For
my Ethical Hackers and Computer Security students. Would you do the
same for your organization? If so, consider sending an immediate
email rather than waiting for the user to return to your site.
Apparently Facebook still thinks everyone uses their site first.
Keeping
Passwords Secure
The
Facebook Security team has always kept a close eye on data breach
announcements from other organizations. Theft of personal data like
email addresses and passwords can have larger consequences because
people often use the same password on multiple websites.
Unfortunately, it's common for attackers to publicly post the email
addresses and passwords they steal on public 'paste' sites.
…
we built a system dedicated to further securing people's Facebook
accounts by actively looking for these public postings, analyzing
them, and then notifying people when we discover that their
credentials have shown up elsewhere on the Internet.
…
If we find a match, we'll
notify you the next time you log in and guide you through
a process to change your password.
Fortunately,
I'm not flying to New Zealand any time soon.
Ian
Apperley writes:
…Auckland Transport announcing this week a deal with Hewlett
Packard to roll
out facial recognition technology, along with what looks like car
plate recognition and sifting of social media networks. Now, they
aren’t turning the facial recognition on right away, but you can be
sure they want to, as they are in discussion with the Privacy
Commissioner. Worse, all
that data will be pushed to the U.S. into a Cloud environment,
which gives the Five Eyes network instant access to everything, given
it traverses into the U.S. Of course local police will have access
to it as well.
This
is quite simply, Mass Surveillance.
Read
more on NBR.
Perhaps
some elements could serve for more generalized “Things on the
Internet of Things” security guidelines.
Morgan
Kennedy writes:
On October 2, 2014, the Food and Drug Administration (FDA) released a
final guidance document titled “Content
of Premarket Submissions for Management of Cybersecurity in Medical
Devices”. The FDA said that the “need for effective
cybersecurity to assure medical device functionality and safety has
become more important with
the increasing use of wireless, Internet- and network- connected
devices, and the frequent electronic exchange of medical
device-related health information.”
Read
more on Covington & Burling Inside
Privacy.
For
my Computer Security students. Very “friendly” interview of Kim
Dotcom, but they do summarize the case. (I haven't listened to the
Snowden interview yet)
A
match made in exile: Edward Snowden and Kim Dotcom open up to the New
Yorker
…
On Saturday, Jane
Mayer remotely interviewed Snowden, who leaked
information about the federal government's spying strategy, as part
of the New Yorker Festival, which ended yesterday.
…
Then, the following day, New Yorker features director Daniel
Zalewski interviewed Dotcom, the founder of the
now shuttered file-sharing site Megaupload, which the FBI accused of
costing intellectual property owners $500 million in lost revenue.
Edward
Snowden: http://www.youtube.com/watch?v=fidq3jow8bc
Kim
Dotcom: http://www.youtube.com/watch?v=Q3c4LqN5ca4#t=353
(Related)
Kim
Dotcom has been run through the legal mill several times over the
past few years, with his company shut down, his assets seized and his
home raided in a short period of time. The only real development
though in the ongoing and oft-delayed extradition trial, is that
recently the Department of
Justice in the US launched a civil suit against the German
entrepreneur, asking the court to hand over all of his assets,
current and past since they were only gained through – in its words
– illegal means. Now Dotcom’s team has officially responded,
claiming that the crimes he is said to have committed are entirely
made up.
While
that might sound like the argument you came up with when your sister
told your parents you pinched her, it does have some merit here,
since Kim Dotcom stands accused of secondary criminal copyright
infringement, which implies he wasn’t directly responsible for
copyright infringement but was heavily involved. That’s not a
crime that currently exists on anyone’s legal books.
“The
crimes for which the Government seeks to punish the Megaupload
defendants do not exist. Although there is no such crime as
secondary criminal copyright infringement, that is the crime on which
the Government’s Superseding Indictment and instant Complaint are
predicated,” Megaupload’s lawyers write.
They
then highlighted how because of this made up law and charge, not only
was Dotcom stripped of his rights and property, but millions of
Megaupload users were also (and still are) denied access to their
digital property.
“Tellingly,
the Complaint and the Superseding Indictment together fail to
identify a single instance in which an act of infringement —
particularly an unauthorized upload or download — occurred entirely
within the United States,” they continued, highlighting that the
DOJ’s jurisdiction ends at the US border.
(Related)
(Completely
unrelated) But it caught my eye.
The
Trans-Pacific Partnership Threatens Internet Freedom, Here’s How
ACTA
and SOPA might be dead and buried, but the specter of draconian
copyright law still lingers, as the leak
of the latest draft of the Trans-Pacific
Partnership treaty shows us.
The
treaty – currently being written and developed by twelve countries
– could soon see ISPs
liable for the activities of their users, extended
copyright terms, and the act of circumventing Digital
Rights Management (DRM) technology criminalized.
Why
we have self-driving cars.
No comments:
Post a Comment