Very “Mission: Impossible.” Let them tell
everyone there is nothing to worry about. The cost of failing to
keep control of your data.
CBC News reports:
Eastern Health says it’s found the missing USB flash drive containing thousands of employees’ personal information — it was in a file folder in the Human Resources department the whole time.
The health authority reported a privacy breach June 19 when a drive containing sensitive information of 9,000 employees went missing.
Read more on CBC
News.
Look what it cost them, though, until they found
it.
[From
the article:
According to Eastern Health, an employee found the
drive while she was doing some office tidying.
… Molloy said they are not really sure how the
drive got into that location and that they are still investigating
employees' actions.
… Eastern Health president David Diamond said
they spent several days tearing apart their offices looking for the
missing USB stick, which contained social insurance numbers, names,
and employee numbers.
Eastern Health tasked 30 workers full-time to
notify all the impacted employees of the breach. The extra labour,
among other expenses, cost Eastern Health more than $100,000.
… As a result of the incident, Diamond said
that Eastern Health is strengthening its regulations around employee
privacy. Social insurance numbers won't be used as an employee
identifier, and any employee requesting information will first have
to answer a number of security questions.
Eastern Health said it is developing a more strict
USB and portable media devices policy, and has plans to upgrade its
anti-virus platform so that USB drives will be automatically
encrypted.
ABC? (Anyone but China?) Now it has some aspects
of “sophisticated.”
Report:
Russia Responsible For Massive Cyberattack On Pentagon’s Joint
Staff Email System
It looks as though the U.S. Government just can’t
catch a break when it comes to cybersecurity issues. If it isn’t
China
that’s breaching the Office of Personal Management (OPM),
accessing
the personnel files of 21.5 million people, then the U.S. has to
keep an eye for hackers originating from Russia.
The latter is pegged as the source for the recent
cyberattack on the Pentagon’s Joint Staff email system. If there’s
any silver lining to today’s news, it’s that the email system
contained “unclassified” information. The cyberattack, which
occurred on July 25, affected around 4,000 military personnel that
work for the Chairman of the Joint Chiefs. The email system has been
offline since the breach was first detected, but is expected to come
back online by Friday of this week.
NBC News is reporting that the
"sophisticated cyber intrusion” relied on an “automated
system that rapidly gathered massive amounts of data and within a
minute distributed all the information to thousands of accounts on
the Internet” and that Russian hackers staged their attack through
“encrypted accounts on
social media.” [I
think that's new... Bob]
Government officials familiar with the breach
added that "It was clearly the work of a state actor.” At
this time, it is unclear whether hackers operating within Russia took
it upon themselves to attack the unclassified email system or if the
Russian government had a part in putting its fingers in the
Pentagon’s back pocket.
Right out of the “Guide for Hacking
Professionals” – the one I'm going to write. You have to pull
everything until you can find the “indicators of value” then you
know which files are valuable and which are just filler. Reducing
the volume you take reduces the chance someone will notice.
Emissary
Panda Hackers Get Selective in Data Heists
… Previously,
the group, known as Emissary Panda as well as Threat Group 3390, used
to exfiltrate all the information found on a compromised network.
Recently, the group has moved away from the smash-and-grab tactics
and adopted a strategy where it compiles a list of all the files and
components stored on the network and then picks and chooses which
ones to grab, Andrew White, senior security researcher at Dell
SecureWorks told SecurityWeek.
… The
fact that there is some kind of a selection process going on
indicates the group is not just out for
financial gain.
Another OPM update. Sorta.
OPM Wins
Pwnie for Most Epic Fail at Black Hat Awards Show
... One of the many categories at the Pwnie
Awards is for the Most Epic Fail, with this year's nominees including
the Ashley Madison and U.S. Office of Personnel Management (OPM)
hacks. OPM came away with
this year's Most Epic Fail award, as the hack
of its systems resulted in 25.7 million Americans being at risk. OPM
first admitted it was hacked on June 4, and over the course of the
following weeks the true extent of the breach, and OPM's
mismanagement, became known.
Only seven?
7 Reasons
Why The Internet of Things Should Scare You
It was only a couple of years ago that we – the
public- started to understand the term Internet of Things
(IoT). Until then, we’d never entertained the idea that our
bathroom tap might want to have a chat with the dishwasher.
Our naiveté in these matters promised us many
great things. It’s also promising many great dangers.
… It won’t be long until your
trousers are horrified by your weight gain. In turn, they’ll
conspire against you. They’ll have the TV showing contextual ads
about new fad diets. The touch-screen on the fridge will be selling
you low-fat yogurt. Your watch will be telling you to pay for a new
fitness app. Google could even have your NEST
thermostat, with
its many uses, telling you the weight-loss benefits of having the
heat turned up.
The government is “asking,” but what are they
“offering?” Those of us who teach Computer Security would love
to swap information and ideas with the front line techies – what we
get is bureaucrats.
Homeland
official asks Black Hat crowd to build trust
… Alejandro Mayorkas, deputy secretary of the
Department of Homeland Security, says he recognizes that a trust
deficit exists between the government and those who deal with data
security, but says that needs to change.
… But several people in the crowd of hackers
and information security professionals expressed concern that any
information about cyber threats shared with the government could be
used against them.
Gosh, now there will be a tremendous demand for a
law professor with a PhD in Economics. I only know of one. Does
this mean he can demand a fantastic consulting fee?
A new paper, available on SSRN, from Ryan
Calo:
Calo, Ryan, Privacy and Markets: A Love Story
(August 6, 2015). Available at SSRN:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2640607
Abstract:
Law and economics tends to be skeptical of privacy, finding privacy overrated, inefficient, and perhaps even immoral. Law should not protect privacy because privacy inhibits the market by allowing people to hide useful information.
Privacy law scholars tend to be skeptical of markets. Markets “unravel” privacy by penalizing consumers who prefer it, degrade privacy by treating it as just another commodity to be traded, and otherwise interfere with the values or processes that privacy exists to preserve.
This mutual and longstanding hostility obscures the significant degree to which privacy and markets assume and reply upon one another in order to achieve their respective ends.
For example, in a world without privacy, traditional market criteria such as price and quality can be overwhelmed by salient but extraneous information such as personal belief. Meanwhile, imagine how much a government must know about its citizens to reject markets and distribute resources according to the maxim “from each according to his ability, to each according to his need.”
Conceiving of privacy and markets as sympathetic helps justify or explain certain legal puzzles, such as why the Federal Trade Commission—an agency devoted to free and open markets and replete with economists—has emerged as the de facto privacy authority in the United States. The account also helps build a normative case for political and other laws that enforce a separation between market and other information.
'cause the Internet is so friendly...
Pew Report
– Teens, Technology and Friendships
by Sabrina
I. Pacifici on Aug 6, 2015
Teens,
Technology and Friendships – Video games, social media and mobile
phones play an integral role in how teens meet and interact with
friends: “For American teens, making friends isn’t just
confined to the school yard, playing field or neighborhood – many
are making new friends online. Fully 57%
of teens ages 13 to 17 have made a new friend online, with 29% of
teens indicating that they have made more than five new friends in
online venues. Most of these friendships stay in the digital space;
only
20% of all teens have met an online friend in person.”
Worth trying?
Privacy
Badger 1.0 Blocks the Sneakiest Kinds of Online Tracking
The Electronic Frontier Foundation (EFF) today
released Privacy Badger 1.0, a browser extension that blocks some of
the sneakiest trackers that try to spy on your Web browsing habits.
… The new Privacy Badger 1.0 includes blocking
of certain kinds of super-cookies and browser fingerprinting—the
latest ways that some parts of the online tracking industry try to
follow Internet users from site to site.
… Privacy Badger 1.0 works in tandem with the
new Do Not Track (DNT) policy, announced earlier this week by EFF and
a coalition of Internet companies. Users can set the DNT flag—in
their browser settings or by installing Privacy Badger—to signal
that they want to opt-out of online tracking. Privacy Badger won’t
block third-party services that promise to honor all DNT requests.
… To download Privacy Badger 1.0:
https://www.eff.org/privacybadger
Who needs this App? Are there Martians among us?
Use Your
Smartphone to Identify Anything With CamFind
How would you like to walk up to any object at all
— no matter how foreign or unusual — snap a picture of it, and
have your
phone tell you what that object is? Well, there’s now an app
for iOS and Android that lets you do that, and it’s called CamFind.
Perspective. Not much I can say without punning.
Pornhub
launches an all-you-can-watch subscription service for $9.99 a month
On Thursday Pornhub launched “Pornhub Premium,”
which will supply unlimited viewing of select adult titles in high
definition and without ads for $9.99 a month. The business model
echoes Netflix's, and Corey Price, Pornhub's vice president, said in
the company's
press release that the brand wants to become the “Netflix of
Porn.”
Perspective. A measure of the economy or a
measure of greed?
How much
for a Super Bowl spot in 2016? Maybe $5M
This could be useful – and the contest might be
amusing. I might video my student's short presentation, then
annotate it to help them improve. “Here is where you start talking
gibberish!”
Highlight
Debates or Analyze Presentations Through Vibby
One of last week's most popular posts was about a
new
video highlighting tool called Vibby. Vibby
allows you to highlight and comment on sections of YouTube videos.
You can even break the videos to play only the sections that you
highlight in the video's timeline. An email that I received today
from Vibby gave me a good idea about how to use the service to help
students analyze debates and presentations.
Vibby
is running a contest called Highlight the GOP Debate. In the
contest they're asking people to highlight outrageous moments,
exaggerated truths, and fluffy or meaningless statements. The
contest is open to anyone who is a registered Vibby user.
Applications for Education
Reading about Vibby's Highlight the GOP Debate
contest made me think about using Vibby to help students identify and
understand key points in debates and presentations. You could ask
students to watch videos and identify people who make consistent eye
contact, who pace their presentations well, or any other
characteristic that you want them to emulate when they deliver their
own presentations. You could also have students use Vibby to
identify and highlight examples of people using logical fallacies in
debates, identify forms of advertising and manipulation, or highlight
the best arguments made in a presentation.
A background article for my IT Governance
students.
Things You
Should Know About Redundancy and Backups
What if a software error corrupts a vital file on
your computer? What if your office catches fire, taking your servers
with it?
What if you suffer a catastrophic hardware failure
and lose all your data? What if your ISP has technical issues, and
you lose Internet access for a few days?
It’s safe to say that these are all uncommon,
extremely undesirable outcomes. But it’s important to prepare for
any possible eventuality, no matter how unlikely, so that service
doesn’t get disrupted.
The way we do that is with something called
‘redundancy’.
Freebies for me and my students.
Attention
students and teachers: Check if you can get Office 365 for free now
… Now, any qualified student or faculty member
can get a free Office
365 Education plan, which gives you unfettered
access to Word, Excel and Powerpoint
No comments:
Post a Comment