Update.
Jennifer
LeClaire reports:
The now infamous Target data Relevant Products/Services breach is
still costing the company — and its shareholders — plenty. In
fact, the retailing giant forecast the December 2013 incident cost
shareholders $148 million. The company also lowered its full-year
earnings forecast in the wake of the breach and its stock took a hit.
Read
more on CIO
Today.
Rare
and interesting! Security managers: Send this article to everyone in
your IT department!! Management means you know what is happening
(and not happening) in your system.
An
update to a breach previously
noted
on this blog.
Anna
Burlson reports:
Three North Dakota University System employees who dealt in IT
security have been put on administrative leave following a massive
security breach last winter.
The personal information of more than 290,000 current and past NDUS
students was vulnerable for four months before the hack was noticed
Feb. 7. Several agencies looked into the security breach and found
that the hacked server was most likely used as a “launch pad” for
an overseas entity to access other servers.
Read
more on Prairie
Business.
[From
the article:
At a
State Board of Higher Education Audit Committee meeting Thursday,
Lisa Feldner, vice chancellor for information technology and
institutional research, said a workplace investigation revealed some
employees didn’t think server security was part of their job.
…
At a March meeting of the SBHE, Feldner blamed the server breach on
a lack of intrusion-detection measures. Even
though she was the state’s chief information officer for seven
years before joining NDUS in May 2013, Feldner told the board she was
unaware the highest level of intrusion detection had not been applied
to the NDUS data network.
“I
didn’t realize in my former life that we weren’t part of
intrusion detection at the time,” Feldner told the committee
Thursday. “I thought when we put them on the network ... I thought
it applied to everyone.”
(Related)
David
Weldon writes:
While retailers and healthcare organizations have dominated much of
the data breach media attention in recent weeks, a new study finds
that the nation’s colleges and universities are at even greater
risk for cyberattacks.
In an email to FierceCIO,
the security firm BitSight Technologies shared highlights of its new
research report, “Powerhouses and Benchwarmers: Assessing Cyber
Security Performance of Collegiate Athletic Conferences.” The
report finds that as a sector, the nation’s top schools are at even
greater risk for security breaches than are the retail and healthcare
industries.
Read
more on FierceCIO.
You can request the full BitSight report here.
Analyzing/comparing the data by athletic conferences doesn’t
thrill me, but they do provide some useful information in the report.
For
my Computer Security students. The technology for stealing your
credit card information is evolving. (More a risk for the backward
US)
Stealthy,
Razor Thin ATM Insert Skimmers
An
increasing number of ATM skimmers targeting banks and consumers
appear to be of the razor-thin insert variety. These card-skimming
devices are made to fit snugly and invisibly inside the throat of the
card acceptance slot. Here’s
a look at a stealthy new model of insert skimmer pulled from a cash
machine in southern Europe just this past week.
The
bank that shared these photos asked to remain anonymous, noting that
the incident is still under investigation. But according to an
executive at this financial institution, the skimmer below was
discovered inside the ATM’s
card slot by a bank technician after the ATM’s “fatal
error” alarm was set off, warning that someone was likely tampering
with the cash machine.
… Virtually all European banks issue chip-and-PIN cards (also
called Eurocard, Mastercard and Visa or EMV),
which make it far more expensive for thieves to duplicate and profit
from counterfeit cards. Even still, ATM skimming remains a problem
for European banks mainly because several parts of the world — most
notably the United States and countries in Asia and South America —
have not yet adopted this standard.
Ethical
Hackers: Speed up your morning commute! This is true for any “Thing”
on the Internet of Things.
Traffic
lights are dangerously easy to hack
Anyone
with a radio hooked up to a laptop can wreak havoc by remotely
changing lights at will -- or by shutting them all down. That's
according to findings
by computer researchers at the University of Michigan.
"There's
an assumption
that these devices are secure. We all just trust them so much,"
said Branden Ghena, a computer science PhD student at the university
and the lead researcher on the study. "This is critical
infrastructure. We were shocked that was going on."
…
Azorian
Cyber Security founder Charles Tendell said it's time we start
seeing traffic lights as computers -- and treating them as such.
Cities seeking to save money by installing smarter, automated systems
shouldn't assume the equipment is safe.
"You
shouldn't install this type of system without a security audit,"
he said.
Some
people don't have a right to anonymity.
Apple,
Google and Microsoft Ordered to Remove Secret App in Brazil
Apple,
Google and Microsoft, have been given 10 days to remove the Secret
and Cryptic apps (the Secret app client for Windows Phone users) from
their respective app stores in Brazil.
…
The disciplinary action was taken by Brazilian judge Paulo Cesar de
Carvalho, according to local publication 'Link'
(via
Apple Insider), and is thought to be a consequence of public
prosecutor Marcelo Zenkner recently proposing a ban on the Secret and
Cryptic apps, claiming they
violated Brazilian law which prohibits anonymous freedom of
expression.
…
The Secret app was introduced
for iOS in February this year, and for Android
in May. The app allows people to share what they are thinking
and feeling with friends anonymously, without revealing their
identity.
For
those who are unaware, the Secret app is only available for iOS
and Android devices.
Windows Phone users have the Cryptic app instead, which acts as a
third-party client for the Secret app.
How
it's done in India.
Supratim
Chakraborty of Khaitan & Co. writes:
Right to privacy has long been read into Article 21 (right to life
and personal liberty) of the Constitution of India. However, with
the proliferating use of the internet and the exorbitant rise in
transfer of data through multiple technologies, the concepts of ‘data
privacy’ and ‘data protection’ have started demanding greater
attention than ever before. Therefore, such concepts were introduced
in the Information Technology Act, 2000 (Act) through Section 43-A
(Compensation for failure to protect data) and Section 72-A
(Punishment for disclosure of information in breach of lawful
contract).
Section 43-A primarily deals with compensation for negligence in
implementing and maintaining reasonable security practices and
procedures in relation to sensitive personal data or information
(SPDI). Section 72-A deals with personal information and provides
punishment for disclosure of information in breach of lawful contract
or without the information provider’s consent.
Read
more on Lexology.
How
they do it in New York.
Rejecting claims by New York City government
officials that taxi drivers have virtually no right of privacy while
on the job, attorneys for The Rutherford Institute have asked a
federal appeals court to declare unconstitutional the practice of
requiring
taxi cab drivers to attach GPS devices to their taxis
in order to have their movements tracked. In filing a reply brief in
Hassan El-Nahal v. David Yassky,
Institute attorneys are calling on the U.S. Court of Appeals for the
Second Circuit to follow the U.S. Supreme Court’s recent ruling
that warrantless GPS surveillance of vehicles violates the Fourth
Amendment’s bar on unreasonable searches and seizures, which would
thereby render the New York City Taxi and Limousine Commission’s
surveillance of taxi drivers an unconstitutional violation of
drivers’ Fourth Amendment rights.
Read
more on The
Rutherford Institute.
Building
a useful resource?
From
their press
release:
As schools increasingly rely on data to improve education, and as
teachers increasingly rely on technology in the classroom to improve
the learning experience, privacy concerns are being raised about the
collection and use of student data. With ‘back to school’ now in
full-swing, and to address both the promise and challenges
surrounding privacy and data in education, the Future of Privacy
Forum (FPF) today unveiled a first-of-its-kind, one-stop shop
resource website
providing parents, school officials, policymakers, and service
providers easy access to
the laws, standards and guidelines that are essential to
understanding student privacy issues and navigating a
responsible path to managing student data with trust, integrity, and
transparency.
Check
out FERPA/SHERPA,
where they’ve already seeded the site with lots of links and
resources, and a blog for parents by Olga Garcia-Kaplan.
Privacy?
What privacy?
The
Gmail Panopticon: The End of Privacy As We Know It?
It
sounds like something from George Orwell’s 1984: a man
sends a private e-mail and finds himself arrested for it. The e-mail
wasn’t intercepted by an investigating police officer; the
man wasn’t even under suspicion before his arrest. The
e-mail was analyzed by an automated system that few people know
about, and the offending e-mail was brought to the attention of the
authorities.
Does
this sound like a world you want to live in? That world is already
here—and that system was used to catch a
guy sending child pornography.
…
Right now, they’re scanning images for child pornography. But, as
some journalists have noted, Google is bound by the laws
of the countries in which it operates, which means that
governments could require that they turn over other sorts of
information that’s found in their scans. This might sound like a
stretch, but by accepting the terms and conditions of Gmail, we’ve
given Google a lot of power to do what they want with our data.
Different
strokes for different folks?
Baby
Boomers Are Still Playing Words With Friends
College
students love their Instagram. Baby Boomers still use Yahoo Mail.
These
were some of the findings of a
new report from the web traffic-monitoring company ComScore,
which examines the most popular apps among American smartphone users.
Mobile apps are now the most popular form of computing in the United
States, period—more time is spent tapping away at screens than
typing on desktop computers—and the report tries to give a
marketer’s sense of the American app market, assessing the most
popular genres of apps and whether iPhone users tend to be mostly
young or old.
Another
resource for my Math students.
Video
Series: Introduction to Higher Mathematics
I’ve
been searching lately for videos on introduction to higher
mathematics and I found one series which is particularly easy to
follow and with excellent explanation. The video series is titled
Introduction
to Higher Mathematics by Bill Shillito. The series
discusses the topics like logic, set theory, relations and functions,
modular arithmetic, etc. which are needed before taking a
mathematics course.
Part
of my “Guide for Students Who Think They Understand Tech.”
What
Is The Cloud?
No comments:
Post a Comment