Friday, August 07, 2015

Very “Mission: Impossible.” Let them tell everyone there is nothing to worry about. The cost of failing to keep control of your data.
CBC News reports:
Eastern Health says it’s found the missing USB flash drive containing thousands of employees’ personal information — it was in a file folder in the Human Resources department the whole time.
The health authority reported a privacy breach June 19 when a drive containing sensitive information of 9,000 employees went missing.
Read more on CBC News.
Look what it cost them, though, until they found it.
[From the article:
According to Eastern Health, an employee found the drive while she was doing some office tidying.
… Molloy said they are not really sure how the drive got into that location and that they are still investigating employees' actions.
… Eastern Health president David Diamond said they spent several days tearing apart their offices looking for the missing USB stick, which contained social insurance numbers, names, and employee numbers.
Eastern Health tasked 30 workers full-time to notify all the impacted employees of the breach. The extra labour, among other expenses, cost Eastern Health more than $100,000.
… As a result of the incident, Diamond said that Eastern Health is strengthening its regulations around employee privacy. Social insurance numbers won't be used as an employee identifier, and any employee requesting information will first have to answer a number of security questions.
Eastern Health said it is developing a more strict USB and portable media devices policy, and has plans to upgrade its anti-virus platform so that USB drives will be automatically encrypted.




ABC? (Anyone but China?) Now it has some aspects of “sophisticated.”
Report: Russia Responsible For Massive Cyberattack On Pentagon’s Joint Staff Email System
It looks as though the U.S. Government just can’t catch a break when it comes to cybersecurity issues. If it isn’t China that’s breaching the Office of Personal Management (OPM), accessing the personnel files of 21.5 million people, then the U.S. has to keep an eye for hackers originating from Russia.
The latter is pegged as the source for the recent cyberattack on the Pentagon’s Joint Staff email system. If there’s any silver lining to today’s news, it’s that the email system contained “unclassified” information. The cyberattack, which occurred on July 25, affected around 4,000 military personnel that work for the Chairman of the Joint Chiefs. The email system has been offline since the breach was first detected, but is expected to come back online by Friday of this week.
NBC News is reporting that the "sophisticated cyber intrusion” relied on an “automated system that rapidly gathered massive amounts of data and within a minute distributed all the information to thousands of accounts on the Internet” and that Russian hackers staged their attack through “encrypted accounts on social media.” [I think that's new... Bob]
Government officials familiar with the breach added that "It was clearly the work of a state actor.” At this time, it is unclear whether hackers operating within Russia took it upon themselves to attack the unclassified email system or if the Russian government had a part in putting its fingers in the Pentagon’s back pocket.




Right out of the “Guide for Hacking Professionals” – the one I'm going to write. You have to pull everything until you can find the “indicators of value” then you know which files are valuable and which are just filler. Reducing the volume you take reduces the chance someone will notice.
Emissary Panda Hackers Get Selective in Data Heists
Previously, the group, known as Emissary Panda as well as Threat Group 3390, used to exfiltrate all the information found on a compromised network. Recently, the group has moved away from the smash-and-grab tactics and adopted a strategy where it compiles a list of all the files and components stored on the network and then picks and chooses which ones to grab, Andrew White, senior security researcher at Dell SecureWorks told SecurityWeek.
The fact that there is some kind of a selection process going on indicates the group is not just out for financial gain.




Another OPM update. Sorta.
OPM Wins Pwnie for Most Epic Fail at Black Hat Awards Show
... One of the many categories at the Pwnie Awards is for the Most Epic Fail, with this year's nominees including the Ashley Madison and U.S. Office of Personnel Management (OPM) hacks. OPM came away with this year's Most Epic Fail award, as the hack of its systems resulted in 25.7 million Americans being at risk. OPM first admitted it was hacked on June 4, and over the course of the following weeks the true extent of the breach, and OPM's mismanagement, became known.




Only seven?
7 Reasons Why The Internet of Things Should Scare You
It was only a couple of years ago that we – the public- started to understand the term Internet of Things (IoT). Until then, we’d never entertained the idea that our bathroom tap might want to have a chat with the dishwasher.
Our naiveté in these matters promised us many great things. It’s also promising many great dangers.
… It won’t be long until your trousers are horrified by your weight gain. In turn, they’ll conspire against you. They’ll have the TV showing contextual ads about new fad diets. The touch-screen on the fridge will be selling you low-fat yogurt. Your watch will be telling you to pay for a new fitness app. Google could even have your NEST thermostat, with its many uses, telling you the weight-loss benefits of having the heat turned up.




The government is “asking,” but what are they “offering?” Those of us who teach Computer Security would love to swap information and ideas with the front line techies – what we get is bureaucrats.
Homeland official asks Black Hat crowd to build trust
… Alejandro Mayorkas, deputy secretary of the Department of Homeland Security, says he recognizes that a trust deficit exists between the government and those who deal with data security, but says that needs to change.
… But several people in the crowd of hackers and information security professionals expressed concern that any information about cyber threats shared with the government could be used against them.




Gosh, now there will be a tremendous demand for a law professor with a PhD in Economics. I only know of one. Does this mean he can demand a fantastic consulting fee?
A new paper, available on SSRN, from Ryan Calo:
Calo, Ryan, Privacy and Markets: A Love Story (August 6, 2015). Available at SSRN: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2640607
Abstract:
Law and economics tends to be skeptical of privacy, finding privacy overrated, inefficient, and perhaps even immoral. Law should not protect privacy because privacy inhibits the market by allowing people to hide useful information.
Privacy law scholars tend to be skeptical of markets. Markets “unravel” privacy by penalizing consumers who prefer it, degrade privacy by treating it as just another commodity to be traded, and otherwise interfere with the values or processes that privacy exists to preserve.
This mutual and longstanding hostility obscures the significant degree to which privacy and markets assume and reply upon one another in order to achieve their respective ends.
For example, in a world without privacy, traditional market criteria such as price and quality can be overwhelmed by salient but extraneous information such as personal belief. Meanwhile, imagine how much a government must know about its citizens to reject markets and distribute resources according to the maxim “from each according to his ability, to each according to his need.”
Conceiving of privacy and markets as sympathetic helps justify or explain certain legal puzzles, such as why the Federal Trade Commission—an agency devoted to free and open markets and replete with economists—has emerged as the de facto privacy authority in the United States. The account also helps build a normative case for political and other laws that enforce a separation between market and other information.




'cause the Internet is so friendly...
Pew Report – Teens, Technology and Friendships
by Sabrina I. Pacifici on Aug 6, 2015
Teens, Technology and Friendships – Video games, social media and mobile phones play an integral role in how teens meet and interact with friends: “For American teens, making friends isn’t just confined to the school yard, playing field or neighborhood – many are making new friends online. Fully 57% of teens ages 13 to 17 have made a new friend online, with 29% of teens indicating that they have made more than five new friends in online venues. Most of these friendships stay in the digital space; only 20% of all teens have met an online friend in person.”




Worth trying?
Privacy Badger 1.0 Blocks the Sneakiest Kinds of Online Tracking
The Electronic Frontier Foundation (EFF) today released Privacy Badger 1.0, a browser extension that blocks some of the sneakiest trackers that try to spy on your Web browsing habits.
… The new Privacy Badger 1.0 includes blocking of certain kinds of super-cookies and browser fingerprinting—the latest ways that some parts of the online tracking industry try to follow Internet users from site to site.
… Privacy Badger 1.0 works in tandem with the new Do Not Track (DNT) policy, announced earlier this week by EFF and a coalition of Internet companies. Users can set the DNT flag—in their browser settings or by installing Privacy Badger—to signal that they want to opt-out of online tracking. Privacy Badger won’t block third-party services that promise to honor all DNT requests.
… To download Privacy Badger 1.0: https://www.eff.org/privacybadger




Who needs this App? Are there Martians among us?
Use Your Smartphone to Identify Anything With CamFind
How would you like to walk up to any object at all — no matter how foreign or unusual — snap a picture of it, and have your phone tell you what that object is? Well, there’s now an app for iOS and Android that lets you do that, and it’s called CamFind.




Perspective. Not much I can say without punning.
Pornhub launches an all-you-can-watch subscription service for $9.99 a month
On Thursday Pornhub launched “Pornhub Premium,” which will supply unlimited viewing of select adult titles in high definition and without ads for $9.99 a month. The business model echoes Netflix's, and Corey Price, Pornhub's vice president, said in the company's press release that the brand wants to become the “Netflix of Porn.”




Perspective. A measure of the economy or a measure of greed?
How much for a Super Bowl spot in 2016? Maybe $5M




This could be useful – and the contest might be amusing. I might video my student's short presentation, then annotate it to help them improve. “Here is where you start talking gibberish!”
Highlight Debates or Analyze Presentations Through Vibby
One of last week's most popular posts was about a new video highlighting tool called Vibby. Vibby allows you to highlight and comment on sections of YouTube videos. You can even break the videos to play only the sections that you highlight in the video's timeline. An email that I received today from Vibby gave me a good idea about how to use the service to help students analyze debates and presentations.
Vibby is running a contest called Highlight the GOP Debate. In the contest they're asking people to highlight outrageous moments, exaggerated truths, and fluffy or meaningless statements. The contest is open to anyone who is a registered Vibby user.
Applications for Education
Reading about Vibby's Highlight the GOP Debate contest made me think about using Vibby to help students identify and understand key points in debates and presentations. You could ask students to watch videos and identify people who make consistent eye contact, who pace their presentations well, or any other characteristic that you want them to emulate when they deliver their own presentations. You could also have students use Vibby to identify and highlight examples of people using logical fallacies in debates, identify forms of advertising and manipulation, or highlight the best arguments made in a presentation.




A background article for my IT Governance students.
Things You Should Know About Redundancy and Backups
What if a software error corrupts a vital file on your computer? What if your office catches fire, taking your servers with it?
What if you suffer a catastrophic hardware failure and lose all your data? What if your ISP has technical issues, and you lose Internet access for a few days?
It’s safe to say that these are all uncommon, extremely undesirable outcomes. But it’s important to prepare for any possible eventuality, no matter how unlikely, so that service doesn’t get disrupted.
The way we do that is with something called ‘redundancy’.




Freebies for me and my students.
Attention students and teachers: Check if you can get Office 365 for free now
… Now, any qualified student or faculty member can get a free Office 365 Education plan, which gives you unfettered access to Word, Excel and Powerpoint


No comments: