Always informative.

Verizon releases it 2013 Data Breach Investigations Report

Verizon has released the Verizon Data Breach Investigations Report (DBIR). You can download the Executive Summary here and the full report here.

The DBIR analyzes data from 19 organizations — covering more than 47,000 reported security incidents and 621 confirmed data breaches from the past year. Because VZ has the cooperation of so many organizations, it provides a unique opportunity to analyze data. Although we do not know what percent of the incidents in their analyses overlap with the more than 1200 incidents compiled by DataLossDB.org for 2012, I find it fascinating to look at where the two organizations’ reports agree, and they do agree numerous key findings – including the fact that most incidents involve external agents, not insiders, that over half of incidents involve hacking, and that breaches from the healthcare sector, while garnering much media attention, account for only about 1% of breaches. Their report is also consistent with RBS/OSF’s report indicating that most incidents do not involve particularly sophisticated attacks and most could be easily prevented. Verizon’s report, however, gives us a first harder look at state-sponsored attacks and other factors that RBS/OSF’s report does not address, such as their finding that approximately two-thirds of confirmed breaches involved data at rest or data being processed – and not data in transit. Worryingly, the majority of breaches take months to detect (and the problem got worse in 2013 compared to their 2012 data), and most breaches are not detected by the entity’s IT personnel.

So… how many times do we have to tell people to purge data that’s no longer really needed and to monitor to ensure that if you have policies in place to protect data on mobile devices, those policies are being implemented? DBIR notes – and most of us would agree, I think – that there is no one-size fits all in terms of protecting assets. Knowing the risks for your industry and type of data is critical.

Read their report for more details, and kudos to them for another fine report.

Surely regulated firms have control of their own (official?) social media accounts and are required to keep records. This is targeted at employee personal accounts, right?

http://news.cnet.com/8301-1023_3-57580814-93/securities-regulators-balk-at-employee-social-media-privacy/?part=rss&subj=news&tag=title

Securities regulators balk at employee social-media privacy

Securities regulators are advocating for special exemptions to new and pending state laws that prevent employers from snooping on employee Twitter or Facebook accounts.

The Financial Industry Regulatory Authority, an independent U.S. securities regulator that seeks to protect investors, is asking lawmakers in around 10 states to amend their legislation to allow financial firms to peak at social media accounts when employee misuse is suspected, a spokesperson told the Wall Street Journal.

The fear seems to be that brokers could use their social media accounts to spread information that would influence stocks, and that misdeeds would go unchecked without monitoring allowances.

At least six states including California, Illinois, New Jersey, and Delware have passed legislation to prohibit employers from requiring an employee or applicant to hand over social media account usernames and passwords. Some 35 states have started considering adopting similar social-media legislation since the beginning of the year, according to the Journal.

… Though securities regulators and financial firms may not take kindly being locked out of employee accounts, Wall Street has embraced social media in a different way. Earlier this year, the Securities and Exchange Commission decreed that it was okay for public companies to announce their news on Facebook or Twitter first, so long as investors were told ahead of time where to look for the disclosures.

In defiance of conventional wisdom?

http://www.wired.com/opinion/2013/04/then-internet-now-airspace-dont-stifle-innovation-on-the-next-great-platform/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Top+Stories%29

Deregulate the Skies: Why We Can’t Afford to Fear Drones

… Until now, only law enforcement agencies and hobbyists have been allowed to operate drones or unmanned aerial vehicles (UAVs) and systems (UASs) in our airspace. But six new test sites will soon be announced for integrating commercial drones into U.S. airspace, because the Federal Aviation Administration (FAA) has been mandated by Congress to do so everywhere within just three years.

While we’re talking about commercial — not military — applications of drones, people still have concerns: especially around privacy. In their zeal to protect people from “eyes in the skies” collecting data without permission, privacy advocates want drone operators in the early test sites to be constrained by strict privacy policy requirements.

It sounds like a good idea, but it’s not. Such requirements are unwise and definitely premature, as my colleagues Jerry Brito, Adam Thierer, and I argue in our FAA filing today.

If there is a 'least common denominator,” will Microsoft start designing products to address privacy concerns?

http://www.washingtonpost.com/business/technology/microsoft-asks-whats-your-online-privacy-type/2013/04/22/e914d38a-ab41-11e2-a8b9-2a63d75b5459_story.html

Microsoft asks: What’s your online privacy type?

What’s your privacy type? That’s the question Microsoft is asking with a new consumer campaign that’s focused on measuring consumer attitudes toward online privacy.

As part of its new initiative, the tech giant has put out a quiz asking people to assess their attitudes about online privacy. The spectrum goes from the unconcerned “Casual Surfer” to those who say “Privacy Please.”

Mary Snapp, Corporate Vice President & Deputy General Counsel at Microsoft, said that the quiz is supposed to get people talking about their attitudes toward online privacy.

… while Microsoft has heard that its users are very concerned about privacy, they’re less sure about how to address those worries.

Microsoft launched the quiz as part of a larger Web site dedicated to “Your Privacy” on Monday. The campaign is first focusing on the Washington, D.C. area — which included an ad in Monday’s print edition of The Washington Post — but will roll out across the country in the coming weeks.

Oh the joys of trying to be all things to all people. (With something for my Statistics students.)

http://www.wired.com/gadgetlab/2013/04/facebook-home-problems/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Top+Stories%29

The Many, Sometimes Conflicting, Problems With Facebook Home

… When Facebook Home launched, Wired called it a triumph in mediocrity. Home, and the first phone to feature it, simply aren’t made for tech enthusiasts. It’s for people who consider Facebook the Internet — or at least half of the Internet, with Google being the rest. It’s for your aunt who wants to like all of your photos or your friend who posts ten status updates a day. To that end, we gave Facebook Home a decent review.

But the people downloading Facebook Home have something else to say. More than half of the user reviews give it just one star. One. The criticism ranges from the fact it absolutely kills battery life — Home is a total resource hog — to too much Facebook to, oddly, too little Facebook. Here’s a breakdown of Facebook Home’s many, often conflicting, problems, according to users.

Interesting, if true.

http://appleinsider.com/articles/13/04/22/rumor-apple-returned-batch-of-8-million-defective-iphones-to-foxconn

Rumor: Apple returned batch of 8 million defective iPhones to Foxconn

The alleged manufacturing issues were detailed on Monday by The Register, which cited a report first published by China Business. It's alleged that an anonymous Foxconn employee revealed that the number of iPhones affected ranges from 5 million to 8 million.

… The Register also speculated that the rumored production problems could be related to Apple's next-generation handset, frequently referred to as an "iPhone 5S." Well-connected analyst Ming-Chi Kuo indicated earlier this month that Apple's "iPhone 5S" is likely to face production problems due to technical challenges, namely the anticipated inclusion of a fingerprint sensor below the home button.

I'm curious to see what my Criminal Justice students think.

http://www.bespacific.com/mt/archives/033204.html

April 22, 2013

Dzhokhar Tsarnaev Criminal Complaint Filed in Federal Court

(FindLaw's Courtside) - "A criminal complaint against Dzhokhar Tsarnaev, 19, the surviving suspect in the Boston Marathon bombings, has been filed in federal court. The White House announced that in charging Tsarnaev with using a “weapon of mass destruction” would not be tried before a military tribunal as an “enemy combatant.”

• United States of America v. Dzhokhar Tsarnaev, U.S. District Court for the District of Massachusetts, filed April 21, 2013

Tools & Techniques

5 Best Search Tools for Twitter

BackTweets

Twinitor

PostPost

SnapBird

Twitter Search The default search feature offered by Twitter

Ditto

EWC Presenter: Create HTML 5 Presentations In Browser

… HTML 5 is a very slick way to make interesting animated presentations, and it can be quite beautiful. If you are looking for a way to make HTML 5 presentations, interactive infographics, product demos, and more, you should try out EWC Presenter. It comes with everything you need, and it works directly in your browser, so there is no need to download any kind of file to your computer. Because it’s HTML 5, everything created works on mobile as well.

ewcpresenter.com