This
is a new one (to me anyway) I wonder if it will become common for
companies with a nation-wide footprint? Could it be extended
internationally?
The
Denver Channel reports:
Members of the National Association of Insurance Commissioners want a
multi-state examination of Anthem, Inc. and its affiliates, following
the discovery of a cybersecurity breach at the health insurance
company.
[…]
Given the potential scope of the breach and the number of consumers
affected, the NAIC said it anticipates all 56 states and territories
will sign on to the examinations, which will be inclusive of all
subsidiaries and affiliates of Anthem affected by the breach.
States with significant Anthem business are expected to take the
lead: Indiana, California, Missouri, Maine and New Hampshire.
NAIC resources will support state insurance departments throughout
the process. The NAIC Cybersecurity Task Force will monitor the
efforts, update best practices and will determine whether regulatory
action is warranted.
Read
more on The
Denver Channel.
Well,
that sounds a lot better than a multitude of individual
investigations, particularly if it leads to new best practices or
regulatory action that might do a better job of protecting consumers.
Hopefully,
as part of their investigation, they will seriously consider data
retention and minimization, and whether the Social Security numbers
of minors should be replaced with other identifiers.
(Related)
As often happens, initial reports seem to have understated the scale
of the breach.
Brian
Krebs reports:
Analysis of open source information on the cybercriminal
infrastructure likely used to siphon 80 million Social Security
numbers and other sensitive data from health insurance giant Anthem
suggests the attackers may have first gained a foothold in April
2014, nine months before the company says it discovered the
intrusion.
Read
his full article on KrebsOnSecurity.com,
as in addition to the specifics relating to the Anthem breach, he
also discusses the all-important topic of sharing threat information
– commenting, at one point:
Also, it’s myopic for an industry information sharing and analysis
center (ISAC) to decide not to share indicators of compromise with
other industry ISACs, let alone its own members. This should not be
a siloed effort. Somehow, we need to figure out a better — more
timely way — to share threat intelligence and information across
industries.
A
Best Practice that anyone (in theory) can implement. Are you
negligent if you don't?
http://www.bespacific.com/government-agencies-enable-http-strict-transport-security-public-websites/
Government
agencies enable HTTP Strict Transport Security for public websites
Ashkan
Soltani, Chief Technologist, FTC: “I’m pleased to announce that
the FTC has joined a number of other federal agencies in deploying
additional security best practices for our public consumer websites:
donotcall.gov,
ftccomplaintassistant.gov,
and hsr.gov.”
The websites, which already employ HTTPS encryption, have enabled a
feature known as HTTP
Strict Transport Security (HSTS) which hardcodes all future
communications to be encrypted by default. The result is that when
visitors attempt to visit the Do Not Call Registry by entering
“donotcall.gov” or clicking a link to http://donotcall.gov,
HSTS-enabled browsers will
automatically encrypt the connection without any additional
instruction from the website. This small tweak reduces
the potential for an attacker to maliciously redirect (downgrade)
their connection or impersonate an FTC website when connecting from
an insecure networks and open Wi-Fi hotspots. The cross agency
effort was motivated by the GSA’s 18F team which you can read
about here.”
“If
you have it, they will sue!” Of course everyone wants the videos.
Given enough data, anyone can find a “pattern” of misconduct.
Kate
Mather reports:
Ever since grainy images of Los Angeles police officers beating
Rodney King were broadcast nearly 25 years ago, video recordings have
come to be viewed by many as the ultimate evidence in cases of
disputed police actions.
The Los Angeles Police Department is about to take this concept to a
new level by outfitting every officer with a body camera that will
record their interactions with the public. Officials say the 7,000
cameras will help bring clarity to controversial encounters, guard
against officer misconduct and clear cops accused of wrongdoing.
But unlike the King tape and countless others, these recordings are
unlikely to be made public. And in
this era of YouTube, that doesn’t sit well with some residents.
Read
more on the Los
Angeles Times.
Even
my Business Intelligence students are analyzing Tweets. You can to.
Try http://www.followthehashtag.com/
Antonia
Maasa reports:
Twitter’s latest transparency report shows government requests for
user data and tweet removal are on the increase.
In its twice-yearly
transparency report, Twitter said it received 84 per cent more
requests for content removal and 40 per cent more requests for
account information from governments worldwide from July 1 to
December 31, compared with the first six months of the year.
Read
more on The
Age.
I
wonder what users have to hide?
You
can now stop drones from flying over your home and looking into your
window
If
you have a fear of drones invading your personal property and even
spying on you, there's now a way to prevent that: it's called
NoFlyZone.org.
The new US initiative allows the public to set up restricted
airspace above their homes. We
first heard about the scheme from TechCrunch.
…
The NoFlyZone website works really simply. You enter your home
address and provide some other basic information. The organisation
then verifies your details and registers your address. GPS
coordinates are logged in its database. Then, the organisation works
with drone manufacturers to automatically prevent drones flying over
registered houses by uploading the off-limit coordinates to the
drone. The service is free.
NoFlyZone
says there's no guarantee that it can keep all drones from flying
over your house, since the no-fly database only applies to drones
made by operators through which the company has an agreement.
One
question this raises is whether we actually own the sky above our
properties. In this case, NoFlyZone says this isn't an
issue as "participants voluntarily agree to exclude their drones
from overflying registrant’s properties."
And
don't worry if you want to sign up now, but still want Amazon's
delivery drones to be able to drop off orders in the future. The
company website explains that airspace over private land will become
"customisable" when delivery drones become available.
(Related)
Perhaps a market for “drone detection and destruction” tools?
Ryan
Lovelace reports:
Special Agent Matt Barden of the Drug Enforcement Agency says the DEA
does not take the proliferation of drones lightly; along with its
counterparts in Mexico, the agency is studying the crashed-drone
incident. However, Barden adds that this is not the first time the
DEA has discovered that drones have been used to move drugs
undetected. “This is something that’s not new,” he explains.
“We’ve heard about this, but more prominently with people trying
to get a small amount of drugs or contraband into a prison or some
confines of a locked or guarded facility — trying to get stuff in
or out.”
The biggest concerns about cartel-operated drones, Barden says, have
nothing to do with the actual movements of drugs. “Is it a good
way to get some dope out of the woods or out of the jungle to a
waiting car or vehicle? Yeah,” Barden says. “Better yet, to me
personally, is it a better way to perform surveillance on law
enforcement? Absolutely. That scares me a whole lot more than does
the smuggling aspect of it.” He adds that if DEA agents
encountered drones that could expose a confidential mission or
jeopardize their safety, the
agents would use discretion but would bring the drones down as
swiftly as possible.
Read
more on National
Review.
How
dare you question us!
Tim
Cushing writes:
Marcy
Wheeler has picked up on an interesting claim made in the CIA’s “We
Did Nothing Wrong” report. This report — an in-house
investigation of the CIA’s snooping on/hacking Senate staffers
during the compilation of the Torture Report — tossed out the
Inspector General’s findings and cleared the agency of any
misconduct. It then went on to disingenuously claim that it was the
Senate, not the CIA, that broke the rules.
Read
more on TechDirt.
Short version: Senate staffers used the system that had been
inadequately secured, and they nearly got charged with violating the
CFAA because of the CIA’s error.
Perspective.
Gas for less than $1 per gallon.
http://www.cnbc.com/id/102412048?__source=google|editorspicks|&par=google&google_editors_picks=true
$20
oil 'is still possible': Gartman
The
recent rebound in oil should not be seen as a sign that the price has
reached a bottom, influential investor Dennis Gartman told CNBC
Tuesday, warning that $20 per barrel was "still possible."
…
Gartman, the author of the "Gartman Letter" told CNBC's
"Worldwide Exchange" Tuesday.
…
Gartman's comments come after Citigroup published a report on Monday
stating that oil prices – which have fallen 50 percent from around
$114 per barrel last June to currently trade around $57 – could
fall as low as $20 per barrel.
For
my Analytics students.
No
end in sight to the growth of cloud analytics
It's
no secret that cloud computing and data analytics are both rapidly
growing areas of IT. Put them together, and you get a winning
combination that's expected
to grow by more than 26 percent annually over the next
five years.
That's
according to market-tracking firm Research and Markets, which on
Friday released a new report
on the global cloud analytics market.
For
my Car Nut/Ethical Hacking students. Think of all the cars on I25
moving like the chorus line in a Busby Berkley musical.
Markey
Report Reveals Automobile Security and Privacy Vulnerabilities
“New
standards are needed to plug security and privacy gaps in our cars
and trucks, according to a report released today by Senator Edward J.
Markey (D-Mass.). The report, called Tracking
& Hacking: Security & Privacy Gaps Put American Drivers at
Risk and first reported on by CBS News’ 60 Minutes, reveals
how sixteen major automobile manufacturers responded to questions
from Senator Markey in 2014 about how vehicles may be vulnerable
to hackers, and how driver information is collected and protected.
The responses from the automobile manufacturers show a vehicle fleet
that has fully adopted wireless technologies like Bluetooth and even
wireless Internet access, but has not addressed the real
possibilities of hacker infiltration into vehicle systems. The
report also details the widespread collection of driver and vehicle
information, without privacy protections for how that information is
shared and used. “Drivers have come to rely on these new
technologies, but unfortunately the automakers haven’t done their
part to protect us from cyber-attacks or privacy invasions. Even as
we are more connected than ever in our cars and trucks, our
technology systems and data security remain largely unprotected,”
said Senator Markey, a member of the Commerce, Science and
Transportation Committee. “We need to work with the industry and
cyber-security experts to establish clear rules of the road to ensure
the safety and privacy of 21st-century American drivers.”
Senator Markey posed his questions after studies showed how hackers
can get into the controls of some popular vehicles, causing them to
suddenly accelerate, turn, kill the brakes, activate the horn,
control the headlights, and modify the speedometer and gas gauge
readings. Additional concerns came from the rise of navigation and
other features that record and send location or driving history
information. Senator Markey wanted to know what automobile
manufacturers are doing to address these issues and protect drivers.”
For
my female students. Not a lot of information, yet.
Facebook
Inc And LinkedIn Corp Join Forces To Help Women In Tech
Facebook
Inc and LinkedIn Corp have joined hands to help encourage women to
enroll in computer science and engineering programs.
…
Facebook COO Sheryl Sandberg and LinkedIn Corp CEO Jeffrey Weiner
announced a series of programs, which will help mentor female
students aspiring to breach the male dominated tech industry. A
series of workshops at numerous educational institutions have been
setup, hoping to pave the way for aspiring female tech students.
(Related)
Sheryl
Sandberg
Today,
Facebook, LinkedIn,
the Anita
Borg Institute and Lean
In are launching a new global chapter of Lean In Circles to
support women in computer science and engineering. Learn more here:
http://leanin.org/cse
No comments:
Post a Comment