We've been hearing hint
that retailers other than Target have been hacked. Could that be the
source?
Jim Finkle reports:
A
cybersecurity firm said on Tuesday that it uncovered stolen
credentials from some 360 million accounts that are available for
sale on cyber black markets, though it is unsure where they came from
or what they can be used to access.
The
discovery could represent more of a risk to consumers and companies
than stolen credit card data because of the chance the sets of user
names and passwords could open the door to online bank accounts,
corporate networks, health records and virtually any other type of
computer system.
Alex
Holden, chief information security officer of Hold Security LLC, said
in an interview that his firm obtained the data over the past three
weeks, meaning an unprecedented amount of stolen credentials is
available for sale underground.
Read more on Reuters.
(Related)
Danny Yadron reports:
Verizon
Communications Inc. is investigating possible security breaches at
two unnamed retailers that appear similar to intrusions at other
merchants late last year, a Verizon official said.
Bryan
Sartin, director of the research, investigations, solutions,
knowledge team at Verizon’s enterprise solutions unit, said the
retailers involved in the newly discovered breaches haven’t yet
disclosed them.
“We’ve
been brought into other situations as the investigator,” Mr.
Sartin said in an interview with The Wall Street Journal. “The
findings already substantiate a very real link between these later
situations and something that recently happened.”
[...]
The
retailers involved in the newly discovered breaches were contacted by
the U.S. Secret Service and then contacted Verizon’s investigative
team last week, Mr. Sartin said.
Read more on WSJ.
So if there are two
more large retail breaches, and 360M new credentials that Hold
Security discovered on the black market, are the two reports
connected? The Hold Security report didn’t mention payment card
data, so it’s possible they’re not related, but then again, who
knows?
Sometimes it's not what
you bring to the table, but what you don't have to bring to the
table. Old technologies are increasingly mired in regulation while
newer, faster moving tech remains relatively bureaucrat free.
http://www.telegraph.co.uk/finance/newsbysector/mediatechnologyandtelecoms/telecoms/10663911/Facebooks-WhatsApp-deal-has-unnerved-phone-companies.html
Facebook’s
WhatsApp deal has unnerved phone companies
… Holding court on
the fringes of the conference, Vittorio Colao, the chief executive of
Vodafone, summed up the frustration caused by the regulators. He was
asked about his views on ongoing mobile network mergers in Ireland
and Germany, which are seen as test cases for a consolidation of
European mobile networks.
He replied: “There is
a guy [Zuckerberg] who has a billion users and has just bought half a
billion users [WhatsApp] and I have to talk about Ireland.”
Colao’s favourite
tactic in his long-running battle with European regulators is to cite
the total number of government bodies Vodafone has to deal with
across the continent: 187.
… In the meantime,
European operators will continue to make poor returns compared with
their American and Asian counterparts. They can only look on
jealously as the likes of WhatsApp, which are relatively unencumbered
by competition, radio spectrum, infrastructure and tax regulations,
erode their revenues.
… It is the scale
of the industry that led Zuckerberg to pay $19bn for WhatsApp. While
the price has been raising eyebrows all week, most senior telecoms
executives who rode the dotcom wave in the late 1990s and suffered
the crash do not believe it is a bad bet.
WhatsApp
is already eroding their texting revenues. In Barcelona
its co-founder Jan Koum, made a billionaire seven times over by the
deal, announced that within weeks it will introduce
free voice calls to the app’s 465m users. All of this
over the mobile internet infrastructure that is costing operators
billions to build.
“Papers, comrade
citizen.” I would expect the value of these checkpoints to drop
very quickly as word gets out. There must be some value – why not
tell the residents what it is? (How wide is the “border”
anyway?)
Residents
in Arizona town push to remove 'militaristic' border checkpoint
Residents of the
southern Arizona town of Arivaca are monitoring a U.S. Border Patrol
checkpoint to see how many arrests and drug seizures are made in a
bid to remove longstanding interior checkpoints on the roads leading
into the town.
Arivaca residents say
they are regularly subjected to delays, searches, harassment and
racial profiling at the checkpoints.
… A Border Patrol
spokesman says the agency won't release data for individual
checkpoints. The agency, which describes the checkpoint as temporary
despite it being in place for several years, told The Los Angeles
Times they have no plans to remove it.
If this is true...
NSA
Mass Surveillance Useless, Former Bush Official Says
The National Security
Agency's telephone-metadata collection program has been completely
useless at preventing terrorist attacks, a prominent former
government official said yesterday (Feb. 25).
Speaking on a panel at
the RSA security conference here, former White House
national-security official Richard Clarke refuted the government's
claim that 55 possible terrorist incidents had been stopped by the
metadata program, called Section 215 after the language in the USA
Patriot Act that made it possible.
(Related) ...this
would seem crazy.
Julian Hattem reports:
The
National Security Agency (NSA) wants to extend the amount of time
that it can hold on to people’s phone records.
In
a court filing on Wednesday, the Justice Department said the spy
agency needs to keep the metadata beyond its current five-year limit
to deal with a handful of lawsuits challenging the legality of its
controversial surveillance program.
Read more on The
Hill.
If the cops can't
search phones, will teachers continue to do it? (I'll bet you they
will keep doing it!)
I wouldn’t say
the court “expanded” cell phone privacy rights as much as
properly recognized them.
Chuck Lindell reports:
Expanding
the notion of privacy rights in the digital age, the state’s
highest criminal court ruled Wednesday that police improperly
searched a Huntsville student’s cell phone without a warrant, even
though the device had been sitting in a jail property room.
The
8-1 ruling by the Court of Criminal Appeals rejected prosecutors’
arguments that officials may search any item that belongs to a jail
inmate if there is probable cause to believe a law had been broken.
[...]
In
its ruling Wednesday, the Court of Criminal Appeals rejected
prosecution arguments that a cell phone is no different from other
containers, such as a pair of pants or bag of groceries,
that lack privacy protections and can be searched in jail.
The
warrantless search of Granville’s cell phone violated the U.S.
Constitution’s protection against unreasonable search and seizure —
“the right of the people to be secure in their persons, houses,
papers and effects” as guaranteed by the Fourth Amendment, the
court ruled.
Read more on
American-Statesman.
Do we know of any
strategic (educational) need for “identification numbers?” Looks
like the outside testing company is controlling this.
Trevon Milliard
reports:
Every
single child in Nevada public schools will soon be assigned an
identification number and tracked in detail from preschool through
high school to college under the combined efforts of a trio of state
departments creating a super-data system.
The
system will be completed by July 2015 and will track individual test
scores and personal information including birth date, ethnicity,
whether a student lives in poverty, speaks English as a second
language or is classified as special education. It’s called the
Statewide Longitudinal Data System — SLDS for short — and it has
more than parents concerned.
Read more on Las
Vegas Review-Journal.
Meanwhile in Kansas,
Bryan Lowry reports
bipartisan support for a state law to protect student data privacy:
Democrats
and Republicans are backing a bill meant to protect electronic data
compiled by schools from being misused.
Senate
Education Committee gave unanimous support Tuesday to Senate Bill
367, known as the Student Data Privacy Act.
The
bill would ensure that data collected on students can be shared only
with parents and authorized personnel from school districts, the
Board of Regents and state agencies. It [prevents? Bob]
school districts from collecting biometric data, such as finger
prints or DNA.
Too restrictive?
Wim Nauwelaerts, of
Hunton & Williams writes:
In
January 2014, the Belgian Privacy Commission published a set of
guidelines on the privacy implications of using dashboard mounted
cameras in vehicles (‘‘dash cams’’) and the processing of
video footage and images captured by dash cams. The Privacy
Commission decided to issue these guidelines in response to the
increasing dissemination of dash cam videos and images through
various media (including social media such as Facebook).
[…]
Its
January 2014 guidance focuses on the three main purposes for which
dash cams are often used, and sets out the dos and don’ts for each
of these purposes.
Read more on
Hunton.com.
[The
“three main uses,” from the article:
Dash
Cams as Evidence in Traffic Cases
Dash
Cams for Recreational Use
Dash
Cams and Portrait Rights
Well, it's a thought –
and there's not a lot of thinking going on.
Michael Froomkin
writes:
I
just uploaded a draft of my new paper, Regulating
Mass Surveillance as Privacy Pollution: Learning from Environmental
Impact Statements to SSRN. Be the first on your block to read
it!
Here’s the abstract:
US
law has remarkably little to say about mass surveillance in public, a
failure which has allowed the surveillance to grow at an alarming
rate — a rate that is only set to increase. This article proposes
‘Privacy Impact Notices’ (PINS) — modeled on Environmental
Impact Statements — as an initial solution to this problem.
No comments:
Post a Comment