Looking at all the NSA “capabilities”
I still find little I need to change in the Ethical Hacker class.
Perhaps they keep the really good stuff Secret?
Ryan Gallagher reports:
…the NSA “PRISM
Skype Collection” guide casts doubt on whether any Skype
communications are beyond the NSA’s reach. That the NSA claims to
be able to grab all Skype users’ communications also calls into
question the credibility of Microsoft’s transparency
report—particularly the claim that in 2012 it did not once hand
over the content of any user communications. Moreover, according to
a
leaked NSA slide published by the Post, Skype first
became part of the NSA’s PRISM program in February 2011—three
months before Microsoft purchased the service from U.S. private
equity firms Silver Lake and Andreessen Horowitz.
Read more on Slate.
(Related) You don't have to be an
Ethical Hacker to do that...
“The rest of the world clicked
“Accept,” how come you actually looked at the contract?”
Dark
clouds loom over Google in the EU as Swedish data regulator kills a
Google Apps deal
In what seems to have garnered precious
little attention, Sweden’s data protection agency earlier this week
ruled
to (again) disallow
an agreement between a tiny municipality and Google for the use
of cloud services, such as Google Apps, within the public body.
… This resulted in a ban
(PDF), although it may still be lifted in the future.
The ruling –
which bans Google cloud products such as calendar services, email and
data processing functions – is based on inadequacies in the Google
contract.
A risk assessment
by the Board determined that the contract gives
Google too much covert discretion over how data can be
used, and that public sector customers are unable to ensure that data
protection rights are protected.
… The move itself isn’t
unprecedented in Northern Europe: Norway’s data protection
authorities outlawed
the use of Google Apps by municipalities for nine months straight
before lifting
the ban in September 2012 (following a ton of deliberations and
some changes from Google’s side).
Spain has also bumped
heads with Google over data protection and privacy concerns
earlier this year.
The bigger picture is Google’s
increasing number of run-ins with local government bodies across
Europe – and
the European Commission. Last year, the latter proposed
comprehensive reforms to strengthen
online privacy rights across the board — changes that could
have significant
repercussions for US tech companies with operations in Europe.
(Related) Claudius: “When sorrows
come, they come not single spies but in battalions.” Hamlet
Act 4 Scene 5, by William Shakespeare (I Googled it)
Google's
Android faces EU probe over licensing practices
This is an excellent example of
Congress passing a law in a fit of “We gotta do something!” and
the regulatory agencies finding little reason to actually implement
it.
Perhaps this should be one of those
White House petitions? https://petitions.whitehouse.gov/
Raj J. Patel reports:
Despite the
increase in cyberattacks, the Securities and Exchange Commission
(SEC) has yet to publish guidelines as to when a corporation should
publicly disclose the data loss, system disruption, or other damages
caused by a cyber incident — even where the incident caused
financial losses. Some companies have included standard warnings in
financial filings that they’re subject to computer viruses,
electronic break-ins, and denial-of-service attacks, just as they’re
exposed to risks of hurricanes and tornadoes. Other companies don’t
explicitly report financial losses from data security breaches in
their quarterly and annual reporting and may be at risk from
expensive shareholder lawsuits alleging the failure to take
reasonable steps to protect their cyber infrastructure.
Many financial
institutions are taking note of this, and at least 19 financial
institutions have disclosed to investors in recent weeks that their
computers were targets of cyberattacks last year. In their annual
financial reports to the SEC, major banks such as Bank of America,
Citi, Wells Fargo and JPMorgan Chase, along with smaller
institutions, have reported that their systems were hit with computer
disruptions or intrusions. SEC officials said it was crucial for
investors to know not just what a company’s risk is but when that
risk has become reality.
Read more on Crain’s
Business Detroit. What I particularly appreciate about this
article is that Patel makes the same suggestion I’ve often made
about having a number people can call to report a breach:
Cyberattacks are
inevitable, but not implementing an effective incident response
process and team is negligent. And so I ask, do you have a 1-800
hotline to report data breaches?
This should give someone a leg up on
“Principles of Privacy” don't you think?
The
Global Principles on National Security and Freedom of Information
“The Global Principles on National
Security and the Right to Information were developed in order to
provide guidance to those engaged in drafting, revising, or
implementing laws or provisions relating to the state’s authority
to withhold information on national security grounds or to punish the
disclosure of such information. They are based on international
(including regional) and national law, standards, good practices, and
the writings of experts. They address national security—rather
than all grounds for withholding information. All other public
grounds for restricting access should at least meet these standards.
These Principles were drafted by 22 organizations and academic
centres (listed in the Annex) in consultation with more than 500
experts from more than 70 countries at 14 meetings held around the
world, facilitated by the Open Society Justice Initiative. This
process culminated in a meeting in Tshwane, South Africa, which gives
them their name.”
An unlocked door is the same as an
unencrypted email. An open invitation for anyone who want's to
snoop/gather evidence/create citizen dossiers. Governments do that
if left unchecked.
Joe Rubino reports:
Boulder residents
who intentionally leave their doors open, may unintentionally be
inviting a Boulder police officer in for a visit.
Chrissy Smiley
learned this fact in surprising fashion on Thursday afternoon when
she returned to her south Boulder condo after a 40-minute walk with
her dogs to find a card from a Boulder police officer sitting on her
dining room table.
Disturbed by the
discovery, Smiley said she quickly called the officer back to ask why
he had entered her home without her permission.
“He was very
nice. He said he had come back to follow up on another officer who
had been there for something and he felt he had
probable cause to make sure that I was safe,” Smiley
said, adding the she found the officer’s explanation unsettling.
[...]
Smiley took up the
issue Boulder police Sgt. Michael Everett, who in an email response
to her inquiry, explained that entering unsecured residences is
standard operating procedure for most law enforcement agencies,
including, Boulder police, and one that is not likely to stop.
“There are many
reasons for checking residences that are left open,” Everett wrote
in his response. “They include in-progress crimes and injured
parties inside. There are situations which create a duty for
officers to enter and check residences. Failure to do so creates
liability for that officer and agency.”
He added that the
practice is backed by sound legal reasoning and is consistent with
best practices for law enforcement agencies.
Read more on Daily
Camera.
This seems like a sound policy – if
you want your police officers getting shot by surprised homeowners.
“Hey! Welcome to the 20th
Century! Now, look at the calendar.”
FDA
Safety Communication: Cybersecurity for Medical Devices and Hospital
Networks
News
release: “Many medical devices contain configurable embedded
computer systems that can be vulnerable to cybersecurity
breaches. In addition, as medical devices are increasingly
interconnected, via the Internet, hospital networks, other medical
device, and smartphones, there is an increased risk of cybersecurity
breaches, which could affect
how a medical device operates. [No wonder my students can't write, if
the “professionals” keep getting it wrong.
http://grammar.quickanddirtytips.com/affect-versus-effect.aspx
Bob] Recently, the FDA has become aware
of cybersecurity vulnerabilities and incidents that could directly
impact medical devices or hospital network operations, including:
- Network-connected/configured medical devices infected or disabled by malware;
- The presence of malware on hospital computers, smartphones and tablets, targeting mobile devices using wireless technology to access patient data, monitoring systems, and implanted patient devices;
- Uncontrolled distribution of passwords, disabled passwords, hard-coded passwords for software intended for privileged device access (e.g., to administrative, technical, and maintenance personnel);
- Failure to provide timely security software updates and patches to medical devices and networks and to address related vulnerabilities in older medical device models (legacy devices);
- Security vulnerabilities in off-the-shelf software designed to prevent unauthorized device or network access, such as plain-text or no authentication, hard-coded passwords, documented service accounts in service manuals, and poor coding/SQL injection.”
I pose a Constitutional Question: Can a
government grant itself rights that citizens never had? “We can
look for evidence of your guilt, but you can not look for evidence of
your innocence.”
Dan Sachs writes:
In a pair of
rulings, the Minnesota Court of Appeals avoided review of a trial
court’s decision on the important but rarely-litigated issue of
when “publicly” posted social media content is subject to the
protections of the Stored Communications Act. Facebook,
Inc. v. Aguayo-Gomez, Case No. A13-0177 (Minn. Ct. App. Feb.
12, 2013) & Facebook,
Inc. v. Aguayo-Gomez, Case No. A13-0579 (Minn. Ct. App. May
1, 2013). While it did not address that issue directly, the Court of
Appeals did provide some answers for criminal defendants seeking data
held by electronic communications services. Under the SCA, only the
government can obtain the contents of communications directly from an
ECS—criminal defendants may not. 18 U.S.C. § 2703(a).
Read more on Law
Across the Wire and Into the Cloud.
Change without loss of customers. Who
did they think they were? Facebook?
Adobe
competitors pounce after subscription backlash
Companies like Corel, Xara, Nitro,
Nuance, and Pixelmator are taking advantage of customers' displeasure
with Adobe's shift from selling Creative Suite perpetual licenses to
Creative Cloud subscriptions.
Perspective: Big Data = Big Numbers.
Is this a height from which we can see farther or a trench from which
we can not escape?
FCW
– NSA shows how big ‘big data’ can be
FCW.com
– Frank Konkel -”As reported
by Information Week, the NSA relies heavily on Accumulo, “a
highly distributed, massively parallel processing key/value store
capable of analyzing structured and unstructured data” to process
much of its data. NSA’s modified version of Accumulo,
based on Google’s BigTable data model, reportedly makes it possible
for the agency to analyze data for patterns while protecting
personally identifiable information – names, Social Security
numbers and the like. Before news of Prism broke, NSA officials
revealed
a graph search it operates on top of Accumulo at a Carnegie Melon
tech conference. The graph is based on 4.4 trillion data points,
which could represent phone numbers, IP addresses, locations, or
calls made and to whom; connecting those points creates a graph
with more than 70 trillion edges. [Imaging a BIG arrow that says,
“You are here!” Bob] For a human being, that kind of
visualization is impossible, but for a vast, high-end computer system
with the right big data tools and mathematical algorithms, some
signals can be pulled out.”
(Related) NSA could point to this
article to show how SMALL their collection is, relatively...
Always treat “Everything” with a
grain of salt.
Click the image to enlarge and view the
hi-res version. Want a printable PDF? Click
here.
Global Warming! Global Warming! Are
you listening, Al Gore?
Why
flying first class increases your carbon footprint by six times
The World Bank has published
a new working paper (PDF) that shows how passengers in premium
airline classes create more of the C02 that leads to global warming.
[Because this impacts World Banking how, exactly?
Bob]
Essentially, all the extra space for
high-paying customers means airlines expend more fuel to move them,
especially if some of the more expensive seats are left empty.
[Because the passenger in the empty seat weighs more
than the economy class guy? Bob]
No comments:
Post a Comment