Sunday, August 16, 2015

The FAA has been trying to update their systems for years (decades?) Didn't we have a single airline with exactly this same (flight plan) problem last week? Coincidence?
D.C., New York flight delays caused by air traffic glitch, FAA says
A computer problem at a Virginia air traffic control center led to significant flight delays Saturday at airports in the Washington and New York City areas, the Federal Aviation Administration said.
… An unspecified problem emerged in a computer system that processes flight plans at the Washington Air Route Traffic Control Center in Leesburg, Virginia, and forced the FAA to temporarily halt departures for all planes at the D.C.-area's three major airports, the agency said.




I hope none of my Computer Security students would make this mistake. They could provide secure computers if they tried. Expecting these to remain un-hacked is really fantasy.
Paul Peachey reports:
The welcome screen on the prison laptop was simple to navigate. Prison officials clicked on the dog icon, inmates clicked on the cat. Clicking on the dog – and entering the password – allowed access to a section with administrator privileges and access to the internet. The cat was a gateway to little more than a basic word processor.
Unlocking the “dog” was key to the plotters’ attempts to use the computer to smuggle drugs. Using an east European hacker inside the prison, the gang obtained a coded pen drive that was smuggled into the prison by a visitor.
Read more on The Independent.




And they can do this without a backdoor into encrypted emails? Amazing! The article does mention methods that have some potential for maintaining anonymity, but there is no guarantee.
More on the risks of identification and re-identification in large databases, from The Economist:
Frequent visitors to the Hustler Club, a gentlemen’s entertainment venue in New York, could not have known that they would become part of a debate about anonymity in the era of “big data”. But when, for sport, a data scientist called Anthony Tockar mined a database of taxi-ride details to see what fell out of it, it became clear that, even though the data concerned included no direct identification of the customer, there were some intriguingly clustered drop-off points at private addresses for journeys that began at the club. Stir voter-registration records into the mix to identify who lives at those addresses (which Mr Tockar did not do) and you might end up creating some rather unhappy marriages.
Read more on The Economist.




Once upon a time, AT&T was a monopoly – in other words, “One stop shopping.” So I don't find this shocking.
AT&T Helped U.S. Spy on Internet on a Vast Scale
The National Security Agency’s ability to spy on vast quantities of Internet traffic passing through the United States has relied on its extraordinary, decades-long partnership with a single company: the telecom giant AT&T.




New tech, new sin? OR New ways to commit the same old ones?
Periscope complies to 71 percent of copyright takedown requests
… In a newly released Transparency Report, its owner Twitter says it has received 1,391 notices under the Digital Millennium Copyright Act for illegal streams on Periscope.
Since its launch in late March, the number of requests has increased dramatically from fewer than 20 in April to nearly 1,000 in June. Periscope has complied with 71 percent of requests, affecting 864 accounts and removing 1,029 streams.
… Periscope’s live-streaming abilities has companies worried that users could illegally watch events without them paying for it, such as the case with the boxing match between Floyd Mayweather and Manny Pacquiao in May.
… When it first launched, HBO slammed Periscope as a possible app that promotes “mass copyright infringement” because people were using it to stream the premiere of ‘Game of Thrones.’
Compared to Twitter and Vine, Periscope has the highest compliance rate, writes VentureBeat, although that data is measured from January to June. Vine has received 2,405 notices with a 68 percent compliance rate and Twitter has garnered 14,694 takedown requests with a 67 percent compliance rate.




They already have Best Practices? You bet. After all, 99% of the risks they face are the same as those faced by mobile devices or laptops or desktops or mini-computers or mainframes. The trick is getting managers to insist on implementing Best Practices even on the new stuff.
Libbie Canter writes:
Earlier this week, the Online Trust Alliance released a draft framework of best practices for Internet of Things device manufacturers and developers, such as connected home devices and wearable fitness and health technologies. The OTA is seeking comments on its draft framework by September 14.
The framework acknowledges that not all requirements may be applicable to every product due to technical limitations and firmware issues. However, it generally proposes a number of specific security requirements, including encryption of personally identifiable data at rest and in transit, password protection protocols, and penetration testing.
Read more on Covington & Burling InsidePrivacy.




I think we are headed to a “National ID Card” of some type, so it makes sense to learn what others are doing right or wrong. Look on the Unique Identification Authority of India website if you want more.
India’s national ID system, Aadhaar, has been promoted as ensuring access to public benefits. But from Day One, it has also raised significant privacy and data security concerns, as this blog has tried to point out over the past few years. Today, Malavika Jayaram, a fellow at the Berkman Center, writes about Aadhaar:
Privacy is breached at several levels; at the time of data collection (especially when biometrics are involved); at the time of its storage by multiple actors (which federated and decentralised enrollment apparatus facilitates by design); at the time of use (especially when Aadhaar is tagged for banal everyday activities that are low-risk from an identity theft or benefits fraud point of view, risking an allegedly secure system being devalued through ubiquity, and compromised through biometric overuse). All of this is compounded by the lack of a statutory frame for the Unique Identification Authority of India and/or a dedicated privacy law.
When the Attorney General contends, as he did during the ongoing matter before the Supreme Court, and as referenced in Tuesday’s order, that there is no privacy violation if the data is not shared, this fails to acknowledge the very complex network of transactions and uses that the scheme is predicated on. When the Supreme Court misses the opportunity to put the brakes on the continued collection of data, it opens the door for the government relying on the Too Big To Fail, Too Late to Turn Back rhetoric.
Read more on Scroll.in




Russian strategy probably does not include expanding NATO. Or do they think they can stay below 49%?
Sweden’s Russia Problem
… Incursions into Swedish territory by the Russian air force have been problematic as Stockholm discovered its military wasn’t able to detect the foreign aircraft for hours after their cross border transgressions. Russian naval patrols have also been rather active off the coast of Sweden in the Baltic Sea and the Gulf of Bothnia.
On the diplomatic scene, Russia has been rather inflammatory in verbiage. In June of this year polling in Sweden indicated a surge in public support for joining NATO which was primarily driven by Russian actions. In 2012 public support for joining NATO stood at 17 percent, but June’s poll put the support at 34 percent. Keep in mind this is a nation that hasn’t been at war for 200 years, but a portion of Sweden’s public is sufficiently concerned enough to jettison a long standing policy of neutrality because of Moscow’s actions.




(Looks like this is not dying down – too many people having too much fun?) We put procedures in place because not everyone understands security. “I don't want to do it that way” is a recipe for disaster.
Clinton Defies the Law and Common Sense
… It is a misdemeanor punishable by imprisonment for not more than a year to keep “documents or materials containing classified information ... at an unauthorized location.” Note that it is the information that is protected; the issue doesn’t turn on whether the document or materials bear a classified marking. This is the statute under which David Petraeus—former Army general and Central Intelligence Agency director—was prosecuted for keeping classified information at home. Mrs. Clinton’s holding of classified information on a personal server was a violation of that law. So is transferring that information on a thumb drive to David Kendall, her lawyer.
… Mrs. Clinton herself, in a now famous email, cautioned State Department employees not to conduct official business on personal email accounts. The current secretary of state, John Kerry, testified that he assumes that his emails have been the object of surveillance by hostile foreign powers.


(Related)
Clinton's deleted emails scrubbed from server
Hillary Clinton's private server had been stored in New Jersey since 2013 and has been wiped clean of all records, including the emails she deleted.
… The Department of Justice took possession of the server Wednesday from Platte River Networks.
… Up until that time, the server had been in the basement of Clinton's Chappaqua, New York home.
… It is also now being reported that Clinton's attorney, David Kendall, turned over three thumb drives, not one, to the Department of Justice.
… The IG determined the two emails that contained top-secret information could have only originally come from intelligence agencies.


(Related)
New details about classified information in Clinton's emails
… The inspector general for the Intelligence Community revealed last month that a review of a "limited sample" of 40 Clinton emails yielded four that "contained classified information."
But by then the State Department had already released one of them in full as part of a court-mandated release of 296 Clinton emails, all pertaining to Libya and the 2012 Benghazi attacks.




I had several Italian friends as a kid. I'm sure they could communicate quite a lot with just a few gestures – words are superfluous.
Yahoo’s Audio-Free Video Messaging App Livetext Is Now Available Worldwide
If you were intrigued by Livetext, the audio-free video messaging app launched by Yahoo last month, but don’t live in the U.S. or the handful of test markets where it was available, then we have news for you. The app is now live worldwide, which means anyone with an iOS and Android device can get hold of it.


No comments: