Thursday, February 26, 2015

Perspective. How much do you suppose goes to new security tools or processes that would have prevented the breach?
Ingrid Lunden reports:
When it comes to data breaches, retailers are one of the biggest targets these days, and today we have some detail on the costs around one of the more high-profile attacks. Target today said that it has booked $162 million in expenses across 2013 and 2014 related to its data breach, in which hackers broke into the company’s network to access credit card information and other customer data, affecting some 70 million customers.
The figure, revealed in the company’s Q4 earnings published today, includes $4 million in Q4, and $191 million in gross expenses for 2014, as well as $61 million gross for 2013. Target says that the gross number was offset in part by insurance receivables of $46 million for 2014 and $44 million for 2013.
Read more on TechCrunch.


Are you paranoid enough? Think “a Sony-like attack on banks.”
New York's top financial watchdog mulled new regulations to stave off an "Armageddon"-scale online attack that could bring U.S. financial markets to their knees.
In a speech before a Columbia Law School audience, Lawsky said that within the next ten years or sooner, a "cyber 9/11" event could cause dramatic chaos to the financial system for a time.
The regulator said he is eyeing new measures to force insurance firms and banks under DFS regulations to be prepared against such hacks.

(Related) So simple. Could repairs keep up with a team of motivated vandals?
Arizona authorities probe vandalism that cut off Internet, phones for hours
Officials say all services have been restored following act of vandalism that left people across northern Arizona without the use of the Internet, cellphones and landlines for several hours.
During Wednesday's outages, businesses couldn't process credit card transactions, ATMs didn't function, law enforcement databases were unavailable, and even weather reports were affected in an area stretching from north of Phoenix to Flagstaff, about 100 miles away.
… Phoenix police said CenturyLink employees found that a fiber-optic cable in far north Phoenix had been completely cut through.


Another reason to be paranoid. The problem is, “staffers” or even people at the same location can put this data online. Quis custodiet ipsos custodes? Or perhaps, Quis custodiet ipsos “Staffers?”
First lady leaking location data through Instagram
First lady Michelle Obama’s Instagram feed is leaking details about her — or her staffers’ — location.
As first noticed by Fusion on Wednesday, whomever is managing the first lady’s account on the picture-sharing service has opted in to also sharing their location. That data, which appears on a map inside the mobile application, can reveal details down to the building of where someone was when they uploaded a picture to the service.


Clearly the Secret Service should be concerned. They've already had a drone crash at the White House and Paris is being “surveiled by terrorists,” maybe. And drones are very difficult to detect with RADAR. So they should test a drone with intercept and shoot down (or capture) capabilities.
Secret Service plans drone exercises in DC
… “Because these exercises will be conducted within the normally flight restricted areas in the Washington D.C. area, they have been carefully planned and will be tightly controlled
… The release was put out to allay any concerns from the general public if someone does notice a flight in generally restricted airspace, the Secret Service spokeswoman said. [But how do we know it's a Secret Service drone? Bob]


Note that there is no “no fly zone” for advertisers.
Barry Levine reports:
It was only a matter of time before drones started monitoring signals from mobile devices.
Since early February, several small drones flying around the San Fernando Valley in Los Angeles have been determining mobile devices’ locations from Wi-Fi and cellular transmission signals.
They are part of an experiment by Singapore-based location marketing firm Adnear, which has offices around the world. The firm told me that, to its knowledge, this is the first time an adtech company has employed drones to collect wireless data.
Read more on VentureBeat.
[From the article:
… A mobile user needs to have an app open that is transmitting via cellular or Wi-Fi for this mapping to occur. The app does not need to be sending location coordinates.
The system identifies a given user through the device ID, and the location info is used to flesh out the user’s physical traffic pattern in his profile. Although anonymous, the user is “identified” as a code.


This is what you get when lobbyists write laws and regulations.
Dems raise alarms on White House privacy plan
House Democrats are voicing concerns that an expected White House plan to protect people’s online privacy could actually undermine it.
As soon as this week, the White House is expected to unveil new legislation aiming to protect people’s privacy, but the plan could cripple the Federal Communications Commission's (FCC) ability to safeguard people’s online history, Democrats feared on Wednesday.
“This proposal by the White House sounds like it would severely undercut the FCC’s authority to prevent [Internet service providers] from using their position in the marketplace to do things like charging subscribers not to have their browsing history data monitored or setting ‘supercookies’ that allow users to be identified and tracked across the Internet,” said Rep. Mike Doyle (D-Pa.).


A Privacy infographic?
Is Your Favorite Website Spying on You?
We all use services like Google, Facebook, and Twitter, but are these websites keeping more information on us than we intended? As it turns out, quite a few websites out there track an incredibly large amount of data from users.
So what can you do to make sure you aren’t being tracked by the sites you visit? Thankfully, you have options. The infographic below will show you which sites are tracking you the most, and even more important, how to make sure you aren’t being tracked, regardless of which web browser you use.
Via Study Web


Would putting my name on a court website somewhere count as “notice?”
Alan Butler writes:
EPIC recently filed comments on proposed amendments to Rule 41 of the Federal Rules of Criminal Procedure, which would authorize judges to issue “remote access” search warrants in certain cases. As EPIC outlined, the surreptitious computer searches conducted under these remote access warrants would run afoul of an important Fourth Amendment protection — the requirement of prior notice. But the issue of delayed or non-existent notice is not only present with remote access searches; it is an issue with all electronic search authorities and especially with searches conducted under the Stored Communications Act, 18 U.S.C. § 2703.
Read more on EPIC.


Apparently, it's not just teachers strip searching students. And technology is making this even easier.
Don’t read this commentary from John W. Whitehead if you don’t want to get depressed.
The Fourth Amendment was designed to stand between us and arbitrary governmental authority. For all practical purposes, that shield has been shattered, leaving our liberty and personal integrity subject to the whim of every cop on the beat, trooper on the highway and jail official. The framers would be appalled.”—Herman Schwartz, The Nation
Our freedoms—especially the Fourth Amendment—are being choked out by a prevailing view among government bureaucrats that they have the right to search, seize, strip, scan, spy on, probe, pat down, taser, and arrest any individual at any time and for the slightest provocation.
Forced cavity searches, forced colonoscopies, forced blood draws, forced breath-alcohol tests, forced DNA extractions, forced eye scans, forced inclusion in biometric databases—these are just a few ways in which Americans are being forced to accept that we have no control over what happens to our bodies during an encounter with government officials.
Read the whole thing on The Rutherford Institute.


Interesting ethical questions.
Facebook updates feature for suicide prevention
Facebook began rolling out a feature update Wednesday that aids suicide prevention.
The updated tool lets users flag content on both the desktop and mobile version of the social network that they find concerning. If a Facebook friend posts something that indicates he might be thinking of harming himself, users can click on an arrow on the post to report it. Facebook will then offer options to contact the friend, contact another friend for support or contact a suicide helpline.
… Boyle and Staubli said if anyone sees a direct threat of suicide on Facebook, they should contact their local emergency services immediately.

(Related) Should potential suicides be reported here? How else will DHS capture potential suicide bombers?
Julia Harumi Mass and Hugh Handeyside write:
The federal government will have to produce information on a vast and secret domestic surveillance program and defend the program’s legality in open court. That’s the result of a decision issued Friday by the federal judge presiding over our lawsuit challenging the Suspicious Activity Reporting program, part of an ever-expanding domestic surveillance network established after 9/11.
The program calls on local police, security guards, and the public — our neighbors — to report activity they deem suspicious or potentially related to terrorism. These suspicious activity reports (“SARs” for short) are funneled to regional fusion centers and on to the FBI, which conducts follow-up investigations and stockpiles the reports in a giant database that it shares with law enforcement agencies across the country.
The decision is significant.
Read more on ACLU.

(Related) On a broader scale...
Will Facebook’s New Flagging Feature Stifle Freedom of Speech?
… Introduced ostensibly to help Facebook remove fake news stories, thereby stopping such a post going viral, it turns out that the feature is open to abuse.
… Stories that might offer an alternative political viewpoint could be subjected to the same sort of reporting as a hoax, or flagged because they’re deemed “offensive”. That calculation is useful here. One or two people objecting will make little difference. Dozens or hundreds, however, will result in an algorithm being executed, and the item being reviewed with a view to removal.
With the one hand, Facebook removes hoax items, thereby helping to protect online security and privacy. This is commendable. But what good does enabling a group of people to highlight a news story for removal because it carries views that they are uncomfortable with?


Eventually we have to address all of these. Are these useful models for legislation? How about a “crowd sourced law” wiki?
Cheryl Miller reports:
A bipartisan pair of state lawmakers on Wednesday unveiled a package of privacy bills that tackle issues ranging from car-data hacking to encryption standards for cloud-stored information.
[…]
Three of the bills mentioned by Gaines and Gatto are already in print. SB 206 would ban state agencies from collecting data from cars’ diagnostic systems beyond what’s necessary for California’s smog check program. SB 271 prohibits drones from flying over schools. And AB 170 would create new rules for the state’s genetic testing program, which takes tiny blood samples from newborns and, after de-identifying the records, makes them available to researchers.
A fourth bill, AB 83, will be shaped by public suggestions submitted to a wiki page created by Gatto.
Read more on The Recorder (sub. Required).


Facebook sees “new users” as the path to growth.
Facebook: Only 40% of the world has ever connected to the Internet
Only 40% of the world has ever connected to the Internet and the unconnected mostly live in developing nations, according to a new study published Monday by Facebook-led Internet.org.
The study, which outlines the state of global Internet connectivity, also found that 37.9% of Earth's population uses the Internet at least once a year, but more than 90% of the world's population, at least, lives within the range of a mobile network.
… You can read the full report here.


A true innovation killer? “We've always done it this way!” (I'd get one of these if my wife let me)
Flow Hive, a Gadget for Beekeepers, Sets New Crowdfunding Record on Indiegogo
Crowdfunding platform Indiegogo has been abuzz about the Flow Hive, an invention that aims to help beekeepers better harvest honey.
Launched on Sunday, the campaign reached its goal of $70,000 within the first eight minutes, and the donations kept pouring in, hitting a record-breaking $2.18 million in the first 24 hours. Now, with 40 days left to go, funders have pledged more than $2.9 million.
The device claims to help beekeepers collect honey with less disturbance to the bees because the hive itself doesn’t need to be opened. The campaign page says that the product is “the most significant innovation in beekeeping since 1852.”


For all my students, please! Great quote from the article: “emails are where keystrokes go to die”
5 Tools That Can Help You Write Better Emails
… we don’t talk too much about the most basic habit of all – the art of writing better emails.
The email hall of infamy is littered with carcasses of careers destroyed and faces reddened because of an email faux passé. But hold on. This little post isn’t about the bad news. It is about the neat little tools that can get you ahead in the email writing department. Here are five cool (and new) email writing tools we picked up from the far corners of the web.


Dilbert explains consulting, I think.

No comments: