Thursday, January 07, 2016

...and eventually it will be your company, Computer Security students. Interesting that the FBI had to tell them about the passwords being on the Dark Net, but they immediately knew for certain that they had not been breached.
Another Day, Another Hack: Up to 320,000 Time Warner Cable Email Passwords
US telecoms company Time Warner Cable Inc announced on Wednesday that up to 320,000 customers could have had their email and password details stolen, Reuters reports.
According to the news wire, Time Warner Cable said that no evidence of a breach was found in the company's systems. Instead, the details may have been obtained by directly targeting customers themselves, perhaps through phishing emails or malware, or by reusing credentials obtained via a data breach of another company. A Time Warner Cable spokesperson told Reuters the company was notified of the issue by the FBI.




So by default they were secure, but they changed it to be less secure. What genius made that decision?
Greg Otto reports:
Nearly 12,000 Interior Department laptops are inadequately protected against the theft of personally identifiable information due to poorly configured software.
In a management advisory obtained by FedScoop, the department’s Deputy Inspector General Mary Kendall wrote that a large number of laptops have their full-disk encryption software configured to run post-boot user authentication, which can be hacked relatively easily. Interior laptops were previously set to run pre-boot authentication, the software’s default setting and the one recommended by the National Institute of Standards and Technology.
Read more on FedScoop.




Too big to care?
Doug Drinkwater reports what regular readers have likely already noticed: following a data breach, customers are upset, some will be reluctant to do business again with the entity, there may be brand or reputation damage to the firm, but big businesses survive and will continue to grow or rebound. So there may or may not be reputation damage, but even if there is, it hasn’t turned out to be as impactful as previous surveys and clarion calls might suggest.
Although incident response impacts reputation damage, reputation damage may not be as damaging to the bottom line as companies had been told to fear.
Read more on CSO. They’re only talking about big corporations (not surprisingly). What about small businesses? Do they rebound or do they fold? Over the years, I’ve reported on some cases where a business did not recover from a breach and folded. And recently, I reported on two data exposures where neither company has as yet recovered and it appears at least one of them has just disappeared.




I have nothing to hide.
Oscobo is a UK-based search engine trying to appeal to the privacy-conscious folks who do not want to be tracked. From their privacy policy:
It’s pretty simple really. We are on your side. We will NOT store or mess around with your personal data.

What we don’t do…

We DO NOT store ANY data on our users:

NOT when you use our site.
NOT when you leave.
NOT when you type words in the search box.
NOT when you come back.

No cookies, No tracking, No IP, nuttin…., zip…, nada….

We DO NOT know WHO you are, WHERE you have been or where you are GOING and we certainly DO NOT compile any profiles.





Set the fine low, settle fast, claim that a lot of victories proves you are a champion of the people!
I’m not seeing any press release from NYS Attorney General Schneiderman’s office yet, but Kenneth Lovett of the NY Daily News reports that Uber has settled two probes stemming from both its “God View” privacy breach scandal and delayed notification of a breach involving drivers’ information.
In addition to paying the $20,000 fine to settle both probes, Uber, whose latest valuation was $62.5 billion, voluntarily agreed to comply with a number of provisions, according to a source who read the agreement.
[…]
Uber also agreed to encrypt rider geo-location information and adopt “multi-factor authentication” that would be required before an employee could access riders’ personal information.
In addition, the company formally agreed to conduct annual privacy and security training for employees, designate someone to supervise a privacy and security program, and maintain reasonable security practices, the source said.
Read more on the NY Daily News.
Attorney General Schneiderman seems to be going lightly with monetary penalties. His recent settlement with U. of Rochester over another breach involved a $15,000 penalty. It looks like he’s trying to make a point and is more focused on correction rather than punitive measures.




But sometimes, you have to fight. What constitutes the “line” that Turkey crossed?
Twitter files lawsuit against Turkish fine over 'terrorist propaganda': source
Micro-blogging site Twitter filed a lawsuit in an Ankara court on Thursday, seeking to annul a fine by the Turkish authorities for not removing content Turkey says is "terrorist propaganda", a source familiar with the case told Reuters.
A Turkish official said much of the material in question was related to the Kurdistan Workers Party (PKK) which Ankara deems as a terrorist organization.
… Ankara has taken a tough stance on social media under President Tayyip Erdogan and the ruling AK Party he founded. It has temporarily banned access to Twitter site several times in the past for failing to comply with requests to remove content.
But the 150,000 lira ($50,000) fine, imposed by the BTK communications technologies authority, was the first of its kind by Turkish authorities on Twitter.
Twitter, in its lawsuit, is arguing that the fine is against the law and should be annulled, the source said.




My Data Management class was arguing about this yesterday. (This could be a fun Quarter)
Groups press Facebook to stop ‘disingenuous’ advocacy in India
Dozens of Internet rights groups are pressing Facebook to clean up its “unfounded and divisive” advocacy in India around Free Basics, the social media company’s program to offer limited Internet access for free.
The groups believe the program is at odds with net neutrality. And in an open letter to Facebook CEO Mark Zuckerberg, they accuse Facebook of making “disingenuous” claims that the opposition is coming from a small group of critics.
… Facebook’s program is a partnership between the social media company and a number of mobile carriers to bring Internet access to many unconnected parts of the world. In a process known as zero-rating, the Free Basics app allows mobile phone users to have free access to dozens of different websites, including news and jobs sites, Bing search, Wikipedia, ESPN, ACCuWeather, Facebook and others.
The program has faced an uphill battle in India since being unveiled last year. Many argue the plan goes against net neutrality, the principle that no Internet traffic or app should be prioritized above another. And the business model of zero-rating — or exempting certain Internet traffic from data caps — is a controversial topic that is still being debated in the United States.
… UPDATE 3:19 p.m. — A Facebook Spokesperson responded: "We respect the authors of the letter, but strongly disagree with their facts and conclusions. First, in the only nationally representative poll conducted in India, 86% of Indians support free basics. Those who aren’t connected want inexpensive, innovative new opportunities to come online. Second, there is no credible evidence that this program discourages access to the full internet — indeed, data from more than 35 countries suggests the opposite. We do not believe it makes sense to halt a program that accelerates economic development for those most in need. Third, the Free Basics program does not discriminate between content providers. The program has transparent technical requirements and any service that meets them can participate. Fourth, while we share the signers' commitment to net neutrality, we do not believe this important principle was ever intended to deprive poor people of the opportunity to experience the benefits of basic Internet services. Finally, regulators around the world who have looked at this issue have concluded that these types of programs can exist alongside strong net neutrality rules."




Because symptoms are easier to address than causes. Even if they can't articulate their concern, they do know owning a gun makes them feel safer than anything politicians do.
Gun Stocks Surge As Obama Issues Executive Orders On Gun Safety
… So in the wake of President Obama’s efforts to strengthen existing gun laws, guns and ammo stocks are once again jumping.
Shares of Sturm, Ruger & Co jumped 6.8% in Tuesday trading, hitting their highest level in a full year. The 164-year-old Smith & Wesson, meanwhile, saw its stock surge more than 12% and reach its highest price since July of 2007.




Can China lead us into a recession? I kind of doubt it. Not likely to bring down the government either.
World stock markets slide as panic in China spreads
… China’s share market traded for less than 30 minutes Thursday, slumping 7 percent before triggering the second emergency market closure this week and generating talk of a crisis.
In Europe, the FTSE 100 index fell 2.5 percent in early London trading, while Germany's Dax index slipped 3.5 percent. In overnight trading, Standard & Poor’s 500-stock index futures in the United States were 2.2 percent lower.
Against a backdrop of a weak economy and, some argue, an overvalued currency, confidence in China had long been in short supply. But investors also blamed ill-considered and poorly explained moves by the authorities for fueling the panic this week.




Perspective. (Note that China was left out)
At CES, Netflix Adds Over 130 Countries to Streaming Service
… Yet one major region on Netflix’s world map remains dark: China, home to nearly a quarter of the world’s broadband households. And in many of the 190 countries where Netflix now is available — including Turkey, Russia and Poland — the service is available in English, but not the local language.
“We still have a lot of work to do,” Reed Hastings, chief executive of Netflix, said in a telephone interview Wednesday afternoon. “Because of the number of countries, it seems like we are ahead of plan. But we still have China — we still have a quarter of the world to go.”




Want to bet that Congress jumps on this? 'cause everyone else is betting it will sink without a ripple.
This is absolutely disgraceful. Morgan Chalfant reports:
More than 40,000 backlogged mail packages of veterans’ disability claims material were discovered at a VA regional office in Florida, according to a new report from the VA inspector general.
Investigators also found more than 1,600 boxes of unprocessed veterans’ claims material at a scanning facility with which the St. Petersburg, Florida, regional office was contracting.
Read more on Washington Free Beacon.




Looks like hours of fun!
The New York Public Library's Remarkable New Digital Collection
… The New York Public library has digitized more than 187,000 images, all in the public domain—meaning they’re freely available for anyone to use.




Is Dilbert pointing out the major difference between my students and the managers they will work for?

No comments: