Friday, August 22, 2014

Update.
Jennifer LeClaire reports:
The now infamous Target data Relevant Products/Services breach is still costing the company — and its shareholders — plenty. In fact, the retailing giant forecast the December 2013 incident cost shareholders $148 million. The company also lowered its full-year earnings forecast in the wake of the breach and its stock took a hit.
Read more on CIO Today.


Rare and interesting! Security managers: Send this article to everyone in your IT department!! Management means you know what is happening (and not happening) in your system.
An update to a breach previously noted on this blog.
Anna Burlson reports:
Three North Dakota University System employees who dealt in IT security have been put on administrative leave following a massive security breach last winter.
The personal information of more than 290,000 current and past NDUS students was vulnerable for four months before the hack was noticed Feb. 7. Several agencies looked into the security breach and found that the hacked server was most likely used as a “launch pad” for an overseas entity to access other servers.
Read more on Prairie Business.
[From the article:
At a State Board of Higher Education Audit Committee meeting Thursday, Lisa Feldner, vice chancellor for information technology and institutional research, said a workplace investigation revealed some employees didn’t think server security was part of their job.
… At a March meeting of the SBHE, Feldner blamed the server breach on a lack of intrusion-detection measures. Even though she was the state’s chief information officer for seven years before joining NDUS in May 2013, Feldner told the board she was unaware the highest level of intrusion detection had not been applied to the NDUS data network.
“I didn’t realize in my former life that we weren’t part of intrusion detection at the time,” Feldner told the committee Thursday. “I thought when we put them on the network ... I thought it applied to everyone.”

(Related)
David Weldon writes:
While retailers and healthcare organizations have dominated much of the data breach media attention in recent weeks, a new study finds that the nation’s colleges and universities are at even greater risk for cyberattacks.
In an email to FierceCIO, the security firm BitSight Technologies shared highlights of its new research report, “Powerhouses and Benchwarmers: Assessing Cyber Security Performance of Collegiate Athletic Conferences.” The report finds that as a sector, the nation’s top schools are at even greater risk for security breaches than are the retail and healthcare industries.
Read more on FierceCIO. You can request the full BitSight report here. Analyzing/comparing the data by athletic conferences doesn’t thrill me, but they do provide some useful information in the report.


For my Computer Security students. The technology for stealing your credit card information is evolving. (More a risk for the backward US)
Stealthy, Razor Thin ATM Insert Skimmers
An increasing number of ATM skimmers targeting banks and consumers appear to be of the razor-thin insert variety. These card-skimming devices are made to fit snugly and invisibly inside the throat of the card acceptance slot. Here’s a look at a stealthy new model of insert skimmer pulled from a cash machine in southern Europe just this past week.
The bank that shared these photos asked to remain anonymous, noting that the incident is still under investigation. But according to an executive at this financial institution, the skimmer below was discovered inside the ATM’s card slot by a bank technician after the ATM’s “fatal error” alarm was set off, warning that someone was likely tampering with the cash machine.
… Virtually all European banks issue chip-and-PIN cards (also called Eurocard, Mastercard and Visa or EMV), which make it far more expensive for thieves to duplicate and profit from counterfeit cards. Even still, ATM skimming remains a problem for European banks mainly because several parts of the world — most notably the United States and countries in Asia and South America — have not yet adopted this standard.


Ethical Hackers: Speed up your morning commute! This is true for any “Thing” on the Internet of Things.
Traffic lights are dangerously easy to hack
Anyone with a radio hooked up to a laptop can wreak havoc by remotely changing lights at will -- or by shutting them all down. That's according to findings by computer researchers at the University of Michigan.
"There's an assumption that these devices are secure. We all just trust them so much," said Branden Ghena, a computer science PhD student at the university and the lead researcher on the study. "This is critical infrastructure. We were shocked that was going on."
Azorian Cyber Security founder Charles Tendell said it's time we start seeing traffic lights as computers -- and treating them as such. Cities seeking to save money by installing smarter, automated systems shouldn't assume the equipment is safe.
"You shouldn't install this type of system without a security audit," he said.


Some people don't have a right to anonymity.
Apple, Google and Microsoft Ordered to Remove Secret App in Brazil
Apple, Google and Microsoft, have been given 10 days to remove the Secret and Cryptic apps (the Secret app client for Windows Phone users) from their respective app stores in Brazil.
… The disciplinary action was taken by Brazilian judge Paulo Cesar de Carvalho, according to local publication 'Link' (via Apple Insider), and is thought to be a consequence of public prosecutor Marcelo Zenkner recently proposing a ban on the Secret and Cryptic apps, claiming they violated Brazilian law which prohibits anonymous freedom of expression.
… The Secret app was introduced for iOS in February this year, and for Android in May. The app allows people to share what they are thinking and feeling with friends anonymously, without revealing their identity.
For those who are unaware, the Secret app is only available for iOS and Android devices. Windows Phone users have the Cryptic app instead, which acts as a third-party client for the Secret app.


How it's done in India.
Supratim Chakraborty of Khaitan & Co. writes:
Right to privacy has long been read into Article 21 (right to life and personal liberty) of the Constitution of India. However, with the proliferating use of the internet and the exorbitant rise in transfer of data through multiple technologies, the concepts of ‘data privacy’ and ‘data protection’ have started demanding greater attention than ever before. Therefore, such concepts were introduced in the Information Technology Act, 2000 (Act) through Section 43-A (Compensation for failure to protect data) and Section 72-A (Punishment for disclosure of information in breach of lawful contract).
Section 43-A primarily deals with compensation for negligence in implementing and maintaining reasonable security practices and procedures in relation to sensitive personal data or information (SPDI). Section 72-A deals with personal information and provides punishment for disclosure of information in breach of lawful contract or without the information provider’s consent.
Read more on Lexology.


How they do it in New York.
Rejecting claims by New York City government officials that taxi drivers have virtually no right of privacy while on the job, attorneys for The Rutherford Institute have asked a federal appeals court to declare unconstitutional the practice of requiring taxi cab drivers to attach GPS devices to their taxis in order to have their movements tracked. In filing a reply brief in Hassan El-Nahal v. David Yassky, Institute attorneys are calling on the U.S. Court of Appeals for the Second Circuit to follow the U.S. Supreme Court’s recent ruling that warrantless GPS surveillance of vehicles violates the Fourth Amendment’s bar on unreasonable searches and seizures, which would thereby render the New York City Taxi and Limousine Commission’s surveillance of taxi drivers an unconstitutional violation of drivers’ Fourth Amendment rights.
Read more on The Rutherford Institute.


Building a useful resource?
From their press release:
As schools increasingly rely on data to improve education, and as teachers increasingly rely on technology in the classroom to improve the learning experience, privacy concerns are being raised about the collection and use of student data. With ‘back to school’ now in full-swing, and to address both the promise and challenges surrounding privacy and data in education, the Future of Privacy Forum (FPF) today unveiled a first-of-its-kind, one-stop shop resource website providing parents, school officials, policymakers, and service providers easy access to the laws, standards and guidelines that are essential to understanding student privacy issues and navigating a responsible path to managing student data with trust, integrity, and transparency.
Check out FERPA/SHERPA, where they’ve already seeded the site with lots of links and resources, and a blog for parents by Olga Garcia-Kaplan.


Privacy? What privacy?
The Gmail Panopticon: The End of Privacy As We Know It?
It sounds like something from George Orwell’s 1984: a man sends a private e-mail and finds himself arrested for it. The e-mail wasn’t intercepted by an investigating police officer; the man wasn’t even under suspicion before his arrest. The e-mail was analyzed by an automated system that few people know about, and the offending e-mail was brought to the attention of the authorities.
Does this sound like a world you want to live in? That world is already here—and that system was used to catch a guy sending child pornography.
… Right now, they’re scanning images for child pornography. But, as some journalists have noted, Google is bound by the laws of the countries in which it operates, which means that governments could require that they turn over other sorts of information that’s found in their scans. This might sound like a stretch, but by accepting the terms and conditions of Gmail, we’ve given Google a lot of power to do what they want with our data.


Different strokes for different folks?
Baby Boomers Are Still Playing Words With Friends
College students love their Instagram. Baby Boomers still use Yahoo Mail.
These were some of the findings of a new report from the web traffic-monitoring company ComScore, which examines the most popular apps among American smartphone users. Mobile apps are now the most popular form of computing in the United States, period—more time is spent tapping away at screens than typing on desktop computers—and the report tries to give a marketer’s sense of the American app market, assessing the most popular genres of apps and whether iPhone users tend to be mostly young or old.


Another resource for my Math students.
Video Series: Introduction to Higher Mathematics
I’ve been searching lately for videos on introduction to higher mathematics and I found one series which is particularly easy to follow and with excellent explanation. The video series is titled Introduction to Higher Mathematics by Bill Shillito. The series discusses the topics like logic, set theory, relations and functions, modular arithmetic, etc. which are needed before taking a mathematics course.


Part of my “Guide for Students Who Think They Understand Tech.”
What Is The Cloud?

No comments: