This is
rarely listed as a “Risk” when planning for Security. But ask
your Public Relations people what the downside of looking like an
uncaring incompetent might be. And remember, Congress needs to
portray you as head of an uncaring corporation that doesn't know how
to protect its customers.
Esme Murphy reports:
Congress
began a series of hearings Monday before a Senate banking
subcommittee into the massive data breach at Target and other
retailers.
Lawmakers
grilled the Secret Service about when Target told them about the
breach, and another hearing is slated for Tuesday. That’s when
Target CFO John Mulligan will be in the hot seat.
On
Monday, members of Congress focused on whether companies, including
Target, delayed informing law enforcement officials and the public.
Read more on
CBS
Minnesota, where you can also watch a clip from today’s
hearing. If you missed the hearing and want to watch the whole of
today’s hearing, you can
view
it on C-Span (1 hr, 49 minutes).
Tomorrow, the Senate
Judiciary Committee will be holding its own hearing on “Privacy in
the Digital Age: Preventing Data Breaches and Combating Cybercrime.”
Target CFO John Mulligan is slated to be a witness on the first
panel. The hearing begins and 10:15 am and will be streamed online.
More details and the schedule can be found
here.
“Just ask,
we'll send you money.” (This drives auditors, even ex-auditors
like me, absolutely crazy!)
File
Your Taxes Before the Fraudsters Do
… According to
a
2013 report from the Treasury Inspector General’s office, the
U.S. Internal Revenue Service (IRS) issued nearly $4
billion in bogus tax refunds in 2012. The money largely was sent to
people who stole Social Security numbers and other information on
U.S. citizens, and then filed fraudulent tax returns on those
individuals claiming a large refund but
at a
different address.
Very often a
“he said, she said” argument with few facts. But not when
details are released.
Giving
Up on Oracle, Researcher Discloses Critical Vulnerabilities in Oracle
Forms and Reports
In a blog
post, security researcher Dana Taylor recounted what became a
two-year odyssey between her and the company to fix software
vulnerabilities in Oracle Forms and Reports. Oracle did not respond
to multiple requests over the past few weeks from SecurityWeek to
comment, but Taylor said in an email interview that she went "above
and beyond" what is normally considered responsible disclosure.
… "In
the Oracle reporting server’s case it is unfortunately fairly easy
to show the magnitude of the problem," he said. "A simple
Google dork search on "inurl:rwservlet" which is the
fingerprint of a reporting server that may be vulnerable, returns
[roughly] one million results. That means that when a zero-day
like this comes to play, hackers have a starting point of
[approximately] one million potential targets."
While some
companies are good at patching servers in time, it is never immediate
due to the service disruption that ensues as well as the process of
applying every update as soon as it comes out, he added.
Should be no
surprise. The data is out there. All you need is someone smart
enough to interpret what it is telling you. (and to realize that no
matter what it tells you, “There's a market for that!”)
We have Pam Dixon’s
testimony on behalf of the World Privacy Forum to thank for this.
From the Democratic
Press Office:
Chairman
John D. (Jay) Rockefeller IV is asking six data brokers for
information on the compilation and sale of products that
identify
consumers based on their financial vulnerability or health status.
[Of course, the consumers “self-identify” based on the
sites they visit. Brokers merely lump similar users together. Bob]
Rockefeller brought attention to this industry practice during the
Committee’s December 18, 2013, hearing titled, “
What
Information Do Data Brokers Have on Consumers, and How Do They Use
It?”, and it was also highlighted in the majority staff report
released at the hearing.
“We call it the
'George Orwell was too optimistic' system.” Assuming they
have all this data (and they likely will, one way or another) what
will they do with it? Fire “below average” teachers? Deny
admissions to state funded universities? Require students to smile
when they ask, “Would you like fries with that?”
Jules Polonetsky
writes:
New
York State is working on a
system
that will track students from pre-kindergarten to the work force.
The goals are noble.
Despite the billions we spend
on education, we don’t have the data to evaluate what works.
But what are the risks of assembling detailed data about every
student’s abilities? Privacy advocates are sounding the alarm,
worried about the implications of sharing this data. Parents and
policymakers are being drawn into the fray, but often aren’t
steeped in the full scope of the debate.
[From
the article:
We need to discuss the
deployment of big data analytics by education institutions
to enhance student performance, evaluate teachers, improve education
techniques, customize programs, devise financial assistance plans,
and better leverage scarce resources to optimize education results.
This
surprises you, why?
Latest
transparency reports show steady rise in surveillance data requests
Google, Facebook and
Microsoft were among the technology companies to release new figures
Monday showing a rising number of requests for their users’ data
coming from a secretive U.S. surveillance court.
…
Google
received FISA requests related to the content of between 9,000 and
9,999 accounts during the first half of 2013, up from between 7,000
and 7,999 in the first half of 2011.
The court sought
content related to 15,000 to 15,999 accounts from
Microsoft,
up from 11,000 to 11,999 in the second half of 2011.
At
Facebook,
during the second half of 2012, the court sought data related to the
content of 4,000 to 4,999 Facebook user accounts, the company said in
a report. The company received more of FISA requests during the
first half of 2013—the number rose to between 5,000 and 5,999
users’ accounts.
…
Yahoo
and
LinkedIn
also released new figures on Monday related to government data
requests tied to national security. At Yahoo, the company only said
it received FISA requests related to content for between 30,000 and
30,999 accounts during the first half of 2013.
From the
“government knows what is best for you” people? Fortunately, I
have plenty of time to prepare my Ethical Hackers. Your cars will
say, “You can't park here. This is Bob's parking space. Move me
immediately!” Better still, how about howling like a dog at 3AM?
U.S.
may mandate 'talking' cars by early 2017
U.S. regulators are crafting a rule that would require all new
vehicles to be able to "talk" to one another using wireless
technology, which the Department of Transportation said would
significantly reduce accidents on U.S. roads and alleviate traffic
congestion.
… "When these technologies are adapted across the fleet, the
results could be nothing short of revolutionary for roadway safety,"
said David Friedman, acting administrator of the DOT's National
Highway Traffic Safety Administration.
The details of implementation are still unknown.
[Translation:
“We don't know what we going to do, but it will be amazing! Trust
us!” Bob]
Perspective
Pew
– 6 new facts about Facebook
Aaron Smith –
“Facebook turns 10 tomorrow and reaches that milestone as
the
dominant social networking platform,
used by 57% of all adults
and 73% of all those ages 12-17. Adult Facebook use is
intensifying: 64% of Facebook users visit the site on a daily basis,
up from 51% of users who were daily users in 2010. Among teens, the
total number of users remains high, according to Pew Research Center
surveys, and
they
are not abandoning the site. But focus group interviews suggest
that teens’ relationship with Facebook is complicated and may be
evolving. New Pew Research Center
survey
findings show how people are using Facebook and what they like
and dislike about the site.”
For my Criminal Justice
students. See why we insist you take those techie courses? (and
economics) My lawyer friends can tell me how you go about seizing
the database that resides on the servers, and what you might have
told the judge you will do with it.
Digital
Currency Founder: U.S. Indicted Me For Not Giving FBI My Source Code
The indicted founder of
digital currency Liberty Reserve says the U.S. government began
targeting him only after he refused to turn over the source code for
his proprietary system to the FBI.
“I refused. It’s
like asking Coca-Cola for their secret formula,” he told the court,
according to the Associated Press. “The truth is that the U.S.
wants to protect its monopoly on financial transfer platforms.”
It also resulted in
U.S. authorities seizing Liberty Reserve’s servers in Holland,
giving them access to financial information on some 800,000 users and
44 million transactions and the ability to trawl through the data for
evidence of illegal activity conducted by Liberty Reserve users. The
case was handled by the U.S. Secret Service and DHS’s Homeland
Security Investigations.
For my Math students.
The
Art of Problem Solving
Last week Marilyn Just
emailed me with a couple of suggestions to add to my list of
mathematics resources. One of the suggestions that jumped out at me
was the
Art
of Problem Solving. The Art of Problem Solving offers a variety
of tutorial resources for students. Some of the resources are free
and some are not. The highlight of the free resources is a catalog
of more than three hundred short instructional videos like the one
embedded below.
http://www.youtube.com/watch?v=S4knArgz7cA
The bulk of the videos
are designed for pre-algebra and algebra lessons.
One of those World
Changing Things that sneak in under the radar.
Personal
Loans Online — How Peer-to-Peer Lending Is Changing the Game
… the public
perception of this lending paradigm is one associated mostly with the
developing world.
I was surprised to
discover that peer to peer lending is also
challenging the likes of BarclayCard and CitiBank in their
traditional heartlands of the affluent West. There are a
number of services on the market right now which allow lenders to
provide credit, and for borrowers to gain access to funds without
dealing with a bank or credit union. I looked at three of them, and
explored how they’re shaking up the finance game.