More like hacker “wanna be”
'Anti-IS
group' claims BBC website attack
… The group, calling itself New World Hacking,
said it had carried out the attack as a "test of its
capabilities".
… "We realise sometimes what we do is not
always the right choice, but without cyber hackers... who is there to
fight off online terrorists?
"The reason we really targeted [the] BBC is
because we wanted to see our actual server power."
Earlier, New World Hacking had said: "It was
only a test, we didn't exactly plan to take it down for multiple
hours. Our servers are quite strong."
… Ownz said his group used a tool called
Bangstresser - created by another US-based "hacktivist" -
to direct a flood of traffic against the BBC, and had supplemented
the attack with requests from its own personal computer servers.
A cautionary tale for my Computer Security
students.
2016
Reality: Lazy Authentication Still the Norm
My PayPal account was hacked on
Christmas Eve. The perpetrator tried to further stir up trouble by
sending my PayPal funds to a hacker gang tied to the jihadist
militant group ISIS. Although the intruder failed
to siphon any funds, the successful takeover of the account speaks
volumes about why most organizations — including many financial
institutions — remain woefully behind the times in authenticating
their customers and staying ahead of identity thieves.
On Christmas Eve morning, I received an email from
PayPal stating that an email address had been added to my account. I
immediately logged into my account from a pristine computer, changed
the password, switched my email address back to to the primary
contact address, and deleted the rogue email account.
I then called PayPal and asked how the perpetrator
had gotten in, and was there anything else they could do to prevent
this from happening again? The
customer service person at PayPal said the attacker had simply logged
in with my username and password, and that I had done
everything I could in response to the attack. The representative
assured me they would monitor the account for suspicious activity,
and that I should rest easy.
Twenty minutes later I was outside exercising in
the unseasonably warm weather when I stopped briefly to check email
again: Sure enough, the very same rogue email address had been added
back to my account. But by the time I got back home to a computer,
my email address had been removed and my password had been changed.
So much for PayPal’s
supposed “monitoring;” the company couldn’t even spot the same
fraudulent email address when it was added a second time.
… In my second call to PayPal, I insisted on
speaking with a supervisor. That person was able to tell me that, as
I suspected, my (very long and complex) password was never really
compromised. The attacker had merely called in to PayPal’s
customer support, pretended to be me and was able to reset my
password by providing nothing more than the last four digits of my
Social Security number and the last four numbers of an old credit
card account.
Might make an interesting student paper: “What
are your employees authorized to do?”
Amy R. Worley writes:
As the year draws to a close, employer claims under the Computer Fraud and Abuse Act (“CFAA”) against departing employees for stealing or otherwise diverting employer information without authorization to do so are dying slow deaths in many federal courts across the nation. As noted over on the Non-Compete and Trade Secrets Report, the U.S. federal circuits are split regarding whether an employee acts “without authorization” under CFAA when he or she steals employer confidential data at or near termination. The Second, Ninth and Fourth Circuits hold that as long as the employee was permitted to be on a computer for any purpose, diversion of employer information is “authorized” under CFAA. In contrast, the First, Fifth, Seventh, and Eleventh Circuits have adopted a broad construction, allowing CFAA claims alleging an employee misused employer information that he or she was otherwise permitted to access.
Now, in North Carolina at least, employers may have better luck under fighting malevolent employees under the North Carolina statutory corollary to CFAA.
Read more on Jackson Lewis Workplace
Privacy, Data Management & Security Report.
What is “appropriate?” What can the software
do and what is inappropriate?
Andrea Castillo reports:
The American Civil Liberties Union recently slammed Fresno Police Department for testing social media screening programs, suggesting police could use them to monitor protest groups and accusing the department of keeping the public in the dark about the testing.
But police say they’ve only been testing services for possible use in monitoring violent crime and terrorism – not for spying on critics. They add that the public will get a chance to weigh in when a final recommendation goes before the City Council.
Read more on The
Fresno Bee.
[From
the article:
Fresno police last year participated in free
trials from the social media monitoring programs Geofeedia, LifeRaft
and Media Sonar. They remain on an extended free trial for Beware, a
data-mining program that includes social media and, upon request,
assigns a “threat rating” to people and addresses.
Fresno activists alerted ACLU representatives
about Beware earlier this year. So the ACLU sent out a Public
Records Act request to find out how the police department was
tracking social media, and got 88
pages of documents in return.
… Casto said social media is currently used
only once officers have the name of a suspect and can look
them up like anyone else would.
“If someone was threatening to bring a gun to a
specific high school or mall we could do a geofence (using Google
maps) and monitor for a gun or mass shooting,” he said. [Doesn't
that contradict the previous sentence? Bob]
Does this kill those “shoplifter identification”
databases? How about known card sharps in casinos?
Wendy Davis reports:
In a first, a federal judge has ruled that a biometric privacy law in Illinois potentially prohibits Web companies from compiling databases of faceprints.
U.S. District Court Judge Charles Norgle in Illinois this week rejected online photo service Shutterfly’s bid to dismiss a lawsuit alleging that it violated the Illinois Biometric Information Privacy Act. That law, which dates to 2008, prohibits companies from storing people’s “biometric identifiers,” including scans of face geometry, without their consent.
Read more on MediaPost.
This could be a game-changer.
In short, “It depends...”
Measuring
Privacy: Using Context to Expose Confounding Variables
by Sabrina
I. Pacifici on Jan 1, 2016
Martin, Kirsten E. and Nissenbaum, Helen,
Measuring Privacy: Using Context to Expose Confounding Variables
(December 31, 2015). Available for download at SSRN:
http://ssrn.com/abstract=2709584
“Past privacy surveys often omit important
contextual factors and yield cloudy, potentially misleading results
about how people understand and value privacy. We revisit two
historically influential measurements of privacy that have shaped
discussion about public views and sentiments as well as practices and
policies surrounding privacy: (1) Alan Westin’s series of surveys
establishing that people in their valuations of privacy persistently
fall into three categories: fundamentalists, pragmatists, and
unconcerned and (2) Pew Foundation’s survey of individuals’
ratings of ‘sensitive’ information. We
find, first, the relative importance of types of sensitive
information on meeting privacy expectations is highly dependent on
the contextual actor receiving the information as well as the use of
information. Respondents differentiate between
contextual, appropriate use of information and the commercial use of
information. Second, Westin’s privacy categories were a relatively
unimportant factor in judging privacy violations of different
scenarios. Even privacy unconcerned respondents rated the vignettes
to not meet privacy expectations on average, and respondents across
categories had a common vision of what constitutes a privacy
violation. While groups differed slightly, contextual factors
explained the tremendous variation within Westin’s groups. In sum,
respondents were highly nuanced in their judgments about information
by taking into consideration the context, actor, and use as well as
the type of information. In addition, respondents had common
concerns about privacy across Westin’s privacy categories.
Significant for public policy we demonstrate that teasing out
confounding variables, reveals significant commonality across
respondents in their privacy expectations. For
firms, our work reveals that respondents’ judgments of privacy
violation are highly sensitive to how the information is shared and
used after disclosure.”
Gosh, does TSA know about this? What does the
Constitution say?
Papers, Please! wants you to know that no matter
what the TSA suggests, you don’t need to show any ID to fly:
We’re quoted in an article today in the New York Times about the Federal government’s efforts to use the threat of denial of air travel to scare state legislators into connecting their state drivers license and ID databases to the distributed national “REAL-ID” database through the REAL-ID “hub” operated by the American Association of Motor Vehicle Administrators (AAMVA).
We welcome the Times’ coverage of this issue. But some readers might be misled by the Times’ headline, “T.S.A. Moves Closer to Rejecting Some State Driver’s Licenses for Travel“.
As Edward Hasbrouck of the Identity Project, who was quoted in the New York Times story, discussed in detail in this presentation earlier this year at the Cato Institute in Washington, the most important thing you need to know about this issue is that you do not — and you will not, regardless of how or when the TSA “implements” the REAL-ID Act — need to show any ID to fly. People fly, legally, every day, without showing any ID, and that will continue to be the case. You have a legal right to fly, and the REAL-ID Act does not and cannot deprive you of that right.
Read more on Papers, Please!
Perspective.
U.S. says
its Internet speeds triple in three-and-a-half years
… The Federal
Communications Commission (FCC) said in a report on Wednesday average
download connection speeds had increased to nearly 31 megabits per
second (Mbps) in September 2014 from about 10 Mbps in March 2011.
… The FCC says
video accounts for more than 60 percent of U.S. Internet traffic, a
figure that may rise to 80 percent by 2019.
… To read the complete 2015 Measuring
Broadband America report, visit:
Inevitable. Pander to the Great Unwashed and
eventually someone will notice the smell.
Qaeda
Affiliate Uses Video of Donald Trump for Recruiting
Al
Qaeda’s branch in Somalia
released a recruitment video on Friday that criticized racism and
anti-Muslim sentiment in the United States and contained footage of
the Republican presidential candidate Donald
J. Trump announcing his proposal
to bar Muslims from entering the country.
Interesting. Because I'm cheap enough to
appreciate free stuff. (And because Winston Churchill is on the
list.)
The Public
Domain Review Class of 2016
by Sabrina
I. Pacifici on Jan 1, 2016
“Founded in 2011, The
Public Domain Review is an online journal and not-for-profit
project dedicated to the exploration of curious and compelling works
from the history of art, literature, and ideas. In particular, as
our name sugggests, the focus is on works which have now fallen into
the public
domain, that vast commons of out-of-copyright material that
everyone is free to enjoy, share, and build upon without restriction.
Our aim is to promote and celebrate the public domain in all its
abundance and variety, and help our readers explore its rich terrain
– like a small exhibition gallery at the entrance to an immense
network of archives and storage rooms that lie beyond…”
-
“Pictured [here] is our top pick of those whose works will, on 1st January 2016, be entering the public domain in many countries around the world. Of the eleven featured, five will be entering the public domain in countries with a ‘life plus 70 years’ copyright term (e.g. most European Union members, Brazil, Israel, Nigeria, Russia, Turkey, etc.) and six in countries with a ‘life plus 50 years’ copyright term (e.g. Canada, New Zealand, and many countries in Asia and Africa) — those that died in the year 1945 and 1965 respectively. As always it’s a sundry and diverse rabble who’ve assembled for our graduation photo – including two of the 20th century’s most important political leaders, one of Modernism’s greatest poets, two very influential but very different musicians, and one of the most revered architects of recent times…”
The fun never stops.
Hack
Education Weekly News
… Happy New Year. From
US News & World Report: “For technology companies in
California, ringing in the New Year will mean adjusting to a new
privacy law that limits how they can collect and use student data.
The data privacy legislation was originally signed into law by Gov.
Jerry Brown in 2014 and goes into effect Jan. 1. It prohibits the
operators of education websites, online services and apps from using
any student’s personal information for targeted advertising or
creating a commercial profile, as well as the selling of any
student’s information.”
No comments:
Post a Comment