At
last! Will the FTC claim that Best Practices are now Required
Practices? How far can they push? My Computer Security students
should note that in this case, Lessons Learned = zero.
On June 26, the FTC filed a complaint
against Wyndham Worldwide Corporation, a global hotel and resort
company, and three of its subsidiaries for violation of Section 5 of
the FTC Act. If this case goes to trial – and Wyndham’s comments
about intentions to fight the suit suggest it might – it will be
the first privacy/security matter fully litigated under Section 5.
The Commission brought the case in the
U.S. District Court for the District of Arizona alleging “failure
to maintain reasonable and appropriate data security for consumers’
sensitive personal data” after Wyndham faced three
data breaches in less than two years.
… According to
the complaint, the first breach was a “brute force attack” in
which intruders accessed the Phoenix data center’s network by
guessing user IDs and passwords. Even though the password guessing
caused 212 user account lock-outs before intruders prevailed – a
common signal of hacking – the FTC claims Wyndham
could not locate the two locked-out computers and only realized four
months later that the network had been infiltrated. The
FTC alleges the intruders then installed memory-scraping malware to
access payment card data, and over 500,000 payment card accounts were
compromised and hundreds of thousands of account numbers exported to
a domain registered in Russia. The second and third
attacks were largely the same, although the FTC claims that in both
cases, Wyndham failed to notice the breach on its own –
a credit card issuer alerted the company that cards used at its
hotels were soon thereafter used for fraudulent transactions. In
total, the FTC estimates that over 619,000 consumer payment card
accounts were compromised.
[The complaint:
This is an old technique called
“Traffif Analysis”
Research:
Why Johnny Can’t Browse in Peace: On the Uniqueness of Web Browsing
History Patterns
July 13, 2012 by Dissent
Here’s the abstract of a research
report by Ćukasz Olejnik, Claude Castelluccia, Artur Janc:
We present the
results of the first large-scale study of the uniqueness of Web
browsing histories, gathered from a total of 368,284 Internet users
who visited a history detection demonstration website. Our results
show that for a majority of users (69%), the browsing history is
unique and that users for whom we could detect at least 4 visited
websites were uniquely identified by their histories in 97% of cases.
We observe a significant rate of stability in browser history
fingerprints: for repeat visitors, 38% of fingerprints are identical
over time, and differing ones were correlated with original history
contents, indicating static browsing preferences (for history
subvectors of size 50). We report a striking result
that it is enough to test for a small number of pages in order to
both enumerate users’ interests and perform an efficient and unique
behavioral fingerprint; we show that testing 50 web pages is enough
to fingerprint 42% of users in our database, increasing to
70% with 500 web pages. Finally, we show that indirect history data,
such as information about categories of visited websites can also be
effective in fingerprinting users, and that similar fingerprinting
can be performed by common script providers such as Google or
Facebook.
Read the whole report on
petsymposium.org.
For my Business Continuity class: How
would you distinguish this outage from one cause by terrorists?
Explosion,
Fire Cause Data Meltdown in Calgary
Downtown Calgary, Alberta, is going
into its second day without complete use of government services,
after some sort of explosion knocked out internet service provider
Shaw Communications and a host of other nearby businesses.
The explosion kicked off a fire on the
13th floor of Shaw’s office building. A spokesman for the Calgary
fire department says that it took firefighters some time to gain
access to the floor, considering the amount of electrical equipment
that had been engulfed by the flames.
… The fire department spokesman
could not comment on specifics of what exactly was effected in the
fire — and Shaw did not respond to a request for comment — but
considering the description and level of outages, the fire was likely
located in crucial data transfer and telecommunication areas. Even
Shaw’s public website was down as
of Friday afternoon, except a simple homepage with updates on
restoring service.
The effects spread across the city.
The Calgary Herald reports
that nearby hospitals lost power and that
IBM Canada, which leases three floors in the Shaw building, keeps a
data center which provides outsourced services for clients like
Service Alberta. IBM did not return calls seeking comment.
The CBC reports
that the fire not only knocked out IBM’s offices, but left
up to 30,000 landline telephone customers unable to call 911.
Exasperating the problem, the city also lost us of its 3-11
informational service which left many customers completely in the
dark about when they’d get communication back.
The CBC says the Shaw
building was designed with backup networks, but the explosion damaged
those as well.
Well, I find it interesting...
The
Freedom Stick - be ready for Universal Design next academic year
… It is time
for every student to be given the opportunity to discover and
experiment with a range of tools which can support their own
individual differing communication needs – not just in school, but
throughout their lives.
… One free
downloadable
package of software allows students the ability to make almost
any computer a fully accessible device. Students can convert text to
audio, get their ideas down by speaking, They can draw, manipulate
photography, create visual or audio-visual presentations, calculate
mathematics a variety of ways, organize themselves, try a different
keyboard, support their spelling and writing… and most importantly,
learn the power of “Toolbelt
Theory” - the power of learning to choose
and use tools well.
The Freedom Stick
is a system, it can be downloaded and installed on a 4gb Flash Drive
and carried everywhere by the student, plugged into and used on
school computers or public library computers, or even employer
computers – anywhere any version of Microsoft Windows is installed
… The Freedom
Stick is a collection of free, open-source programs which provide the
widest range of supports for differing student needs. It is also a
system supported by a range of learning tools – including a
full set of “how to use” videos and
presentations. It is easy to adapt to the students own needs, and it
works with the supports included in Windows to create a true
Universal Solution Set.
The Freedom Stick contains:
- A full version of Open Office (equivalent to Microsoft Office and all documents adapt to both software programs), including Writer (Word), Impress (PowerPoint), Calc (Excel), Base (Access), plus Scribus (similar to Microsoft Publisher).
- The Sunbird Calendar and Thunderbird Email systems.
- Fully accessible versions of the Firefox, Opera, and Chrome web browsers including Text-To-Speech options and translations. Firefox and Chrome both include pre-set bookmark folders, offering access to free Digital and Audio Texts, online calculators (including talking calculators), and a wide range of curriculum supports.
- A full scientific graphing calculator, a digital periodic table with physics and chemistry calculators built in, Converber – a remarkable unit converter, and X-mind – similar to Inspiration.
- Balabolka, one of the most sophisticated Text-To-Speech systems available which can convert whole digital books to audio files, read anything with word-by-word highlighting, and which allows students to write and hear their own reading read back to them.
- PowerTalk Portable, which will read any PowerPoint presentation, if PowerPoint is installed on your computer.
- Audacity, a digital recorder and player.
- Software for drawing, painting, photo-editing/manipulation, and computer screen recording.
- Kompozer for writing html code (for building websites) and Notepad++ for coding (and testing code) in almost any computer language.
- Screen magnifiers.
- 7-Zip for creating and unpacking Zip Files.
- Simulation software including Robot Programming and Home Design.
- Games including Chess and Sudoku.
You can begin learning about the
Freedom Stick, how to use it and individualize it, with these
Presentations: