This
has to be embarrassing. They seem to have adequate backups (meaning
those weren't encrypted too) but still find they need to be
“implementing
even more layers of protection and safeguards”
Ziprick
and Cramer LLP are notifying
clients after some of their files were locked up by cryptoware.
(Related)
One vector to tell people about.
Cybercriminals
Use Help Files to Distribute Ransomware
Innocent-looking
help files have been used by cybercrooks to distribute a variant of
the notorious file-encrypting ransomware CryptoWall, Bitdefender
reported.
The
security firm spotted a spam run on February 18, when malicious
actors sent out bogus “Incoming Fax Report” emails to a couple
hundred users. The messages carried a help file with the .chm
(compiled HTML) extension.
When
users opened the file, they were presented with a help window. In
the background, a piece of malicious code downloaded the CryptoWall
ransomware from a remote server and executed it.
Small
but curious? The hospital claims the nurse's Facebook page was
hacked, but does not disclose how the patient data was obtained.
Brittany
Noble-Jones and Adam McDonald report:
St. Louis University Hospital officials say they are
investigating an incident after 27 patients’ names who allegedly
have HIV/AIDS were posted on a female employee’s social media page.
During the investigation, officials say they discovered the
information posted on the employee’s Facebook page was not posted
by the employee who owns the account. They claim her account was
hacked.
Read
more on KMOV.
In
case you haven't been thinking about it.
Why
the Clinton email server story matters — and why it may be worse
than you think
…
Information security is the most important point in this whole
situation, in my opinion. And because of the usual political
nonsense, it’s getting lost and we can’t afford for it to get
lost: it relates directly to critical matters of national security.
From
this point of view, the
facts are nearly undisputed. The Secretary of State did not use
an email account that was hosted on an official State Department
server. Instead, she used an email account on an outside server.
All accounts indicate that this email account was used exclusively:
the Secretary never used an official State Department email account
hosted on State Department servers. And reports indicate that this
email account was hosted on a physical server that was not physically
under government control or protection. Some reports
have even indicated that it was located in the Secretary’s personal
residence. Some reports have characterized this as a “homebrew”
server, and that’s apt and accurate.
These
are the facts that we need to focus on from an information security
point of view. Because if these facts are true, this can represent
one of the most serious breaches in data handling that we’ve ever
heard of.
This matters for three reasons.
- The Secretary of State is a very “high value target”
- Nation-state threat actors represent the top of the food chain in terms of adversaries in information security.
- Take #1 and #2 together and you have ... the best of the best gunning for those people to get their information.
…
You can liken this to the CFO of Chase taking billions of dollars in
cash home and storing it in the mattress. It’s so inadequate to
meeting the risks that it would be laughable if it weren’t so
serious.
Who
is in charge? Do they have a process to follow? Would any lawyer
who reviewed the fact make the same statement?
From
the financial-chutzpah dept.:
Bank
of America allegedly refuses to reverse an identity theft
victim’s bank charges, claiming that she — wait for it —
benefited from the withdrawn (read: stolen) funds:
Van Valer said they made her feel responsible for the fraud.
Initially, the bank reversed $21,000 of fraudulent charges but it
refuses to reverse the remaining nearly $9,000 that was taken. Van
Valer showed us a letter from fraud investigators at Bank Of America.
The letter states Van Valer benefited from the funds that were
taken.
Some of the charges that remain include several payments to bail
bondsmen. Van Valer has never been to jail or knows anyone who’s
inside.
Read
the story on WFMY.
The
UK already has the highest camera density in the world – and they
want more? Does your security camera put you on the other side of
the privacy question? Is there a business opportunity in camera
“footage” certification?
Tom
McTague reports:
Families and businesses should install their own CCTV cameras to help
catch burglars, Britain’s top police officer has said.
Bernard Hogan Howe said people often installed their home
surveillance cameras too high – meaning only the tops of the
criminals’ heads were caught on film.
The Metropolitan Police Commissioner said Britain needed more cameras
to help fight crime and urged people to think about installing them.
Read
more on Daily
Mail.
What
Howe doesn’t address (at least not as covered in this news story)
is this question: if your camera caught a thief’s face (which they
note is so much better than just the top of the criminal’s head!),
would you then have to
testify or be a witness in any criminal prosecution to confirm that
it was your camera that caught the footage? And could
anyone be unhappy with you for that testimony?
Perhaps
this is why some teachers think they have unlimited authority to
invade student privacy.
The
Unprecedented Expansion of School Surveillance Authority Under
Cyberbullying Laws
Suski,
Emily, Beyond the Schoolhouse Gates: The Unprecedented Expansion of
School Surveillance Authority Under Cyberbullying Laws (2014). Case
Western Reserve Law Review, Vol. 65, No. 1, 2014. Available for
download at SSRN: http://ssrn.com/abstract=2573390
“For
several years, states have grappled with the problem of cyberbullying
and its sometimes devastating effects. Because cyberbullying often
occurs between students, most states have understandably looked to
schools to help address the problem. To that end, schools in
forty-six states have the authority to intervene when students engage
in cyberbullying. This solution seems all to the good unless a close
examination of the cyberbullying laws and their implications is made.
This Article explores some of the problematic implications of the
cyberbullying laws. More specifically, it focuses on how the
cyberbullying laws allow schools unprecedented surveillance authority
over students. This authority stands in notably stark contrast to
the constraints on government authority in other contexts, including
police authority to search cell phones. In June 2014, the Supreme
Court recognized in Riley v. California that police searches
of cell phones require a warrant because of the particular intrusions
into privacy attendant to those searches. While some surveillance
authority over students may be warranted, the majority of the
cyberbullying laws implicitly give schools unlimited, or nearly
unlimited, and unfettered surveillance authority over students’
online and electronic activity whenever, wherever, and however it
occurs: at home, in bedrooms, at the mall, on personal cell phones,
on tablets, or on laptops. This Article argues that the
cyberbullying laws, though well meaning, vastly expand school
authority through the broad, if implicit, allowance of surveillance
authority over students and implicate privacy harms that are made
more acute because the authority lies with schools over students.
Although no doctrine yet exists on the limits of school surveillance
authority, limits on school authority in other contexts do exist.
First and Fourth Amendment doctrine in student-speech and search
cases, as well as doctrine on government surveillance more generally,
offers some guidance on where the boundaries of school authority lie.
The surveillance authority in most cyberbullying laws goes beyond
these bounds, indicating that cyberbullying laws expand school
authority. To protect students from excessive school surveillance
authority and attendant privacy harms, realistic limits need to be
imposed on school surveillance authority under the cyberbullying laws
both by way of a framework for determining the boundaries of school
authority and a cause of action for students. This Article calls for
both and draws on the nexus doctrine in First Amendment
student-speech cases to develop such a framework.”
Number
one? Get rid of DRM!
Seven
ways to grow the e-book business while helping libraries and readers:
Ideas based on my two decades of writing about it
Via
LLRX.com
– Seven
ways to grow the e-book business while helping libraries and readers:
Ideas based on my two decades of writing about it – E-book
sales are not posting impressive sales increases, at least not among
big publishers. One major reason is that much of the technology is
difficult to use. Even increased library statistics for e-loans are
not resulting in corresponding increases in funding and support for
libraries around the country. Based on more than two decades of
writing about e-books, David
Rothman suggests seven library-and-consumer friendly ways to
boost e-book growth.
(Related)
The future?
Book
review: ‘Bexar BiblioTech: The Evolution of the Country’s First
All-digital Public Library’
Via
LLRX.com
– Book
review: ‘Bexar BiblioTech: The Evolution of the Country’s First
All-digital Public Library’ – David
Rothman describes why the BiblioTech library in Bexar County,
Texas is a landmark achievement worthy of implementation and
iteration in towns and cities throughout the US. His article
describes the success of this variation on a library system detailed
in a new book authored by Nelson Wolff, the visionary behind the
country’s first all-digital public library system. Wolff is the
judge of Bexar County, which includes the city of San Antonio. The
title is roughly equivalent to the head of a county board. Judge
Wolff and his wife, Tracy, are donors and fund-raisers for BiblioTech
and other civic causes, and his book is a how-to pathfinder to
“bridge the literacy and technology gaps.”
[Also
see:
http://www.3m.com/us/library/eBook/
The 3M Cloud Library automatically syncs to all your devices that
have the 3M Cloud Library App downloaded to them. You can start
reading on your iPad and continue later while waiting some where and
reading from your phone - right where you've left off.
https://www.smashwords.com/
Smashwords is the world's largest distributor of indie ebooks. We
make it fast, free and easy for any author or publisher, anywhere in
the world, to publish and distribute ebooks to the major retailers.
Why
do people keep sending me these?
Scams
That Prey on Older People and How to Avoid Them
…
Studies have shown that the elderly can be more trusting, and as
such, are more likely to fall
for scams. Of course, the advice on this infographic isn’t
just for older people, as anyone can fall victim to them, and anyone
can face serious damages if they do. Take a look, and share this
with anyone you think might find the advice helpful!
Via
Bluebird
Care
Might
be something my Business Intelligence students can use.
Three
Free Tools for Creating Data Visualizations
Last
night I shared the news about Canva's new education site that offers
lesson plans the incorporate creating visual representations of
information. I realize that Canva is not for everyone as it might be
too simple for some applications or there is something else about it
that you just don't like. Here are some other tools that I've used
over the years to create data visualizations.
Map
a List turns Google Spreadsheet information into Google Maps
placemarks. The finished product is a Google Map of the
information you've selected from your Google Spreadsheets. To create
a map from your spreadsheets you need to register for a Map
a List account and give it access to your Google Docs account.
Map a List then
walks you through each step of selecting a spreadsheet, defining the
parameters for your map, and choosing placemarks. Just like in
Google Maps you can customize the placemark icons that are used in
your Map a List displays. Your maps can be shared publicly or
privately. Your maps can be downloaded as KML files to use in Google
Earth.
Infogr.am
is an online tool for creating interactive charts and graphs.
Soon you will be able to create interactive infographic posters
on Infogr.am too.
There are four basic chart types that you can create on Infogr.am;
bar, pie, line, and matrix. Each chart type can be edited to use any
spreadsheet information that you want to upload to your Infogr.am
account. The information in that spreadsheet will be displayed in
your customized chart. When you place your cursor over your
completed chart the spreadsheet information will appear in small
pop-up window. Your Infogr.am charts can be embedded into your
blog, website, or wiki.
Gapminder
is a great tool for creating data visualizations. Gapminder
gives users the ability to create graphs of hundreds of demographic
and economic indicators. I like Gapminder because it provides a good
way for visual learners to see data sets in a context that is
significantly different from standard data sets. Gapminder has a
page
for educators on which they can find thematic animations,
graphs, quizzes, model lessons, and a PDF guide to using Gapminder.
For teachers working in schools with slow Internet connections or
very strict filtering, Gapminder has a desktop
application that you can download and install for Mac or Windows
computers.
No comments:
Post a Comment