Friday, December 07, 2012

How now, Darth Drone?
Army Works to Ensure Homemade Bombs Don’t Escape the Gaze of ‘Vader’
Three years ago, the U.S. military began testing a new drone-mounted sensor designed to auto-spot and track people from 25,000 feet, perfect for searching out insurgents planting improvised bombs in Afghanistan. It gave the sensor the most ominous of names: Vader. And now it looks like the Army has Vader poised to strike.
… It’s unclear if Vader has actually made his way to Afghanistan: The Army didn’t return Danger Room’s inquiry by deadline.
… It’s also interesting that the Army wants three years of maintenance and support for a man-hunting sensor explicitly designed for Afghanistan. If the sensor really is operating in Afghanistan right now, while the Army is looking at extending support for it, that’s not surprising. The Army is relying on its drones and their sensors — and weapons — more and more. The U.S. hit a record 447 drone strikes in 2012, even as the total number of air strikes declined.

(Related) “Common Civilians” Clearly that doesn't include us “Second Class” citizens.
Alameda County Sheriff promises no use of aerial drones for surveillance on common civilians
December 7, 2012 by Dissent
Associated Press reports:
A Northern California sheriff has vowed that his department won’t use an aerial drone to spy on ordinary people, but civil liberties groups say there still needs to be some guidelines to ensure privacy.
Alameda County Sheriff Greg Ahern said Tuesday that a drone his department is pursuing would be used for search and rescue missions, responding to wildfires and to capture fugitives, not for surveillance and intelligence gathering on civilians.
Read more on The Republic.
Sure, sure. How long before the mission creep starts?

(Related) I don't call them endangeres species, I call them “targets” – Oh, wait, you're not talking about al-Qaeda?
Warfare isn’t the only use for drones these days. It turns out that Google is giving the World Wildlife Fund $5 million to put drones in the sky to watch over endangered species in Africa and Asia, mostly to save them from poachers. Plus, the money will also cover software that will be able to map out where poachers strike most.


The latest flap, disinformation style?
"The European Commission has proposed a "right to be forgotten" online, which would allow users to remove personal data they had shared. The idea has had a lot of criticism, and now Facebook claims it would actually harm privacy. Facebook says the proposal would require social media sites to perform extra tracking to remove data which has been copied to other sites — but privacy advocates say Facebook has misunderstood what the proposal is all about."


I drive a car so old it still has the hitch for the horses. Maybe I'll keep it a while longer.
Concerns over privacy as NHTSA prepares to push for black boxes in cars
December 7, 2012 by Dissent
It’s a topic I’ve covered here before, but worth noting again. Associated Press reports:
Many motorists don’t know it, but it’s likely that every time they get behind the wheel, there’s a snitch along for the ride.
In the next few days, the National Highway Traffic Safety Administration is expected to propose long-delayed regulations requiring auto manufacturers to include event data recorders — better known as “black boxes” — in all new cars and light trucks. But the agency is behind the curve. [Nothing new there... Bob] Automakers have been quietly tucking the devices, which automatically record the actions of drivers and the responses of their vehicles in a continuous information loop, into most new cars for years.
Read more on Fox News.


As an Auditor, releasing the questions we would ask is familiar ground. Would a US version be very different?
AU: OAIC releases guide to protect personal information
December 7, 2012 by Dissent
Michael Lee reports:
The Office of the Australian Information Commissioner (OAIC) has released a draft of its guide to secure personal information.
Titled “Guide to Information Security: ‘Reasonable steps’ to protect personal information,” the consultation draft attempts to outlines what organisations should consider when moving to protect the personal information they are responsible for under the Privacy Act.
Read more on ZDNet.
[From the guide:
The OAIC has also published a Data breach notification guide, which outlines steps that entities should consider in preparing for and responding to information security breaches, including notifying affected individuals.


Another guide, but a different intended audience? My Criminal Justice majors will find this amusing... Interesting, but it could be much more detailed...
December 06, 2012
ProPublica Guide to Warrantless Access to Digital Data
"The U.S. government isn’t allowed to wiretap American citizens without a warrant from a judge. But there are plenty of legal ways for law enforcement, from the local sheriff to the FBI, to snoop on the digital trails you create every day. Authorities can often obtain your emails and texts by going to Google or AT&T with a simple subpoena. Usually you won’t even be notified. The Senate last week took a step toward updating privacy protection for emails, but it's likely the issue will be kicked to the next Congress. Meantime, here’s how police can track you without a warrant now..."


Someone is keeping score...
By Dissent, December 6, 2012 11:45 am
The Third Annual Benchmark Study on Patient Privacy & Data Security by Ponemon Institute, sponsored by ID Experts® was released today. Their findings are what we would expect, i.e., fairly discouraging, with entities reporting even more multiple breaches than previously. From their executive summary:
… healthcare organizations face an uphill battle in their efforts to stop data breaches. Ninety-four percent of healthcare organizations surveyed suffered at least one data breach; 45 percent of organizations experienced more than five data breaches during the past two years. Data breaches are an ongoing operational risk that could be costing the U.S. healthcare industry an average of $7 billion annually. A new finding indicates that 69 percent of organizations surveyed do not secure medical devices—such as mammogram imaging and insulin pumps—which hold patients’ protected health information (PHI). Overall, the research indicates that patients and their PHI are at increased risk for medical identity theft. Risks to patient privacy are expected to increase, as mobile and cloud technology become pervasive.
For the 80 organizations that participated in the survey, the results indicated that the top three causes for a data breach were lost or stolen computing devices, employee mistakes and third-party snafus:
Insider negligence continues to be at the root of the data breach. The primary cause of breaches in this study is a lost or stolen computing device (46 percent), which can be attributed in many cases to employee carelessness. This is followed by employee mistakes or unintentional actions (42 percent), and third-party snafus (42 percent). A major challenge for IT security is the increase in criminal attacks, which has seen an increase from 20 percent in 2010 to 33 percent this year.
Malicious insider breaches, which have been an increasing concern of mine, accounted for 14% of the breaches, a number that is comparable to their figures for 2011 and 2010 but is significantly lower than the 23% figure reported by HITRUST based on analysis of breaches in HHS’s breach tool for the past few years.
I really need to find some time to sit down with multiple reports and studies and see where they agree and where they don’t.


For my Ethical Hackers...
Tor and the Deepnet: What price does society pay for anonymity?
December 7, 2012 by Dissent
Julian Bhardwaj writes:
There is a lot more to the web than that which immediately meets the eye.
In fact, the “visible” layer of the web that you and I can easily access via popular search engines is only part of the story.
Hidden on the net is online content which is not so easily accessed, known as the Deepnet (also sometimes called Darknet, the Deep Web or Hidden Web).
Whilst a lot of this content consists merely of websites not indexed by search engines and only accessed by a handful of people, some parts of it are hidden a lot deeper.
Read more on Naked Security.
[From the article:
Deepnet pages such as "The Hidden Wiki" provide listings of these URLs to facilitate use of the Deepnet.


This is interesting. Can you always predict what information investors will find useful?
… The SEC sent Reed Hastings a Wells notice. A Wells notice is something the SEC sends to give a company notification that it’s likely to bring some sort of action against the firm.
The hubbub stems from a Facebook post that Hastings made in July when he posted the Netflix users had streamed 1 billion hours of content in June for the first time ever. Not only was that an interesting milestone for the company, but it was big news for shareholders and Netflix’s stock price jumped 6% after the post.
The SEC believes that the number of streaming hours was material information that should have been more formally announced. Hastings has 200,000 subscribers to his Facebook page and says that since he told all 200,000 people, it was a formal announcement and a press release wasn’t required. Hastings also notes that the company had already disclosed in investor letters that it was closing in on 1 billion hours of streaming so the Facebook post wasn’t news.


Potential for significant misuse of theachnology. “OMG Just drove by accident Send ambu...” Signal Lost
FCC fast tracks text-to-911 service

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)