DHS
has lost similar data before. If I wanted to slip an agent into the
DHS (can't imagine why I would) the is the information I would want
to analyze to create the perfect background profile.
Ellen
Nakashima reports:
A major U.S. contractor that conducts background checks for the
Department of Homeland Security has suffered a
computer breach that likely resulted in the theft of employees’
personal information, officials said Wednesday.
The company, USIS, said in a statement that the
intrusion “has all the markings of a state-sponsored attack.”
The breach, discovered recently, prompted DHS to suspend all work
with USIS as the FBI launches an investigation. It’s unclear how
many employees were affected, but officials
said they believe the breach did not affect employees outside DHS.
[So was DHS
specifically targeted or is DHS their only client? Bob]
Still, the Office of Personnel Management has also suspended work
with the company “out of an abundance of caution,”a senior
administration official said.
Read
more on Washington
Post, keeping in mind as you read the rest of her report that
Anonymous
claims that not only did China hack OPM in March, but it had
hacked OPM, too. OPM has not confirmed nor denied that claim.
Gosh
Mr Science, could this happen in the US too?
Kate
Fulton reports:
The UK’s privacy watchdog has fired a warning to barristers and
solicitors following a spate of data protection breaches by legal
professionals.
In a blog
post, the ICO wrote that 15 incidents involving legal
professionals breaching the Data Protection Act (DPA) have been
reported in the last three months.
Read
more on TechRadar.
[From
the article:
"We
have published some top tips to help barristers and solicitors look
after the personal information they handle. These measures will set
them on the road to compliance and help them get the basics right."
Tools
& Techniques for my Computer Security students.
LogRhythm
Launches Honeypot Security Analytics Suite
Just
weeks after announcing that it had raised
$40 million in a new round of equity financing, SIEM and security
intelligence vendor LogRhythm has released a new analytics suite that
monitors honeypots in order to detect and track would-be attackers.
According
to the Boulder, Colorado-based
Company, the suite enables customers to analyze nefarious
tactics and generate targeted threat intelligence.
Designed
to look like production servers but left vulnerable on purpose,
Honeypots are isolated decoy systems and services used to deceive and
detect attackers.
The
new Honeypot
Security Analytics Suite helps LogRhythm customers deploy
honeypots to attract opportunistic hackers and then capture network
and log activity stemming from the honeypots. By deploying
honeypots, organizations can detect various evolving attacks –
including advanced zero-day malware, brute force attacks and emerging
nefarious payloads, the company said.
It's
what you don't know that hurts you. My wife buys vitamins and other
supplements for her horse and our dogs. What group does that put us
in?
Too
much soft cheese may directly impact your health insurance premiums
…
You shop at the supermarket and you give them your loyalty card
because you’re constantly told that this practice will give you
some amount of monetary return. It also gives the supermarket the
ability to monitor your purchasing habits. Now keep in mind that you
are a known quantity; your name, your contact details and various
other personally identifiable data points about you as an individual.
Now
you go and apply for insurance with an organisation that has access
to this data, whether that be because both companies are under the
same umbrella or that the fine print none of us ever read when you
signed up for the loyalty card said it could be shared with partners.
You buy too much crap – soft drinks, chips, high-fat foods – and
you’re also buying vitamins to treat high blood pressure and
elevated cholesterol. Then you apply for life insurance.
Or
perhaps your shopping habits put you squarely into a particular
ethnic bracket; the foods you eat, the magazines you buy, the
medicines you choose and so on and so forth. Studies show this
ethnic group also has a higher propensity of at-fault claims on their
motor vehicle insurance. Now you want to insure your new wheels.
I
offer you a new term, “Creep-nology” Really creepy technology.
Douglas
Macmillan reports:
Hiding in Foursquare’s revamped mobile app is a feature some users
might find creepy: It tracks your every movement, even when the app
is closed.
Starting today, users who download or update the Foursquare app will
automatically let the company track their GPS coordinates any time
their phone is powered on. Foursquare
previously required users to give the app permission to turn on
location-tracking. Now users must change a setting within the app to
opt out.
Read
more on WSJ.
A
TED video.
The
dark secrets of a surveillance state
Tour the deep dark world of the East German state security agency
known as Stasi. Uniquely powerful at spying on its citizens, until
the fall of the Berlin Wall in 1989 the Stasi masterminded a system
of surveillance and psychological pressure that kept the country
under control for decades. Hubertus Knabe studies the Stasi — and
was spied on by them. He shares stunning details from the fall of a
surveillance state, and shows how easy it was for neighbor to turn on
neighbor.
Et
tu, Bill?
Microsoft
Is Scanning Your Online Images
You’ll
be pleased to discover it isn’t just Google
scanning your emails for evidence of illegal activity; Microsoft
is doing exactly the same thing. In the same way Google tipped off
the authorities about child pornography allegedly being shared via
Gmail, Microsoft did the same when it discovered abuse images
allegedly being
stored on OneDrive.
Microsoft’s
Terms of Service explicitly state that the company will use
“automated technologies to detect child pornography or abusive
behaviour that might harm the system, our customers, or others.”
However, regardless of the vile nature of the images being shared,
this still raises questions over the right to privacy when using
cloud services.
For
my Computer Security students. Would you like the poster or the
T-shirt?
Passwords
Are Like Underwear—They Aren’t Meant to Be Shared
…
Software vendor IS Decisions has recently published a report
entitled “From
Brutus To Snowden: A Study Of Insider Threat Personas” in which
the company looks at workers’ habits, behavior and attitudes around
topics including password sharing and network access. The company
surveyed 1,000 people in the U.S. and another 1,000 in the U.K. to
compile the report’s data.
IS
Decisions found that while information security teams spend the
majority of their time defending against attacks from outside the
organization, the threat from within the organization is not
considered seriously enough. The report looks at hypothetical
“personas” based on worker demographics to help companies
understand who is most likely to share a password with someone or
exhibit other behavior that can put a network at risk.
…
I’ll leave it to you to read
the report and draw your own lessons from it, but I will close
with this interesting bit of advice from an infographic in the
report:
Passwords
are like underwear.
- Change yours often.
- Don’t share them with friends.
- The longer, the better.
- Be mysterious.
- Don’t leave yours lying around.
To
delink or not to delink. The data itself is fine, but no one can
point users to it?
Wikimedia
Blasts Europe's 'Right to Be Forgotten'
The
Wikimedia Foundation on Wednesday released its first-ever
transparency report -- and along with it a protest against Europe's
"right
to be forgotten" law. Wikimedia is the nonprofit owner of
Wikipedia and other sites.
"Last
week, the Wikimedia Foundation began receiving notices that certain
links to Wikipedia content would no longer appear in search results
served to people in Europe," wrote Wikimedia General Counsel
Geoff Brigham and Legal Counsel Michelle Paulson.
"Denying
people access to relevant and neutral information runs counter to the
ethos and values of the Wikimedia movement," they added. "The
Wikimedia Foundation has made a statement opposing the scope of the
judgment and its implications for free knowledge."
…
"I think they're overstating the case," John Simpson,
director of Consumer
Watchdog's Privacy Project, told TechNewsWorld. "I don't
think they understand the privacy issues involved."
Meanwhile,
the professionals (e.g.
http://www.law.du.edu/index.php/privacy-foundation
) are slowly running out of funding.
Consumer
Privacy Organizations Oppose Farcical Class Action Settlement
by
Sabrina I.
Pacifici on Aug 6, 2014
“EPIC,
along with a group of consumer privacy organizations, has asked
the Federal Trade Commission to object
to an unfair class action settlement in California federal court. In
2010, Google was sued for sharing user web browsing information with
advertisers. Under the proposed
settlement agreement, Google will
distribute several million dollars to a handful of organizations,
many
of which already have ties to the company.
EPIC and other privacy organizations have argued that the proposed
agreement “confers no monetary relief to class members, compels no
change in Google’s behavior, and misallocates
the cy pres distribution”
to organizations that are “not aligned with the interests of class
members and do not further the purpose of the litigation.” The
consumer groups, who have already written
to the court opposing the
settlement, urged the Federal Trade Commission to object as well.
The agency filed
a similar objection in Fraley
v. Facebook, an unfair class action
settlement in the Ninth Circuit. For more information, see EPIC:
FTC and EPIC:
Search Engine Privacy.”
Why
has PETA refused to become involved?
Photographer
'lost £10,000' in Wikipedia monkey 'selfie' row
A
photographer involved in a copyright row with Wikipedia over a monkey
"selfie" says he has lost £10,000 in income over two years
because of it.
David
Slater, from Coleford in the Forest of Dean, said the web-based
encyclopaedia had repeatedly refused to remove the image from its
site.
He
said there had been no interest from anyone in buying the image since
it was declared to be in the "public domain".
The
site said Mr Slater did not own the copyright as he did not take the
photo.
…
The debate about the picture resurfaced on Wednesday as the
Wikipedia Foundation published
its first transparency report - following a similar practice by
Google, Twitter and others.
Perhaps
we could recreate the full survey here. I'd bet our students would
out score those kids. (I did)
Technology
knowledge -- it's all downhill after you're 14
A
new study by the UK's communications regulator Ofcom
finds that the "millennium generation" of 14-15 year olds
are the most technology aware group but as we get older digital
knowledge begins to decline.
The
study of 2,000 adults and 800 children measured confidence and
knowledge of communications technology to calculate a Digital
Quotient (DQ) with the average UK adult scoring 100.
Today's
14 year olds have a DQ of 113 and are the first generation to have
grown up with the benefits of broadband, probably never knowing the
pleasures of dial-up internet. People in their 40s have a DQ in the
high 90s, around the same as a modern six-year-old. Over 70s score a
DQ in the 80s. You can try this out for yourself and see how you
compare with a quick three
minute taster test.
…
You can find out more about the results of the survey on the Ofcom
website.
Apparently
we're not teaching everything future tech workers will need.
AI,
Robotics, and the Future of Jobs
by
Sabrina I.
Pacifici on Aug 6, 2014
Pew
Report – “The vast majority of respondents to the 2014 Future of
the Internet canvassing anticipate that robotics and artificial
intelligence will permeate wide segments of daily life by 2025, with
huge implications for a range of industries such as health care,
transport and logistics, customer service, and home maintenance. But
even as they are largely consistent in their predictions for the
evolution of technology itself, they are deeply divided on how
advances in AI
and robotics will impact the economic and employment
picture over the next decade. We call this a canvassing because it
is not a representative, randomized survey. Its findings emerge from
an “opt in” invitation to experts who have been identified by
researching those who are widely quoted as technology builders and
analysts and those who have made insightful predictions to our
previous queries about the future of the Internet. (For more
details, please see the section “About
this Report and Survey.”)
We
still have a few design students finishing their program. I can't do
what they do, so I find tools like this to trade for future design
favors.
–
Create vector graphic design with YouiDraw online. It’s like Adobe
Illustrator or CorelDraw but it works with HTML5 and Google Drive.
So there’s no software to download and you can access your work
anytime, anywhere. An Online Logo Maker is available for creating
high quality vector graphics, headings, HTML5 logos, icons, web site
elements and buttons by hundreds of templates and styles.
(Related)
Oh look, another one!
–
if you are into blogging or publishing in any way, then you will need
a constant supply of royalty-free photos. One such source for this
is Raumrot which is a site of free high-resolution photos you can
download for any personal or commercial project. Each photo is
categorized and links to the larger version on Flickr.com.
Another
tool for my Math students.
Find
More Than 4,000 Math Lessons on Open Curriculum
Open
Curriculum is a new entry into the lesson depot market. Like
similar sites, Open Curriculum offers a collection of thousands of
resources for teaching mathematics. You browse the Open Curriculum
resource lists according to grade level and topic.
…
Open
Curriculum provides more than just a collection of mathematics
lesson materials. In your Open Curriculum account you can create and
share your own lessons and units of study. You can also upload
existing materials to incorporate into the lessons and units that you
create in Open Curriculum.
…
The sharing aspect of Open Curriculum could be useful for large
departments that are looking for a place to share materials that they
like and create with each other.
For
my students. Could be more fun that a formal presentation. (Perfect
for math problems?)
Google
Acquires Directr, An App For Shooting Short Films On Your Phone
Directr,
an app that we’ve covered
a few
times since its launch back in 2012, has just been snatched up by
Google.
In
an age of ultra-brief videos, Directr existed to help users and
businesses shoot videos that were a bit longer than your average Vine
— think ads, or promo clips, or family holiday videos.
Perhaps
my idea to have my students write their own textbook isn't so great
after all.
No comments:
Post a Comment