Sunday, July 12, 2015

Another third party vendor. Did they comply with WalMart's required security?
Ahmad Hathout and David Berman report:
Walmart Canada is investigating a potential breach of customer credit card data after one of its websites operated by a third party was compromised.
[…]
A source close to the situation told The Globe and Mail that as many as 60,000 customers could be affected.
According to Walmart’s website, PNI Digital Media operates its online photo centre.
Read more on Globe and Mail.
[From the article:
… the company has disabled the website and its mobile applications and notified the Office of the Privacy Commissioner of Canada.
Walmart said it has “no reason to believe” its Walmart.ca and Walmart.com destinations or its in-store transactions have been affected.




There are techniques that Anthem could have used to confirm that their data was used, but they might view that as counter productive.
On Thursday, I had this exchange with @dapnwmomster on Twitter:
So hackers pull off mammoth hacks like #Anthem and #OPM but none of the data have misused? Is that what we're really supposed to believe?

@PogoWasRight Many Anthem customers had their info used by hackers filing false tax returns - the identity protection they provided FAILED.

@dapnwmomster I'm not sure how plaintiffs can prove the info used in fraudulent filings was from Anthem given numerous other breaches.
Today, J.K. Wall has a report on Indianapolis Business Journal that pretty much reiterates what I had suggested: Anthem continues to claim that there is no evidence of ID theft due to their breach, and it’s going to be challenging for plaintiffs’ attorneys to show that any fraud was due to that breach. Wall starts out by reporting:
Anthem Inc.’s massive data breach reported early this year is now generating real cases of identity theft, according to allegations in a small but growing number of lawsuits filed across the country.
Twenty-six people who have sued the Indianapolis-based health insurer claim they were victims of fraud, with most saying fraudulent tax returns were filed in their names using information obtained from Anthem. It had 78.8 million current and former customers’ records stolen by hackers from Dec. 10 to Jan. 27.
And right there is the first thing that would make me suspicious: why would there be only 26 cases of fraud if 80 million people’s information stolen for criminal purposes? I’d expect a lot more. A lot. Much more than the “hundreds more” one attorney suggests will join the law suit.
But Anthem maintains it’s not the source of its customers’ troubles. That’s based on weekly reports it receives from the FBI, which is checking the black market to see if anyone is selling information from the Anthem hack.
“As part of the ongoing investigation regarding Anthem’s cyber attack, the FBI has been routinely monitoring for fraudulent activity related to this incident,” Anthem spokeswoman Kristin Binns wrote in an email. “Despite allegations to the contrary, there is no evidence that the cyber attackers have shared or sold any individuals’ data; and there is no evidence that fraud has occurred against any individuals who could have been impacted.”
Even if people suspect or believe that the Anthem breach is responsible for any woes they or their minor children have experienced, connecting the dots from the breach to the problems will be a serious hurdle in litigation.




Not sure of the strategic value here, but I'll be interested in following the story.
Daily Pakistan reports:
For the first time, ‘tracking chips’ will be installed in (sic) the feet of 1,600 terror suspects in Punjab province after Eidul Fitr to monitor their movements.
There are some 1,600 terror suspects on the list of the Fourth Schedule in Punjab. The Fourth Schedule defines a terror suspect as a “person who is concerned in terrorism or he belongs to a proscribed organisation”.
“The Punjab government has decided in principle to start electronic surveillance of 1,600 Fourth Schedulers by installing tracking devices on their ankles (commonly known as ankle-band) so that their movements can be monitored,” a spokesman for the provincial Counter-Terrorism Department told the media on Friday.
Read more on Daily Pakistan.




So my new website about Donald Trump's brain (TheBigEmpty.com) would not be anonymous? I'd be sued immediately by “The Donald” – the publicity would be enormous!
New proposal would strike at web’s anonymity
Privacy advocates, public interest groups and even some celebrities are raising alarms about a proposal that could limit the ability of some website owners to disguise themselves.
The issue has caught fire over the past few months as an obscure organization that manages the Internet's domain name system was inundated with comments about a proposal that could bar commercial websites from using proxies to register their web addresses.
… “Whatever the interest in unmasking an anonymous speaker, free speech interests demand the preservation of opportunities for anonymous speech,” Public Knowledge, the Open Technology Institute and the Center for Democracy and Technology argued in joint public comments.
Individuals and businesses are currently allowed to hide their identity, physical location and other personal contact information behind proxies in the public “WHOIS” directory that stores information online about the owners of every registered website domain name.
Proxies can be used by anyone registering a domain, from a lawmaker gearing up for a presidential run who does not want to tip off the press, to a blogger posting unpopular views online. The proxy service comes standard with many of the major domain registrars like GoDaddy.




Innovative or inevitable? I'd say the latter.
Federal agencies test new “release for one, release to all” FOIA policy
by Sabrina I. Pacifici on Jul 11, 2015
Reporters Committee on Freedom of the Press – Adam Marshall, July 9, 2015: “With little public fanfare, seven federal agencies have announced a controversial trial program of publishing documents responsive to most Freedom of Information Act requests online. Under the program, known as a “Release-to-One is Release-to-All” policy, any member of the public will presumably have access to the result of almost any FOIA request. Few other details were released in a brief announcement posted on several agency websites. It remains to be seen whether there will be a delay between sending responsive documents to the requester and posting them for the general public, or whether requesters will simply be sent a link to a public website that already hosts the documents. Agencies participating in the six-month pilot include the
Environmental Protection Agency, the
Office of the Director of National Intelligence, the
Millennium Challenge Corporation, and
certain components of the Department of Defense, the
Department of Homeland Security, the
Department of Justice, and the
National Archives and Records Administration.
In order to mitigate privacy concerns, the announcement states that “participating agencies will not post online responses to requests in which individuals seek access to information about themselves.”




I don't see how the logistics would work unless we shipped the chickens in old oil tankers.
US chicken and seafood processed in China – returned for sale stateside
by Sabrina I. Pacifici on Jul 11, 2015
Food Safety News – “Thanks to our Change.org petition (307,000-plus signatures and rising), millions of Americans have learned that the U.S. Department of Agriculture (USDA) is about to allow U.S chickens to be sent to China for processing and then shipped back to the U.S. for human consumption. This arrangement is particularly alarming given China’s appalling food safety record and the fact that there will be no on-site USDA inspectors in those plants. In addition, American consumers will never know that chicken processed in China is in foods like chicken soup or chicken nuggets because there’s no requirement to label it as such… According to the Seattle Times, domestically caught Pacific salmon and Dungeness crab are currently being processed in China and shipped back to the U.S., all because of significant cost savings…”




I keep trying to make sense of this industry.
Why Taylor Swift will not fight with YouTube
Taylor Swift has become the poster child for defending the rights of all artists from tech giants like Apple and Spotify, who are looking to give away music through their free streaming services.
… Swift's disapproval of Apple's decision is not the first time she openly expressed her feelings about the music-streaming industry. Late last year, Swift also pulled her music from Spotify in an effort to stress the negative ramifications of free streaming on the future of the music business.
But there is one platform in which Swift does not have "Bad Blood": YouTube.
… So why is YouTube receiving seemingly preferential treatment?
The simple answer is, the economics of YouTube make more sense for the 25-year-old and other artists looking to protect their future revenue, because YouTube videos serve a major promotional purpose. On YouTube, Swift is able to monetize her videos in more ways than Spotify and Apple can provide.




For my students, all of whom will use Windows 10.
Lenovo releases a PDF guide to help you get started with Windows 10
… The guide is titled "Starting to use Windows 10" and helps Windows users find out everything new in the operating system.




I want my students to speak the truth, just not to me.


No comments: