Tuesday, November 10, 2015

It could happen here.
Parliament HACKED: Sensitive data STOLEN, used to hold MP to ransom
Cybercrooks hacked into parliament's secure network and compromise several computers, The Times has claimed.
The hackers unearthed confidential documents relating to MP for Newcastle upon Tyne Central, Chi Onwurah – the shadow digital minister – and her employees.
The hack is the first report of a successful cyberattack against the secure parliament network, which is used internally used government employees.
It comes amid fears hackers are winning the cyberarms race against public bodies and companies, like Talk Talk – which was successfully hacked earlier this month with devastating consequences.
According to The Times report, the attackers used a cryptolocker virus to lock confidential files from a shared drive on the parliament network.
Once locked, the virus displayed a random note to the MP with a telephone number and instructs to pay a ransom to unlock the sensitive files.
… The Parliamentary Digital Service (PDS) seized all of the Ms Onwurah's computers and cut off her connection to shared drive.
Her hard drives were then wiped and replaced, The Times confirmed. [How good are your backups? Bob]




From the helpful IRS? “Give us a month to tell you we got your letter and are considering a response.”
Those who are victims of identity theft for tax refund fraud face numerous challenges. One of them is that should the victim attempt to obtain a copy of the fraudulent return to get information on the identity thief, the IRS refuses to release it – for privacy reasons! That may be changing, though. Keri Geiger and Margaret Collins report:
The Internal Revenue Service has introduced a formal policy to assist identity-theft victims in getting copies of bogus tax returns filed in their name.
[…]
The IRS, which posted instructions for fraud victims on its website for the first time this month, said it would acknowledge requests for copies of returns within 30 days and respond within 90 days. Due to strict IRS privacy laws, some of the information will be redacted to prevent fraud.
Read more on Bloomberg.
[From the article:
Many of the identity thefts resulted from thieves getting past security filters on the agency’s website, according to the IRS. That allowed them to gain access to past tax returns, which contained the information they needed to file fake returns. In August, the IRS said it identified an additional 220,000 taxpayers whose information may have been compromised.
The new policy, detailed on the IRS website, lets taxpayers request a copy of a fraudulent return by mailing a letter to the IRS and including information such as their Social Security number and proof of identity like a copy of a driver’s license or passport.




It's like having Mark Zuckerberg looking over your shoulder.
Facebook Photo Magic Goes Through Your Camera Roll And Recognizes Your Friends’ Faces
Facebook has confirmed it is launching a new feature for Messenger that uses facial recognition technology to automatically detect friends' faces in a photo and notifies the user to share the photo with those friends.
The feature, called Photo Magic, goes through users' camera roll and tries to recognize the faces of friends in photos. For instance, if a user takes a quick snap with friends at a party, Photo Magic will instantly check out the most recent photo and determine which Facebook friends are included in that photo before sending a notification to share that photo.
"If you get a new picture, whether you took that picture in your camera app or in a different app, and it goes to your camera roll, then we'll face detect on that picture," Peter Martinazzi, product manager for Facebook Messenger, says. "Then we'll send you the local notification for you to send that photo [to friends] if you want to."


(Related)
Facebook told by Belgian court to stop tracking non-users
A court has given Facebook 48 hours to stop tracking people in Belgium who are not members of its social network.
Facebook says it will appeal against the decision and that the order relates to a cookie it has used for five years.
The cookie is installed when an internet user visits a Facebook page even if they are not members.
However, the Belgian court said that the company was obliged to obtain consent to collect the information being gathered.
"The judge ruled that this is personal data, which Facebook can only use if the internet user expressly gives their consent, as Belgian privacy law dictates," it said in a statement.




Fortunately, the court specified exactly what “improvements” were needed. Or am I wrong?
EFF – NSA Ordered to Stop Collecting, Querying Plaintiffs’ Phone Records
by Sabrina I. Pacifici on Nov 9, 2015
EFF news release: “Affirming his previous ruling that the NSA’s telephone records collection program is unconstitutional, a federal judge ordered the NSA to cease collecting the telephone records of an individual and his business. The judge further ordered the NSA to segregate any records that have already been collected so that they are not reviewed when the NSA’s telephone records database is queried. The order comes 20 days before the NSA program is set to expire pursuant to the USA FREEDOM Act. United States District Judge Richard Leon issued the order in Klayman v. Obama, a case in which EFF appeared as amicus curiae. Judge Leon ruled in December 2013 that the program was unconstitutional because it violated the 4th Amendment’s prohibition on unreasonable searches. But the US Court of Appeals for the DC Circuit sent the case back to him when it held that the plaintiffs in the case did not have standing to sue because they were Verizon Wireless customers, not Verizon Business Network Services (VBNS) customers, and the latter is the only provider the US government has acknowledged participated in the program. The plaintiff then amended the complaint and added two more plaintiffs, J.J. Little and his firm J.J. Little & Associates, P.C., both of which are long-standing VBNS customers.”


(Related)
Robert D. Fram, Simon J. Frankel and Amanda C. Lynch of Covington & Burling write:
For most substantial companies, it is said, experiencing a data breach is not a matter of “if,” but “when.” Particularly when a company is consumer-facing, any publicized data breach is likely to be followed by consumer class action lawsuits.
For several years, Covington and other litigation defense teams have succeeded in obtaining dismissals of class action privacy and security lawsuits at an early stage because named plaintiffs have failed to prove sufficient actual harm to merit standing to sue. And we are engaged in briefing how the law of standing will be addressed by the U.S. Supreme Court in its next term in the case of Robins v. Spokeo Inc., 742 F.3d 409 (9th Cir. 2014), cert.granted, 135 S. Ct. 1892 (Apr. 27, 2015) (No. 113-1339).1
This article addresses how courts approach standing in data breach cases following the Supreme Court’s decision in Clapper v. Amnesty International, 133 S. Ct. 1138 (2013), and analyzes which alleged injuries are more likely to be durable in the face of a motion to dismiss.
Read more on Bloomberg BNA.




Could this be related to the article above?
Lawmakers ask agencies to reveal use of phone surveillance technology
Lawmakers on the House Oversight Committee sent letters Monday to the heads of 24 federal agencies seeking answers about the use of a controversial surveillance technology.
The devices, known by the brand name “StingRay,” simulate a cell phone tower and are able to collect information on mobile phones and their users. Lawmakers say they are trying to create a comprehensive record of how different federal agencies use the devices.




On the other hand…
Julian Hattem reports:
The Supreme Court on Monday declined to take up a closely watched case over whether police need a warrant to obtain records about people’s locations based on their cellphones, the latest chapter in an ongoing debate about how privacy laws apply to evolving technology.
The decision by the nation’s high court to pass on the case, Davis v USA, comes as a blow to privacy advocates who had pressed the justices to overturn an appeals court’s determination that a warrant is not necessary for the searches.
As is typical, the Supreme Court did not offer any justification in declining to take up the case on Monday.
Read more on The Hill.
[From the article:
Earlier this year, the 11th Circuit Court of Appeals declared that police did not violate the Constitution when they obtained 67 days' worth of records about the location of Quartavious Davis based on his cellphone calls. Based in part on those records, Davis was convicted earlier this year of seven armed robberies over the course of two months in 2010.




Why not?
Princess Leia And Rey Will Teach Your Kids How To Code: Star Wars Joins Hour Of Code Tutorials
Code.org, a non-profit organization that provides free online tailored coding lessons for children in kindergarten all the way up to high school, recently held its annual Hour of Code event. In conjunction with the yearly event, Code.org introduced a new tutorial, Star Wars: Building a Galaxy with Code.
… All of the commands needed to move the bots are already listed as blocks and all that's needed are for children to drag and drop them to create a chain of commands. After the basic course with blocks is completed, Javascript, which involve BB-8's materials, will then be introduced. If the written code fails, the stage will reset. If they succeed, they'll be able to proceed to the next stage. Needless to say, the coding gradually intensifies as the level gets higher. The tutorial is meant to be taken by children who are 11 years old and above. Nevertheless, it's never too late or too early to learn the basics of coding.




For my programming students.
… Today we’re proud to announce the open source release of TensorFlow -- our second-generation machine learning system
(see the whitepaper for details of TensorFlow’s programming model and implementation).


No comments: