What
is it with banks not wanting to get rid of their 1950's technology?
Moving data from a seucre location electronically and fully encrypted
is faster, cheaper, and unlikely to be stolen from an employees car.
VSECU
notifies consumers of missing backup tapes
October 24, 2012 by admin
TD Bank isn’t the only financial
sector entity dealing with missing backup tapes these days.
Vermont-based VSECU sent out notification letters
yesterday after two unencrypted
backup tapes created on August 27th were discovered missing on
September 10.
The tapes contained names, addresses,
Social Security numbers, driver’s license numbers, financial
account information, and transaction records.
The credit union does not think the
tapes were stolen. They believe they may have been accidentally
discarded and wound up in a landfill.
There’s no explanation as to why the
tapes were unencrypted.
You can read their notification letter
here.
Perspective.
Cybercrime:
Mobile Changes Everything — And No One’s Safe
The FBI recently put out a mobile
malware alert,
providing us with a sobering reminder of this “evil software” for
phones and tablets. In this particular case, the FBI was warning
against the Finfisher
and Loofzon malware, which spies on our data and leaks GPS
positions to track our movements. While these
threats appear to have been developed for government surveillance
purposes, they can of course be
used by any organization.
And therein lies the problem. Mobile
malware affects all of us.
Unfortunately, the advice the FBI alert
shared was vague and maddeningly difficult to follow. For example:
“Users should look at the reviews of the developer/company who
published the application” and “Turn off features of the device
not needed to minimize the attack surface of the device.” Heck,
I’m a security researcher, and I’m fuzzy about what all
that means. [Consistant with the inability of FBI
agents and lawyers to explain their cell phone tapping tools, as I
posted yesterday Bob]
… Users Don’t Get It – But
Hackers Do
But the fact remains that users remain
unaware of the mobile malware problem, complacent about it, or simply
reluctant to take action. Mobile malware is a bit like a traffic
accident. Until it happens to us – or we hear a vivid
story out there of “it happened to…” – the threat feels
very abstract and remote.
(Related) Ethical Hacking: There's an
App for that!
Have you ever tried finding your phone
by calling it, only to remember that your phone is on Silent? At
times like these, one wishes to be able to perform numerous little
functions on the phone remotely like exiting the phone from Silent
mode. Here to let you do this and many other such tasks remotely on
your phone is an app called Agastaya.
Agastaya is a free to use phone
application that lets you perform numerous useful tasks on your phone
remotely. The app helps you access and retrieve data from your
phone. For example, you can get contact information,
call logs, phone IMEI number, SIM number, and SMS logs
from your phone remotely. You can also change your phone’s profile
e.g. exit it from the Silent mode by sending a text on it so you can
call the phone, hear it ring, and find it; conversely, you can set
your phone to Silent mode.
Similar tools: AirDroid,
TekTrak,
LookMobileOnNet,
LazyDroid,
Wifi
Photo Transfer, Android
Screencast, and Webkey.
(Related) Mobile, with money to burn?
Presidential
Campaign Donations in the Digital Age
10% of 2012 presidential campaign
donors have contributed via text message or cell phone app.
Democrats are more likely to contribute online or directly from their
cell phone, while Republicans are more likely to contribute in
person, by phone call, or via regular mail.
We've
had a couple of individual breaches (TJ Max and Heartland for
example) that were nearly as large as this years totals.
174
million records compromised in 855 data breach incidents last year,
says report
October 24, 2012 by admin
Out-Law.com has a recap of some of the
main findings in the 2012 Verizon DBIR:
Verizon’s Data
Breach Investigations Report
(92-page / 3.47MB PDF) (DBIR) covering the year 2011 found that 174
million records were compromised in a total of 855 data breaches in
what it called an “an all time low” for protection against data
breaches.
The
report outlined that 96% of firms that were required to comply with
the Payment Card Industry Data Security Standard (PCI DSS)
and that fell victim to data breaches recorded in Verizon’s own
“caseload” from last year, were not compliant
with the standards.
Read more on Out-Law.com.
Not surprisingly, their figures differ from DataLossDB.org’s
figures as DLDB uses somewhat different sources for our breach
entries. Thus, where Verizon’s sample is based on 855 incidents,
DLDB reported 1,041 incidents for 2011, and where Verizon shows 81%
of incidents used some form of hacking, only 30% of DLDB’s entries
involved hacking (or 32% if you include virus/malware). As always,
interpret with caution/qualifiers.
[From the report:
79%
of victims were targets of opportunity (-4%)
Findings
from the past year continue to show that target selection is based
more on opportunity than on choice. Most victims
fell prey because they were found to possess an (often easily)
exploitable weakness rather than because they were pre-identified for
attack.
Whether
targeted or not, the great majority of victims succumbed to attacks
that cannot be described as highly difficult. Those that were on the
more sophisticated side usually exhibited this trait in later stages
of the attack after initial access was gained.
“We
did it so Terrorists can check to see if their cover is blown. That
way they don't need to go all the way to the airport only to discover
they have been “randomly selected” for a cavity search!”
"Flight enthusiasts, however,
recently discovered that the bar codes printed on all boarding passes
— which travelers can obtain up to 24 hours before arriving at the
airport — contain information on which security screening a
passenger is set to receive. Details about the vulnerability spread
after John Butler, an aviation blogger, drew attention to it in a
post late last week. Butler said he had discovered that information
stored within the bar codes of boarding passes is unencrypted,
and so can be read in advance by technically minded travelers.
Simply by using a smartphone or similar device to check the bar
code, travelers could determine
whether they would pass through full security screening, or the
expedited process." [Given that
information, could they create their own “expedited process”
boarding passes? Bob]
Nothing
new, but a citeable authority?
GAO
Study Gives Low Marks to Companies Regarding Transparency to
Consumers of Use of Location Data
October 24, 2012 by Dissent
Nihar Shah has a nice recap of the
recent GAO report:
The Government
Accountability Office (“GAO”) released a study
in September, 2012 analyzing the collection, use and disclosure
practices of fourteen companies operating in the mobile field
regarding location data collected from consumers. In the absence of
laws or regulations regarding the collection of location data
specifically, the GAO compared the policies of the fourteen companies
to best practices regarding the collection and use of personal
information generally, aggregated from federal agencies such as the
Federal Trade Commission (“FTC”) and Federal Communications
Commission (“FCC”) and from self-regulatory bodies such as the
CTIA – The Wireless
Association. The study found that the companies’
practices included several departures from established best
practices. The agency also determined that inconsistencies in what
the policies say companies
will do with location data and what the companies actually do
with that data are exposing consumers
to serious privacy risks.
Read more on InfoLawGroup.
What causes this supervisor to ask good
questions when so many in similar oversight positions don't bother?
Supervisor
seeks more privacy for Clipper card users
October 25, 2012 by Dissent
Zusha Elinson reports:
San Francisco
Supervisor John Avalos has introduced a resolution
urging the Metropolitan Transportation Commission and state
Legislature to strengthen privacy protections for Clipper card users.
The transportation
commission, which administers the transit card, also has begun
re-examining why personal data is stored for seven years
after a Clipper card account is closed.
Read more on The
Bay Citizen.
You
might find something of interest here...
Future
of Privacy Forum
Privacy Papers for Policy Makers 2012
Future of Privacy Forum is pleased to
share the third
annual “Privacy Papers for Policy Makers,” showcasing leading
analytical thinking about current and emerging privacy issues.
Leading
Privacy Papers:
Bridging
the Gap Between Privacy and Design
Deirdre Mulligan and Jennifer King
Deirdre Mulligan and Jennifer King
‘Going
Dark’ Versus a ‘Golden Age for Surveillance’
Peter Swire and Kenesa Ahmad
Peter Swire and Kenesa Ahmad
“How
Come I’m Allowing Strangers to Go Through My Phone”?: Smart
Phones and Privacy Expectations
Jennifer King
Jennifer King
Mobile
Payments: Consumer Benefits & New Privacy Concerns
Chris Jay Hoofnagle, Jennifer M. Urban, and Su Li
Chris Jay Hoofnagle, Jennifer M. Urban, and Su Li
Smart,
Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising
Blase Ur, Pedro G. Leon, Lorrie Faith Cranor, Richard Shay and Yang Wang
Blase Ur, Pedro G. Leon, Lorrie Faith Cranor, Richard Shay and Yang Wang
Privacy
by Design: A Counterfactual Analysis of Google and Facebook Privacy
Incidents
Ira Rubinstein and Nathan Good
Ira Rubinstein and Nathan Good
Will Johnny
Facebook Get a Job? An Experiment in Hiring Discrimination via Online
Social Networks (See digest
for executive summary)
Alessandro Acquisti and Christina Fong
Alessandro Acquisti and Christina Fong
Privacy
Papers of Notable Mention:
Differential
Privacy as a Response to the Reidentification Threat: The Facebook
Advertiser Case Study
Andrew Chin and Anne Klinefelter
Andrew Chin and Anne Klinefelter
Dutch
Treat? Collaborative Dutch Privacy Regulation and the Lessons
it Holds for U.S. Privacy Law
Dennis Hirsch
Dennis Hirsch
Internet
Advertising After Sorrell V. IMS Health: A Discussion on
Data Privacy & The First Amendment
Agatha Cole
Agatha Cole
Why
Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit
Online Behavioral Advertising
Pedro G. Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, and Yang Wang
Pedro G. Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, and Yang Wang
View the 2011 papers here.
One
of my students is an NRA Master Firearms Instructor. She'll love
this!
With
‘Safe Haven,’ Desktop Weaponeers Resume Work on 3D-Printed Guns
Three weeks after a group of desktop
gunsmiths had its leaded 3D
printer seized by the digital manufacturing firm that owned it,
the weaponeers have quietly restarted plans to build a gun entirely
of printed parts. The group has also begun expanding their operation
with outside help, including space for ballistics testing provided by
a mysterious firm involved in the defense industry.
Cody Wilson, founder of the Wiki Weapon
project, tells Danger Room that the unnamed company’s owner “wanted
to offer me a safe haven, basically.” Wilson describes the company
as a “private defense firm” in San Antonio, Texas, but the
company’s owner is wary of negative publicity and Wilson doesn’t
want to reveal the firm’s name without consent.
“We’ve got basically a space where
we can do experiments. Ballistics, basically. So it’s not quite a
range — we’ve got a range — but we’ve got floor space where
we can literally test the guns and set up instrumentation,” Wilson
says.
Something
to stock those e-stockings?
If you have an eBook reader, finding
quality sources for your different eBooks may not always be easy.
Either the eBooks are of bad quality, they’re relatively expensive,
or the site simply don’t offer what you want. When you comes to
your kids, you’ll also need to be able to trust that the site
offers the right kinds of eBooks to them. With so many things you
need to be aware of, you might need a recommendation or two.
ePubBud is a great place to download
children’s eBooks. Althought the eBooks being offered aren’t the
most popular in the world, it has plenty of quality books in numerous
different categories. Those categories include Beginner, Kids,
Tween, Teen, Fiction, Reference, and Nonfiction. There are also a
couple safe books for adults, so while the book may be harder to
read, the theme remains clean for everyone. From ePubBud you can
download files to import into your favorite reader or you can also
view the eBooks in your browser. If necessary, you can buy ISBNs for
$5 or sell your own eBooks.
Similar tools: HotFreeBooks,
Litfy,
BookDaily,
Google
eBookstore, Bookworm,
Leatherbound,
EbookPrice,
OnRead
and eBooks.Addall.
- Also read related articles:
e-State
planning. What we need is an e-Xecutor
October 24, 2012
Planning
in the Digital Age
Planning
in the Digital Age, Gerry W. Beyer - Texas Tech University School
of Law, October 22, 2012
- "Recently, a new subdivision of property has emerged that many people label as “digital assets” such as accounts used for e-mail, professional and personal data backups, banking, investment, and shopping, domain names and web-hosting accounts, social networking accounts, and avatars for online games. While estate planners have perfected techniques to transfer traditional types of property, many estate planners do not address digital assets when preparing their clients’ estates. This article aims to educate estate planning professionals on the importance of planning for the disposition of digital assets, provides those planning techniques, and discusses how to administer an estate containing digital assets.
Hacking for fun and profit (and cost
savings)
"Choice, a prominent Australian
consumer advocacy group, has
urged Australians to obfuscate their IP address to avoid geo-blocking
and use US forwarding addresses to beat high IT prices.
Australia is currently in the middle of parliamentary inquiry into
the country's disproportionately high prices for technology. Choice
also suggested setting up US iTunes accounts and using surrogate US
addresses for forwarding packages from American stores. Choice
has noted previously that Australians pay 52 per cent more for
digital music downloads on iTunes compared to US users."
Something for my Math students!
Wednesday, October 24, 2012
Symbolab
is a new search engine designed for mathematicians and scientists.
The search engine is a semantic search engine which means that rather
than just searching the text of your query Symabolab attempts to
interpret and search for the meaning of your query. What this means
is that when you type in an equation you will get results as links
and get results as graphs when appropriate. Think of it Symbolab as
a cross between Google and Wolfram
Alpha.
The Next Web has an extensive
interview
with Symbolab's founder that I recommend reading if you're
interested in learning about the ideas behind the development of this
search engine.
Applications
for Education
Symbolab could be a useful search
engine for mathematics students. The search results can be sorted to
find explanations of how to solve an equation, what
an equation is used for, as well as videos and examples of an
equation in use.
Is this the future of music?
(Something is, and I'm going to keep looking 'til I find it!)
Dhingana
Raises $7M For Free, Streaming Indian Music
Dhingana,
a startup with a free service for streaming Indian and Bollywood
music, has raised $7 million in Series B funding.
The company’s catalog
includes 500,000 songs in 35 languages, which it makes
available on its website and through smartphone apps. Dhingana says
it has built an audience of 15 million monthly active visitors,
making it the most popular service of its kind. And 40 percent of
those visitors are located outside of India.
No comments:
Post a Comment