who has appeared at many points in recent weeks to be
Romney’s main Republican challenger, has had pretty minimal growth.
Very interesting idea. Will this catch
on?
Volkswagen
Blocks BlackBerry Use When Most People Use BlackBerries
The company has worked out a deal with
unionized workers at its German sites to throttle their post-work
BlackBerry use. VW is going to turn off messaging for these workers
a half-hour after the workday ends, and flip the switch back on a
half-hour before the next workday starts.
… The idea is to keep employees
from feeling chained to their smartphones, and to send a message to
bosses that it’s not reasonable to expect employees to be reachable
at night, according to the Allgemeine Zeitung.
The article seems to suggest that
technology was not the only or even the main driver of the choice –
imagine that!
Berkeley
Explains Why Google Trumps Microsoft
… Berkeley plumped for Gmail and
Google Calendar in part because they’re cheap — Google offers its
Apps to schools and colleges for free — but the university looked
at far more than just price. This week, it laid out a detailed
comparison of Google and Microsoft on its public website.
Useful when collaborating on documents?
Mergely is a useful online tool which
can helps users merge text documents and highlight changes made to
existing documents. To use the service, all you have to do is paste
the original document into the left column and enter the edited
version in the right hand corner. The changes which are not present
in the revised document will be highlighted and shown in the original
document.
Once done, you can save the document
and the service will generate a share URL which can be used to send
the document to any friend or colleague. If you want, you can even
upload documents from your PC and compare them in seconds.