Friday, March 22, 2013

Perhaps they should have followed the “Best Mob Practices” as perfected in New Jersey. There was no need for a formal identity check, but the lenders did know where you lived, and where your family lived – and which knee you liked best.
We don’t see this too often, but lack of adequate security costs this business its business, and the consequences were imposed by a regulator. Out-Law.com reports:
MCO Capital Limited made loans in the name of 7,000 people whose identity was used by fraudsters without their permission or knowledge. The loans totalled millions of pounds and demonstrated MCO’s inability to put in place adequate identity checks for loan applicants. Money laundering laws require lenders to conduct identity checks.
The OFT revoked MCO’s consumer credit licence in August and imposed a penalty of £544,505 on the company. MCO appealed and continued to trade while the appeal was pending but has now withdrawn its appeal. It will continue to appeal against the penalty.
The company, which operated using brands including Speedcredit and Paycheckcredit, also engaged in unfair business practices by demanding money from the real identity holders who had not taken out loans.
Read more on Out-Law.com


With each new technology, organizations face the same Privacy/perception challenges. Fortunately, with very minor tweeks they can employ the same solutions. (From my first lecture in Intro to Computer Security)
Jason Koebler reports on law enforcement’s perspective over drone privacy issues and public reaction:
Stephen Ingley, executive director of the Airborne Law Enforcement Association, argues that drones don’t have any advanced spying capabilities, that the drones police officers are most interested in can only fly for 15 minutes at a time, and that they are unfeasible options for so-called “persistent surveillance.”
But that hasn’t stopped more than 30 states from considering legislation restricting drone use.
“This legislation happened so fast, with such a devastating blow [Unlikely. Unless the legislation addresses your 15 minute drones. Bob] that it took us all aback,” he says.

(Related) With each new technology, organizations face the same security challenges. Fortunately, with very minor tweeks they can employ the same solutions. (From my first lecture in Intro to Computer Security)
Hack-Proof Your Company's Social Media
On Monday, Feb. 18, Burger King woke up to one whopper of a social media problem. The company's Twitter account had been hacked — its name changed to McDonalds and its background replaced with an image of Fish McBites. In the hour it took for officials to regain control, hackers proceeded to send 53 tweets to the burger chain's more than 80,000 followers, ranging from the mildly funny ("if I catch you at a wendys, we're fightin!") to the patently offensive ("We caught one of our employees in the bathroom doing this...," with an image of a drug user shooting up).
And Burger King wasn't alone. Less than 24 hours later, a similar fate befell Jeep. Hackers replaced the company's Twitter avatar with a Cadillac logo and explained to Jeep's 100,000-plus followers that the company had been sold because its employees and CEO were found using drugs. These incidents followed closely on the heels of a security breach at international media retailer HMV in late January, when a disgruntled social media manager hijacked one of the company's social media accounts and aired to the world details about recent layoffs and mismanagement.
So what's a socially engaged company to do?
Get serious about passwords.
Centralize social media channels.
Control who can post messages.
Offer basic social media education.

(Related) Oops! Too late.
"Following BBC Weather on Twitter seems like it wouldn't throw up too many surprises — possibly news of the odd blizzard now and again. But today, the account's 60,000 followers got a little more than 'chance of a light drizzle' when the pro-Assad Syrian Electronic Army hacked the account, along with a couple of other BBC accounts, in an apparent protest at what it sees as reports which don't show the Syrian regime in the best light."


Careful wording...
Brad Smith, General Counsel & Executive Vice President, Legal & Corporate Affairs for Microsoft, writes on their blog:
Today, we are releasing our 2012 Law Enforcement Requests Report. This is our first Law Enforcement Requests Report. It provides data on the number of requests we received from law enforcement agencies around the world relating to Microsoft online and cloud services and how we responded to those requests. All of our major online services are covered in this report, including, for example, Hotmail, Outlook.com; SkyDrive; Xbox LIVE; Microsoft Account; and Office 365. We’re also making available similar data relating to Skype, which Microsoft acquired in October 2011.
We will update this report every six months.
One of the most surprising finds, perhaps was how relatively few requests resulted in disclosure of content:
First, while we receive a significant number of law enforcement requests from around the world, very few actually result in the disclosure to these agencies of customer content. To be precise, last year Microsoft (including Skype) received 75,378 law enforcement requests for customer information, and these requests potentially affected 137,424 accounts or other identifiers. Only 2.1 percent, or 1,558 requests, resulted in the disclosure of customer content.


It's not exactly an App to select your Privacy settings, but it's a step in that dorection.
… The problem with privacy is not that we don’t care about it, but that we don’t always know how to protect it, or don’t have the time and motivation to go scanning through the settings of every website we use. Whatever the reason, many users don’t take good enough care of their online privacy, leaving sensitive information on Facebook, Gmail, and even Amazon and eBay, public.
Recently, I told you about things you should not share on Facebook if you care about your privacy, and also shared a cool tip about disabling Facebook’s Graph Search. In a comment to that article, reader suneo nobi shared a Chrome extension with me called Priveazy, saying it helps make some privacy tweaks. Not expecting much, I checked this extension out, and imagine my surprise when I discovered a real magic solution for all my burning online privacy problem.
… Priveazy is a Chrome extension (soon to come to Firefox too) and a website that is comprised of three parts: The Chrome extension called Priveazy Lockdown, a Web app, and the Priveazy classroom. The Chrome extension and Web app have a similar function, and help you protect and maintain your privacy on various online accounts such a Facebook, Google, eBay, LinkedIn, Amazon, etc. The classroom includes detailed lessons about various subjects such as Web Browsing Safety, Facebook Privacy 101, Home Wi-Fi Security, etc.
Priveazy won’t do the actual work for you – you still need to care enough about your privacy to change the necessary settings. It does, however, makes the task 10 times easier by telling you exactly what to do, how to do it, and by loading the relevant settings page automatically.


Clearly something we will need to do here in the US.
Lachlan Urquhart provides an overview of drone regulation in the U.K., writing, in part:
More broadly, a number of UK laws could become relevant when considering regulation of surveillance drones, although the scope of application is not always clear. For example, covert use in police investigations would require compliance with the rules on directed and intrusive surveillance in Part II of theRegulation of Investigatory Powers Act 2000 (RIPA). Section 26(5) of RIPA determines if surveillance is deemed intrusive, and states surveillance which… ‘is carried out by means of a surveillance device in relation to anything taking place on any residential premises or in any private vehicle but… is carried out without that device being present on the premises or in the vehicle, is not intrusive, unless the device is such that it consistently provides information of the same quality and detail as might be expected to be obtained from a device actually present on the premises or in the vehicle’ (emphases added). This subjective dependency on consistency, quality and detail of drone obtained images could introduce uncertainty into classifying the nature of surveillance, and therefore the application of RIPA, Part II.
Read more on SCL.


If a single data element is worthless, there is no impact to Privacy if you collect and save it. In fact, if you collect everything, one element at a time, you never need to consider Privacy laws at all! (By the way, this is not what I was taught as an Intelligence Analyst)
On government mentality:
The value of any piece of information is only known when you can connect it with something else that arrives at a future point in time. Since you can’t connect dots you don’t have, it drives us into a mode of, we fundamentally try to collect everything and hang on to it forever.
– Ira “Gus” Hunt, CIA Chief Technology Officer, speaking at conference this week.
Read more on Huffington Post.

(Related) Obfuscation is the new denial.
U.S. cyber plan calls for private-sector scans of Net
The U.S. government is expanding a cybersecurity program that scans Internet traffic headed into and out of defense contractors to include far more of the country's private, civilian-run infrastructure.
As a result, more private sector employees than ever before, including those at big banks, utilities and key transportation companies, will have their emails and Web surfing scanned as a precaution against cyber attacks.
… The Department of Homeland Security will gather the secret data and pass it to a small group of telecommunication companies and cybersecurity providers [See? You don't have to be a situation comedy to have a spin-off! Let's call them “Baby NSAs” Bob] that have employees holding security clearances, government and industry officials said. Those companies will then offer to process email and other Internet transmissions for critical infrastructure customers that choose to participate in the program.
By using DHS as the middleman, the Obama administration hopes to bring the formidable overseas intelligence-gathering of the NSA closer to ordinary U.S. residents without triggering an outcry from privacy advocates who have long been leery of the spy agency's eavesdropping.
… DEEP PACKET INSPECTION?
The issue of scanning everything headed to a utility or a bank still has civil liberties implications, even if each company is a voluntary participant.
Lee Tien, a senior staff attorney with the nonprofit Electronic Frontier Foundation, said that the executive order did not weaken existing privacy laws, but any time a machine acting on classified information is processing private communications, it raises questions about the possibility of secret extra functions that are unlikely to be answered definitively.


Interesting to read this along with the laws of war from yesterday.
March 20, 2013
Worldwide Threat Assessment of the US Intelligence Community
Statement for the Record - Worldwide Threat Assessment of the US Intelligence Community, Senate Select Committee on Intelligence. James R. Clapper, Director of National Intelligence, March 12, 2013
  • "This year, in both content and organization, this statement illustrates how quickly and radically the world—and our threat environment—are changing. This environment is demanding reevaluations of the way we do business, expanding our analytic envelope, and altering the vocabulary of intelligence. Threats are more diverse, interconnected, and viral than at any time in history. Attacks, which might involve cyber and financial weapons, can be deniable and unattributable. Destruction can be invisible, latent, and progressive. We now monitor shifts in human geography, climate, disease, and competition for natural resources because they fuel tensions and conflicts. Local events that might seem irrelevant are more likely to affect US national security in accelerated time frames. In this threat environment, the importance and urgency of intelligence integration cannot be overstated. Our progress cannot stop. The Intelligence Community must continue to promote collaboration among experts in every field, from the political and social sciences to natural sciences, medicine, military issues, and space. Collectors and analysts need vision across disciplines to understand how and why developments—and both state and unaffiliated actors—can spark sudden changes with international implications."


Let's hope they don't screw this one up...
March 21, 2013
Publishing Scientific Papers with Potential Security Risks: Issues for Congress
  • "The federal government generally supports the publication of federally funded research results because wide dissemination may drive innovation, job creation, technology development, and the advance of science. However, some research results could also be used for malicious purposes. [I'll go so far as to say ALL research results could be used for evil – you just have to be creative! Bob] Congress, the Administration, and other stakeholders are considering whether current policies concerning publishing such research results sufficiently balances the potential benefits with the potential harms. The current issues under debate cut across traditional policy areas, involving simultaneous consideration of security, science, health, export, and international policy. Because of the complexity of these issues, analysis according to one set of policy priorities may adversely affect other policy priorities. For example, maximizing security may lead to detriments in public health and scientific advancement, while maximizing scientific advancement may lead to security risks. Accounting for such trade-offs may allow policymakers to establish regulatory frameworks that more effectively maximize the benefits from such “dual-use,” i.e., potentially beneficial and also potentially harmful, research while mitigating its potential risks."

(Related) Oops! Too late. (Perhaps they believe it is so difficult to dowload these documents that China hasn't done it yet?)
"The extensive NASA Technical Report Archive was just taken offline, following pressure from members of U.S. Congress, worried that Chinese researchers could be reading the reports. U.S. Representative Frank Wolf (R-VA) demanded that 'NASA should immediately take down all publicly available technical data sources until all documents that have not been subjected to export control review have received such a review,' and NASA appears to have complied. Although all reports are in the public domain, there doesn't appear to be a third-party mirror available (some university libraries do have subsets on microfiche)."


A legal question: Does the application for a firearms manufacturing license mention 3D printing (or any other manufacturing technique) anywhere? 2D plans are available in many gun magazines. Figuring how big to make the barral for a 9mm bullet shouldn't be beyone even my math students.
"Defense Distributed, a U.S. nonprofit that aims to make plans for guns available owners of 3-D printers, recently received a federal firearms license from the Bureau of Alcohol, Tobacco and Firearms. That license doesn't cover semi-automatic weapons and machine guns, though — and there are questions about whether the legislation that defines that license really apply to the act of giving someone 3-D printing patterns. Experts on all sides of the issue seemed to agree that no clarification of the law would happen until a high-profile crime involving a 3-D printed weapon was committed."


Perspective. And all I've ever asked for is one dollar per user per year. Very reasonable. I bet if I actually had a legitimate claim I could get a whole bunch of lawyers interested in my request.
YouTube Hits 1 Billion Monthly Users
YouTube is big. It is, by far, the most popular place to watch video on the internet. It’s a juggernaut. A behemoth. A massive morass of cute animal videos, Harlem shakers, one-hit-wonder pop songs, teen diaries, street violence, natural disasters, news clips, over-the-top advertising and just about every other type of entertainment that can exist on video.
And, on Thursday, YouTube announced that it has racked up 1 billion unique monthly users. About as many people use YouTube (which is owned by Google) as they do Facebook.


We might as well install this on the computer lab computers so our students don't have to waste time listening to my lectures...
… Just recently, I noticed that Pinger had launched a brand new product called Pinger Desktop. I had originally thought this was just a renamed version of Textfree Web, which is an interface available to users by the browser, but it’s a completely standalone application. What Pinger has managed to do is take texting and bring it to an instant messaging format, and I really love that.


Haven't I been saying we should do this? I have, I have!
"Inspired by an earlier Slashdot story about Finnish teachers and students writing a math textbook, I pitched the idea of writing our own much cheaper/free C++ textbook to my programming students. They were incredibly positive, so I decided to move forward and started a Kickstarter project. We hope to release the textbook we produce under a CC BY-NC-SA 3.0 license and sell cheap hard copies to sustain the hosting and other production costs."

No comments: