Big
or merely annoying? A little detail would be helpful.
Customer
data stolen in TalkTalk hack attack
In
an email sent to every
customer, TalkTalk said scammers were using stolen
information to trick people into handing over banking details.
TalkTalk
said it had sent the email to every customer although
only a few thousand account numbers went astray.
…
The theft of data was unearthed when TalkTalk investigated a sudden
rise in complaints from customers about scam calls between
October and December 2014, said a spokeswoman.
…
The attackers got at some of TalkTalk's internal systems via a
third-party that also had access to its network. Legal action is now
being taken against this unnamed third party.
…
Although TalkTalk said it became aware of the data loss late last
year, the BBC has been contacted by one customer who said the
scammers working to a similar pattern called in August. His wife's
familiarity with computers helped her quickly spot that the call was
fake.
Strange,
the FBI is involved but has not (yet) blamed North Korea, which is
“near Russia.”
Jeff
Mays and Murray Weiss report:
The hacking
attack that left city agencies unable to receive some emails last
week may have originated from somewhere near
Russia and was an attempt to scam city employees and
others out of money, according to law enforcement sources.
And it may be more widespread than previously believed, with workers
at the state-overseen Long Island Rail Road receiving infected emails
as well.
Read
more on DNAinfo
Interesting.
Does this signal a change in our strategic direction? Surely we
won't shift resources to risks we already have solutions for, at the
cost of abandoning work on more sophisticated threats? Perhaps we
just need a much larger budget?
US
Spymaster Warns Over Low-level Cyber Attacks
A
steady stream of low-level cyber attacks poses the most likely danger
to the United States rather than a potential digital "armageddon,"
US intelligence director James Clapper said on Thursday.
US
officials for years have warned of a possible "cyber Pearl
Harbor" that could shut down financial networks, poison water
supplies or switch off power grids.
But
Clapper told lawmakers that American spy agencies were more focused
on lower-profile but persistent assaults that could have a damaging
effect over time.
"We
foresee an ongoing series of low-to-moderate level cyber attacks from
a variety of sources over time, which will impose cumulative costs on
US economic competitiveness and national security," he said.
…
He cited North Korea's alleged hacking of Sony Pictures in November
and an Iranian attack a year ago against the Las Vegas Sands Casino
Corporation. [These are
“low-level attacks?” Bob]
If
law enforcement forbids notification, do they assume the liability?
On
June 4, 2014, the U.S. Dept. of Veterans Affairs, Office of Inspector
General, Criminal Investigative Division notified Kaplan
University (KU) that a former KU employee had stolen some
students’ information, but placed a stay on notifying the affected
students because of the criminal investigation. That stay was lifted
this month, and KU began notifying affected students by letter on
February 15, offering them a one-year complimentary membership in
Experian ProtectMyID (the 3-bureau program that includes identity
theft resolution and identity theft insurance). KU notes that it
took considerable time and effort to work through the hard copy
documents provided to them by VA OIG/CID to determine whom to notify
and what information had been involved for each affected student.
It
is not clear from their attorney’s letter
to the New Hampshire Attorney General’s Office why or how the
Dept. of Veterans Affairs became involved. Nor is there a lot of
detail, period. We do not know how many students were affected, when
the data theft occurred, how it occurred, how the information was
misused, or how the breach was discovered. Nor do we know if the
former employee has now been criminally charged.
DataBreaches.net
e-mailed Kaplan University to ask a number of questions. They did
not reply to yesterday’s inquiry, and re-sending the inquiry today
resulted in an auto-responder that their media relations person was
traveling on business and would reply to emails between flights. So
far, there’s still no response, so we’re somewhat up in the air
while he’s up in the air.
This
post will be updated as more details become available.
If
it ain't a Best Practice it's Unfair?
Katherine
Gasztonyi writes:
On February 20, the Third Circuit sent a letter
to counsel in FTC v. Wyndham Worldwide Corp., identifying at
least one topic that will be addressed in the upcoming oral argument
regarding the parties’ dispute
over whether the FTC has the authority to regulate companies’ data
security practices: whether unreasonable cybersecurity practices are
“unfair.” The letter requested that counsel be prepared to
address the issue by answering three questions. First, whether the
FTC has declared that unreasonably security practices are “unfair”
through procedures provided in the FTA (sic) Act. Second, if not,
whether the FTC is requesting that the federal courts determine that
unreasonable cybersecurity practices are “unfair” in the first
instance. And finally, whether federal courts have the authority to
determine that unreasonable cybersecurity practices are “unfair”
in the first instance under a case brought under 15 U.S.C. § 53(b)
(providing authority for the Commission to bring suit to enjoin a
person or entity that the Commission has reason to believe is
violating or is about to violate a provision of the FTC Act). The
letter further indicated that the Third Circuit may also request
additional briefing on these topics.
Read
more on Covington & Burling Inside
Privacy.
Hypothesis:
If this is “non-standard” it will be invisible to current “bad
guy” search tools and therefore more secure.
Are
Mesh Nets The Future of The Internet?
In
Havana, people are using a self-contained
network to communicate with each other, play games, and share
files despite pervasive Internet censorship in Cuba. This ad-hoc
network—called a mesh network—has impressed a lot of people, and
has many wondering if it represents the future of the Internet.
Let’s take a look.
A
mesh network is a network in which each node (a computer, phone, or
tablet) serves
as a relay, routing data between its peers. Snet, Havana’s mesh
network, serves as a great example. Its 9,000 users use a
combination of broadband cables and high-power wi-fi antennas to
connect to send e-mail, share files, and play games with each other,
without connecting to the outside Internet.
If
it's a “Thing” and it's connected to the Internet of Things, it's
going to collect and share information.
Why
EBooks Are Recording Information About Your Reading Habits
…
What you probably don’t know is that your reading activity can be
monitored, recorded and even shared with government security
agencies.
…
It has been established that Amazon collects certain information
about its readers. This goes beyond the basic analytics that you
would expect to be collected by a progressive, digital company like
Amazon (Apple, Barnes & Noble and Google Play Books – which you
can now add
your own books to – use similar techniques). The use of big
data such as how long you spend reading, how far you make
it through a book, search terms used to find the books and genres
that you find appealing is a major part of these companies’
strategy, and also helps
publishers to develop more readable books. [Not
sure how that happens... Bob]
I
wasn't sure why they did it yesterday, and apparently they were not
too sure either.
Google
backtracks on 'explicit' Blogger content ban
Google
has reversed the decision to ban explicit sexual content on Blogger.
On
Friday, in an update by Social Product Support Manager Jessica
Pelegio on Google's
Product Forums, the tech giant said in light of feedback and
concern relating to the "retroactive enforcement of the new
policy," which would
impact on bloggers who have held accounts for over 10 years,
Google has reversed its decision to ban explicit content entirely
from the network.
In
addition, Pelegio said the reversal was due in part to the potential
"negative impact on individuals who post sexually explicit
content to express their identities."
Interesting.
I find a wide variation in student understanding of social media
privacy.
When
Using Social Media, Beware the Invisible Audience
Just
one post to a social media site has the power to reach millions. But
when we post, most of us are just thinking of, and writing for, a few
people — a small audience of family, friends or the people we
regularly interact with on each platform.
Unfortunately,
the “invisible audience” — the people you didn’t know were
looking, or who you didn’t know could look — often only reveals
itself after an ill-timed, careless or incendiary post blows up in
your face. On the small scale, you may have to apologize to a
contact or co-worker, or deal with some other type of negative
feedback. But a growing number of cases are showing how one careless
tweet or Facebook post of questionable taste can lead to far grimmer
consequences, including losing your job or becoming the focus of
public shaming by a “digital mob” of strangers.
…
Today’s students are more sophisticated in their understanding of
privacy than some older people are, said Gailey, drawing insights
from her class. “They have come of age after lot of cautionary
tales,” she said. “They have learned not to post every photo
from the party they went to. Students didn’t know all this five
years ago.”
Apparently,
there is a market beyond terrorists. Won't the FBI be
surprised...
Silent
Circle targets enterprise users with 'world first' privacy ecosystem
…
Announced
on Thursday, Silent Circle said "strong demand" from
enterprise customers seeking to keep communication private through
the Blackphone product range led the firm to launch a private, common
equity round in order to grow and cater for new clients.
…
On Thursday, Silent Circle reached an agreement with Geeksphone --
co-founder of the Blackphone project -- to buy out the companies'
joint venture, SGP Technologies, granting Silent Circle 100 percent
ownership of the JV and Blackphone product line.
SGP
Technologies was founded in order to develop the Blackphone, a
privacy-centric mobile device. The gadget features a custom Android
operating system dubbed PrivatOS and is equipped with Silent Circle
encrypted communications apps including Silent Phone and Silent Text.
So,
what business opportunities open up?
FCC
Adopts Tough Net Neutrality Rule in Historic Regulatory Shift
…
The action places ISPs under Title II of the Telecommunications Act,
reversing a 2002 FCC decision that classified ISPs under a different
section of the law. The FCC's 2010 net neutrality regulation was
struck down in January 2014 by a federal court that generally
upheld the intent of the rule to prevent ISPs from creating "fast
lanes'' for those who can pay more or restricting bandwidth for some
companies. The court ruled the FCC was imposing regulations it
didn't have the authority to enforce because it had not classified
ISPs as utilities.
(Related)
How long will this last?
(Related)
Everything you ever wanted to know?
The
Ultimate Net-Neutrality Reading List
Perspective.
As IBM goes, so goes the industry?
IBM
Outlines Profit Plan Focusing on Cloud, Analytics, Security
IBM's
CEO says the company's plan to revamp its business Relevant
Products/Services to shift
away from hardware and focus on business analytics, cloud
Relevant Products/Services computing, mobile Relevant
Products/Services services and security Relevant Products/Services is
on track.
I'm
so old, I can remember a time when there were only two genders! Not
sure if sophisticated analytics or mere marketing is pushing the
change.
Facebook
users who don't fit any of the 58 gender-identity options offered by
the social-media giant are now being given a rather big 59th option:
fill in the blank.
For
the toolkit. (There may be a few bugs to overcome)
Microsoft
Finally Allows Customers To Legally Download Windows 7 ISOs
…
Sometimes, people simply lose the disc or ISO they had, and so it
shouldn't be such a challenge to get a replacement.
Well,
with a new feature on its website, you are now able to get that
replacement ISO. However, it's behind a bit of protection: you'll
need to provide your legal product code, and then the language, in
order to go through to the download page. If you've somehow lost
your key but are still using the OS that it's tied to, you can
retrieve it through a tool like the Magical Jelly Bean (an
application I've used for many years and has saved me a time or two).
[Magical
Jelly Bean: https://www.magicaljellybean.com/
Tools
for my students.
8
Diagramming Apps for Better Brainstorming on the Go
For
my Data Analytics students.
Ben
Wellington: How we found the worst place to park in New York City --
using big data
City
agencies have access to a wealth of data and statistics reflecting
every part of urban life. But as data analyst Ben Wellington
suggests in this entertaining talk, sometimes
they just don't know what to do with it. He shows how a
combination of unexpected questions and smart data crunching can
produce strangely useful insights, and shares tips on how to release
large sets of data so that anyone can use them.
Global
warming! Global warming! It's all Al Gore's fault!
http://www.thedenverchannel.com/news/local-news/its-official-this-is-our-snowiest-february-in-denver
IT'S
OFFICIAL - This is our snowiest February in Denver
Just
10 days ago, we were on track for one of the driest Februarys in
Denver history, but after several snowstorms, Denver has set a new
record for February snowfall -- 22.2 inches.
No comments:
Post a Comment