Oops! A word managers should never need to utter.
NOTE: This is not the first time data was loaded into Amazon's
public servers.
Insurance carriers, third party administrators (TPAs), and
self-insureds had claims data exposed when a cloud-hosted claims
management service inadvertently left their databases and files
unprotected on a public server.
Another week, another infosecurity failure that
exposed oodles
of personal information.
This time, it’s a leak that not only exposed
insurance claims data, but allegedly included internal documents that
reveal how some entities planned to defend against specific claims.
According to a source who contacted
DataBreaches.net, as part of research on data leaks, the
self-described “technology enthusiast” (“TE”) downloaded some
random data from a publicly
available subdomain on Amazon Web Services (AWS).
Inspection of the files revealed many GB of SQL database backups with
“names, social security numbers, addresses, dates of birth, phone
numbers, as well as various financial and medical injury data.”
I hope we're not talking default passwords again.
Edd Gent reports:
Cyber-spies have managed to plant snooping software in Cisco routers, located on three continents, which direct traffic around the Internet.
Security research firm FireEye says it has so far found 14 instances of the router implants in India, Mexico, Philippines and Ukraine, adding that this may be just the tip of the iceberg and that the problem could potentially affect routers from other makers.
Read more on E&T.
[From
the article:
A highly sophisticated form of malicious software
was installed onto the devices, but Cisco - the world's top supplier
of routers - said the attacks were not due to any vulnerability in
its own software. Instead, the attackers stole valid network
administration credentials from targeted organisations or managed to
gain physical access to the routers.
Target still a target.
Joseph Ax reports:
A U.S. judge on Tuesday certified a class action against Target Corp brought by several banks over the retailer’s massive data breach in 2013.
Read more on Reuters.
Worth a try, I suppose.
Jennifer Baker reports:
Civil rights NGO Human Rights Watch (HRW) has launched a legal challenge to find out if its information was shared between the US National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ).
The organisation is unhappy that a ruling by the Investigatory Powers Tribunal (IPT) in February did not reveal the full extent of intelligence sharing.
Read more on The
Register.
How different Tom Sawyer would have
been...
The Local reports:
Six
out of ten Norwegians would use GPS tracking devices to keep tabs on
children under the age of 12, according to a new poll by Gallup.
The poll found that only 10 percent of Norwegians found the use of tracking devices unacceptable, while 60 percent were in favour.
Read more on The
Local (No).
Wow! Only 10 years? (That's like 200 Internet
years) By then, we'll be inserting chips subcutaneously. (See the
article above.)
(Related)
Americans
agree computer science is important—but only one-quarter of US
schools teach it
Gallup and Google just teamed up to conduct one
of the most comprehensive studies of computer science education
in schools. Interviewing nearly 16,000 7th- to 12th-grade students,
parents, teachers, principals and superintendents, this study
provides us with yet another painful reminder of how our education
system is out of touch with and slow to respond to opportunities for
our kids’ futures. Despite massive and growing demand to fill
high-paying computer science jobs in all kinds of organizations and
industries all over the world, a mere one in four principals in the
US report offering computer programming or coding in their school.
And as we argue about what should and shouldn’t be taught in US
schools, it turns out we agree on at least one thing very clearly:
Computer science should be taught. A surprising 85% of parents, 75%
of teachers and 68% of principals say that computer science education
is “just as important” or “more important” than teaching
required courses like math, science, history and English.
What have sex robots ever done to you? Wait,
don't answer that. I really don't want to know.
New
campaign launches to save us from harmful, lonely life of sex with
robots
… The Campaign
Against Sex Robots sounds like a funny idea — but when you see
the potential for human-rights violations down the road, you’ll
have an “a-ha” moment. [More
like a “you have got to be kidding!” moment. Bob]
Because God help us if anything should happen.
Feds
declare 'No Drone Zone' for Pope's visit
Interesting. Or at least it could be.
Federal
Court Invalidates 11-Year-old FBI gag order on National Security
Letter recipient Nicholas Merrill
by Sabrina
I. Pacifici on Sep 15, 2015
Calyx
Institute: “A federal
district court has ordered the FBI to lift an eleven-year- old gag
order imposed on Nicholas Merrill [document is redacted]
forbidding him from speaking about a National Security Letter (“NSL”)
that the FBI served on him in 2004. The
ruling marks the first time that an NSL gag order has been lifted in
full since the PATRIOT Act vastly expanded the scope of the FBI’s
NSL authority in 2001. Mr. Merrill, the executive
director of the Calyx Institute, is represented by law students and
supervising attorneys of the Media Freedom and Information Access
Clinic, a program of Yale Law School’s Abrams Institute for Freedom
of Expression and Information Society Project. For more than a
decade, the government has refused to allow Mr. Merrill and other NSL
recipients to tell the public just how broadly the FBI has
interpreted its authority to surveil individuals’ digital lives in
secret using NSLs. Tens of
thousands of NSLs are issued by FBI officers every year without a
warrant or judicial oversight of any kind. The letters
demand disclosure of user information and are almost always
accompanied by complete gag orders. Today’s decision will finally
allow Mr. Merrill to speak about all aspects of the NSL and,
specifically, to inform the public about the categories of personal
information that the FBI believes it can obtain using an NSL… U.S.
District Judge Victor Marrero’s decision invalidated the gag order
in full, finding no “good reason” to prevent Merrill from
speaking about any aspect of the NSL, particularly an attachment to
the NSL that lists the specific types of “electronic communication
transactional records” (“ECTR”) that the FBI believed it was
authorized to demand. The FBI has long refused to clarify what kinds
of information it sweeps up under the rubric of ECTR, a phrase that
appears in the NSL statute but is not publicly defined anywhere…
Merrill first challenged the NSL statute in 2004 in a landmark ACLU
lawsuit that resulted in significant changes to the law but ended in
2010 with much of the gag order still intact…”
This is done by a simple program on a computer.
Lots of companies do it to personalize advertising (talk about your
car, get an ad about cars). Would it be more acceptable if a
“trusted third party” ran the program and gave nothing from the
content to Twitter? (Is there such a thing as a “trusted third
party?”) It is not clear from this article how this benefits
Twitter technically. Shortening the URL gains you nothing but
complexity if you keep the old URL to display for the user.
Twitter Hit
With Suit Claiming It Snoops on Direct Messages
Twitter Inc.’s direct messages may not be as
private as it claims, according to a lawsuit filed against the
company on Monday.
A lawsuit seeking class action status alleges that
Twitter “surreptitiously eavesdrops on its users’ private direct
message communications. As soon as a user sends a direct message,
Twitter intercepts, reads and, at times, even alters the message.”
The lawsuit takes particular issue with the
hyperlinks sent within the private-chat function. The plaintiff
claims that, for example, when a hyperlink to a New York Times story
is sent via direct message, Twitter goes in and replaces the link
with its own link-shortening tool, www.t.co, before it reaches the
intended recipient, which it then masks by displaying the original
New York Times link.
Winning friends no matter who is elected? (I
hereby announce my candidacy for teacher of the year. Can I get a
Donate Button?)
… The button allows mobile users to enter
their credit card and identifying information to donate, then return
to their place in their Twitter timeline.
“By partnering with Square to enable donations
through Tweets, and as the 2016 election season heats up, we’ve
upgraded these tools through which citizens can raise their voices to
champion causes and candidates they support,” the company announced
in a blog.
Kick 'em while they're down? But what if they are
not down enough.
Swift economic retaliation against American
businesses is expected if the White House levies hacking sanctions
against Chinese companies.
But U.S. industry groups are still pressuring the
government to stand up to China over what’s believed to be a
massive campaign to pilfer corporate secrets from U.S. firms. The
alternative, they say, could be even worse: Unabated cyberattacks
that drain the American private sector of its global competitive
advantage.
Nothing foretells the legalization of marijuana
like more revenue for governments to waste spend.
Colorado
Just Became The First State In History To Collect More Taxes From
Marijuana Than Alcohol
No state has ever generated more tax revenue from
marijuana than alcohol—until now.
The Colorado Department of Revenue, according to
recently released figures, just brought in $70 million in taxes
relating to marijuana, compared to less than $42 million for alcohol
taxes, over the course of a year.
An update on Kim Dotcom. Extradition hearing is
next Monday.
Megaupload, Kim Dotcom, and others filed their
reply brief today in the Fourth Circuit Court of Appeals urging the
Court to reverse the trial court's finding of "Fugitive
Disentitlement."
Here is an excerpt from the reply brief:
"The government
asks this Court to affirm a forfeiture order that is purely advisory,
was justified only by Claimants’ exercise of their right to oppose
extradition, and was obtained without any opportunity to contest the
government’s case on the merits. Our justice system requires more.
Claimants have not been convicted of any crime, have not fled the
jurisdiction, and have not been extradited. They stand ready to
defend their property—located entirely in countries that have
refused to enforce the U.S. forfeiture orders. But without
considering the merits, the district court declared that property
forfeited. That order contravenes fundamental jurisdictional
requirements, statutory commands, and due process..."
Read the full
reply brief.
(Related) More Kim Dotcoms?
The FBI has seized domains belonging to sites
involved in pre-release music piracy. ShareBeast.com and
AlbumJams.com now display the infamous Department of Justice banner
informing visitors that the sites are being investigated for criminal
copyright infringement. The RIAA welcomed the news, describing the
takedowns as a "huge win."
If you can't put your foot in your mouth, keep
shooting yourself in the foot until you can?
The Three
Stages Of Hillary Clinton’s Self-Perpetuating Funk
… Candidates can just as easily get caught —
or entrap themselves — in self-reinforcing cycles of negative media
attention and declining poll numbers. Hillary Clinton looks like
she’s stuck in one of these ruts right now.
The Washington Post’s David Weigel recently
observed
that voters were hearing about only three types of Clinton stories,
all of which have negative implications for her. First are stories
about the scandal surrounding the private email server she used as
secretary of state. Next are stories about her declining poll
numbers. And third are stories about how Vice President Joe Biden
might enter the Democratic presidential race.
A useful research tool?
Harvard
Kennedy School – Think Tank Search
by Sabrina
I. Pacifici on Sep 15, 2015
“Think
Tank Search is a custom
Google search of more than 590 think tank websites. For
the purposes of this search, think tanks are defined as institutions
affiliated with universities, governments, advocacy groups,
foundations, non-governmental organizations, and businesses that
generate public policy research, analysis, and activity. Inclusion
is based upon the relevancy of subject area to HKS coursework and
scholarship, the availability of the think tank’s research in
full-text on the website, and the think tank’s reputation and
influence upon policy making. The list represents a mixture of
partisan and non-partisan think tanks.”
Several tools for my geeky students.
Find Out
How Much Traffic a Website Gets
No comments:
Post a Comment