Will the FTC add a fine of their own?
Sarah N. Lynch reports:
A St. Louis-based investment advisory firm will pay $75,000 to settle civil charges alleging it failed “entirely” to protect its clients from a July 2013 cyber attack that was later traced to China, U.S. regulators said on Tuesday.
The Securities and Exchange Commission said R.T. Jones Capital Equities Management did not even encrypt its customers’ data or install a firewall on its servers, and the hack compromised the personal details of about 100,000 people.
Read more on Reuters.
Previous coverage of their breach here.
Note that at the time, we had no idea of how extensive the breach
was in terms of numbers. This appears to be the first time we’re
learning that 100,000 (and not hundreds) of people were affected.
Actions short of war... Inevitable. There's gold
in them thar bits & bytes.
What Goes
Around Comes Around: Russia Gets Hacked
… For more than two months, hacker attacks
originating in China have bedeviled Russia's military and telecom
sectors, researchers at Proofpoint
revealed last week.
"We also observed attacks on Russian-speaking
financial analysts working at global financial firms and covering
telecom corporations in Russia, likely a result of collateral damage
caused by the attackers' targeting tactics," wrote Thoufique Haq
and Aleksy F, authors of the report.
The attacks began with carefully crafted emails
designed to lure recipients into following a URL to a compressed
archive file containing malicious software, or to open an infected
Microsoft Word attachment, the researchers explained.
Once infected, a machine downloads a Remote Access
Trojan, or RAT, called "PlugX."
(Related) Just because they're a Chinese
company... (and because it's so easy!)
Michael Horowitz uncovered some tracking or
monitoring software in ThinkPad that customers will want to know
about. Using TaskScheduleViewer in Windows 7 Professional, Horowitz
found a task called “Lenovo Customer Feedback Program 64”.
It was running daily. According to the description in the task scheduler: “This task uploads Customer Feedback Program data to Lenovo”.
I have setup my fair share of new Lenovo machines and can’t recall ever being asked about a Customer Feedback program.
The program that runs daily isLenovo.TVT.CustomerFeedback.Agent.exe
and it resides in folderC:\Program.Files.(x86)\Lenovo\Customer.Feedback.Program
.
Other files in this folder are Lenovo.TVT.CustomerFeedback.Agent.exe.config, Lenovo.TVT.CustomerFeedback.InnovApps.dll and Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst.dll.
According to Wikipedia, Omniture is an online marketing and web analytics firm, and SiteCatalyst (since renamed) is their software as a service application for client-side web analytics.
So, while there may not be extra ads on ThinkPads, there is some monitoring and tracking.
Read more on Computerworld.
(Almost) Too common to note.
The Canadian Press reports:
The
B.C. government says a hard drive containing personal information and
student records of 3.4 million residents in British Columbia and
Yukon has been lost.
Technology
Minister Amrik Virk says the unencrypted
data from 1986 to 2009 also includes information about
children in care, teacher retirement and graduation dates for cancer
survivors.
[…]
The
minister says the hard drive also contains decades worth of names,
grades, postal codes and personal education numbers.
Read more on Globe
and Mail.
Were these data unencrypted, as I fear? (Answer:
YES). What physical security did the government have for this drive?
For a more detailed listing of the 437 GB of
contents of this drive containing 8,766 folders with 138,830 files,
see this
release from the government.
Your tax dollars at work. This should be a
consideration when budgeting your Computer Security.
Feds Award
$500M Credit-Monitoring Contract Following OPM Breach
Not really exploding, but “self-destructing.”
What great fun for my Ethical Hacking students.
Exploding
Chip Could Thwart Cyberthieves
Researchers at Xerox PARC
have developed a self-destructing mechanism for microchips embedded
on a hardened glass surface.
The glass can self-destruct upon command and could
be used to secure personal data such as health and banking records.
It also can be used to destroy encryption keys stored on memory chips
in standard consumer, enterprise and government electronic devices.
The research is part of the Defense Advanced
Research Projects Agency's Vanishing Programmable Resources project.
I still don't have (need?) a smartphone.
In North Carolina, where the State Court of
Appeals relied on Third Party Doctrine, the answer is no.
The Free Press reports:
Should you be suspected of a crime, the state Court of Appeals – in an opinion released Tuesday – ruled law enforcement can discover where you are through your mobile phone location without needing to obtain a search warrant.
Indeed,
according to the court, obtaining such information isn’t construed
as a search.
Read more on Government
Technology.
h/t, FourthAmendment.com
An unintended consequence or a consequence of
secrecy? This could have firms scrambling. (But doesn't every
country do this?)
EU-US data
flows using “Safe Harbour” may be illegal because of NSA spying
The "Safe Harbour" framework—which is
supposed to ensure data transfers from the EU to the US are legal
under European data privacy laws—does not satisfy the EU's Data
Protection Directive as a result of the "mass, indiscriminate
surveillance" carried out by the NSA. That's the opinion of the
Court of Justice of the European Union (CJEU) Advocate General Yves
Bot, whose views are generally followed by the CJEU when it hands
down its final rulings.
The case was sent to the CJEU by the High Court of
Ireland, after the Irish data protection authority rejected a
complaint from Maximillian Schrems, an Austrian citizen. He had
argued that in light of Snowden's revelations about the NSA, the data
he provided to Facebook that was transferred from the company's Irish
subsidiary to the US under the Safe
Harbour scheme was not, in fact, adequately protected. The
Advocate General Bot agreed
with Schrems that the EU-US Safe Harbour system did not meet the
requirements of the Data Protection Directive, because of NSA
access to EU personal data.
According to the CJEU statement (PDF
link), "the access enjoyed by the United States intelligence
services to the transferred data constitutes an interference with the
right to respect for private life and the right to protection of
personal data, which are guaranteed by the [Charter
of Fundamental Rights of the EU]." Another issue, according
to the Advocate General, was "the inability of citizens of the
EU to be heard on the question of the surveillance and interception
of their data in the United States," which therefore amounts to
"an interference with the right of EU citizens to an effective
remedy, protected by the Charter."
The downside of failure to understand technology.
“Deleted” does not mean “unrecoverable.”
FBI Said to
Recover Personal E-Mails From Hillary Clinton Server
The FBI has recovered personal and work-related
e-mails from the private computer server used by Hillary Clinton
during her time as secretary of state, according to a person familiar
with the investigation.
The Federal Bureau of Investigation’s success at
salvaging personal e-mails that Clinton said had been deleted raises
the possibility that the Democratic presidential candidate’s
correspondence eventually could become public. The
disclosure of such e-mails would likely fan the controversy over
Clinton’s use of a private e-mail system for official business.
[You think?
Bob]
Perspective. The “face” of the news?
Facebook
Ramps Up Its Instant Articles, and the Washington Post Is All In
Last spring Facebook
started hosting stories from the New York Times, BuzzFeed and
other publishers directly on its iPhone app — a move that generated
much chatter and hand-wringing about the Future of Media.
… The Post has also published its full content
on other platforms, like Flipboard. But the move is a symbolic one
for Facebook, which is now one of several platforms that want to host
digital publishers’ stuff.
Snapchat has its Discover feature, Apple
just launched Apple News, and Google
and Twitter are working on an open-source version of the concept
that they are explicitly pitching as a response to Facebook.
Perspective. We abandoned gold, now we abandon
reality?
NY
regulator issues first license for bitcoin company
Circle Internet
Financial, a Boston-based bitcoin startup backed by Goldman Sachs
Group Inc, has received New York's first BitLicense, allowing it to
offer digital currency services in the state.
The BitLicense from the
New York Department of Financial Services is based on the first set
of U.S. state guidelines for companies that operate in virtual
currencies such as bitcoin, which is created and exchanged
independent of banks.
[In case
you want to get in on the ground floor:
http://www.dfs.ny.gov/legal/regulations/adoptions/dfsp200t.pdf
Too nerdy?
'Star Trek'
virtual tour will recreate every deck of the Enterprise
For my Spreadsheet students, but I rarely ask them
to print anything. Paper is so “Age of the Pharaohs.”
How to
Print an Excel Spreadsheet on One Single Page
For all my students.
How
to Learn Anything New with 5 Sure-Fire Tips
To my horror, I discovered that some of my
students (and not just the International students) did not know who
Yogi Berra was!
On getting enough rest:
“I usually take a two-hour nap from one to
four.”
On "fan" mail:
“Never answer an anonymous letter.”
On education:
“I’m not going to buy my kids an encyclopedia.
Let them walk to school like I did.”
“You can observe a lot by watching.”
On the future:
“The future ain’t what it used to be.”
On travel:
“If you don’t know where you are going, you
might wind up someplace else.”
“Why buy good luggage, you only use it when you
travel.”
“The towels were so thick there I could hardly
close my suitcase.”
“When you come to a fork in the road, take it.”
On social life:
"Nobody goes there anymore, it's too
crowded."
“It gets late early out here.”
On youth sports:
“I think Little League is wonderful. It keeps
the kids out of the house.”
On the human anatomy:
“I don’t know (if they were men or women fans
running naked across the field). They had bags over their heads.”
On receiving advice:
“Take it with a grain of salt.”
On weather:
“It ain’t the heat, it’s the humility.”
On finance:
“A nickel ain’t worth a dime anymore.”
On baseball:
“In baseball, you don’t know nothing.”
“We made too many wrong mistakes.”
“So I’m ugly. I never saw anyone hit with his
face.”
“If the people don’t want to come out to the
ballpark, nobody’s going to stop them.”
“Baseball is 90 percent mental. The other half
is physical.”
“All pitchers are liars or crybabies.”
“We were overwhelming underdogs.”
“Bill Dickey is learning me his experience.”
“He hits from both sides of the plate. He’s
amphibious.”
“I always thought that record would stand until
it was broken.”
“I can see how he (Sandy Koufax) won 25 games.
What I don’t understand is how he lost five.”
“I want to thank everyone for making this night
necessary.”
On being thought of as a philosopher:
"I didn't really say everything I said."
On death:
“You should always go to other people’s
funerals, otherwise, they won’t come to yours.”
No comments:
Post a Comment