It's
very hard to change a culture.
The
Veterans Administration continues to struggle with securing veterans’
personal and protected health information, as its monthly reports to
Congress reflect. First, consider the sheer number of different
types of incidents reported to Congress for
the month of August:
Total number of Internal Un-encrypted E-mail Incidents 92
Total number of Mis-Handling Incidents 114
Total number of Mis-Mailed Incidents 138
Total number of Mis-Mailed CMOP Incidents 9
Total number of IT Equipment Inventory Incidents 9
Total number of Missing/Stolen PC Incidents 1 (1 encrypted)
Total number of Missing/Stolen Laptop Incidents 9 (9 encrypted)
Total number of Lost BlackBerry Incidents 17
Total number of Lost Non-BlackBerry Mobile Devices
(Tablets, iPhones, Androids, etc.) Incidents 3
(Tablets, iPhones, Androids, etc.) Incidents 3
Mobile
is a drop in he bucket. The vast majority of “endpoints” will
exist on the Internet of Things. Unfortunately, each new
“generation” of devices ignores security in the early iterations.
Then we play catch up for the next few years.
Focus
of Endpoint Breaches Will Shift to Mobile Devices by 2017: Gartner
At
the Gartner Security and Risk Management Summit taking place in the
United Arab Emirates, the IT research and advisory firm's analysts
are discussing the latest mobile security trends and threats.
Gartner
predicts that mobile devices will become increasingly targeted by
cybercriminals in the upcoming years, and warned organizations of
some risks they face unless they take measures. Gartner believes
that by 2015, over 75% of
mobile applications will fail basic security tests.
…
While
currently most attacks target desktop devices, Gartner predicts
that the focus of endpoint breaches will shift to mobile devices such
as tablets and smartphones.
Seems
like a fast response, but remember: each new generation repeats the
sins of the previous generation. If you remember that, you know what
questions to ask. Unfortunately, you also know what the answers will
be.
Sam
Colt reports:
Connecticut’s attorney general has called for a meeting with Apple
over concerns about the privacy of health data collected by the Apple
Watch.
“When new technologies emerge in consumer markets they inevitably
lead to new questions, including questions about privacy,” Attorney
General Jepsen said.
Apple has already said that it will not share health information from
Apple Watch users. CEO Tim Cook reiterated that on Friday in his
interview with Charlie Rose on PBS.
Still, Jepsen has questions for Apple about how the health data will
be stored and what specific data the Apple Watch will be able to
collect. He also questions how Apple will monitor third-party apps
that claim to make diagnoses if they don’t have proper approval
from government regulators.
Read
more on Business
Insider.
More
threats? More likely, “we can, therefore we must!”
Google
Transparency Report Shows Jump in Data Requests
Demands
for Google users' data have shot up 150 percent worldwide since 2009,
according to the latest edition of Google's
Transparency report.
According to Google, there has
been a 250 percent increase during that period in the U.S. In the
first half of this year, demands for information in the U.S. jumped
19 percent.
What does a 20% error rate
mean? 20% of the time it can't identify me from a picture or 20% of
the time it identifies me as “Hillary Clinton?”
From
EPIC:
The FBI announced
that the Next Generation Identification system, one of the largest
biometric databases in the world, has reached “full operational
capability.” In 2013, EPIC filed a Freedom of Information Act
lawsuit
about the NGI program. EPIC obtained documents
that revealed an acceptance of a 20% error rate in facial recognition
searches. Earlier this year, EPIC joined a coalition of civil
liberties groups to urge
the Attorney General Eric Holder to release an updated Privacy Impact
Assessment for the NGI. The NGI is tied to “Rap Back,” the FBI’s
ongoing investigation of civilians in trusted positions. EPIC also
obtained FOIA documents
revealing FBI agreements with state DMVs to run facial recognition
searches, linked to NGI, on DMV databases. EPIC’s recent Spotlight
on Surveillance concluded that NGI has “far-reaching
implications for personal privacy and the risks of mass
surveillance.” For more information, see EPIC:
EPIC v. FBI – Next Generation identification.
What
is going on here? A very small minority of customers that don't
allow them to analyze their behavior for advertising? Some confusion
in their legal department?
Comcast
Is Threatening To Cut Off Customers Who Use Tor, The Web Browser For
Criminals (CMCSA)
Multiple
users of anonymous web browser Tor have reported that Comcast has
threatened to cut off their internet service unless they stop using
the legal software.
According
to a report on Deepdotweb, Comcast customer
representatives have branded Tor "illegal" and told
customers that using it is against the company's policies.
…
One Comcast representative, identified only as Kelly, warned a
customer over his use of Tor software,
DeepDotWeb reports:
Users who try to use anonymity, or cover themselves up on the
internet, are usually doing things that aren’t so-to-speak legal.
We have the right to terminate, fine, or suspend your account at
anytime due to you violating the rules. Do you have any other
questions? Thank you for contacting Comcast, have a great day.
…
In a statement to Deepdotweb, Comcast
defended its actions, seemingly asserting that it needs to
be able to monitor internet traffic in case they receive a court
order:
(Related)
April
Glaser writes that Comcast has responded to allegations previously
noted on this blog:
This morning Comcast issued
a statement denying that the ISP is blocking Tor and denying that
there is any record of exchanges between Comcast and Tor users. The
Vice President went as far as to say that he also uses Tor at times,
adding, “Comcast doesn’t monitor our customer’s browser
software, web surfing or online history.”
But considering the fact that Comcast hasn’t always been completely
transparent about its network practices, we still invite Internet
users to contact us if they’ve been discouraged from using Tor by
any Internet service provider. To do so, please email info@eff.org
to share your story.
Read
more on EFF.
Perspective.
Today's “worst case scenario” is tomorrows commonplace.
Adrienne
Hill reports:
Education, like pretty much everything else in our lives these days,
is driven by data.
Our childrens’ data. A whole lot of it.
Nearly everything they do at school can be — and often is —
recorded and tracked, and parents don’t always know what
information is being collected, where it’s going, or how it’s
being used.
The story begins at the bus stop.
Read
more on MarketPlace.
A
slightly different take on the nude celebrity photos here in the US.
Involves BYOD and syncing with workplace devices.
Israeli
teacher in nude Web photos to return to classroom
A
week after nude pictures of an Israeli high school teacher were
posted online, the mother of two plans to return to class Tuesday as
debate here swirls over issues of privacy, law and digital decorum.
…
The high school is one of several in Israel replacing textbooks with
computer tablets. The teacher lent her tablet to a pupil who had
forgotten hers. Another classmate snooping around the photos file
found several nude pictures, snapped them with his cellphone camera
and passed them on.
The
teacher was further shocked to learn that images
long deleted from her phone were on the school-issued
device, which pulled them
from the cloud as she synced it with her phone and
electronic mail as instructed by the program’s computer managers,
who reportedly did not mention any information sensitivity issues.
…
In January, the parliament, or Knesset, voted to make online
circulation of intimate images without the subject’s full consent
an act of sexual harassment that can carry a five-year jail sentence.
Being
a minor does not protect the 17-year-old student from criminal law,
according to the teacher's attorney, Orit Hayoun, who expects the
police to investigate the case and the school to discipline the
offender and stand by its employee.
…
The attorney said that although depicting his client naked, the
pictures were innocuous. “We don’t live in the dark ages,” she
said. [Apparently, here in
the US, we do. Bob]
Perspective.
Something to generalize?
Rethinking
the Bank Branch in a Digital World
More
US bank branches closed in 2013 than ever before. More than 85% of
retail banking transactions are now digital. The bank branch is
“going south,” mobile-banking entrepreneur Brett King said
to CNBC. “And there’s no reason to assume we’ll see a
resurgence of activity at the branch—the mobile app is the nail in
the coffin.”
So
are we witnessing the death throes of brick-and-mortar retail
banking? Will banking soon be like the business of selling recorded
music—almost all done online?
In
our view, no. Rather than going the way of Tower Records, leading
banks are reinventing themselves with innovative mashups
of digital technologies and physical facilities, a combination we
call “digical.”
Another
infographic for my Computer Security students.
How
To Stay Anonymous Online In 2014
An
“old school” business plan? Weave an image into fabric. Make
everything from T-shirts to wallpaper to baby blankies to socks with
your face on them.
Before
Computers, People Programmed Looms
No comments:
Post a Comment