This
suggests that Premera might have asked the question, “Could that
happen to us?” If so, they are virtually unique. Who else has
been hacked but has yet to ask that question?
Major
US Health Insurer Hacked, Affecting 11 Million
Premera
Blue Cross said Tuesday its computer network had been hacked,
potentially exposing data from 11 million people, in the second
recent such attack on a major US health insurer.
Premera
said in a statement it discovered
on January 29 "that cyberattackers had executed a
sophisticated attack" to get into its computer network.
An
investigation found that the
initial attack occurred on May 5, 2014. The company said
hackers may have been able to access members' name, dates of birth,
social security numbers, email addresses, bank account data and
medical claims information.
…
The
announcement
by Premera came six weeks after a similar disclosure from Anthem Blue
Cross, which said as many as 80 million customer records may have
been compromised.
Update
on another health related hack. This is the downside of failure to
pay ransom.
As
they had threatened
to do if Labio
did not pay them €20,000, the hacker collective known as Rex Mundi
has started dumping/disclosing identifiable patient data. The dump
was announced on Twitter by the @RexMundi2015 account.
DataBreaches.net
confirmed that the records appear to be the results of lab tests
performed on patients whose names, dates of birth, referring
doctor, and test results are now publicly exposed.
As
of the time of this posting, there is still no mention of the
incident on Labio’s web site, and the firm has not yet responded to
an inquiry from DataBreaches.net earlier today as to whether they
have notified affected patients or intend to notify them.
Labio
joins 16 other firms who have had their client or patient data
revealed after refusing to pay Rex Mundi’s extortion demands.
So far, none of the firms appear to be U.S. – based.
When
asked what percent of firms do pay them, a spokesperson for Rex
Mundi informed DataBreaches.net that over 50% of the entities they
have hacked have paid the demanded monies to keep the hack
quiet and to avoid having their clients’, employees’, or
patients’ personal information publicly dumped.
"Ontogeny
recapitulates phylogeny" It's not exactly true in biology, but
it is true in Computer Security. We constantly find exactly the same
security issues in each new generation of technology. (Perhaps I
should hit the thesaurus to come up with a suitably obtuse phrase?)
Insecurity
in the Internet of Things
Symantec
– Insecurity
in the Internet of Things – Mario Ballano Barcena, Candid
Wueest, March 12, 2015.
…
“The Internet of Things (IoT) market has begun to take off.
Consumers can buy connected versions of nearly every household
appliance available. However, despite its increasing acceptance by
consumers, recent studies of IoT devices seem to agree that
“security” is not a word that gets associated with this category
of devices, leaving consumers potentially exposed. To find out for
ourselves how IoT devices fare when it comes to security, we analyzed
50 smart home devices that are available today. We found that none
of the devices enforced strong passwords, used mutual authentication,
or protected accounts against brute-force attacks. Almost two out of
ten of the mobile apps used to control the tested IoT devices did not
use Secure Sockets Layer (SSL) to encrypt communications to the
cloud. The tested IoT technology also contained many common
vulnerabilities. All of
the potential weaknesses that could afflict IoT systems, such as
authentication and traffic encryption, are already well known to the
security industry, but despite this, known mitigation techniques are
often neglected on these devices. IoT vendors need to do
a better job on security before their devices become ubiquitous in
every home, leaving millions of people at risk of cyberattack.”
Interesting.
Who gets the data?
Talking
Barbie Says Hello, Parents Say Goodbye
…
Mattel plans to bring out Hello Barbie in time for Christmas.
However,
Campaign
for a Commercial Free Childhood has organized an online
petition calling on Mattel CEO Christopher Sinclair to stop
production of the toy.
Here's
how Hello Barbie works: A kid presses on the doll's belt buckle and
speaks into a microphone in the doll's necklace. An artificial
intelligence system processes and analyzes
that speech in the cloud. Responses are then streamed
back to the doll, who replies to the kid -- all over a secure WiFi
connection to the Internet.
…
Hello Barbie will use technology from San Francisco-based startup
ToyTalk,
which is also behind the Winston Show -- a kids' iPad game app that
interacts with players -- and the SpeakaLegend mobile iOS app.
…
ToyTalk's privacy
policy is what has people stirred up.
Essentially,
it says that using any of
the company's services constitutes giving ToyTalk permission to
collect, use and disclose personal information. Further,
those who let others (say, children) use their account to access the
service confirm they have the right to consent on their behalf to
ToyTalk's collection, use and disclosure of their personal
information.
…
ToyTalk's data collection and use is not very different from what
online sites do, really, except that the users are kids.
(Related)
Perhaps everyone gets your data?
Siri
Is Listening: Has iOS Privacy Been Blown Open?
Another
week, another accusation of a major technology company spying on you.
This week, it’s Apple’s turn, with the tech giant accused of
recording everything – absolutely everything – you say to Siri,
and passing it on to a third-party.
The
allegations were made in
a Reddit post by someone who goes by the name of FallenMyst.
The pseudonymous poster purports to be a recent employee of Walk
N’Talk Technologies, where her job is to listen to audio recordings
of people using Siri, and rate how closely they match computer
generated transcriptions.
…
These latest allegations come not long after Samsung was pilloried
for privacy-unfriendly behavior in their latest Smart TVs, where they
listened
to anything said in their vicinity, and then relayed them to a
third-party.
I
would like to sic my Business Intelligence students on these emails.
Hillary has stated that there was nothing “classified” in the
emails, so all we should get is the equivalent of a bunch of online
pizza orders, but it might be amusing to map volumes to a timeline of
the events the State Department should have been talking about.
A
dozen anti-secrecy groups are demanding that the State Department and
National Archives independently verify that all official emails from
former Secretary of State Hillary Clinton are accounted for.
Citing
fears of setting “a dangerous precedent for future agency
appointees,” the organizations told Secretary of State John Kerry
and Archivist David Ferriero to do checks of their own to ensure that
all workplace emails sent or received by Clinton during her time in
office are on federal servers — not her own personal machine.
“[T]he
task of determining which emails constitute federal records should
not be left solely to Mrs. Clinton’s personal aides,” the groups,
including the Sunlight Foundation, the Electronic Frontier Foundation
and OpenTheGovernment.org, wrote
in a letter on Tuesday.
Perhaps
“Free” will trump an upgrade? Remains to be seen.
…
According to Microsoft's Terry Myerson, Windows 10 is a free upgrade
for all Windows 7 and Windows 8.x users, regardless of whether your
install is genuine or not. This looks to be a way to convince
everybody to move to Windows 10, and if pirates also get a free
upgrade why would they
refuse?
Another
article for my Data Management class.
The
Quantified Workplace: Despite the Hype, Not All That Useful Yet
(Related)
A little nerdy, but my statistics students will understand the
problem. I suspect the impact in business could be quite
significant.
The
Extent and Consequences of P-Hacking in Science
Head
ML, Holman L, Lanfear R, Kahn AT, Jennions MD (2015) The
Extent and Consequences of P-Hacking in Science. PLoS Biol 13(3):
e1002106.. doi:10.1371/journal.pbio.100210
“A
focus on novel, confirmatory, and statistically significant results
leads to substantial bias in the scientific literature. One type of
bias, known as “p-hacking,”
occurs when researchers collect or select data or statistical
analyses until nonsignificant results become significant.
Here, we use text-mining to demonstrate that p-hacking is widespread
throughout science. We then illustrate how one can test for
p-hacking when performing a meta-analysis and show that, while
p-hacking is probably common, its effect seems to be weak relative to
the real effect sizes being measured. This result suggests that
p-hacking probably does not drastically alter scientific consensuses
drawn from meta-analyses.”
Next,
let's try for 100 times cheaper. (Interesting video)
3-D
Printing Just Got 100 Times Faster
…
Instead of printing objects by stacking thin layers on top of one
another—a process that can take days, depending on what you’re
printing—they built a device that produces a complete object from a
pool of goop.
For
my programming students.
Learn
to Code with These 7 Courses from Microsoft and edX
edX
is one of the biggest providers of Massively Online Open Courses
(MOOCs), with over three million students, and over three hundred
courses. They offer University-level professional education, at a
fraction (or none) of the cost, and boast courses in everything from
computer skills, to history, to hard science.
Hallowed
institutions of learning, from MIT to Berkeley, the Smithsonian to
the University of Delft, offer courses on the site, and now so
too does Microsoft.
They’re
offering seven instructor-taught courses, all
starting between March and April. Here’s what’s on offer.
For
my geeky students. Let's hope no one on the Death Star notices how
much fun these are.
Star
Wars + Drones = Dreams Come True
No comments:
Post a Comment