Someone in New Jersey “gets it.” I
have no idea how that happened. (Do you suppose they only targeted
New Jersey Internet users?)
Alexi Friedman reports:
The state Division
of Consumer Affairs today announced a settlement with an online
advertising company that agreed to pay $1 million for having
circumvented consumers’ privacy settings by allowing millions of
targeted ads to reach unsuspecting New Jersey web users.
State officials
said the ads imbedded “cookies” into computer hard drives,
essentially creating tracking devices that collected data of page
views and search patterns. The unauthorized activity, which involved
215 million targeted ads and untold number of people, lasted from
June 2009 to February 2012, when a Wall Street Journal article
detailed similar placement of cookies by other companies.
In the case of
today’s settlement with New York City-based PulsePoint, the company
only targeted consumers using Apple’s Safari web browser, officials
said.
Read more on NJ.com.
(Related) Clearly, someone here “gets
it” too, they just use “it” for evil.
Clare Mellor reports:
Service Nova
Scotia is breaching the privacy rights of licensed drivers by not
letting them know they can opt out of a program in which their
personal information is shared with a registered charitable
organization, says the province’s freedom of information and
protection of privacy review officer.
Dulcie McCallum
says government needs to give people the choice to opt out of a
program in which it shares registered drivers’ names and addresses
with the War Amps key tag program
Read more on Herald
News.
This is not a new breach. We do not
have a new record. My Ethical Hackers will enjoy the details of the
Hacking Process spelled out in the indictment.
David Voreacos reports:
Four Russians and
a Ukrainian were charged for their role in the largest hacking and
data breach scheme in U.S. history, according to Paul Fishman, the
U.S. attorney in New Jersey.
The five conspired
in a “worldwide scheme that targeted major corporate networks,
stole more than 160 million credit card numbers and resulted in
hundreds of millions of dollars in losses,” Fishman said today in a
statement. The men worked with Albert Gonzalez, a hacker
serving 20 years in prison, according to the indictment unsealed in
federal court in New Jersey.
Read more on Bloomberg
Law.
Update: here’s a
redacted copy of the indictment
(pdf). It lists corporate victims: NASDAQ, 7-Eleven, Carrefour
S.A., Hannaford Bros., Heartland Payment Systems, Wet Seal, Commidea
Ltd., Dexia Bank Belgium, Jet Blue, Dow Jones, “Bank A” in the
UAE, Euronet, Visa Jordan (part of Visa Inc.), Global Payment
Systems, Diners Singapore (part of the Diners Club owned by Discover
Financial Services), and Ingenicard U.S. This is the
first I’m hearing about some of these, even though some were quite
large breaches.
(Related)
Economic
Impact of Cybercrime and Cyber Espionage
Center
for Strategic and International Studies July 2013: “The wide
range of existing estimates of the annual loss—from a few billion
dollars to hundreds of billions—reflects several difficulties.
Companies conceal their losses and some are not aware of what has
been taken. Intellectual property is hard to value. Some estimates
relied on surveys, which provide very imprecise results unless
carefully constructed. One common problem with cybersecurity surveys
is that those who answer the questions “self-select,” introducing
a possible source of distortion into the results. Given the data
collection problems, loss estimates are based on assumptions about
scale and effect—change the assumption and you get very different
results. These problems leave many estimates open to question.”
(Related)
Majority
of Public Companies Indicate Cyber Attack Would Cause “Serious
Harm”
News
release: “A majority of the U.S. listed Fortune 500 firms are
following the U.S. Securities and Exchange Guidelines by providing
some level of disclosure regarding cyber exposures, with more than
half indicating their firms would face “serious harm” or be
“adversely impacted” due to a cyber-attack, according to a recent
report by Willis North America, a unit of Willis Group Holdings, a
leading global risk advisor, insurance and reinsurance broker. The
Willis Fortune 500 Cyber Disclosure Report … are the results of
an effort launched last year to track organizations’ response to
SEC Guidance issued in October 2011, asking U.S. listed companies to
provide extensive disclosure on their cyber exposures. The report
found that 88% of the Fortune 500 are following SEC Guidelines as of
April 2013 and providing “some level” of disclosure regarding
cyber exposures. However, some companies within particular
industries that would seem to have exposures, were silent, Willis
said. Among those silent were: an insurance company, a
pharmaceutical company, a restaurant chain and a health care firm –
“all of which would seem to have some level of cyber risk when
compared to the disclosures of their peers,” the report said.”
[Report available here:
http://blog.willis.com/downloads/cyber-disclosure-fortune-500/
It appears that this is based on “Best
Practices” (as one would expect from Stanford). Notify early, even
if you are not yet done with your investigation. User feedback may
help you scope the problem.
Stanford
University Is Investigating An Apparent Security Breach, Urges
Community To Reset Passwords
Billy Gallagher reports:
Stanford
University urged network users to change their passwords late
Wednesday evening, explaining that it “is investigating an apparent
breach of its information technology infrastructure.”
Randall
Livingston, Stanford’s chief financial officer, emailed the entire
Stanford community, noting that Stanford does “not yet know the
scope of the intrusion.”
Read more on TechCrunch.
Alerts linked from the university’s
home page
If not a “Best Practice” at least
amusing...
Telecompaper reports:
French internet
host OVH informed its customers on 22 July that the
private data of a few hundreds of thousands of European
private and business customers had been compromised by a hacker.
Founder and CEO Octave Klaba wrote to subscribers that the internal
network of its headquarters in Roubaix was breached when a hacker
gained access to one of the system administrators’ e-mail accounts.
Using this e-mail access, the perpetrator was able to break into to
another employee’s internal VPN and then to the account of a system
administrator who handles back-office functions. [Not
sure how that chain of hacks would work... Bob]
Read more on Telecompaper.
The Register provides additional
details, here.
I love the line in OVH’s advisory:
“In short, we
were not paranoid enough so now we’re switching to a higher level
of paranoia. The aim is to guarantee and protect your
data in the case of industrial espionage that would target people
working at OVH.”
Sometimes, yes, they are out to get
you(r) data.
Even the government is starting to
gather (and use?) Best Practices...
Privacy
Best Practices for Social Media
“One of the Federal Government’s
most important missions is to provide citizens, customers, and
partners with easy access to government information and services. As
society increasingly relies on social media as a primary source for
information, it is clear that these platforms have an important role
to play in the Federal Government’s communication strategy,
including its move toward a digital, open government. Social media
allows an agency to post messages in places where people regularly
interact, and ensures it reaches interested audiences–including
audiences known to the agency a s well as those that are unknown. In
addition, social media enhances the Federal Government’s
situational awareness by enabling agencies to learn about problems
and issues being discussed by different audiences, and allowing
agencies to react, respond, and assist the public more efficiently
and effectively. Government agencies also may use social media to
fulfill their operational missions, for example, detecting and
preventing benefit fraud and abuse.”
For my students considering a run for
office?
New
Tool Puts Congressional District Statistics at Your Fingertips
“The U.S. Census Bureau has released
My Congressional District,
the first interactive tool geared exclusively toward finding basic
demographic and economic statistics for every congressional district
in the U.S. This Web app uses the latest annual statistics from the
American Community Survey, providing the most detailed portrait of
America’s towns and neighborhoods. Users can sort through
statistics in five key categories upon selection of a specific
district in the application. Summary level statistics covering
education, finance, jobs and housing, as well as basic demographic
information, can quickly be displayed, downloaded and shared with
others. A major feature of the My Congressional District app is the
ability to embed a selected 113th congressional district on a user’s
own webpage. The embedded district will display the latest
statistics from the American Community Survey, allowing visitors to
quickly view statistics for any of the 435 congressional districts
and the District of Columbia.”
Develop Apps for a phone that isn't
available yet.
Install Earth’s latest smartphone OS
on your desktop computer – if you’re a Firefox
user it’s just a couple of clicks away.
Curious about FirefoxOS,
which is for sale now? That makes sense: this open source,
royalty-free operating system is bound to pop up on phones all
over the planet eventually, but odds are a phone running it is not
yet available in your country right now. Don’t worry: you can
still give it a spin on your computer – all you need is a single
Firefox extension. With it you can run a virtual version of
FirefoxOS, and find out whether Mozilla’s smartphone operating
system is right for you, this is your chance to find out.
Google is helping the shift from cable
to Internet...
… The Chromecast connects
wirelessly to the user’s smartphone, tablet, or laptop, and can
play video and music from these devices right on their television.
With support for both iOS and Android, such devices double as a media
source and a remote control for playback.
Interesting App?
Understand
and uncover the identity of your location with a tap
“Sitegeist
is a mobile application that helps you to learn more about your
surroundings in seconds. Drawing on publicly available information,
the app presents solid data in a simple at-a-glance format to help
you tap into the pulse of your location. From demographics about
people and housing to the latest popular spots or weather, Sitegeist
presents localized information visually so you can get back to
enjoying the neighborhood. The application draws on free APIs such
as the U.S. Census, Yelp! and others to showcase what’s possible
with access to data. Sitegeist was created by the Sunlight
Foundation in consultation with design firm IDEO
and with support from the John
S. and James L. Knight Foundation. It is the third in a series
of National Data Apps.”
For my Vets...
VA
EDUCATION BENEFITS
Student Characteristics and Outcomes
Vary across Schools
… Highly
VA-funded schools generally had more positive outcomes than other
VA-funded schools. Compared to other schools, highly VA-funded
schools generally had higher retention rates (percentage of students
returning to the same school from 1 year to the next) and graduation
rates.
No comments:
Post a Comment