China called this exactly right. We make a fuss,
call China a bunch of evil hackers, then balk at any official action
for dubious political reasons. If there are benefits and no
consequences, why would China stop the behavior?
Ellen Nakashima reports:
Months after the discovery of a massive breach of U.S. government personnel records, the Obama administration has decided against publicly blaming China for the intrusion in part out of reluctance to reveal the evidence that American investigators have assembled, U.S. officials said.
The administration also appears to have refrained from any direct retaliation against China or attempt to use cyber-measures to corrupt or destroy the stockpile of sensitive data stolen from the Office of Personnel Management.
Read more on Washington
Post.
Remember, the Internet is global. If you annoy my
Ethical Hacking students, they will turn you car into a driverless
adventure ride, no matter where in the world you are. Imagine a
future where an entrepreneur creates a game that grabs a car at
random for gamers to control. What fun!
Hackers
take over a Jeep from 10 miles away
… In a Wired
exclusive published Tuesday, two hackers (who have been showing
for years that cars are vulnerable to attacks) took control of a
reporter’s Jeep Cherokee using a laptop 10 miles away, and killed
its transmission, as well as messed with its windshield wipers, radio
and air conditioning. They say Fiat Chrysler cars, which include the
Jeep brand, feature an Internet-connected computer called Uconnect
are vulnerable
to remote attackers.
Sens. Ed Markey (D-Mass.) and Richard Blumenthal
(D-Conn.) introduced a bill Tuesday directing federal regulators to
set security standards for vehicles, after Markey’s office
published a report earlier this year finding that nearly all cars
could be vulnerable
to hacking.
This is a real (and guaranteed) cost of almost all
security breaches. Even getting this tossed out of court will take
time and treasure. Is that built into your Risk Management analysis?
So of course UCLA Health System
has been sued over their recently disclosed breach, even though
they’ve said they
don’t have any evidence that patient information was even accessed.
All they know/were able to confirm so far is that the hackers had
access to the part of the system that housed patient information.
Law360
has more on Allen v. UCLA Health Systems Auxiliary et al,
filed in the Central District of California.
My IT Governance students can create a better
plan. (Their grade depends on it!)
Oops.
Jana Winter reports:
Last month, in the wake of a series of massive breaches at the federal Office of Personnel Management, the Army issued a bulletin warning that some victims were being hit by hackers a second time, this time with an email phishing campaign asking them to input personal information into a third-party website to receive credit monitoring.
Except it turns out the email in question was completely legitimate. It was sent en masse by the OPM contractor providing notification and credit-monitoring services to the agency’s hacking victims.
Read more on The
Intercept.
The court said judges can protect your rights
under the constitution. Can they identify a bogus technological
assertion?
Patrick G. Lee reports that it was a bad day for
user privacy in a New York state appeals court:
Facebook Inc. lost a bid to block the biggest set of search warrants the company said it ever received in a case that might affect the amount of information social-media sites turn over to law enforcement.
[…]
Manhattan District Attorney Cyrus Vance Jr. obtained 381 warrants in 2013 as part of a Social Security fraud investigation. Facebook postings and other content — such as photos of suspects riding jet skis and performing mixed martial arts — provided Vance with evidence that helped bring charges last year against people accused of cheating the government by lying about their disabilities.
Of the 381 Facebook users that Vance targeted with the search warrants, 319 weren’t indicted, according to the ruling. Others were indicted without reliance on the Facebook warrants.
Even though Facebook had already complied with the search warrants, its appeal was allowed to continue in a case that has drawn the attention of Google Inc. and Twitter Inc., as well as the American Civil Liberties Union.
A New York state appeals court in Manhattan unanimously ruled on Tuesday that Facebook had no right to challenge Vance’s search warrants before they were executed.
Read more on Bloomberg.
[From
the article:
The judge serves as a “constitutional
gatekeeper” who “protects citizens from the actions of an
overzealous government,” the court said.
… The case is In re 381 Search Warrants
Directed to Facebook Inc., 30207-13, New York State Supreme Court,
Appellate Division, First Department.
I don't see how politicians can use this in their
Presidential campaigning, but then most of what they say is
meaningless, isn't it?
This drone
is packing heat, but it isn't breaking any laws
A gun-toting drone, tested and video taped by an
18-year-old Connecticut man apparently did not violate any existing
laws, although the FAA is looking into it, according to ABC
News and other reports.
In a video posted to YouTube July 10, the drone is
seen hovering about five feet in the air, firing a front-mounted
semi-automatic gun.
… an FAA spokesman told CNET
that the agency is looking into whether the test flight, which
did not break any state laws, violated any of its own regulations.
The video went viral just days after California
authorities said the presence of five drones delayed
firefighter response to the big North
Fire near Los Angeles as well as the first FAA-approved
drone delivery of medical supplies to a remote Virginia clinic.
[The
video: https://www.youtube.com/watch?v=xqHrTtvFFIs
(Related) Shouldn't a regulatory agency be more
familiar with its regulations?
FAA Goes
Into Full Panic Mode After Video Shows Drone Firing Semi-Automatic
Handgun
… “The
FAA will investigate the operation of an unmanned aircraft
system in a Connecticut park to determine if any Federal Aviation
Regulations were violated,” said FAA spokesman Jim Peters when the
video first surfaced earlier this month. “The FAA will also work
with its law enforcement partners to
determine if there were any violations of criminal
statutes.”
This rather surprises me. I wonder what the rates
are in Washington? (What will organized crime bid for a copy of the
user database?)
One in five
Ottawans is registered on Ashley Madison
… One in five Ottawa residents allegedly
subscribed to adulterers’ website Ashley Madison, making one of the
world’s coldest capitals among the hottest for extra-marital
hookups – and the most vulnerable to a breach of privacy after
hackers
targeted the site.
… The hackers, who referred to customers as
“cheating dirtbags who deserve no discretion,” appear
uninterested in blackmailing individual clients, unlike an organized
crime outfit.
About time.
Feds go
after LifeLock, alleging poor data security
Federal regulators are going after identity fraud
protection firm LifeLock for allegedly deceiving customers about how
secure their data is.
The Federal Trade Commission (FTC) on Tuesday
accused LifeLock, which has over 3 million subscribers, of violating
a $12 million 2010 settlement with the agency and 35 state attorneys
general.
I thought this had been resolved when the
government tried (and failed) to stop Phil Zimmerman from selling his
encryption software (PGP) by classifying it as a “munition.”
What are they worried about? Do they think China will buy these
tools and thus be able to hack the Office of Personnel management?
Google is warning that the Commerce Department’s
attempt to control the export of hacking tools will “hamper our
ability to defend ourselves, our users, and make the web safer.”
“It would be a disastrous outcome if an export
regulation intended to make people more secure resulted in billions
of users across the globe becoming persistently less secure,” the
company said late Monday in a blog
post.
Google’s remarks align the search engine giant
with the cybersecurity community, which has
been raising red flags for months about a Commerce Department
proposal that would require companies to obtain licenses when
exporting technology behind “intrusion software.”
I watch surveillance technology. But not as
comprehensively as you are being watched. Here is one example. All
of this in addition to knowing everything you have ever searched
for...
Google Maps
Timeline tracks your location and shows you where you've been
Google is introducing a new feature to its Maps
application that allows users to see where they have been on
any given day, month or year.
… Google
Now provides notifications when there are traffic incidents along
your commute, or reminds you where you parked your car.
… People who use Google
Photos, Google's new app that assigns tags to objects in photos
and automatically arranges them into albums, can also see all the
photos they took in a specific place or on a specific day on their
Timeline.
Rethinking customization. Giving users control
results in a site that is out of control.
Better Get
Used to Twitter’s New Blandness
… This week, Twitter pulled the option of
customizing background images on its website. It also replaced
user’s chosen images with a single color, putting that same
blue-gray on everyone’s page. It’s utterly plain and totally
inoffensive, completely devoid of customization. Twitter users hate
it.
… you can expect to see more of this. Twitter
long has been going
the way of Facebook, dropping user customization in favor of
platform uniformity. Twitter would rather you focus on all the
interesting things happening on the network, not on what you made
your little part of it look like.
… There were many
problems with MySpace, but one of the most obvious was the site’s
total loss of control over what it looked like, and the unnavigable
mess many users made of it. Good luck trying to find the message
button on a white page with yellow text overrun with twirling Lisa
Frank stickers. I mean, look at this
mess. Or this
one. Or this
one.
Big Data and Analytics. This has implications in
other industries.
The Other
‘Moneyball': Using Analytics to Sell Season Tickets
… Among the main things Horton and Hurwitz
were looking for were indications of loyalty, which they determined
was a key factor in those who would renew season ticket or multi-game
plans. In that context, they said, it is one thing to buy a ticket,
but another to use it. For that reason, they mine data from the
ticket scanners each major league club uses when fans enter the
stadium to attend a game.
Something to integrate into my classes.
“Collaboration is the new Black!”
Google has made it easier for users to open any
Office files stored on Google Drive directly in Office apps, edit
them, and save them back to Google Drive. The feature comes with the
release of a new plugin by Google for Microsoft
Office on Windows, making syncing changes to files stored on
Drive easier.
Using the Google
Drive plugin, any local files can also be saved on the Google's
cloud storage platform directly from the Office apps. The feature
however, might be more useful
when sharing files with teams or for file access from
different devices. To download
the plugin, users would have to visit the Google Tools page, simply
click on the 'Download' option below, and click on 'Accept and
install' the binary file of 910KB.
(Related) We need to teach collaboration
techniques.
How
Collaboration and Crowdsourcing are Changing Legal Research
by Sabrina
I. Pacifici on Jul 21, 2015
ThomsonReuters/Susan
Martin: “Bob Ambrogi, lawyer, consultant and blogger at Law
Sites, spoke at a well-attended session this morning at the
American Association of Law Libraries (AALL) Annual Meeting. Titled
“Playing Well With Others: How Collaboration and Crowdsourcing are
Changing Legal Research,” Ambrogi’s presentation began with a
light-hearted scolding of
lawyers and legal professionals who simply “aren’t very good at
sharing.” “Crowdsourcing requires sharing and lawyers
tend to be very possessive, so that makes it difficult,” said
Ambrogi. He cited the giants like Thomson Reuters, Lexis, and
Bloomberg, who take raw legal information and have an army of editors
who annotate it, organize it and comment on it. “But we don’t
have all those paid people to do this for us when it comes to legal
research on the internet. That is where crowdsourcing comes in,”
he stated. Ambrogi… shared some examples of crowdsourcing gone
wrong, where sites were built and abandoned or simply not updated
enough to be effective… He then went on to showcase three examples
of great crowdsourced sites:
For my Website students.
Get Your
Site Mobile-Ready With 6 Free Emulators
I have to admit, most of my students invent
uncommon errors. Some useful resources here.
A Quick
Guide to Avoiding Common Writing Errors
Might be worth looking at a few...
Free
Windows 10 Ebooks & Information Material to Prepare for the
Upgrade
I want to read this more carefully since it seems
to be something my students do instinctively.
Information
Avoidance
by Sabrina
I. Pacifici on Jul 21, 2015
Golman, Russell and Hagmann, David and
Loewenstein, George, Information Avoidance (July 17, 2015).
Available for download at SSRN: http://ssrn.com/abstract=2633226
“We commonly think of information as a means to
an end. However, a growing theoretical and experimental literature
suggests that information may directly enter the agent’s utility
function. This can create an incentive to avoid information, even
when it is useful, free, and independent of strategic considerations.
We review manifestations of information avoidance as well as
theoretical and empirical research on reasons for why people avoid
information, drawing from economics, psychology, and other
disciplines. The review concludes with a discussion of some of the
diverse (and costly) individual and societal consequences of
information avoidance.”
I had an interesting call from “The IRS”
yesterday. Apparently I was in deep but unspecified dodo and unless
I called them back immediately they would be confiscating my car, my
house and my yacht.
Just for grins a went to the IRS Phishing page to
report the incident, but chose not to bother when they wanted me to
create an incident number to uniquely identify the tip and leave them
my name, address, email, phone number(s) and whatever.
Perhaps they are not really interested in catching
(or at least shutting down) these guys. Anyway, I took it as, “Don't
bother us unless it's really important.”
No comments:
Post a Comment