This sounds strange to my ears. 1) Isn't WiFi
available on planes? 2) I planned my flight before I got in the
plane. Are they claiming that no one noticed a problem until they
were about to take off? Sounds like the airline recalled the planes
to update the software (I doubt the pilots did it) which suggests
some aircraft were flying with defective iPads. I'll have to see how
many ways my Ethical Hacking students can come up with to make subtle
changes to this software.
American
Airlines Flights Delayed After App Issues in Cockpit
American Airlines said that
a glitch with a third-party application used on pilots' iPads caused
several flights to be delayed on Tuesday.
The airline said that some
planes were forced to return back to flight gates so
that pilots could access a WiFi connection and fix
the app issues. It was not immediately clear how many
flights were affected. The issue was with software
containing mapping and flight-planning
information, according
to Re/code.
Another area for concern. If someone like my
Ethical Harking students could pull information from a company before
its scheduled release, they could make a fortune by buying or
short-selling the stick. I expect we will hear more on this.
Twitter
earnings leaked ... on Twitter. Stock tanks 20%
Twitter's latest quarterly results came out
earlier than expected after someone on Twitter (naturally) leaked
them.
… The numbers first appeared on the Twitter
account of Selerity,
a self-described financial intelligence platform, at 3:07 ET.
Twitter was not due to release its results until after the market
closed at 4 p.m.
After Twitter officially released earnings,
Selerity tweeted that it
got the numbers directly from Twitter's investor relations site.
"No leak. No hack," Selerity tweeted.
Twitter's investor relations team released a
statement on Twitter.
"We asked [the New York Stock Exchange] to
halt trading once we discovered our Q1 earnings numbers had leaked,
and published our results as soon as possible," the company
tweeted. "We are investigating the source of the leak."
I am becoming convinced that the Health Care
industry is today's “low hanging fruit” when it comes to hacking
(or simply walking off with) personal information.
In reading the substitute notice below, note
that they do not say from where the laptop was stolen, nor how many
were affected. And what kind of “commitment” to privacy is it to
just password-protect a laptop with PHI – and to keep “former
member and dependent” information on it? C’mon, folks. We can
and must do better.
As part of its ongoing commitment to protecting the privacy of personal health information, Oregon’s Health CO-OP is notifying members of a security incident.
On April 3, 2015, a password protected laptop containing Oregon’s Health CO-OP member and dependent information was stolen.
… The information on the stolen laptop included current and former member and dependent names, addresses, health plan and identification numbers, dates of birth and social security numbers. No medical information was on the laptop. [Makes you wonder what the laptop user's job was... Bob] There is no indication this personal information has been accessed or inappropriately used by unauthorized individuals.
… Oregon’s Health CO-OP has established a confidential inquiry line, staffed with professionals trained in identity and credit protection and restoration who are familiar with this incident and the contents of this notice. [This must be some outside service. (Clearly not the health co-op) I don't recall seeing it before, but I bet they get lots of business. Bob]
SOURCE Oregon’s Health CO-OP
Just a few days ago, Sony asked the court to toss
out some class actions because it had been a whole 5 months since
their breach.
Brian Krebs reports that he received a tip about
physicians’ data up for sale on a darknet marketplace called
AlphaBay. One of the databases for sale was a large text file
called, “Tenet Health
Hilton Medical Center” that contained the name,
address, Social Security number and other sensitive information on
dozens of physicians across the country.
Did you ever hear about that breach? I never did
– not under that name, but it turns out in September, 2014 I had
reported the breach on PHIprivacy.net
in my report on PST, a McKesson subsidiary. I just
didn’t know at that time that Tenet Health was another affected
client as there was no entry for them on HHS’s public breach tool.
It’s interesting that some of the data are up
for sale now. How many
times have we heard entities say “We have no evidence of misuse?”
InCompass Health was surprised to learn that the data were up for
sale when Brian contacted them.
I wonder
what they will do now. Will they send a second notification/update
to say, “Hey, we just learned your data are up for sale” or will
they figure they’ve already covered themselves in their first
notification? [No legal obligation, right? Bob]
And how much more of the data may be up for sale?
Keep in mind that data were reportedly exposed on the Internet
between December 1, 2013 and April, 2014, when the breach was
detected and the data were secured.
Trot on over to KrebsOnSecurity.com for more info
on how healthcare entity breaches result in patient
(and provider) information getting around.
This should be of great interest to my computer
security students.
Calculating
Cyber Security ROI for Enterprises
Communicating the value of security in dollars and
cents to a board of directors can be a complicated endeavor.
To help with this conundrum, consultancy firm Booz
Allen Hamilton has offered up its own methodology for determining an
organization's return on investment (ROI) in cybersecurity.
Another example of a management group who never
heard of Privacy?
The editors of the Deccan Chronicle in
India address a breach noted
earlier this week:
In an appalling act of recklessness, the Telecom Regulatory Authority of India has compromised the privacy of over a million Internet users of the country by publishing online all the responses of their consultation paper on Net neutrality. Either the bureaucrats running Trai are ignorant [Got it in one! Bob] of how the Internet works or they were simply getting back at the virtual unanimity in opposing the erosion of the equity of providing Internet service by telecom companies creating shortcuts for corporates. Not only are all the 11 lakh email IDs in the public domain but all the addresses and phone numbers of those who may have put such details in their mails as part of their emailing template.
Read more on Deccan
Chronicle
What other organizations do this? If your
favorite hotel chain did, would they tell you? Can you stay in a
hotel without giving your name if you pay in advance in cash? (Is a
name enough to identify the guest? They must provide all the
information they have.)
Joe Cadillic sends along this very disturbing
news story. After reading it, I decided that I will never stay at a
Motel 6 again.
Patrick Anderson and Tracee M. Herbaugh report:
City police have arrested four people staying at the Motel 6 on Jefferson Boulevard as a result of the hotel chain’s agreement to provide police with a daily guest list, Mayor Scott Avedisian said Tuesday.
The names of Motel 6 guests, which police then check for outstanding warrants, is one of five steps Motel 6 corporate managers agreed to take in response to a string of high-profile incidents and concerns the establishment was becoming a haven for passing criminals.
… As of now, guests who check-in at Warwick’s Motel 6 will not be told their names are on a list that goes to the police station every night.
Alerting motel guests that local police know their whereabouts “is not a normal process of our check-in,” said Victor Glover, a vice president of safety and security for G6 Hospitality, the parent company for Motel 6. “I don’t know that we have any plans of instituting that as we move forward.”
Glover said that, generally, if a local police department wants a property’s guest list, Motel 6 makes it available. Glover would not say, however, if the Motel 6 brand has had similar problems at other locations, only that “there are times that issues come up.”
Read more on Providence
Journal.
Why would you shut off communications that the
public uses, but not the communications that a smart group of
terrorists would use? (e.g. FireChat)
It provides a clear indication that the DHS is on the scene but the
only negative impacts are to the victims.
DHS Defends
Government Secrecy in “Internet Kill Switch” Case
by Sabrina
I. Pacifici on Apr 28, 2015
EPIC – “The Department of Homeland Security
has filed a brief
in response to EPIC’s petition
for rehearing in the “Internet
Kill Switch” case. EPIC is seeking the release of the public
policy that allows the government to suspend cell phone service. The
D.C. Circuit previously ruled
that DHS may withhold the policy. EPIC pursued
the shutdown policy after government officials disabled cell
phone service during a peaceful protest in San Francisco. EPIC cited
both free speech and public safety concerns and noted that the policy
was never subject to public rule making. The Federal Communications
Commission recently warned
government agencies not to use “jammers,” devices that block cell
phone signals, because of public safety risks.”
Is Google going to oppose patent trolls or become
one? (Digest Item 2)
All Your
Patents Are Belong To Google
Google
wants your patents. All of them. Or at least those it feels
have some value. In order to find these patents and buy them from
their current owners, Google has created a new Patent
Purchase Promotion. Which is essentially a marketplace designed
to remove any friction from the process.
The marketplace will open on May 8 and stay open
until May 22. Individuals and businesses are invited to put their
patents up for sale during that window, and Google will then
determine which patents it wants to purchase. Google hopes to have
all sales tied up by the end of August.
The big idea here is for Google to buy up valuable
patents before they fall
into the hands of patent
trolls out to make a fast buck. As noted by
TechCrunch,
the added bonus for Google is that it gets to see what patents are
currently available, and pick and choose those
which it thinks will pay off financially over the
longterm.
Another interesting article. (Dem guys a
Haaarvard must be really smart, or maybe I just agree with them?)
How
Technology Has Affected Wages for the Last 200 Years
… are we really at an historical turning
point? No. In fact, the present is not so different than the past.
Throughout history, major new technologies were initially accompanied
by stagnant wages and rising inequality, too. This was true during
the Industrial Revolution in the early nineteenth century and also
during the wave of electrification that began at the end of the
nineteenth century. However, after
decades these patterns reversed; large numbers of ordinary
workers eventually saw robust wage growth thanks to new technology.
Curious. I'll have to run this by our librarians
to see if it will handle some of the stuff I didn't purchase from
Amazon. (No surprise, their video never mentions that possibility.)
Amazon
Whispercast 3.0 Helps Your Teacher Stay Organized
Amazon today launched Whispercast
3.0 to make it easier for schools and businesses to manage their
Amazon gadgets.
Whispercast, which
debuted in 2012, lets schools and businesses easily discover and
manage e-books, apps, and more for Amazon's lineup of Kindle devices.
With Whispercast 3.0, Amazon is promising upgrades like tiered
administration and group management, which provides more freedom to
set up organizational hierarchies and delegate control. Users can
also organize content by classes, grades, groups, or whatever
structure makes most sense for them.
Digital Transition Services, meanwhile, will
provide users with access to service representatives who can help
with the setup process. But a step-by-step setup wizard is also
intended to let users organize and distribute content on their own.
… also lets users access documents on Android
and iOS handsets, Chromebooks, Macs, and PCs.
For my students, who will be involved as creators
or users of digital information. (Free PDF)
Preparing
the Workforce for Digital Curation
by Sabrina
I. Pacifici on Apr 28, 2015
“The massive increase in digital information in
the last decade has created new requirements for institutional and
technological structures and workforce skills. Preparing
the Workforce for Digital Curation focuses on education and
training needs to meet the demands for access to and meaningful use
of digital information, now and in the future. This study identifies
the various practices and spectrum of skill sets that comprise
digital curation, looking in particular at human versus automated
tasks. Additionally, the report examines the possible career path
demands and options for professionals working in digital curation
activities, and analyzes the economic benefits and societal
importance of digital curation for competitiveness, innovation, and
scientific advancement. Preparing
the Workforce for Digital Curation considers the evolving
roles and models of digital curation functions in research
organizations, and their effects on employment opportunities and
requirements. The recommendations of this report will help to
advance digital curation and meet the demand for a trained
workforce.” Committee on Future Career Opportunities and
Educational Requirements for Digital Curation; Board
on Research Data and Information; Policy
and Global Affairs; National Research Council.
For my Computer Security students. Make them pay
well for your services.
Experts
Warn on Critical Shortage of Cybercrime Specialists
Riyadh
- Experts warned at a conference in Saudi Arabia on Tuesday of a
critical shortage of global specialists trained to confront
increasingly malicious cyber security threats.
"Some
reports say that we have globally less than 1,000 people who are
truly qualified, whereas we need over 30,000 to address the problem,"
said Mark Goodwin, of Virginia Tech university in the United States.
Another
tool for creating lectures my students will ignore?
SoundCloud
Is Making It Easier for Anyone to Publish a Podcast
SoundCloud
is one of the audio recording tools that I have been recommending for
years. I've always liked the ease with which you can record, save,
and share audio through the service. The option to insert text
comments into SoundCloud tracks has been an appeal of the service
too. Today, SoundCloud added a new feature that will appeal to
anyone that has wanted to try his or her hand at podcasting.
SoundCloud
for Podcasting creates an RSS feed for the recordings that you
make or upload to your SoundCloud account. This doesn't seem like a
big deal until you realize that by having that RSS feed created for
you, you can then easily publish your podcast across multiple
podcasting services including iTunes. Compare Apple's
directions for publishing to iTunes to SoundCloud's
directions for the same and you'll see why SoundCloud makes it
easier to distribute podcasts.
Applications
for Education
SoundCloud
for Podcasting could be a great service to try if you have wanted
to try podcasting with your students, but have been overwhelmed or
frustrated by the process of distributing the recordings your
students have made. The free SoundCloud for Podcasting plan provides
hosting for up to three hours of recordings.
No comments:
Post a Comment