For
my Ethical Hackers. Something fishy here! According to their
website, http://www.invocode.com/,
law enforcement agencies use their software “to keep track of
offenders on parole.” Corporations use it to monitor employee
cellphone use. It appears that the marketing rather than the
software functions are what is tipping this into “illegal”
territory.
Spyware
executive arrested, allegedly marketed mobile app for “stalkers”
The
chief executive officer of a mobile spyware maker was arrested over
the weekend, charged with allegedly illegally marketing an app that
monitors calls, texts, videos, and other communications on mobile
phones "without detection," federal prosecutors said.
The
government said the prosecution
[PDF] of Hammad Akbar, 31, of Pakistan, was the "first-ever"
case surrounding advertising and the sales of mobile spyware
targeting adults—in this case an app called StealthGenie.
“Selling
spyware is not just reprehensible, it’s a crime,” Assistant
Attorney General Leslie Caldwell said
in a statement. “Apps like StealthGenie are expressly
designed for use by stalkers and domestic abusers who want to know
every detail of a victim’s personal life—all without
the victim’s knowledge."
…
The app, which the government said took minutes to install, required
"physical control" of the phone.
"The
purchaser could then review communications intercepted from the
monitored phone without ever again having physical control over the
phone," the government said.
While
parents may use surveillance software to monitor their minor
children's mobile phones, InvoCode also marketed the spyware to
"potential purchasers who did not have any ownership interest in
the mobile phone to be monitored, including those suspecting a spouse
or romantic partner of infidelity."
(Related)
A review of mobile tracking Apps concludes, “StealthGenie – It
simply isn’t worth the money!” Are they arresting the creators
of the Apps that work better?
Mobile
Tracking Software
(Related)
Although these guys rate it at about the middle of the pack.
Chili
Reviews
Phone
Monitoring Software Companies Reviews - September 2014
Similar
to Jimmy John's? Another case of “We don't know what happened.
Oh, and before we forget completely, here one that happen earlier...”
Another
Card System Hack at Supervalu, Albertsons
Card
data of Supervalu and Albertsons shoppers may be at risk in another
hack, the two supermarket companies said Monday.
The
companies said that in late
August or early September, malicious software was
installed on networks that process credit and debit card transactions
at some of their stores.
…
The companies also
disclosed a data breach in August. They said the two
incidents are separate. Supervalu said that incident may have
affected as many as 200 grocery and liquor stores. It said hackers
accessed a network that processes Supervalu transactions, with
account numbers, expiration dates, card holder names and other
information.
That
breach occurred between June 22 and July 17, and Supervalu said it
immediately began working to secure that portion of its network. The
companies said Monday that they are still investigating that incident
and don't know if
cardholder data was taken.
Definitely
an article for my Intro to Computer Security students. (and not just
because punctuation matters) As always, read it from the source.
We
Take Your Privacy and Security. Seriously.
“Please
note that [COMPANY NAME] takes the security of your personal data
very seriously.” If you’ve been on the Internet for any length
of time, chances are very good that you’ve received at least one
breach notification email or letter that includes some version of
this obligatory line. But as far as lines go, this one is about as
convincing as the classic break-up line, “It’s not you, it’s
me.”
I
was reminded of the sheer emptiness of this corporate breach-speak
approximately two weeks ago, after receiving a snail mail letter from
my Internet service provider — Cox Communications. In its letter,
the company explained:
“On or about Aug. 13, 2014, “we learned that one of our customer
service representatives had her account credentials compromised by an
unknown individual.
…
So, I called the number on the back of the letter, and was directed
to Stephen Boggs, director of public affairs at Cox.
Boggs
said that the trouble started after a female customer account
representative was “socially engineered” or tricked into giving
away her account credentials to a caller posing as a Cox tech support
staffer. Boggs informed me that I was one of just 52 customers whose
information the attacker(s) looked up after hijacking the customer
service rep’s account.
The
nature of the attack described by Boggs suggested two things: 1) That
the login page that Cox employees use to access customer information
is available on the larger Internet (i.e., it is not an internal-only
application); and that 2) the customer support representative was
able to access that public portal with nothing more than a username
and a password.
Boggs
either did not want to answer or did not know the answer to my main
question: Were Cox customer support employees required to use
multi-factor or two-factor authentication to access their accounts?
(Related)
“Our security is so good, you can break it by 'accident.'”
Debra
O’Connor reports:
State computer experts found no evidence of criminal activity when
private student data was exposed on the website of a student loan
program, according to the Minnesota Office of Higher Education.
“We did the big deep-dive security analysis and discovered, of all
the log-ins to that site, there were only three that were
unauthorized,” said communications director Sandy Connolly. An
investigation showed that three
students accidentally gained access to the information.
“We don’t have any evidence at all of any hacking,” Connolly
said.
The office last week mailed letters to the 1,328 students who may
have had their data viewed on the SELF student loan site, telling
them how to protect their credit and how to get a copy of a report
explaining the problem.
Read
more on Pioneer
Press.
Perhaps
I'll grab a copy for my Computer Security or my Computer Forensics
students to play with.
FBI
Launches Malware Investigator Tool
At
the Virus Bulletin conference that took place in Seattle last week,
the FBI introduced a tool designed to provide users with detailed
technical information on malware.
In
2011, the FBI deployed a tool called the Binary Analysis
Characterization and Storage System (BACSS). The tool provides
technical information on malware functionality, which investigators
and incident responders can use in their activities.
Since
BACSS has been a success, the FBI decided to develop Malware
Investigator, an unclassified automated malware analysis tool
that can be used not only by other law enforcement agencies which
might need it for cybercrime investigations, but also by researchers
trying to understand the threat landscape, and private sector
partners seeking to improve their cyberattack mitigation
capabilities.
A
slideshow. If you want to learn a more about Privacy and the
Internet of Things, join us on Friday, October 10th for
this Privacy Foundation seminar:
http://www.law.du.edu/documents/privacy-foundation/flyer-and-schedule.pdf
A
Brief History of the Internet of Things
Over
the last few years, the Internet of things has evolved from an
intriguing concept into an increasingly sophisticated network of
devices and machines. As more and more "things" get
connected to the Internet—from Fitbit activity monitors and home
lighting systems to industrial machines and aircraft—the stakes
grow exponentially larger. Cisco Systems estimates that
approximately 12.1 billion Internet-connected devices were in use in
April 2014, and that figure is expected to zoom to above 50 billion
by 2020. The networking firm also notes that about 100 things
currently connect to the Internet every second, and the number is
expected to reach 250 per second by 2020. Eventually, the IoT will
encompass about 99 percent of all objects, which currently totals
approximately 1.5 trillion things.
…
Following is a brief timeline of important IoT events. - See more
at:
http://www.baselinemag.com/networking/slideshows/a-brief-history-of-the-internet-of-things.html?google_editors_picks=true#sthash.ocnyLXW3.dpuf
Typically,
I would flag this for my Disaster Recovery students. In this case,
I'm also adding a Homeland Security flag. Think of it as “target
identification” for terrorists.
Air
traffic meltdown puts FAA vulnerability in spotlight
Demands
for answers and promises of technology breakthroughs bounced across
Washington on Monday as the nation's air traffic control system
continued its gradual recovery from the fire at an Aurora radar
facility that has grounded thousands of flights since Friday.
And
while experts commended the Federal Aviation Administration for
launching an investigation into the alleged act of arson at the
agency's Chicago Center facility, some also threw cold water on
claims made Monday that a next-generation, satellite-based radar
system could stifle another rogue attack.
…
The debate about security and vulnerability at the nation's air
traffic control facilities came amid ongoing efforts to repair the
damage done at the Chicago station, which handles high-altitude air
traffic in seven states.
The
FAA's goal is to get Chicago Center fully functional by Oct. 13.
Is
this as interesting as I think it is?
To
have a sitting FTC Commissioner criticizing his own agency is
stunning – and refreshing. Jan M. Rybnicek, attorney advisor at
the FTC, and Commissioner Joshua D. Wright have an article in George
Mason Law Review, Vol. 21, No. 5, 2014, “Defining Section 5
of the FTC Act: The Failure of the Common Law Method and the Case for
Formal Agency Guidelines.” And yes, it addresses the pro-common
law argument advanced by law professors Daniel Solove and Woodrow
Hartzog in their scholarly work.
Here’s
the abstract:
As the Federal Trade Commission (“FTC” or the “Commission”)
celebrates its 100th anniversary, it does so amid a renewed interest
in finally defining what constitutes a standalone “unfair method of
competition” under Section 5 of the FTC Act. For a century, the
business community and agency staff have been without any meaningful
guidance about what conduct violates the Commission’s signature
competition statute. As consensus begins to build about the
appropriate parameters of Section 5, some commentators have opposed
articulating a principled standard for the application of the FTC’s
authority to prosecute standalone unfair methods of competition for
fear that doing so would too severely restrict the agency’s
enforcement agenda. These commentators prefer for Section 5 to
develop though the common law method, and point to the successful
development of the traditional antitrust laws as evidence that the
common law approach is the standard and preferred means for
developing competition law. This Article discusses why, after a
century-long natural experiment, it is clear that the common law
method cannot be expected to define the scope of the FTC’s unfair
methods of competition authority. This Article explains that the
failure of the common law process in the Section 5 context is due to
fundamental differences between the inputs and outputs associated
with traditional litigation and those associated with Section 5
enforcement actions. In particular, this Article explains that
Section 5 disputes have almost always been resolved through
settlements and, unlike reasoned judicial decisions, that such
settlements do not help the public distinguish between what conduct
is lawful and unlawful and generally are not treated as binding
precedent by the FTC. As a result, this Article argues that the
Commission should issue formal agency guidelines to serve as a
superior analytical starting point and finally give meaning and
purpose to Section 5.
You
can download the full article from SSRN.
Each
Quarter, the faculty is reminded that we take a much more “risk
averse” attitude. Actually, rather than a legal review, our
librarians ask the copyright holder for permission.
Law
Firm Copying and Fair Use: An Examination of Different Purpose and
Fair Use Markets
by
Sabrina I.
Pacifici on Sep 29, 2014
Jones,
D. R., Law Firm Copying and Fair Use: An Examination of Different
Purpose and Fair Use Markets (September 29, 2014). South Texas Law
Review, Vol. 56, No. 2, 2014 – Forthcoming; University of Memphis
Legal Studies Research Paper No. 144. Available for download at SSRN:
http://ssrn.com/abstract=2503089
“In
several recent lawsuits, publishers sued law firms for copyright
infringement. The lawsuits
focused on making unlicensed copies of scholarly articles to file
with patent applications, including copies for the firms’ internal
use and for the firms’ clients. In two of these cases,
lower court judges determined that the making of unlicensed copies
was fair use. The decisions hinged on transformative use, focusing
on the defendant’s purpose for using the works. There was no
alteration or change in the works. The
judges found fair use, despite the possible availability of
licensing. These patent application cases fit within a
larger category of cases involving the use of copyrighted works in
judicial and quasi-judicial proceedings. This article uses these
cases as a vehicle to review the use of purpose in fair use analysis.
It advocates that the review of the character and purpose of a use
should include a deeper examination of the policies and societal
interests underlying the use. This broader consideration is
especially important if a plaintiff asserts the presence of a ready
market for the payment of fees for use of a copyrighted work. This
article explores the determination of a fair use market as a way to
support the unlicensed use of copyrighted works although a ready
market exists for the payment of fees. These cases offer an
excellent model for the analysis necessary to determine a fair use
market.”
I'm
sure there must be a use for this somewhere...
–
is a word count and character counter tool. Basically put your
cursor in the box and start typing. Word Counter will immediately
count the number of words and characters when you type. You may copy
and paste a doc you’ve already composed into the word counter box
and it’ll display the word count and character count for that bit
of writing.
An
interesting test of political correctness. Can you avoid replacing
the word “cultural” with any of the politically incorrect terms
we're not supposed to use? (Me neither...)
No comments:
Post a Comment