Was this Target's idea
or the banks?
Maury Glover reports:
It’s
been months since hackers stole the credit and debit card information
of millions of Target customers, but the effects are far from over.
In fact, thousands of Minnesota credit card numbers are currently for
sale.
[...]
In
the wake of the breach, Target
told customers not to cancel their credit cards during the
busy holiday shopping season and urged them to monitor their accounts
for a year — but Lanterman said that advice just gives hackers time
for victims to let their guard down.
“Target’s
advice not to cancel the cards actually helped the hackers because
once you cancel the cards, the info is worthless,” Lanterman said.
According
to Lanterman, that’s just one more way that Target’s handling of
the situation has missed the mark.
Read
more on MyFox9.com
(Related)
Target
CEO Exit Highlights Business Side of Security
The
resignation
of Target Corp. CEO Gregg Steinhafel earlier this week
indicates a growing awareness among the C-suite and boards that
security is intimately intertwined with business strategy and should
be viewed as a board-level issue.
"Cyber-security
is now a Board and C-level issue, but that
wasn't always the case," [It
was at every company I worked for... Bob] Shawn Henry,
CSO of CrowdStrike and president of the company's services division.
"Cybersecurity is no different than any other risk a company
faces today."
… Nearly
80 percent of responders in a recent Websense/Ponemon
survey (PDF) of 5,000 global IT security practitioners said their
company's leaders did not equate losing confidential data with a
potential loss of revenue.
How broad could this
“Search” become?
Ellen Nakashima
reports:
The
Justice Department is seeking a change in criminal rules that would
make it easier for the FBI to obtain warrants to
hack into suspects’ computers for
evidence when the computer’s physical location is unknown
— a problem that officials say is increasing as more and more crime
is conducted online with tools to conceal identity.
But
the
proposal, which was posted for
public comment on a U.S. court Web site Friday, is raising concerns
among privacy
advocates who see it as expanding the power of federal agents to
insert malware on computers,
which they say could weaken overall Internet security.
Read
more on Washington
Post.
[From
the article:
The
proposed change would also make it easier for agents to use one
warrant to obtain evidence on possibly hundreds or thousands of
computers spread across the country when the machines have been
secretly commandeered into “botnets” by criminals to conduct
cyberattacks. [That
might include one of my computers, if I fell for “bad guy spam.”
Bob]
I have always liked how
Dr. Cavoukian thinks!
Individuals
are beginning to lose effective control over their personal
information in this era of ubiquitous mobile, social and cloud
computing. The future of digital privacy may depend on changing the
current online paradigm from “Use At Your Own Risk” to “My
Data, My Rules” by providing individuals with greater control over
their personal information. To explain how information systems may
be engineered to enable privacy and control automatically — by
default, Ontario’s Information and Privacy Commissioner, Dr. Ann
Cavoukian, and Absio Corporation President and CEO, Dan Kruger have
released a new white paper, Freedom
and Control: Engineering a New Paradigm in the Digital World.
(Related) Because it's
“public?”
Alex Boutilier
reports:
Ottawa
is creeping you on Facebook.
The
government that characterized the long-form census as unduly
intrusive is increasingly lifting
Canadians’ personal information from their social networking
websites, according to the federal
privacy watchdog.
In
a letter to Treasury Board President Tony Clement, interim privacy
commissioner Chantal Bernier said an “increasing number” of
government institutions are collecting publicly available personal
information from sites like Facebook and Twitter “without
any direct relation to a program or activity.”
“We
are seeing evidence that personal information is being collected by
government institutions from social media sites without regard for
accuracy, currency and accountability,” Bernier wrote in the
February letter obtained by the Star.
Read
more on Toronto
Star.
Eventually,
someone will get it right.
Over
on HealthITSecurity.com, Patrick Ouellette notes that American Health
Information Management Association’s (AHIMA) recently published a
Breach
Management Toolkit.
The
tool requires an AHIMA membership, but the Journal
of AHIMA detailed
what the tool has to offer providers and a sample of required
elements within a data breach notification letter.
Patrick reports
that the toolkit discusses five critical pieces of information that
AHIMA says should be included in any breach notification letter.
Their five critical pieces, as summarized by Patrick, are consistent
with what I have been advising for years:
- A brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known
- A description of the types of unsecured PHI that were involved in the breach (i.e., full name, Social Security number, date of birth, home address, account number, diagnosis, or disability code)
- Any steps individuals should take to protect themselves from potential harm resulting from the breach
- A brief description of what the organization is doing to investigate the breach, to mitigate harm to the individuals, and to protect against any further breaches
- Contact procedures for individuals to ask questions or learn additional information, which shall include a toll-free telephone number, an e-mail address, Website, or postal address if appropriate.
Leading the way into
the wonderful world of exploding cellphones? (Even if it's just the
dye packs the banks use.)
California
passes ‘kill switch’ law, requiring smartphones to have a self
destruct option
The Californian Senate
has approved a revised version of the so-called kill switch bill,
which requires all smartphones
sold in the state to have anti-theft software installed. The
controversial bill was rejected
at the end of April, and was subsequently altered
to make it more acceptable to manufacturers and networks.
Apparently, key changes included a six month extension to the
deadline for compliance, and tablets aren’t included in the rules.
The risk of trying to
be the “next Silicon Valley.”
Report:
38 Studios default would force Rhode Island bonds to 'junk' status
Defaulting on the debt
related to 38 Studios' bankruptcy would sink Rhode Island's bond
rating to junk status and could harm the state's overall business
climate, an independent analyst predicted in a report released
Friday.
… The state's
economic development agency is suing 38 Studios founder and former
Red Sox pitcher Curt Schilling and others over the collapse of his
video game company. It says the board was misled into approving the
deal that helped lure the company from Massachusetts to Providence.
Someone has figured out
this Privacy stuff.
Kids
Are Using Bitcoin to Buy Fake IDs Online
(Related) And someone
else has figured how to get more money? The test? “Can we spend
it?”
US
Political Groups Can Now Accept Bitcoin Donations
Why is this surprising?
This is the “Government can do it better than you” party. (In
fairness, I think they also considered letting the banks fail, but
realized quickly that they couldn't find buyers.)
US
considered nationalising banks: Former treasury secretary Timothy
Geithner
(Related) Well, maybe
they can't do everything better...
USPTO
Clearly Cuckoo as Amazon Patents Photos with White Backgrounds
I'm not quite ready to
pay $120 a year to read books I can get at the neighborhood library
for free. Or am I missing something?
Is
Oyster the Netflix of the online book world? Apparently it is for a
lot of reading fans
Oyster, an online
e-book subscription vendor, now has a half million titles in its
catalog and is on a run in making top deals with big name publishers.
… The news
illustrates more readers than ever are embracing online bookstores
and e-reader devices such as Amazon's Kindle and the smartphones
being embraced.
"Roughly half of
our reading activity happens on phones," says Eric Stromberg,
CEO of Oyster Books.
Oyster's library of
500,000 e-books are available for $9.99 a month, with titles from
over 1,600 publishers. According to Oyster half of its subscribers
are accessing its service using a smartphone during the day hours.
Subscribers on weekends and nights tend to use the iPad.
My weekly laugh at
education.
… Pearson
has won
the highly lucrative contract to develop and administer the tests for
the Common Core
testing consortium Partnership for Assessment of Readiness for
College and Careers (PARCC).
The states that are part of PARCC collectively educate about 15
million students. So let's see: 15 million times $29.50 per test...
Pearson was the only
organization to bid for the contract.
… The American
Institutes for Research
(AIR), another player in the testing industry, has filed
a lawsuit arguing that the PARCC
contract was awarded “in a process that was illegal, and structured
in a way that wrongly benefited one company—Pearson.”
… Southern
New Hampshire University’s
College for America has done it: a $10,000
college degree.
The school will offer a competency-based, self-paced bachelors degree
in health care management and communications. More
via Inside Higher Ed.
… Microsoft
released
a new add-on to Office aimed at educators called Office Mix which
lets you add Khan
Academy
and CK12
resources to PowerPoints.
… Renaissance
Learning has
released its annual report on What
Kids Are Reading. The report includes a list of the most popular
books based on grade level.
Definitely something
for my website class.
– when using images
on the Internet, it is important to optimize them so they are of
minimal size but maximum quality. Using Optimizilla, you can upload
up to 20 files in JPEG and PNG formats. Click thumbnails in the
queue to select images. Use the slider to control the compression
level and mouse/gestures to compare images. Click ‘Save’ to
download the result.
A tool for my students?
Free and no sign-up needed. Encrypts in your browser before
uploading.
– Encryption has
become an extremely important topic online these days, so any tool
which helps you encrypt your communications is very important.
Encryption.to is a site which enables you to send encrypted messages
with one click. If you sign up, you get an unique link
encrypt.to/username, and your public key will be private at their
non-public key server.
Something for my Math
students before they are my Math students?
TenMarks
Offers Their Summer Math Program to Parents for Free
TenMarks is a service
that offers an online mathematics program designed to supplement your
in-classroom mathematics instruction. This summer they are offering
their summer
mathematics program to families for free.
The TenMarks
summer program begins with students taking an assessment. After
taking the assessment an individualized program that adapts to his or
her specific needs is created for the student. Each student’s
summer curriculum is designed to review concepts from the past year,
and get introduced to concepts for the year ahead. TenMarks offers
real-time feedback to students and their parents. The feedback
measures a student's progress toward a standard or goal. Based upon
a student's responses to questions the program automatically adjusts
to provide more or less of a type of question.