Tuesday, February 10, 2015

This is a new one (to me anyway) I wonder if it will become common for companies with a nation-wide footprint? Could it be extended internationally?
The Denver Channel reports:
Members of the National Association of Insurance Commissioners want a multi-state examination of Anthem, Inc. and its affiliates, following the discovery of a cybersecurity breach at the health insurance company.
[…]
Given the potential scope of the breach and the number of consumers affected, the NAIC said it anticipates all 56 states and territories will sign on to the examinations, which will be inclusive of all subsidiaries and affiliates of Anthem affected by the breach.
States with significant Anthem business are expected to take the lead: Indiana, California, Missouri, Maine and New Hampshire.
NAIC resources will support state insurance departments throughout the process. The NAIC Cybersecurity Task Force will monitor the efforts, update best practices and will determine whether regulatory action is warranted.
Read more on The Denver Channel.
Well, that sounds a lot better than a multitude of individual investigations, particularly if it leads to new best practices or regulatory action that might do a better job of protecting consumers.
Hopefully, as part of their investigation, they will seriously consider data retention and minimization, and whether the Social Security numbers of minors should be replaced with other identifiers.

(Related) As often happens, initial reports seem to have understated the scale of the breach.
Brian Krebs reports:
Analysis of open source information on the cybercriminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant Anthem suggests the attackers may have first gained a foothold in April 2014, nine months before the company says it discovered the intrusion.
Read his full article on KrebsOnSecurity.com, as in addition to the specifics relating to the Anthem breach, he also discusses the all-important topic of sharing threat information – commenting, at one point:
Also, it’s myopic for an industry information sharing and analysis center (ISAC) to decide not to share indicators of compromise with other industry ISACs, let alone its own members. This should not be a siloed effort. Somehow, we need to figure out a better — more timely way — to share threat intelligence and information across industries.


A Best Practice that anyone (in theory) can implement. Are you negligent if you don't?
Government agencies enable HTTP Strict Transport Security for public websites
Ashkan Soltani, Chief Technologist, FTC: “I’m pleased to announce that the FTC has joined a number of other federal agencies in deploying additional security best practices for our public consumer websites: donotcall.gov, ftccomplaintassistant.gov, and hsr.gov.” The websites, which already employ HTTPS encryption, have enabled a feature known as HTTP Strict Transport Security (HSTS) which hardcodes all future communications to be encrypted by default. The result is that when visitors attempt to visit the Do Not Call Registry by entering “donotcall.gov” or clicking a link to http://donotcall.gov, HSTS-enabled browsers will automatically encrypt the connection without any additional instruction from the website. This small tweak reduces the potential for an attacker to maliciously redirect (downgrade) their connection or impersonate an FTC website when connecting from an insecure networks and open Wi-Fi hotspots. The cross agency effort was motivated by the GSA’s 18F team which you can read about here.”


“If you have it, they will sue!” Of course everyone wants the videos. Given enough data, anyone can find a “pattern” of misconduct.
Kate Mather reports:
Ever since grainy images of Los Angeles police officers beating Rodney King were broadcast nearly 25 years ago, video recordings have come to be viewed by many as the ultimate evidence in cases of disputed police actions.
The Los Angeles Police Department is about to take this concept to a new level by outfitting every officer with a body camera that will record their interactions with the public. Officials say the 7,000 cameras will help bring clarity to controversial encounters, guard against officer misconduct and clear cops accused of wrongdoing.
But unlike the King tape and countless others, these recordings are unlikely to be made public. And in this era of YouTube, that doesn’t sit well with some residents.
Read more on the Los Angeles Times.


Even my Business Intelligence students are analyzing Tweets. You can to. Try http://www.followthehashtag.com/
Antonia Maasa reports:
Twitter’s latest transparency report shows government requests for user data and tweet removal are on the increase.
In its twice-yearly transparency report, Twitter said it received 84 per cent more requests for content removal and 40 per cent more requests for account information from governments worldwide from July 1 to December 31, compared with the first six months of the year.
Read more on The Age.


I wonder what users have to hide?
You can now stop drones from flying over your home and looking into your window
If you have a fear of drones invading your personal property and even spying on you, there's now a way to prevent that: it's called NoFlyZone.org. The new US initiative allows the public to set up restricted airspace above their homes. We first heard about the scheme from TechCrunch.
… The NoFlyZone website works really simply. You enter your home address and provide some other basic information. The organisation then verifies your details and registers your address. GPS coordinates are logged in its database. Then, the organisation works with drone manufacturers to automatically prevent drones flying over registered houses by uploading the off-limit coordinates to the drone. The service is free.
NoFlyZone says there's no guarantee that it can keep all drones from flying over your house, since the no-fly database only applies to drones made by operators through which the company has an agreement.
One question this raises is whether we actually own the sky above our properties. In this case, NoFlyZone says this isn't an issue as "participants voluntarily agree to exclude their drones from overflying registrant’s properties."
And don't worry if you want to sign up now, but still want Amazon's delivery drones to be able to drop off orders in the future. The company website explains that airspace over private land will become "customisable" when delivery drones become available.

(Related) Perhaps a market for “drone detection and destruction” tools?
Ryan Lovelace reports:
Special Agent Matt Barden of the Drug Enforcement Agency says the DEA does not take the proliferation of drones lightly; along with its counterparts in Mexico, the agency is studying the crashed-drone incident. However, Barden adds that this is not the first time the DEA has discovered that drones have been used to move drugs undetected. “This is something that’s not new,” he explains. “We’ve heard about this, but more prominently with people trying to get a small amount of drugs or contraband into a prison or some confines of a locked or guarded facility — trying to get stuff in or out.”
The biggest concerns about cartel-operated drones, Barden says, have nothing to do with the actual movements of drugs. “Is it a good way to get some dope out of the woods or out of the jungle to a waiting car or vehicle? Yeah,” Barden says. “Better yet, to me personally, is it a better way to perform surveillance on law enforcement? Absolutely. That scares me a whole lot more than does the smuggling aspect of it.” He adds that if DEA agents encountered drones that could expose a confidential mission or jeopardize their safety, the agents would use discretion but would bring the drones down as swiftly as possible.
Read more on National Review.


How dare you question us!
Tim Cushing writes:
Marcy Wheeler has picked up on an interesting claim made in the CIA’s “We Did Nothing Wrong” report. This report — an in-house investigation of the CIA’s snooping on/hacking Senate staffers during the compilation of the Torture Report — tossed out the Inspector General’s findings and cleared the agency of any misconduct. It then went on to disingenuously claim that it was the Senate, not the CIA, that broke the rules.
Read more on TechDirt. Short version: Senate staffers used the system that had been inadequately secured, and they nearly got charged with violating the CFAA because of the CIA’s error.


Perspective. Gas for less than $1 per gallon.
http://www.cnbc.com/id/102412048?__source=google|editorspicks|&par=google&google_editors_picks=true
$20 oil 'is still possible': Gartman
The recent rebound in oil should not be seen as a sign that the price has reached a bottom, influential investor Dennis Gartman told CNBC Tuesday, warning that $20 per barrel was "still possible."
… Gartman, the author of the "Gartman Letter" told CNBC's "Worldwide Exchange" Tuesday.
… Gartman's comments come after Citigroup published a report on Monday stating that oil prices – which have fallen 50 percent from around $114 per barrel last June to currently trade around $57 – could fall as low as $20 per barrel.


For my Analytics students.
No end in sight to the growth of cloud analytics
It's no secret that cloud computing and data analytics are both rapidly growing areas of IT. Put them together, and you get a winning combination that's expected to grow by more than 26 percent annually over the next five years.
That's according to market-tracking firm Research and Markets, which on Friday released a new report on the global cloud analytics market.


For my Car Nut/Ethical Hacking students. Think of all the cars on I25 moving like the chorus line in a Busby Berkley musical.
Markey Report Reveals Automobile Security and Privacy Vulnerabilities
“New standards are needed to plug security and privacy gaps in our cars and trucks, according to a report released today by Senator Edward J. Markey (D-Mass.). The report, called Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk and first reported on by CBS News’ 60 Minutes, reveals how sixteen major automobile manufacturers responded to questions from Senator Markey in 2014 about how vehicles may be vulnerable to hackers, and how driver information is collected and protected. The responses from the automobile manufacturers show a vehicle fleet that has fully adopted wireless technologies like Bluetooth and even wireless Internet access, but has not addressed the real possibilities of hacker infiltration into vehicle systems. The report also details the widespread collection of driver and vehicle information, without privacy protections for how that information is shared and used. “Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyber-attacks or privacy invasions. Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected,” said Senator Markey, a member of the Commerce, Science and Transportation Committee. “We need to work with the industry and cyber-security experts to establish clear rules of the road to ensure the safety and privacy of 21st-century American drivers.” Senator Markey posed his questions after studies showed how hackers can get into the controls of some popular vehicles, causing them to suddenly accelerate, turn, kill the brakes, activate the horn, control the headlights, and modify the speedometer and gas gauge readings. Additional concerns came from the rise of navigation and other features that record and send location or driving history information. Senator Markey wanted to know what automobile manufacturers are doing to address these issues and protect drivers.”


For my female students. Not a lot of information, yet.
Facebook Inc And LinkedIn Corp Join Forces To Help Women In Tech
Facebook Inc and LinkedIn Corp have joined hands to help encourage women to enroll in computer science and engineering programs.
… Facebook COO Sheryl Sandberg and LinkedIn Corp CEO Jeffrey Weiner announced a series of programs, which will help mentor female students aspiring to breach the male dominated tech industry. A series of workshops at numerous educational institutions have been setup, hoping to pave the way for aspiring female tech students.

(Related)
Sheryl Sandberg
Today, Facebook, LinkedIn, the Anita Borg Institute and Lean In are launching a new global chapter of Lean In Circles to support women in computer science and engineering. Learn more here: http://leanin.org/cse

No comments: