“Eventually”
is a major failure in a highly regulated environment. No one logged
the changes? (Or noticed that logging had been turned off?)
Anatomy
Of A Brokerage IT Meltdown
October 8, 2012 by admin
Regulators last year issued the
SEC’s first-ever privacy fine against broker-dealer GunnAllen for
failing to protect customer data. But former IT
staffers say regulators didn’t seem to know half of this cautionary
tale of outsourcing and oversight gone wrong.
Mathew J. Schwartz adds some
mind-boggling details to the case:
Dan Saccavino, a
former Revere Group employee who at the time served at GunnAllen as
the IT manager in charge of the help desk, laptops, and desktops,
says he and another network engineer eventually
pinpointed the cause of the slowdown: A senior network engineer had
disabled the company’s WatchGuard firewalls and routed
all of the broker-dealer’s IP traffic–including trades and VoIP
calls–through his home cable modem. As a result, none
of the company’s trades, emails, or phone calls were being
archived, in violation of Securities and Exchange Commission
regulations.
Despite the fact
that at least five people at The Revere Group knew about the
engineer’s action, it’s unclear whether it was reported at the
time to GunnAllen or regulators. The SEC didn’t reference the
incident in a subsequent announcement about a settlement with
GunnAllen for unrelated privacy and data security violations, and
interviews with former Revere Group employees reveal that regulators
may have known about only a fraction of the data security failures at
the firm.
Read more on InformationWeek.
There was just so much wrong, and it’s not clear whether
government regulators did a thorough enough job in a timely fashion
that might have better protected consumers.
It's
easy when everyone wants this game...
If you happened to get in on the Bad
Piggies action recently, let’s hope you didn’t accidentally
download and install the fake version in the Google Chrome Web Store.
It turns out over 80,000 Chrome users are now being affected by the
adware, which installs a plug-in that displays advertisements when
you visit popular websites.
Not only does the plug-in introduce you
to a handful of pesky advertisements, but once you give the app
permission to “access your data on all websites”, the plug-in can
be used to steal personal information like email addresses and credit
card information.
...or you will never talk online again!
Bwaa ha ha
Skype has
warned users to update to the latest version of the VoIP and video
calling app, as well as to check their computer security settings,
after a fast-spreading worm was spotted targeting the software. The
worm, “Dorkbot,” is being distributed via masked links sent out
via Skype’s instant messaging system, Trend
Micro reports, co-opting the PC into a botnet and eventually
demanding $200 from users in order to unlock their files else see
them permanently deleted.
For
my Ethical Hackers...
"New
privacy threats have been uncovered by security researchers that
could allow every device operating on 3G networks to be tracked. The
vulnerabilities could be exploited with cheap commercial
off-the-shelf technology to reveal the location of phones and other
3G-capable devices operating on all 3G compliant networks. It was
similar, but different, to previous research that demonstrated how
attackers
could redirect a victim's outgoing traffic to different networks."
Making
ubiquitous surveillance a fad or a fashon statement...
New
Lark Bracelet Wants to Track Your Whole Life
If you’ve been to an Apple Store
lately, you’ve likely seen the Lark, a sleep-tracking bracelet with
a vibrating alarm. On Monday, the company announced a new bracelet,
the Larklife,
designed to track your entire day. The
larklife will clock how long you sleep, what you eat, and when and
how much you exercise, then use that data to help you make better
decisions about your health.
The Ammunition
Group-designed bracelet has a center core with a three-axis
accelerometer to track movement and flashing lights that provide
instant feedback, and an associated app to give you a deeper dive
into your data. Swappable wristbands — a sweat-proof one for
daytime use and another softer band for the night — provide power
to the core, and charge when not in use. While the accelerometer
tracks movement and sleep, you can add in meals either via the
smartphone app, or simply by tapping the bracelet’s core. It
communicates all that to an iOS app via Bluetooth. Lark CEO Julia Hu
told Wired that the bracelet is designed to make tracking easy and
attainable for people who aren’t elite athletes or
quantified-selfers.
“Well
yeah, it was private, but I changed my mind.”
Internet
privacy group takes on former delegate’s case
October 8, 2012 by Dissent
Frank Green reports:
Former state Del.
Phillip A. Hamilton has an ally in his appeal of bribery and
extortion convictions that were in part the result of emails sent to
his wife on his employer’s computer.
The Electronic
Privacy Information Center has filed a brief arguing that U.S.
District Judge Henry E. Hudson erred last year in allowing the
incriminating – but personal – emails to be used against
Hamilton.
Alan Butler, a
lawyer with the center, says Hudson’s ruling is
unprecedented and means a reasonable expectation that an email on a
workplace computer is private can be lost if a contrary policy is
later enacted, as happened in Hamilton’s case.
Read more on Richmond
Times-Dispatch.
A possible future seminar topic?
Big
Brother invades our classrooms
October 8, 2012 by Dissent
Over on Salon,
David Rosen has a lengthy article detailing the expansion of student
surveillance in the U.S. A lot of it is what I’ve been blogging
about for the past few years, but if you’re new to this blog, he
provides a good recap of what’s going on in various states and why.
Disappointingly – and despite one
assertion he makes – parents are generally NOT up in arms over
these privacy-invasive techniques. Why not? And why is there no
research on the psychological and health impacts of the constant
surveillance?
(Related)
Continuous
computerized surveillance has negative effects
October 8, 2012 by Dissent
To understand the
effects of continuous computerized surveillance on individuals, a
Finnish research group instrumented ten Finnish households with video
cameras, microphones, and logging software for personal computers,
wireless networks, smartphones, TVs, and DVDs. The twelve
participants filled monthly questionnaires to report on stress levels
and were interviewed at six and twelve months. The study was carried
out by Helsinki Institute for Information Technology HIIT, a joint
research institute of Aalto University and the University of
Helsinki, Finland.
The results expose
a range of negative changes in experience and behavior. To all
except one participant, the surveillance system proved to be a cause
of annoyance, concern, anxiety,
and even anger. However, surveillance did not cause mental health
issues comparable in severity to depression
or alcoholism, when measured with a standardized scale.
Nevertheless, one household dropped out of the study at six months,
citing that the breach of privacy and anonymity had grown unbearable.
Read more on news-medical.net
And where is the research on the
effects of constant surveillance of students via CCTVs in schools and
RFID tags? What impact will such surveillance have on them?
“It's
not about education. It's about getting a larger share of taxpayer
dollars!”
Ohio
Auditor: State Needs Access To Student IDs
October 8, 2012 by Dissent
Associated Press reports:
Auditor Dave Yost
told state education leaders Monday that an Ohio law blocking the
state from accessing students’ personal information is hampering
district tracking efforts and wasting money.
Under a state law
aimed at protecting children’s privacy, the Ohio Department of
Education must keep track of nearly 1.9 million public school
students across the state without names, addresses or Social Security
numbers.
Yost’s office is
in the midst of a statewide investigation into potential attendance
tampering by Ohio school districts, and he said auditors
are finding the arrangement unwieldy. [I can't tell you how many
times I heard the phrase: “We're not in business to make the
auditors job easy!” Bob]
Read more on NBC.
So if protecting students’ privacy is
time-consuming and costly, let’s just do away with that, huh? What
about the increased risks of privacy and security breaches if the
data are so easily identifiable?
And so it begins… massive databases
that states have access to and that can be linked to other databases.
Protecting privacy can be costly. Not
protecting it can be even more costly.
Hard to justify, but would less
sensitive topics (beating his dog?) have resulted in disciplinary
action?
Nursing
Prof Says His Kiddie Sex Fantasies Were Private
October 9, 2012 by Dissent
David Lee reports:
A former nursing
professor claims in court that the Texas Board of Nursing unfairly
disciplined him for accidentally posting on the Internet a long web
chat about “fantasies of sexual contact with minors.”
Rodney Wayne
Hicks, of Rancho Cucamonga, Calif., sued the Texas Board of Nursing,
its Executive Director Katherine Thomas and President Kristen Benton
in Travis County Court.
Read more on Courthouse
News.
So…. can a board
discipline a professional for thoughts? What if those thoughts are
accidentally publicly revealed? This will be an
interesting case to follow.
[From the article:
Hicks claims he slipped up because of
unfamiliarity with the WebEx video-capture software that he used to
create the tutorial for eLOGS.
"As a result, unbeknownst to Dr.
Hicks, WebEx continued recording his computer screen
activity for over six hours," the complaint states.
"During that time, Dr. Hicks engaged in a sexually oriented
fantasy chat in a private Internet chat room that encompassed various
explicit and taboo topics. These topics include fantasies of sexual
contact with minors, of sexual activity in the presence of minors,
and other unorthodox sexual activity."
“Do not track” means “Do not tell
them we track?”
IAB:
default “do not track” limits consumer choice, will not penalize
companies that ignore it
October 9, 2012 by Dissent
A press release from IAB:
The Interactive
Advertising Bureau (IAB) is issuing its full support for the Digital
Advertising Alliance’s (DAA) position against machine-driven
“do-not-track” (DNT) browser standards, because
they restrict consumer control and freedom of choice. The
announcement comes on the heels of a just-released DAA statement
opposing the DNT settings automatically imposed on consumers by the
Microsoft Internet Explorer version 10 (IE10) browser.
The DAA’s
statement addresses publishers’ concerns about what will happen if
they do not honor IE10-imposed DNT flags. DAA, the digital
advertising industry’s self-regulatory body, does
not require companies to honor DNT signals fixed by
browser manufacturers and set by them in browsers.
Specifically, it
is not a DAA principle or in any way a requirement under the DAA
standards to honor a DNT signal that is automatically set in IE10 or
any other browser. The Council of Better Business Bureaus (CBBB)
will not sanction or penalize companies that ignore the default
settings on IE10 or other browsers and intermediaries. In contrast,
the DAA and CBBB will continue to impose disciplinary measures on
companies that violate legitimate consumer choices under the
“AdChoices” self-regulation program.
In a report issued
last week, researchers from the Harvard Business School determined
that the ad-supported internet ecosystem was responsible for 5.1
million jobs and contributed $530 billion to the U.S. economy in 2011
alone.
So they’re saying that they’ll only
self-regulate if the default isn’t to protect against tracking. I
see. Why is it “freedom of choice” to have the default be
tracking, but not to be no tracking?
Again, this is why we need federal
regulations protecting consumers.
(Related)
Article:
Privacy and Modern Advertising: Most US Internet Users Want ‘Do Not
Track’ to Stop Collection of Data about their Online Activities
October 9, 2012 by Dissent
Chris Hoofnagle, Jennifer Urban, and Su
Li presented a paper at the Amsterdam Privacy Conference this week
and have made it available on SSRN.
Here’s the abstract:
Most Americans
have not heard of ‘Do Not Track,’ a proposal to allow Internet
users to exercise more control over online advertising. However,
when probed, most prefer that Do Not Track block advertisers from
collecting data about their online activities. This is a much more
privacy-protective approach for Do Not Track than what has been
proposed by the advertising industry.
In previous
studies, we have found that Americans think they are
protected by strong online privacy laws. Here, we probed
beliefs about tracking on medical websites and ‘free’ websites,
with most not able to answer true/false questions correctly about
tracking. This result brings into question notice-and-choice models
that depend on consumer understanding of the terms for their
legitimacy.
We also probed
Internet users’ attitudes towards advertising. Most Internet users
say that they do not find utility in online advertising, with half
claiming that they never click on ads.
Advertisers and
consumers are at an impasse on privacy. Advertisers
seem to be seeking a kind of total information awareness for
behavioral advertising, and have proposed self-regulatory
guidelines with little bite. At the same time, both our survey
evidence and media reports show consumer opposition to tracking.
Do Not Track has
emerged from the current skirmish between consumers and advertisers,
but it is a relatively modest intervention that does little to shift
the underlying incentives that have driven increasing tracking and
aggregation of information about consumers. It is foreseeable that
regardless of the form Do Not Track takes, websites will simply
require consumers to disable it in order to access content. A
fundamental change in incentives may be necessary to relieve this
impasse and find an approach for advertising that is not so dependent
upon third-party tracking and aggregation of information, both online
and off.
You can download the full article from
SSRN.
I
wonder if they counted cutting off Michelle Obama's speech as a
“strike?”
Copyright
Scofflaws Beware: ISPs to Begin Monitoring Illicit File Sharing
The nation’s major internet service
providers by year’s end will institute a so-called six-strikes
plan, the “Copyright Alert System” initiative backed by the Obama
administration and pushed by Hollywood and the major record labels to
disrupt and possibly terminate internet access for online copyright
scofflaws.
The plan, now four years in the making,
includes participation by AT&T, Cablevision Systems, Comcast,
Time Warner Cable and Verizon. After four offenses, the historic
plan calls for these residential internet providers to initiate
so-called “mitigation
measures” (.pdf) that might include reducing internet speeds
and redirecting a subscriber’s service to an “educational”
landing page about infringement.
The internet companies may eliminate
service altogether for repeat file-sharing offenders, although the
plan does not directly call for such drastic action.
What
controls the sale of Apps?
October 07, 2012
App
Law within: Rights and Regulation in the Smartphone Age
Mac Sithigh, Daithi, App Law within:
Rights and Regulation in the Smartphone Age (September 2012).
Edinburgh School of Law Research Paper No. 2012/22. Available
at SSRN.
- "This paper assesses the regulation of smartphone 'app stores.' At the outset, the adoption of smartphones and apps is noted, alongside the ways in which scholars and journalists have used these markets as the basis for the discussion of legal and economic issues. The importance (commercially and as a study in governance and control) of the iOS App Store (Apple) is highlighted. Part 2 deals with the relationship between Apple and app developers; three themes of Apple’s Guidelines are identified (content, development and payments), and the ways in which control can be challenged (through jailbreaking, ‘web apps’ and regulatory intervention) are scrutinised. Part 3 considers three ways in which apps are already regulated by law: the protection of consumers (particularly through the UK system for 'premium rate services'), user privacy, and (in brief) the regulation of video games and video-on-demand services in Europe. Finally, in part 4, the tension between comparatively 'open and 'closed' app stores is highlighted; the problems of applying general provisions to emerging formats are emphasised. It is concluded that the emerging status of non-carrier app stores as neither retailer nor platform means that it is not yet possible to identify the form of regulation that is in operation, but that some steps are available to legislators that could shift the balance between closed and open models."
Does
this have implications for other “sharing” like Copyrighted data?
Child
Porn in P2P Share Folder Is Smut Distribution, Appeals Court Says
A federal appeals court ruled that
peer-to-peer file sharers can be prosecuted for distributing child
pornography by having the illicit files in their open share folders.
That was the ruling by the nation’s
largest federal appeals court, the 9th U.S. Circuit Court of Appeals.
“Following the First, Eighth,
and Tenth Circuits, we hold that the evidence is sufficient to
support a conviction for distribution,” a unanimous three-judge
panel of the San Francisco-based appeals court ruled
for the first time Friday. (.pdf)
California defendant Max Budziak
maintained that he believed he disabled the share
folder in 2007, before the FBI detected child porn on his
computer and downloaded it using the bureau’s “EP2P” program.
Budziak was also prosecuted for possession, which he did not
challenge on appeal.
The defendant, who had used the
now-defunct
program LimeWire, claimed that the federal judge presiding over
the trial erred when the court failed to instruct the jury that
distribution required a jury to find that Budziak took “affirmative
steps” to send child pornography to another person. It was an
assertion the appeals court did not buy.
Because of the open nature of
peer-to-peer file sharing, IP addresses of users are exposed, and
easily traced to their owners if they are not using a virtual
private network, on an open public Wi-Fi connection or TOR.
This
should be enough for my Statistics students...
October 08, 2012
New
on LLRX.com - Statistics Resources and Big Data on the Internet
Via LLRX.com:
Statistics
Resources and Big Data on the Internet - Marcus P. Zillman has
compiled a best practices bibliography of sites and reliable sources
focused on the hot topic of statistics and big data. These sources
are representative of multiple publishers, national and global -
government, academia, NGOs, and industry, many of which leverage open
source and collaborative applications.
For
my Website class...
"Apple, Adobe, Google, HP,
Microsoft and many others have joined
forces and launched a new resource – the Web Platform in a bid
to create a 'definitive resource' for all open Web technologies. The
companies have come together to provide developers with a single
source of all the latest information about HTML5, CSS3, WebGL, SVG
and other Web standards. The platform will also offer tips and best
practices on web development as well as web technologies. 'We are an
open community of developers building resources for a better web,
regardless of brand, browser or platform,' notes
the WebPlatform site."
Handy for students and teachers...
Text
2 Mind Map offers a great way to turn your typed outlines into
mind maps. To create a mind map on Text
2 Mind Map type out an outline in the
text box. After typing your outline click "draw mind map"
to have your mind map created for you. If after creating your mind
map you need to add more elements to just add them into your outline
and click "draw mind map" again. Your mind
map can be downloaded as a PDF or PNG file. The mind maps
that you create on Text 2 Mind Map can also be shared via email,
Facebook, or Twitter.
For
my Computer Security class. Did you make any of these mistakes?
Infographic:
How Safe is Your Pin?
No comments:
Post a Comment