For
my Ethical Hackers: When you have the keys to the castle. Don't show
everyone what you can do with them.
Howard
Altman reports:
The U.S. Attorney’s Office says that there are no
signs of a data breach caused by the theft of five laptop
computers from U.S. Central
Command sometime in April 2013.
“There is no indication of a data breach at this point,” said
spokesman William Daniels. “As cases proceed, we always remain
open to new information and evidence. However, at this point, the
indictment only alleges theft of government computers.”
On Friday, Scott Duty, a former civilian employee of Centcom,
headquartered at MacDill Air Force Base, was arrested on a theft
charge in connection with the command’s stolen laptops, according
to court documents.
Read
more on The
Tampa Tribune.
Oh
gee. Yet another technology introduced without the bother of
security. What a surprise.
Pete
Bigelow reports:
A 14-year-old boy may have forever changed the way the auto industry
views cyber security.
He was part of a group of high-school and college students that
joined professional engineers, policy-makers and white-hat security
experts for a five-day camp last July that addressed car-hacking
threats.
“This kid was 14, and he looked like he was 10,” said Dr. Andrew
Brown Jr., vice president and chief technologist at Delphi
Automotive.
With some help from the assembled experts, he was supposed to attempt
a remote infiltration of a car, a process that some of the nation’s
top security experts say can take weeks or months of intricate
planning. The student, though, eschewed any guidance. One night, he
went to Radio Shack, spent $15 on parts and stayed up late into the
night building his own circuit board.
Read
more about how this teen blew everyone’s mind with what he
accomplished with only $15 in parts and some creative thinking on
AutoBlog.
[From
AutoBlog:
Windshield
wipers turned on and off. Doors locked and unlocked. The remote
start feature engaged. The student even got the car's lights to
flash on and off, set to the beat from songs on his iPhone. Though
they wouldn't divulge the student's name or the brand of the affected
car, representatives from both Delphi and Battelle, the nonprofit
that ran the CyberAuto
Challenge event, confirmed the details.
If
car makers weren't taking cyber threats seriously before the
demonstration, they were afterward.
…
In the product-planning life-cycle, it
could take three to five years for those alterations to reach new
vehicles. And that's to say nothing of the 230
million vehicles already on the road.
In
short, the car-hacking problem will probably get worse before it gets
better.
(Related)
Should security be considered for any organization that relies on
technology?
The
Emergence of Cybersecurity Law
“This
paper examines cyberlaw as a growing field of legal practice and the
roles that lawyers play in helping companies respond to cybersecurity
threats. Drawing on interviews with lawyers, consultants, and
academics knowledgeable in the intersection of law and cybersecurity,
as well as a survey of lawyers working in general counsel’s
offices, this study examines the broader context of cybersecurity,
the current legal framework for data security and related issues, and
the ways in which lawyers learn about and involve themselves in
cybersecurity issues. These discussions are presented across the
paper’s three sections:
- Cybersecurity and the Law explores the context in which cyberlaw is developing, examining the importance of cybersecurity to companies and corporations and how inside and outside counsel are responding.
- Legal Developments in Cyberlaw provides an overview of the current state of the legislation, regulations, and other sources of law and policy influencing cybersecurity.
- How Lawyers Help Meet Cyberthreats examines lawyers’ roles cybersecurity in more detail, including both the tasks they should perform and the tasks they do perform. This section also examines how lawyers are improving their knowledge of cybersecurity.”
France
is legitimately concerned. Still, ground-to-air missiles are
probably too much.
French
Authorities Hunt Pilots as Drones Seen Over Paris Landmarks
French
authorities Tuesday were trying to hunt down the pilots of drones
that were spotted flying over Paris landmarks and high-security
buildings including the U.S. embassy.
The
small, remotely-controlled flying objects were seen overnight Monday
to Tuesday over the U.S. embassy and nearby Interior Ministry, as
well as over the Eiffel tower nearly 2 miles to the west and Place de
la Bastille over 2.5 miles to the east.
If
backdoor access is legitimate for one government, is it legitimate
for all governments? Any “proposal” that is so easy to show as
ridiculous probably is. Has no one in government considered these
questions?
Yahoo
executive challenges NSA over encryption demands
…
"If we're going to build defects, backdoors or golden master
keys for the US government, do you believe we should do so... for the
Chinese government, the Russian government, the Saudi Arabian
government, the Israeli government, the French government?"
asked Mr Stamos, Yahoo's chief information security officer.
After
initially dodging the question, Adm Rogers - who took over as
director of the NSA last year - responded: "I think that we're
lying that this isn't technically feasible.
"Now,
it needs to be done within a framework. I'm the first to acknowledge
that."
…
According to a transcript provided
by the Just Security website, he argued that he did not want the
FBI and NSA to unilaterally decide what access they should have, but
insisted an agreement was achievable.
Pressed
on whether he thought that access should also be granted to other
nations' governments, Adm Rogers said: "I think we can work our
way through this."
Mr
Stamos responded: "I'm sure the Chinese and Russians are going
to have the same opinion."
(Related)
Tell me again why law enforcement is helpless when phones are
encrypted?
…
Researchers at Stanford University and Israel’s defense research
group Rafael have created a technique they call PowerSpy, which they
say can gather information about an Android phone’s geolocation
merely by tracking its power use over time. That data, unlike GPS or
Wi-Fi location tracking, is freely available to any installed app
without a requirement to ask the user’s permission. That means it
could represent a new method of stealthily determining a user’s
movements with as much as 90 percent accuracy—though for now the
method only really works when trying to differentiate between a
certain number of pre-measured routes.
There
is no easy “anonymous” from your personal computer.
Neil
Ungerleider reports:
If you have cancer, HIV, diabetes, lupus, depression, heart
disease—or you simply look up health-related information
online—advertisers are watching you. A
new paper on what
happens when users search for health information online shows
that some of our most sensitive internet searches aren’t as
anonymous as we might think.
Marketers care very much about what diseases and conditions people
are searching for online. Tim Libert, a doctoral student at the
Annenberg School For Communication at the University of Pennsylvania
and the author of the paper says that over 90% of the 80,000
health-related pages he looked at on the Internet exposed user
information to third parties.
Read
more on FastCompany.
[From
Fast Company:
Health
privacy is protected by the Federal Health Insurance Portability and
Accountability Act (HIPPA), but the law is not
meant to oversee business practices by third party commercial
entities or data brokers. "Clearly there is a need
for discussion with respect to legislation, policies, and oversight
to address health privacy in the age of the internet," says
Libert.
To
avoid the watchful eye of marketers, Libert recommends users make use
of two different tools, Ghostery
and Adblock
Plus, which can at least partly prevent marketers from obtaining
patient health information based on Internet browsing habits.
(Related)
Why isn't the FDA monitoring such claims? Would these App have been
required to do a full “drug testing” level research before the
market? Could this technology work?
The
Federal Trade Commission (FTC) announced on Monday that it has
reached settlements with two developers who claimed their apps could
accurately detect the risk of melanoma.
The
two apps — MelApp and Mole Detective — instructed users to take a
picture of a mole and promised to give an early assessment of whether
it was skin cancer. The commission
alleged the companies lacked adequate evidence to
support their claims.
Each
company was required to hand over a small amount of money and was
prohibited from claiming their apps can detect skin cancer unless it
is supported by scientific testing.
I'm
sure everyone in the EU will immediately stop using Facebook.
From
the close-but-no-cigar dept., Samuel Gibbs reports:
A report commissioned by the Belgian privacy commission has found
that Facebook is acting in violation of European law, despite
updating its privacy policy.
Conducted by the Centre of Interdisciplinary Law and ICT at the
University of Leuven in Belgium, the
report claimed that Facebook’s privacy policy update in January
had only expanded older policy and practices, and found that it still
violates European consumer protection law.
“Facebook’s Statement of Rights and Responsibilities (SRR)
contains a number of provisions which do not comply with the Unfair
Contract Terms Directive. These violations were already present in
2013, and they are set to persist in 2015,” wrote
the authors.
Read
more on The
Guardian.
The
Register has more on Facebook’s attempt to head off a Belgian
investigation.
Better
than nothing? Why are you doing nothing?
Need
Cyber Protection? Avast for Business Offers it Free
…
Avast for Business is a free cloud-based security
management tool specifically designed for small businesses.
Vince
Steckler, CEO at Avast, says in a statement on the release of Avast
for Business:
“We believe the time is right to provide great security that is not
only free, but also simple for SMBs to implement and manage. A small
business may not view their customer database or online orders at the
same level as data of an enterprise. Avast for Business addresses
the problem of those businesses using consumer products and not being
adequately protected; it gives those enterprises a business-class
solution they can grow with.”
…
Avast for Business takes about five minutes to set up. And one
manager can monitor any threats on any device protected under the
same Avast for Business account, the company claims. Based on a
cursory glance at the software, the browser-based dashboard for the
free service is easy-to-read and manage. Adding and activating
devices running Avast for Business starts with one click.
The
software can be downloaded onto one employee’s computer. That user
then becomes the “cloud manager.” A link can be emailed to other
users covered by the same cloud account.
“Russians
don't do anything without a plan.” from “The Hunt for Red
October”
Report
to Allege Direct Kremlin Link to Ukraine Invasion
The
editor of a leading independent Russian newspaper says he plans this
week to publish what purports to be an official Kremlin strategy
document outlining Russia's 2014 invasion of Ukraine.
Novaya
Gazeta editor Dmitri Muratov said the document appears to have been
prepared weeks before Ukraine's pro-Russian President Viktor
Yanukovych was driven from office in February 2014, following weeks
of anti-government protests in Kyiv.
…
Muratov quotes the 2014 document as saying Moscow was obliged to
intervene in Ukraine to protect against the possible loss of the
Ukrainian market for Russia's natural gas. [Huh?
Bob] He said the document also noted the risks to the
Russian economy and to western European consumers, if Moscow were to
lose control of pipelines carrying natural gas through Ukraine to
Western markets.
(Related)
Why does he keep talking like this?
Vladimir
Putin: War with Ukraine would be 'apocalyptic' but unlikely
For
my Statistics students. What would you like to predict?
Microsoft
Nails All But 4 of 24 Oscar Predictions
…
In all, Microsoft, relying on an apparently awesome prediction model
managed by research guru David Rothschild, nailed 20 out of 24
predictions. Last year, the bow-tied economist and pollster at
Microsoft’s New York City research
lab correctly foresaw 21 of 24 Oscar winners and 19 of 24 the
year before that.
So
far, we don't have a virtual Mr. Roger's Neighborhood.
Easy
Coding for Kids With Microsoft’s Kodu
Microsoft’s
Kodu GameLab
Encourages Kids to Code
…
Its simplicity makes it engaging, as does its sensory programming
features within the simulation environment. It isn’t designed to
introduce
children to the core of programming languages, or key conventions
such as variables, branching, looping or subroutines.
Other
Coding for Kids Options
Alice:
A 3D environment focused on visual programming through a
drag-and-drop, WYSIWYG editor. Variant, Storytelling
Alice, has been shown to increase engagement with coding.
High level 3D animations and social interactions provide appeal
across the learning spectrum, tying directly into the children’s
contemporary digital world.
Scratch:
Another
3D visual programming tool, developed by the MIT
Media Lab. Since its 2007 inception over 800,000 users have
signed up. It’s entirely open, with content sharing the key to the
community. All projects are Creative Commons licensed so each
project is up for download and modification. There are some damn fun
mini-games.
Hackety-Hack:
Ruby for teenagers. Teen’s actually engage with the Ruby
programming language, learning algorithm structures, commands,
strings, basic math functions and more. Calls its users “Hackers”
for that ultra-cool feel, and has integration with a desktop social
site for idea sharing and help.
Daisy
the Dinosaur: For the very young. Aged towards 5-8 year
olds, but perfectly functional for older kids. Very basic visual
programming interface based around moving and interacting with Daisy
the Dinosaur. My 5 year old loved it, and the 3 year old was pretty
inspired, too. Only available for
iOS.
Code-Monster:
JavaScript with a friendly monster. The monster guides you
through a series
of JavaScript variables. Each change
you make to the code alters the appearance of a shape on the
parallel screen. Creator Greg Linden wanted to teach his own kids to
code: this is the result.
For
all my students.
5
New Tools to Snag the Job of Your Dreams
For
my “International” students. (They like Google
Translate best too)
5
Ways to Translate Text on Your iPhone or iPad
For
all my students.
Even
With Debt, College Still Pays Off
(Related)
Hiring
Managers: Recruiters Aren't Working
…
Their first and foremost concern? A lack of talent. While millions
of Americans are still looking for work, nearly half (48 percent) of
hiring managers report that they aren't seeing enough qualified
candidates, and a quarter (26 percent) predict hiring will getting
harder in the next 12 months as the U.S. economy continues to pick up
steam.
…
All of this indicates that the job market is on the road to a fierce
recovery, giving employees – particularly those in competitive
positions – more options, and thus the ability to bargain and make
greater demands from their employers.
No comments:
Post a Comment