Perhaps they should have followed the
“Best Mob Practices” as perfected in New Jersey. There was no
need for a formal identity check, but the lenders did know where you
lived, and where your family lived – and which knee you liked best.
We don’t see this too often, but lack
of adequate security costs this business its business, and the
consequences were imposed by a regulator. Out-Law.com reports:
MCO
Capital Limited made loans in the name of 7,000 people whose
identity was used by fraudsters without their permission or
knowledge. The loans totalled millions of pounds and demonstrated
MCO’s inability to put in place adequate identity checks for loan
applicants. Money laundering laws require lenders to conduct
identity checks.
The OFT revoked
MCO’s consumer credit licence in August and imposed a penalty of
£544,505 on the company. MCO appealed and continued to trade while
the appeal was pending but has now withdrawn its appeal. It will
continue to appeal against the penalty.
The company, which
operated using brands including Speedcredit and Paycheckcredit, also
engaged in unfair business practices by demanding
money from the real identity holders who had not taken out loans.
Read more on Out-Law.com
With each new technology, organizations
face the same Privacy/perception challenges. Fortunately, with very
minor tweeks they can employ the same solutions. (From my first
lecture in Intro to Computer Security)
Jason Koebler reports on law
enforcement’s perspective over drone privacy issues and public
reaction:
Stephen Ingley,
executive director of the Airborne Law Enforcement Association,
argues that drones don’t have any advanced spying capabilities,
that the drones police officers are most interested in can only fly
for 15 minutes at a time, and that they are unfeasible options for
so-called “persistent surveillance.”
But that hasn’t
stopped more than 30 states from considering legislation restricting
drone use.
“This
legislation happened so fast, with such a devastating
blow [Unlikely. Unless the legislation addresses your 15 minute
drones. Bob] that it took us all aback,” he says.
Read more on U.S.
News & World Report.
(Related) With each new technology,
organizations face the same security challenges. Fortunately, with
very minor tweeks they can employ the same solutions. (From my first
lecture in Intro to Computer Security)
Hack-Proof
Your Company's Social Media
On Monday, Feb. 18, Burger King woke up
to one whopper
of a social media problem. The company's Twitter account had
been hacked — its name changed to McDonalds and its background
replaced with an image of Fish McBites. In the hour it took for
officials to regain control, hackers proceeded to send 53 tweets to
the burger chain's more than 80,000 followers, ranging from the
mildly funny ("if I catch you at a wendys, we're fightin!")
to the patently offensive ("We caught one of our employees in
the bathroom doing this...," with an image of a drug user
shooting up).
And Burger King wasn't alone. Less
than 24 hours later, a similar
fate befell Jeep. Hackers replaced the company's Twitter avatar
with a Cadillac logo and explained to Jeep's 100,000-plus followers
that the company had been sold because its employees and CEO were
found using drugs. These incidents followed closely on the heels of
a security
breach at international media retailer HMV in late January, when
a disgruntled social media manager hijacked one of the company's
social media accounts and aired to the world details about recent
layoffs and mismanagement.
So what's a socially engaged company to
do?
Get
serious about passwords.
Centralize
social media channels.
Control
who can post messages.
Offer
basic social media education.
(Related) Oops! Too late.
DavidGilbert99
writes
"Following
BBC Weather on Twitter seems like it wouldn't throw up too many
surprises — possibly news of the odd blizzard now and again. But
today, the account's 60,000 followers got a little more than 'chance
of a light drizzle' when the pro-Assad
Syrian Electronic Army hacked the account, along with a couple of
other BBC accounts, in an apparent protest at what it sees as reports
which don't show the Syrian regime in the best light."
Careful wording...
Brad Smith, General Counsel &
Executive Vice President, Legal & Corporate Affairs for
Microsoft, writes on their blog:
Today, we are
releasing our 2012
Law Enforcement Requests Report. This is our first Law
Enforcement Requests Report. It provides data on the number of
requests we received from law enforcement agencies around the world
relating to Microsoft online and cloud services and how we responded
to those requests. All of our major online services are covered in
this report, including, for example, Hotmail, Outlook.com; SkyDrive;
Xbox LIVE; Microsoft Account; and Office 365. We’re also making
available similar data relating to Skype, which Microsoft acquired in
October 2011.
We will update
this report every six months.
One of the most surprising finds,
perhaps was how relatively few requests resulted in disclosure of
content:
First, while we
receive a significant number of law enforcement requests from around
the world, very few actually result in the disclosure to these
agencies of customer content. To be precise, last year Microsoft
(including Skype) received 75,378 law enforcement requests for
customer information, and these requests potentially affected 137,424
accounts or other identifiers. Only 2.1 percent, or 1,558 requests,
resulted in the disclosure of customer content.
Read more on Microsoft
on the Issues.
It's not exactly an App to select your
Privacy settings, but it's a step in that dorection.
… The problem with privacy is not
that we don’t care about it, but that we don’t always know how to
protect it, or don’t have the time and motivation to go scanning
through the settings of every website we use. Whatever the reason,
many users don’t take good enough care of their online privacy,
leaving sensitive information on Facebook, Gmail, and even Amazon and
eBay, public.
Recently, I told you about things
you should not share on Facebook if you care about your privacy,
and also shared a cool
tip about disabling Facebook’s Graph Search. In a comment to
that article, reader suneo nobi shared a Chrome extension with me
called Priveazy, saying it
helps make some privacy tweaks. Not expecting much, I checked this
extension out, and imagine my surprise when I discovered a real magic
solution for all my burning online privacy problem.
… Priveazy is a Chrome extension
(soon to come to Firefox too) and a website that is comprised of
three parts: The Chrome extension called Priveazy Lockdown, a Web
app, and the Priveazy classroom. The Chrome extension and Web app
have a similar function, and help you protect and maintain your
privacy on various online accounts such a Facebook, Google, eBay,
LinkedIn, Amazon, etc. The classroom includes detailed lessons
about various subjects such as Web Browsing Safety, Facebook Privacy
101, Home Wi-Fi Security, etc.
… Priveazy
won’t do the actual work for you – you still need to care enough
about your privacy to change the necessary settings. It does,
however, makes the task 10 times easier by telling you exactly what
to do, how to do it, and by loading the relevant settings page
automatically.
Clearly something we will need to do
here in the US.
Lachlan Urquhart provides an overview
of drone regulation in the U.K., writing, in part:
More broadly, a
number of UK laws could become relevant when considering regulation
of surveillance drones, although the scope of application is not
always clear. For example, covert use in police investigations would
require compliance with the rules on directed and intrusive
surveillance in Part II of theRegulation of Investigatory Powers Act
2000 (RIPA). Section 26(5) of RIPA determines if surveillance is
deemed intrusive, and states surveillance which… ‘is carried out
by means of a surveillance device in relation to anything taking
place on any residential premises or in any private vehicle but… is
carried out without that device being present on the premises or in
the vehicle, is not intrusive, unless the device is such that it
consistently provides information of the same quality and detail as
might be expected to be obtained from a device actually present on
the premises or in the vehicle’ (emphases added). This
subjective dependency on consistency, quality and detail of drone
obtained images could introduce uncertainty into classifying the
nature of surveillance, and therefore the application of RIPA, Part
II.
Read more on SCL.
If a single data element is worthless,
there is no impact to Privacy if you collect and save it. In fact,
if you collect everything, one element at a time, you never
need to consider Privacy laws at all! (By the way, this is not what
I was taught as an Intelligence Analyst)
On government mentality:
The value of any
piece of information is only known when you can connect it with
something else that arrives at a future point in time. Since you
can’t connect dots you don’t have, it drives us into a mode of,
we fundamentally try to collect everything and hang on to it forever.
– Ira “Gus”
Hunt, CIA Chief Technology Officer, speaking at conference this week.
Read more on Huffington
Post.
(Related) Obfuscation is the new
denial.
U.S.
cyber plan calls for private-sector scans of Net
The U.S.
government is expanding a cybersecurity program that scans Internet
traffic headed into and out of defense contractors to include far
more of the country's private, civilian-run infrastructure.
As a result,
more private sector employees than ever before, including those at
big banks, utilities and key transportation companies, will have
their emails and Web surfing scanned as a precaution against cyber
attacks.
… The
Department of Homeland Security will gather the secret data and pass
it to a small group of telecommunication companies
and cybersecurity providers [See? You don't have to be a situation
comedy to have a spin-off! Let's call them “Baby NSAs” Bob]
that have employees holding security clearances, government and
industry officials said. Those companies will then offer to process
email and other Internet transmissions for critical infrastructure
customers that choose to participate in the program.
By using
DHS as the middleman, the Obama administration hopes to bring the
formidable overseas intelligence-gathering of the NSA closer to
ordinary U.S. residents without triggering an outcry from privacy
advocates who have long been leery of the spy agency's eavesdropping.
The issue of
scanning everything headed to a utility or a bank still has civil
liberties implications, even if each company is a voluntary
participant.
Lee Tien, a
senior staff attorney with the nonprofit Electronic Frontier
Foundation, said that the executive order did not weaken existing
privacy laws, but any time a machine acting on
classified information is processing private communications, it
raises questions about the possibility of secret extra functions that
are unlikely to be answered definitively.
Interesting to read this along with the
laws of war from yesterday.
March 20, 2013
Worldwide
Threat Assessment of the US Intelligence Community
Statement for the Record - Worldwide
Threat Assessment of the US Intelligence Community, Senate Select
Committee on Intelligence. James R. Clapper, Director of National
Intelligence, March 12, 2013
- "This year, in both content and organization, this statement illustrates how quickly and radically the world—and our threat environment—are changing. This environment is demanding reevaluations of the way we do business, expanding our analytic envelope, and altering the vocabulary of intelligence. Threats are more diverse, interconnected, and viral than at any time in history. Attacks, which might involve cyber and financial weapons, can be deniable and unattributable. Destruction can be invisible, latent, and progressive. We now monitor shifts in human geography, climate, disease, and competition for natural resources because they fuel tensions and conflicts. Local events that might seem irrelevant are more likely to affect US national security in accelerated time frames. In this threat environment, the importance and urgency of intelligence integration cannot be overstated. Our progress cannot stop. The Intelligence Community must continue to promote collaboration among experts in every field, from the political and social sciences to natural sciences, medicine, military issues, and space. Collectors and analysts need vision across disciplines to understand how and why developments—and both state and unaffiliated actors—can spark sudden changes with international implications."
Let's hope they don't screw this one
up...
March 21, 2013
Publishing
Scientific Papers with Potential Security Risks: Issues for Congress
CRS - Publishing
Scientific Papers with Potential Security Risks: Issues for Congress,
Frank Gottron. March 18, 2013
- "The federal government generally supports the publication of federally funded research results because wide dissemination may drive innovation, job creation, technology development, and the advance of science. However, some research results could also be used for malicious purposes. [I'll go so far as to say ALL research results could be used for evil – you just have to be creative! Bob] Congress, the Administration, and other stakeholders are considering whether current policies concerning publishing such research results sufficiently balances the potential benefits with the potential harms. The current issues under debate cut across traditional policy areas, involving simultaneous consideration of security, science, health, export, and international policy. Because of the complexity of these issues, analysis according to one set of policy priorities may adversely affect other policy priorities. For example, maximizing security may lead to detriments in public health and scientific advancement, while maximizing scientific advancement may lead to security risks. Accounting for such trade-offs may allow policymakers to establish regulatory frameworks that more effectively maximize the benefits from such “dual-use,” i.e., potentially beneficial and also potentially harmful, research while mitigating its potential risks."
(Related) Oops! Too late. (Perhaps
they believe it is so difficult to dowload these documents that China
hasn't done it yet?)
"The extensive NASA
Technical Report Archive was just taken offline, following
pressure from members of U.S. Congress, worried that Chinese
researchers could be reading the reports. U.S. Representative Frank
Wolf (R-VA) demanded
that 'NASA should immediately take down all publicly available
technical data sources until all documents that have not been
subjected to export control review have received such a review,' and
NASA appears
to have complied. Although all reports are in the public domain,
there doesn't appear to be a third-party mirror available (some
university libraries do have subsets on microfiche)."
A legal question: Does the application
for a firearms manufacturing license mention 3D printing (or any
other manufacturing technique) anywhere? 2D plans are available in
many gun magazines. Figuring how big to make the barral for a 9mm
bullet shouldn't be beyone even my math students.
"Defense Distributed, a U.S.
nonprofit that aims to make plans for guns available owners of 3-D
printers, recently received
a federal firearms license from the Bureau of Alcohol, Tobacco and
Firearms. That license doesn't cover semi-automatic weapons and
machine guns, though — and there are questions about whether the
legislation that defines that license really apply to the act of
giving someone 3-D printing patterns. Experts on all sides of the
issue seemed to agree that no clarification of the law would happen
until a high-profile crime involving a 3-D printed weapon was
committed."
Perspective. And all I've ever asked
for is one dollar per user per year. Very reasonable. I bet if I
actually had a legitimate claim I could get a whole bunch of lawyers
interested in my request.
YouTube
Hits 1 Billion Monthly Users
YouTube is big. It is, by far, the
most popular place to watch video on the internet. It’s a
juggernaut. A behemoth. A massive morass of cute animal videos,
Harlem shakers, one-hit-wonder pop songs, teen diaries, street
violence, natural disasters, news clips, over-the-top advertising and
just about every other type of entertainment that can exist on video.
And, on Thursday, YouTube announced
that it has racked up 1 billion unique monthly users. About as many
people use YouTube (which is owned by Google) as they do Facebook.
We might as well install this on the
computer lab computers so our students don't have to waste time
listening to my lectures...
… Just recently, I noticed that
Pinger had launched a brand new product called Pinger Desktop. I had
originally thought this was just a renamed version of Textfree Web,
which is an interface available to users by the browser, but it’s a
completely standalone application. What Pinger has managed to do is
take texting and bring it to an instant messaging format, and I
really love that.
Haven't I been saying we should do
this? I have, I have!
"Inspired by an earlier
Slashdot story about Finnish
teachers and students writing a math textbook, I pitched the idea
of writing our own much cheaper/free C++ textbook to my programming
students. They were incredibly positive, so I decided to move
forward and started
a Kickstarter project. We hope to release the textbook we
produce under a CC
BY-NC-SA 3.0 license and sell cheap hard copies to sustain the
hosting and other production costs."
No comments:
Post a Comment