It could happen here.
Parliament
HACKED: Sensitive data STOLEN, used to hold MP to ransom
Cybercrooks hacked into parliament's secure
network and compromise several computers, The Times has
claimed.
The hackers unearthed confidential documents
relating to MP for Newcastle upon Tyne Central, Chi Onwurah – the
shadow digital minister – and her employees.
The hack is the first report of a successful
cyberattack against the secure parliament network, which is used
internally used government employees.
It comes amid fears hackers are winning the
cyberarms race against public bodies and companies, like Talk Talk –
which was successfully hacked earlier this month with devastating
consequences.
According to The Times report, the
attackers used a cryptolocker virus to lock confidential files from a
shared drive on the parliament network.
Once locked, the virus displayed a random note to
the MP with a telephone number and instructs to pay a ransom to
unlock the sensitive files.
… The Parliamentary Digital Service (PDS)
seized all of the Ms Onwurah's computers and cut off her connection
to shared drive.
Her hard
drives were then wiped and replaced, The Times
confirmed. [How good are
your backups? Bob]
From the helpful IRS? “Give us a month to tell
you we got your letter and are considering a response.”
Those who are victims of identity theft for tax
refund fraud face numerous challenges. One of them is that should
the victim attempt to obtain a copy of the fraudulent return to get
information on the identity thief, the IRS refuses to release it –
for privacy reasons! That may be changing, though. Keri Geiger
and Margaret Collins report:
The Internal Revenue Service has introduced a formal policy to assist identity-theft victims in getting copies of bogus tax returns filed in their name.
[…]
The IRS, which posted instructions for fraud victims on its website for the first time this month, said it would acknowledge requests for copies of returns within 30 days and respond within 90 days. Due to strict IRS privacy laws, some of the information will be redacted to prevent fraud.
Read more on Bloomberg.
[From
the article:
Many of the identity thefts resulted from thieves
getting past security
filters on the agency’s website, according to the IRS.
That allowed them to gain access to past tax returns, which contained
the information they needed to file fake returns. In August, the IRS
said it identified an additional
220,000 taxpayers whose information may have been compromised.
The new policy, detailed on the IRS website,
lets taxpayers request a copy of a fraudulent return by mailing a
letter to the IRS and including information such as their Social
Security number and proof of identity like a copy of a driver’s
license or passport.
It's like having Mark Zuckerberg looking over your
shoulder.
Facebook
Photo Magic Goes Through Your Camera Roll And Recognizes Your
Friends’ Faces
Facebook has confirmed it is launching a new
feature for Messenger that uses facial recognition technology to
automatically detect friends' faces in a photo and notifies the user
to share the photo with those friends.
The feature, called Photo Magic, goes
through users' camera roll and tries to recognize the
faces of friends in photos. For instance, if a user takes a quick
snap with friends at a party, Photo Magic will instantly check out
the most recent photo and determine which Facebook friends are
included in that photo before sending a notification to share that
photo.
"If you get a new picture, whether you took
that picture in your camera app or in a different app, and it goes to
your camera roll, then we'll face detect on that picture," Peter
Martinazzi, product manager for Facebook Messenger, says.
"Then we'll send you the local notification for you to send
that photo [to friends] if you want to."
(Related)
Facebook
told by Belgian court to stop tracking non-users
A court has given Facebook 48 hours to stop
tracking people in Belgium who are not members of its social network.
Facebook says it will appeal against the decision
and that the order relates to a cookie it has used for five years.
The cookie is installed when an internet user
visits a Facebook page even if they are not members.
However, the Belgian court said that the company
was obliged to obtain consent to collect the information being
gathered.
"The judge ruled that this is personal data,
which Facebook can only use if the internet user expressly gives
their consent, as Belgian privacy law dictates," it said in a
statement.
Fortunately, the court specified exactly what
“improvements” were needed. Or am I wrong?
EFF – NSA
Ordered to Stop Collecting, Querying Plaintiffs’ Phone Records
by Sabrina
I. Pacifici on Nov 9, 2015
EFF news release: “Affirming his previous ruling
that the NSA’s telephone records collection program is
unconstitutional, a federal judge ordered
the NSA to cease collecting the telephone records of an individual
and his business. The judge further ordered the NSA to segregate any
records that have already been collected so that they are not
reviewed when the NSA’s telephone records database is queried. The
order comes 20 days before the NSA program is set to expire pursuant
to the USA FREEDOM Act. United States District Judge Richard Leon
issued the order
in Klayman
v. Obama, a case in which EFF appeared
as amicus curiae. Judge Leon ruled in December 2013 that the
program
was unconstitutional because it violated the 4th Amendment’s
prohibition on unreasonable searches. But the US Court of Appeals
for the DC Circuit sent
the case back to him when it held that the plaintiffs in the case
did not have standing to sue because they were Verizon Wireless
customers, not Verizon Business Network Services (VBNS) customers,
and the latter is the only provider the US government has
acknowledged participated in the program. The plaintiff then amended
the complaint and added two more plaintiffs, J.J. Little and his firm
J.J. Little & Associates, P.C., both of which are long-standing
VBNS customers.”
(Related)
Robert D. Fram, Simon J. Frankel and Amanda C.
Lynch of Covington & Burling write:
For most substantial companies, it is said, experiencing a data breach is not a matter of “if,” but “when.” Particularly when a company is consumer-facing, any publicized data breach is likely to be followed by consumer class action lawsuits.
For several years, Covington and other litigation defense teams have succeeded in obtaining dismissals of class action privacy and security lawsuits at an early stage because named plaintiffs have failed to prove sufficient actual harm to merit standing to sue. And we are engaged in briefing how the law of standing will be addressed by the U.S. Supreme Court in its next term in the case of Robins v. Spokeo Inc., 742 F.3d 409 (9th Cir. 2014), cert.granted, 135 S. Ct. 1892 (Apr. 27, 2015) (No. 113-1339).1
This article addresses how courts approach standing in data breach cases following the Supreme Court’s decision in Clapper v. Amnesty International, 133 S. Ct. 1138 (2013), and analyzes which alleged injuries are more likely to be durable in the face of a motion to dismiss.
Read more on Bloomberg
BNA.
Could this be related to the article above?
Lawmakers
ask agencies to reveal use of phone surveillance technology
Lawmakers on the House Oversight Committee sent
letters Monday to the heads of 24 federal agencies seeking answers
about the use of a controversial surveillance technology.
The devices, known by the brand name “StingRay,”
simulate a cell phone tower and are able to collect information on
mobile phones and their users. Lawmakers say they are trying to
create a comprehensive record of how different federal agencies use
the devices.
On the other hand…
Julian Hattem reports:
The Supreme Court on Monday declined to take up a closely watched case over whether police need a warrant to obtain records about people’s locations based on their cellphones, the latest chapter in an ongoing debate about how privacy laws apply to evolving technology.
The decision by the nation’s high court to pass on the case, Davis v USA, comes as a blow to privacy advocates who had pressed the justices to overturn an appeals court’s determination that a warrant is not necessary for the searches.
As is typical, the Supreme Court did not offer any justification in declining to take up the case on Monday.
Read more on The
Hill.
[From
the article:
Earlier this year, the 11th Circuit
Court of Appeals declared that police did not violate the
Constitution when they obtained 67 days' worth of records about the
location of Quartavious Davis based on his cellphone calls. Based in
part on those records, Davis was convicted earlier this year of seven
armed robberies over the course of two months in 2010.
Why not?
Code.org, a non-profit organization that provides
free online tailored coding lessons for children in kindergarten all
the way up to high school, recently held its annual Hour of Code
event. In conjunction with the yearly event, Code.org introduced a
new tutorial, Star Wars: Building a Galaxy with Code.
… All of the commands needed to move the bots
are already listed as blocks and all that's needed are for children
to drag and drop them to create a chain of commands. After the basic
course with blocks is completed, Javascript, which involve BB-8's
materials, will then be introduced. If the written code fails, the
stage will reset. If they succeed, they'll be able to proceed to the
next stage. Needless to say, the coding gradually intensifies as the
level gets higher. The tutorial is meant to be taken by children who
are 11 years old and above. Nevertheless, it's never too late or too
early to learn the basics of coding.
For my programming students.
… Today we’re proud to announce the open
source release of TensorFlow
-- our second-generation machine learning system
(see the whitepaper
for details of TensorFlow’s programming model and implementation).
No comments:
Post a Comment