Tuesday, June 17, 2014

For my Computer Security students. Look at the tools and practices that were ignored or improperly implemented!
Cryptome has uploaded Verizon’s forensic investigation of the Stratfor hack in 2011. Their investigation began in December 2011 and was concluded in February 2012.
You can read the report here (66 pp., pdf).

(Related)
Over the past few years, I’ve seen more and more references to the idea that if breached entities have their legal counsel arrange for a forensics or breach investigation, the breach investigation would be considered privileged communications or attorney-client work. Needless to say, I am not happy at any end-run around transparency involving breach investigations. While there may well be information in those reports that should be protected lest attackers learn of significant security features or vulnerabilities that could put the entity at future risk, in many cases, companies just want to shield these reports for fear that customers or the public will be appalled at any security lapses or poor practices – or that they will use these reports in litigation against the entity.
Scott Koller of InformationLawGroup addresses the privilege issue and a ruling in U.S. ex rel Barko v Halliburton Co., and then offers some advice for counsel as to how to increase their chances of being able to claim privilege. Read his comments and suggestions on InfoLawGroup.

(Related) What is your data worth? (What if their conclusion is $0.25 per occurance?)
Press Association reports:
Patients whose personal information is misused in the new medical records data-sharing scheme should be able to sue the NHS, a new report suggests.
People whose data is lost or “irresponsibly used” under the care.data initiative should be able to claim compensation through the NHS Litigation Authority, the authors said.
The group of experts established by the Institute of Global Health Innovation at Imperial College London, with a grant from the Peter Sowerby Foundation, said the programme is “essential to improve care”.
Read more on Yahoo! UK & Ireland.


Oops!
Ali Winston reports that as a lawsuit concerning a stop based on an erroneous license plate reading goes to trial in California, privacy and accuracy concerns continue to grow.
Documents obtained by the Center for Investigative Reporting show that a leading maker of license-plate readers wants to merge the vehicle identification technology with other sources of identifying information. Vigilant Solutions is pushing a system that eventually could help fuse public records, license plates and facial recognition databases for police in the field.
Livermore firm
The Livermore company released facial recognition software last year for use in stationary and mobile devices. The technology uses algorithms to determine whether a person’s face matches that of someone in a law enforcement database. Like license-plate readers, privacy advocates say, the technology can make incorrect identifications that ensnare innocent people.
Read more on SFGate.


See what others have spied on?
– is a Google Maps mashup where you can view YouTube videos of drone coverage. These are not military drones or promotional drones, but rather personal drones belonging to private individuals. All videos are hosted on YouTube, and you can see on the map where the footage was captured. Just click on one to watch the video footage.


Several articles that illustrate different aspects of the Internet of Things. First, a few cautions. What happens in a “cell phone free” zone? Or on airplanes? Or when a “push” update crashes the phone? Or when hackers encrypt the software and demand “ransom?” Now the loss of your smartphone goes from annoying to life threatening.
'Bionic Pancreas' Astonishes Diabetes Researchers
A “bionic pancreas” that uses a smart phone, glucose monitor and insulin pump to automatically control blood sugar levels helped more than two dozen people live free of finger pricks and other troublesome reminders of diabetes, researchers reported Sunday.
And the system controlled their blood sugar levels far better than they could have done on their own, the researchers told a meeting of the American Diabetes Association.
… The team’s been working on making an artificial pancreas for years, and the first human studies started in 2008. Their device monitors blood sugar — standing in for the fingerprick test that people with diabetes must do many times a day. It delivers insulin when needed and in the right amounts — something diabetics must do several times a day either with a syringe or by pressing a button on an insulin pump.
And it does something extra — it delivers another hormone called glucagon, which brings blood sugar back up when it’s too low.
… It was specifically the iPhone 4, with a low-energy Bluetooth signal that could be used to help the various components of the device communicate.


Would you be crushed if no one subscribed? (Would you be stalked if they did?)
Google Glass App Broadcasts Your Life For Cash
A new Google Glass app will allow people to live stream their lives – and even charge people a fee to watch.
Livelens has launched a version of its app for the pioneering device which can share video in real-time from the head-mounted display.
The app includes social features such as commenting on videos, as well as liking them.
Users can also monetise their live streams by charging people to watch their videos, a potential area of income for celebrities.


Will anyone test and certify “Things” or do we rely on the manufacturers?
Nest Protect alarm back on sale, now without the dangerous glitch
After being pulled from shelves due to safety concerns, the Nest Protect smart smoke alarm is now available to buy once again.
The alarm was pulled after Nest discovered a glitch in the Wave feature that could deactivate the alarm without the owner even realising - thus completely defeating the point of a smoke alarm.

No comments: