“We
phished you, now we'll use your email to phish all your friends.”
Uh
oh. SLC Security reports:
While we can’t name any particular names at this time we have
started seeing indicators of another related attack originating
out of China aimed at US Healthcare entities. This time
another well known affiliate of a previously breached healthcare
entity appears to be attacking other Healthcare entities in
California and Arizona.
Read
more on Vulnerable
Disclosures.
[From
the article:
…
it appears as though a new malware variant is being sent via
Phishing emails and they are coming from other healthcare entities so
it appears as legitimate traffic which may be problematic as they
may be assumed to be trusted entities.
Exactly
the correct steps, slightly out of the correct sequence?
Lorraine
Bailey reports:
Credit-reporting giant TransUnion charges $10 before it places
security freezes on the files of people dealing with identity theft,
a class claims in Federal Court.
Jon Niermann, the lead plaintiff in the March 18 action, says he
learned about TransUnion’s “illegal” policy after he became a
victim of identity theft.
Read
more about his complaint on Courthouse
News.
[From
the article:
He
notes that Texas law "allows CRAs to charge a 'reasonable fee,'
not to exceed $10.00, for placing a security freeze, [but] does not
make the CRAs' duty to place the security freeze within five business
days conditional on the payment of the charge, nor does it allow CRAs
to delay placing the security freeze until after the charge is paid,"
the complaint states, abbreviating credit-reporting agencies.
Shocking!
A government that is preparing to defend its citizens. Who would
have thought that possible?
But
they’re polite while they’re stealing data and destroying
infrastructure, right?
Ryan
Gallagher reports:
Canada’s electronic surveillance agency has secretly developed an
arsenal of cyber weapons capable of stealing data and destroying
adversaries’ infrastructure, according to newly revealed classified
documents.
Communications Security Establishment, or CSE, has also covertly
hacked into computers across the world to gather intelligence,
breaking into networks in Europe, Mexico, the Middle East, and North
Africa, the documents show.
Read
more on The
Intercept.
The
survey results are interesting but are unlikely to result in any laws
that reduce the amount of data a typical data broker accumulates.
From
SafeGov.org:
A
survey of parents with school-age children in Boston shows parents
see many benefits from in-school internet access, with more than 80
percent stating that in-school internet access helps students
develop the necessary skills to gain employment and participate in
the global economy. However, a majority of parents are unaware that
technology companies may be tracking their children’s internet use
at school. This demonstrates the importance of and need for stronger
protections to prevent student data mining and online tracking in
Boston schools.
…
The findings are based on a survey conducted between January 2015
and February 2015 of parents with school-age children in Boston. For
more detailed results, please visit: http://bit.ly/1O7xntD
“Hey
look! We're doing something!” The question, as always is what.
FTC
Starts Up New Tech Research Office
The
Federal Trade Commission is launching a new research office to do
deeper dives into privacy, new payment methods and the Internet of
Things (among other things), the
FTC announced in a pair of blog posts on Monday (March 23).
The
new Office of Technology Research and Investigation (OTRI) is a
successor to the FTC’s Mobile Technology Unit, which was created in
2012 to handle consumer issues related to mobile devices, including
children’s privacy and mobile shopping data-use policies.
But
the OTRI has a broader mandate and is
hiring more technologists (its predecessor only had one) to
examine privacy and security issues related to “connected cars,
smart homes, algorithmic transparency, emerging payment methods, big
data, and the Internet of Things,” according to FTC Chief
Technologist Ashkan Soltani.
While
that’s a broad mandate, the FTC has already gotten started in some
of those areas — for example, in January the FTC issued a report on
privacy
and security issues involving the Internet of Things.
But
exactly how much the OTRI will be able to do beyond researching these
areas isn’t clear. In general, the FTC is limited to pursuing
companies that misrepresent what they do or engage in false
advertising. As a result, the FTC’s privacy enforcement actions
have largely consisted of going after retailers who have violated
their own published privacy policies. (The one exception to that is
marketing online to children, which is covered by the Children’s
Online Privacy Protection Act. That puts
much more stringent limits on what information website operators
can collect from children under age 13, and how it must be handled.)
That
means the new OTRI can investigate security and privacy issues, but
there’s some question as to what else it can do beyond issuing
reports. And as the Washington Post notes, the
FTC is facing
a potential turf war
with the Federal Communications Commission over “net
neutrality” and related privacy issues.
This
might be a “doing something” worth the doing.
Hamish
Barwick reports:
The NSW Information and Privacy Commission (IPC) has unveiled an
e-learning portal to help organisations in the state deal with
privacy complaint handling and other privacy issues.
The e-learning portal is free and currently provides access to two
e-learning modules- privacy complaint handling and Government
Information Public Access (GIPA) Act: Access training for
decision makers.
Read
more on Computerworld.
[Register
here: http://www.ipc.nsw.gov.au/e-learning
It
would be a worthless law.
Should
Governments Ban Ballot Selfies?
Would
Hitler have wanted people to post who they voted for? Would Benito
Mussolini have tweeted photos with voters? Would Francisco Franco
have Instagrammed a ballot with a check next to his name? These are
the questions I was asking myself after listening to a recent
NPR story on the controversy brewing around “ballot selfies.”
For
my Computer Security students.
Cybersecurity
and Information Sharing: Legal Challenges and Solutions
CRS
– Cybersecurity
and Information Sharing: Legal Challenges and Solutions. Andrew
Nolan, Legislative Attorney. March 16, 2015.
…
While considerable debate exists with regard to the best strategies
for protecting America’s various cyber-systems and promoting
cybersecurity, one point of general agreement amongst cyber-analysts
is the perceived need for enhanced and timely exchange of
cyber-threat intelligence both within the private sector and between
the private sector and the government.
…
this report examines the various legal issues that arise with
respect to the sharing of cybersecurity intelligence, with a special
focus on two distinct concepts: (1) sharing of cyber-information
within the government’s possession and (2) sharing of
cyber-information within the possession of the private sector.
With
regard to cyber-intelligence that is possessed by the federal
government, the legal landscape is relatively clear: ample legal
authority exists for the Department of Homeland Security (DHS) to
serve as the central repository and distributor of cyber-intelligence
for the federal government. Nonetheless, the legal authorities that
do exist often overlap, perhaps resulting in confusion as to which of
the multiple sub-agencies within DHS or even outside of DHS should be
leading efforts on the distribution of cyber-information within the
government and with the public.
…
With regard to cyber-intelligence that is possessed by the private
sector, legal issues are clouded with uncertainty. A private entity
that wishes to share cyber-intelligence with another company, an
information sharing organization like an Information Sharing and
Analysis Organization (ISAO) or an Information Sharing and Analysis
Centers (ISAC), or the federal government may be exposed to civil or
even criminal liability from a variety of different federal and state
laws.
…
concerns may arise with regard to how the government collects and
maintains privately held cyber-intelligence, including fears that the
information disclosed to the government could (1) be released through
a public records request; (2) result in the forfeit of certain
intellectual property rights; (3) be used against a private entity in
a subsequent regulatory action; or (4) risk the privacy rights of
individuals whose information may be encompassed in disclosed
cyber-intelligence.
The
report concludes by examining the major legislative
proposal—including the Cyber Intelligence Sharing and Protection
Act (CISPA), Cybersecurity Information Sharing Act (CISA), and the
Cyber Threat Sharing Act (CTSA)—and the potential legal issues that
such laws could prompt.”
My
students have convinced me this could be more important than a
resume. Especially the social networking bit.
A
101 Guide To Building Your Personal Brand
…
Developing and building your personal brand is an important part of
deciding how you want to be known in your workplace, industry and
life. Below are four important steps you can take to start building
your personal brand today.
(Related)
Perhaps if the campaign is mostly on social networks we might see
fewer TV ads? Nah.
Ted
Cruz’s Monday morning announcement that he was running
for president sent a jolt through political circles — and their
Facebook friends.
The
Texas Republican senator’s announcement sparked 5.7 million
comments, likes and other conversations among 2.2 million people on
the global social network on Monday, according to Facebook. That’s
more than 30 times the average number of people who have talked about
Cruz in the last three months.
…
Cruz, who has significant appeal among conservatives, has found a
winning message on some social media sites.
In
fact, he first
announced his new campaign on Twitter, hours before giving his
Monday morning speech.
For
my geeky students.
How
to Create an iPhone Game From Scratch
No comments:
Post a Comment