Friday, November 06, 2015

For my Computer Security students. Faster is better, but take time to confirm your sources.
Fraudulent Stock Tweets Result In Civil and Criminal Charges For Scottish Man
A Scottish man is facing civil and criminal charges for allegedly tweeting multiple false statements about two companies that caused significant drops in the stock prices of those companies and even triggered a trading halt in one of the companies. James Alan Craig, 62, is a Scottish resident who is accused of creating two Twitter accounts that closely resembled two well-known established securities research firms in an effort to profit from an anticipated downward movement in the stock prices when the tweets became publicized. In parallel actions announced today, both the Securities and Exchange Commission and the Department of Justice announced civil and criminal charges, respectively, against Craig. Ironically, Craig’s attempt to profit from the false tweets ultimately netted him less than $100.




The incompetence continues. Significantly overstating the scope of a breach is almost as bad as understating. You might frighten customers, board members, or stockholders into overreacting.
TalkTalk hack 'affected 157,000 customers'
TalkTalk has given more details of the cyber-attack on its website, saying nearly 157,000 of its customers' personal details were accessed.
More than 15,600 bank account numbers and sort codes were stolen, the company said.
… Since news of the cyber-attack emerged, TalkTalk shares have lost about a third of their value.
The firm said 4% of TalkTalk customers have sensitive data at risk. It confirmed that scale of the attack was "much more limited than initially suspected".




Also for my Computer Security students. You need to keep a snapshot of your digital environment for a long, long time.
Two breaches seemed small and innocuous at the time, but weren’t. A timely reminder why entities should notify even when they think risk is low.
Thomas Fox-Brewster reports:
In 2009 and 2010 two separate attacks hit widely-used online gambling payments processors Moneybookers and Neteller. Though they initially appeared innocuous, it now seems both attacks saw millions of users’ private data – addresses, emails, telephone numbers, birth dates and, in the case of Neteller, answers to password hints – fall into criminal hands. The details are only now being made public by Optimal Payments, the London-based owner of both Moneybookers (now Skrill) and Neteller, after disclosure from FORBES. The company is now reinvestigating the hacks and the possibility of further breaches.
Read more on Forbes.




“We're gonna do this, even if we don't exactly know what all this stuff means.”
Brian Fung reports:
In the first such case against a U.S. cable company, federal regulators are slapping Cox Communications with a $595,000 fine after Cox allowed hackers from Lizard Squad to penetrate its systems and steal private customer information.
By posing as an IT administrator and tricking a couple of Cox employees into giving up their login credentials, a hacker known as “EvilJordie” broke into Cox’s databases and gained access to customer names, addresses, password recovery information and even “partial” Social Security numbers and driver’s license numbers, according to the Federal Communications Commission. They also got hold of some customers’ telephone records.
Read more on Washington Post.


(Related)
FCC to tackle broadband privacy in 'next several months'
The Federal Communications Commission (FCC) will take on the issue of online privacy in the “next several months,” Chairman Tom Wheeler said during an interview with Charlie Rose this week. 
He said the agency’s action would address the privacy practices of Internet service providers and how they are protecting the information of their customers.
“In other words, do I know what information is being collected?” he said. “Do I have a voice in whether or not that is going to be used one way or another? And those are two very important baseline rights that individuals ought to have.”
At another point he said, “I’ve told the Congress and others you will see us in the next several months addressing the question of privacy.”




Is this likely? Wouldn't we need a much faster way to approve warrants? Is “watching for accidents at rush hour” surveillance?
House bill would require warrants for aerial surveillance
A House bill introduced on Thursday would require federal law enforcement officials to get a warrant if they want to conduct aerial surveillance inside the country.
It would also forbid them from identifying people who are inadvertently captured by aerial surveillance.




“Gosh, we never thought of that!” Is there no generic statement in their acceptable use policy? “Thou shalt not do non-medical things with thy personal devices?”
Amy Corderoy reports:
Brieana Rose (not her real name) could not have been more vulnerable. Unconscious on an operating table, having gynaecological surgery to see whether she had cancer.
She could never have known that one of the people charged with looking after her would instead take advantage of her, violating her trust by taking a photo of her genitalia and showing the photo to others.
The experience has not only taken a financial and emotional toll, but it has revealed a huge gap in medical and privacy law in NSW.
[…]
The nurse left the hospital and was hired by another, and currently has nothing on her publicly available record to indicate what she did. Brieana was also unable to legally force her to provide her phone for forensic analysis – because that would be a violation of the nurse’s privacy – and the hospital had no control over their former employee.
This is a disgusting situation, and yes, the laws in NSW need to change. Not only does the nurse need to be disciplined by her licensing board, but the patient should have the right to sue for the privacy violation and emotional distress caused.
Read more about what happened on Sydney Morning Herald.
[From the article:
Ms McLay said another complication was that the nurse took the image on a private phone, so it was not covered by laws governing medical records. [That's a pretty glaring hole in the law. Bob]




If nothing else, it might skew public perceptions – “government says there is a lot of crime, but there's nothing on the internet!”
Sofia Fontanals and Samara Schaar write:
On 15th October 2015 the Spanish Supreme Court handed down its first ruling[1] on the so-called digital “right to be forgotten” in which it states that harmful information affecting individuals without public relevance should not be accessible to Internet search engines when the news has lost relevance over time.
The background of the case
The decision of the Court is based on the following facts: in the 1980s two people were involved in drug-trafficking and consumption. After being arrested, they were finally convicted for drug smuggling and imprisoned. A few years ago, after having served their sentence imposed for these facts and having remade their personal, family and professional life, they found out that by typing their names in the major Internet search engines (particularly, Google and Yahoo!), the news that once was published in a newspaper (El PaĆ­s) now appeared among the first search results, because such newspaper had digitized their library.
Read more on Datonomy.eu.


(Related) “Forget all that bad stuff! Loan me lotsa money.”
AJC reports:
…According to a report by the Financial Times, some of the top credit rating companies are now using people’s social media accounts to assess their ability to repay debt. So if you want to be able to qualify for a loan and borrow money, this is just another reason to avoid saying certain things on Facebook.
“If you look at how many times a person says ‘wasted’ in their profile, it has some value in predicting whether they’re going to repay their debt,” Will Lansing, chief executive at credit rating company FICO, told the FT. “It’s not much, but it’s more than zero.”
Read more on AJC.




Negotiating treaties like it's the 1890s?
TPP Trade Agreement Slammed For Eroding Online Rights
The full text of the Trans Pacific-Partnership (TPP) international trade agreement — some eight years in the negotiating — was published online earlier today (in a version marked “subject to legal review”), after agreement was reached between the 12 countries early last month, which include the U.S., Australia, Canada, Japan and New Zealand.
The text still needs to be ratified in the individual countries before the treaty becomes binding.
“The E-Commerce chapter has serious implications for online privacy,” said Peter Maybarduk, of non-profit consumer rights organization, Public Citizen, in a statement on TPP. “The text reveals that policies protecting personal data when it crosses borders could be subject to challenge as a violation of the TPP.”
Public Citizen says the agreement puts a requirement on countries to allow unregulated cross-border transfer of Internet users’ data and prohibits governments from requiring companies host data on local servers — with what it says is no express protection for privacy and data protection policies to be exempted from the rules.




Eventually, everyone will move to a single fiber optic cable (owned by the city?) that delivers TV, phone, Internet and any other digital signals (like burglar alarms)
Time Warner Cable takes baby step toward more affordable pay-TV service
… The head of the company announced last week that Time Warner will test an online service that gets rid of the cable box and could pave the way for introduction of smaller, more affordable programming packages.
… The no-box test is expected to begin next week in New York, a Time Warner spokesman told me. People with a Roku streaming-video device will be able to access Time Warner's programming via an app similar to Netflix's or Hulu's.




Can we live without email? An interesting article.
The Post-Email Organization
How social media can help employees perform better.




I have graduate students who still make these mistakes! I'll link to this article in each of my classes.
Your Microsoft Word Skills Suck




Dilbert illustrates the usefulness of non-textual communications.


No comments: