Jack Kim reports:
North Korea hacked into more than
140,000 computers at 160 South Korean firms and government agencies, planting
malicious code under a long-term plan laying
groundwork for a massive cyber attack against its rival, police in
the South said on Monday.
South Korea has been on
heightened alert against cyber attacks by the North after Pyongyang conducted a
nuclear test in January and a long-range rocket launch in February that led to
new U.N. sanctions.
The North has always denied
wrongdoing.
Read more from Reuters on Business
Insider.
See also FedScoop
for how U.S. fighter jet blueprints wound up in the breach.
A bad year keeps getting worse?
Paul Wagenseil reports:
If you’re suffering from
data-breach fatigue, tough luck. LeakedSource, the shadowy website that broke
the recent news of the LinkedIn and MySpace breaches,
today (June 13) announced that 51 million account credentials for iMesh, a
defunct file-sharing service, were being sold online.
Read more on Tom’s
Guide.
In its blog post, LeakedSource explains:
iMesh.com (now defunct) was
hacked on September 22nd, 2013. LeakedSource has obtained and added a copy of
this data to its ever-growing searchable repository of leaked data.
Strange that this is now one of the first questions asked
after a mass shooting.
Orlando shooter used Samsung phone: report
FBI Director James Comey on Monday declined to tell
reporters whether the Orlando shooter’s communications were encrypted, but
reports indicate that he likely used an Android device — not an iPhone.
Since
very few Android devices boast stiff encryption, should those reports be
confirmed, investigators would likely be able to access the contents of gunman
Omar Mateen’s device without technical assistance from the manufacturer.
Comey said Monday that investigators know the make of the
phone but that he could not reveal it. [I wonder why? Bob]
A new buzzword. The
trick is to ensure the identifiable data gets deleted after it is merged with
the database.
Apple Touts 'Differential Privacy' Data Gathering Technique
in iOS 10
With the announcement of iOS 10 at WWDC on Monday, Apple
mentioned its adoption of "Differential Privacy" – a mathematical
technique that allows the company to collect user information that helps it
enhance its apps and services while keeping the data of individual users
private.
… Wired
has now published an article on the subject that lays out in clearer detail
some of the practical implications and potential pitfalls of Apple's latest
statistical data gathering technique.
Differential privacy, translated
from Apple-speak, is the statistical science of trying to learn as much as
possible about a group while learning as little as possible about any
individual in it. With differential
privacy, Apple can collect and store its users' data in a format that lets it
glean useful notions about what people do, say, like and want. But it can't extract anything about a single,
specific one of those people that might represent a privacy violation. And neither, in theory, could hackers or
intelligence agencies.
Wired notes that the technique claims to have a
mathematically "provable guarantee" that its generated data sets are
impervious to outside attempts to de-anonymize the information. It does however caution that such complicated
techniques rely on the rigor of their implementation to retain any guarantee of
privacy during transmission.
You can read the full article on the subject of
differential privacy here.
(Related) Would
Differential Privacy work here? No. You need the name of the student who borrowed
the book.
Planet Biometrics reports:
Plans by Western Australian high
schools to use fingerprint and other biometric authentication methods for
library loaning and attendance have been criticised by privacy advocates.
Churchlands Senior High School
plans to install biometrics finger scanning for library book withdrawals this
year and Byford Secondary College and Atwell College have used biometrics to
monitor student attendance since 2014.
The plans have been described as
“overkill” by Biometrics Institute privacy expert group chairman Terry Aulich.
Read more on Planet
Biometrics.
So if I get encrypted data I have to treat it exactly like
a particular type of unencrypted data even if I have no way of knowing it is
that type of data?
David Zetoony of Bryan Cave writes:
There is no shortage of
data-privacy and security laws in the United States. By our count there are now about 300 state and
federal statutes. They include
breach-notification laws, data-disposal laws, data-safeguard laws, payment card
information-protection laws … the list goes on and on. Many of these laws, and practical strategies
for managing compliance with them, are discussed in a Washington Legal
Foundation Contemporary Legal Notes paper I authored, Data Privacy and Security Practical Guide for In-House Counsel.
Nonetheless the push continues to
be a push for more regulation to make sure that the consumer data held by
companies is secure.
Quantity does not, in this case,
equal quality. In fact, it means the
opposite.
Read more on Lexology to
find out what Zetoony does recommend.
Perhaps my Statistics students could design and execute an
analytics program. It might teach them a
lot!
Jarrett Carter writes:
The concept of academic intrusion
isn’t novel, but the usage of monitoring technology invites a lot of questions
and possibilities for things that can go wrong. Institutions should be extraordinarily careful
not to paint a particular type of student with data points on academic
performance, without the investment in the human resources to help these
students manage the issues which may be causing poor performance.
Factors like how often one visits
the cafeteria or swipes into the library could be indicators of how much time a
student spends on campus, and since national data show more students are opting out of dorms,
they could lead to false correlations.
Read more on EducationDive.
The always mysterious ways of the Justice Department? This article suggests they are coming in on
Facebook’s side. Why?
In “an unusual move,” US government asks to join key EU
Facebook privacy case
The US government has asked to be joined as a party in the
Irish
High Court case between the Austrian privacy activist and lawyer Max
Schrems, and the social network Facebook. In a press release, Schrems
called this "an unusual move."
… Schrems
speculated that the US government has made this move because it wanted to defend its surveillance laws before the European
Courts. "I think this
move will be very interesting," he told Ars. "The US has previously maintained that we
all misunderstood US surveillance."
The Court of Justice of the European Union struck
down the Safe Harbour agreement between the EU and the US largely because
of fears that personal data sent from the EU to the US would be subject to US
surveillance without sufficient safeguards. The latest move seems to be an attempt by the
US government to convince European courts that personal data is adequately
protected when it is transferred to the US.
But as Schrems notes in his press
release, the US government's bold approach carries risks.
… Schrems told Ars
that he hopes to use this unexpected opportunity to grill the US government to
the maximum. "Now they have every
chance to make their point, but we also have every chance to ask questions they
have previously not had to respond to."
… Since the
invalidation of the Safe Harbour framework, many companies have turned to
so-called "model contracts" as a way of ensuring that the data
transfers across the Atlantic comply with EU privacy laws. However, as Schrems points out, "this
shift in the legal basis does not remedy the fact that Facebook is still
subject to US mass surveillance laws and programs, which the CJEU already found
to be conflicting with EU law."
The current
action in the Irish High Court will play a major role in establishing
whether that is the case, which no doubt partly explains the US
government's unusual intervention.
(Related) I think
the previous article got it right.
Justice is not going to like the questions asked about surveillance.
Levi Pulkkinen reports:
The Justice Department has sued
the city of Seattle in an effort to hide details of FBI surveillance efforts in
the city.
Attorneys for the federal
government are seeking a court order preventing the city from releasing Seattle
City Light documents related to FBI-operated surveillance cameras installed on
power poles. In a lawsuit filed Monday,
the U.S. Attorney’s Office contends the information requested through
Washington’s Public Records Act would expose the covert video surveillance
effort.
Read more on Seattle
PI.
Update: And they
got a temporary injunction.
Will pressure from the Feds always outweigh pressure from
the voters?
New Hampshire once had the
strongest protections in the nation for the privacy of its drivers. State officials were explicitly prohibited
from participating in any way with national licensing databases, and neither
photo enforcement nor automated license plate readers (ALPR, also known as
ANPR) could be used, with the exception of license plate readers on toll roads.
Governor Maggie Hassan (D) set a
different course last month as she signed legislation eliminating these
protections.
House Bill 1154 repealed the
existing prohibition on “highway surveillance.” In its place is a blanket authorization
allowing any law enforcement agency in the state to use camera systems to
record the movements of motorists with license plate reader systems. The state attorney general will have the
authority to audit any department’s use of license plate cameras. The revised language, which takes effect July
18, does not authorize the use of red light cameras or speed cameras.
Read more on TheNewspaper.com.
See also TenthAmendmentCenter.com.
[From the
article:
The governor also signed House Bill 1616, which brings the
state in line with the federal driver's license system established under Real
ID. Previous law prohibited any
participation in the national program.
Remember the old days, when I sent you ads when you landed
on my web page?
Yeah, but they became annoying, so I blocked them.
I know, then I had to find software that detected and
avoided you Ad Blocker.
And I found software that detected you Anti-Ad Blocker and
blocked it.
(You can guess the next 600 lines of this dialog.)
The Rise of the Anti-Ad Blockers
As consumer adoption of online ad-blocking tools continues
to grow, publishers and media companies are experimenting with various ways to
limit the impact of ad-blocking on their businesses.
That’s given rise to a new breed of “anti-ad-blockers”, or
technology companies hoping to cash in on the situation by selling software
designed to counteract the effects of ad-blocking.
PageFair, Sourcepoint, Secret Media and Admiral are among
the companies currently in the market pitching publishers that technology. The companies are taking somewhat different
approaches to the issue, but they all promise media companies one thing: to
help recapture revenues lost because of ad-blocking users.
Microsoft is changing its business model and not everyone
is happy. Not sure Bill Gates would
have/could have done this.
Microsoft is adding LinkedIn to its professional network
Microsoft is buying LinkedIn for $26.2 billion
… The two
companies cater to similar customers. Under Nadella's tenure, Microsoft has sought
to become a cloud-computing powerhouse that largely serves businesses. LinkedIn also primarily targets professionals
and is the United States' 11th-largest website by traffic and visitors,
according to the online index Alexa. In a sign of LinkedIn's importance to
corporations, executives have been known to publish blog posts on the platform that
act as
corporate statements.
… LinkedIn is a
major brand name with 433 million users and $3 billion a year in revenue,
according to a
company-wide email that Weiner sent to staff.
… Microsoft
may also capitalize on Lynda.com
— a LinkedIn-owned website offering online courses on everything from big data
to design and marketing — to become a leader in professional development, she
added.
(Related)
4 Reasons Microsoft Wasted $26.2 Billion To Buy LinkedIn
… It fails the
four tests of a successful acquisition.
While the deal certainly rescues LinkedIn from a huge
growth problem that slashed the value of its shares in February, it is unclear
how Microsoft will generate a return on that $26.2 billion investment.
… Here’s why I believe the deal
fails the four tests.
1. Industry is not attractive.
If the industry of business social networking were
attractive, LinkedIn — which is a leader — would likely enjoy the economies of
scale needed to make it profitable. But
the company lost $166 million on $2.9 billion in sales in 2015.
To be sure, LinkedIn considers it unsophisticated for
people to look at its Generally Accepted Accounting Principles (GAAP) net
income. Instead, it wants analysts to
value it based on Earnings Before Interest Taxes Depreciation and Amortization
(EBITDA) which strips out stock-based compensation.
This reveals another fundamental flaw with the industry —
profits are so slim in the industry that LinkedIn must use more stock than
its peers to attract and retain talent. [Worked out pretty good for the talent, didn’t
it? Bob]
2. Combined companies will not be better
off.
There is no scenario I can envision in which the combined
companies will be better off.
While I have no doubt that Microsoft will try to use the
433 million people who have their profiles on LinkedIn to sell them software
and services, there is no reason to believe that Microsoft has the strategic
skills needed to revive LinkedIn’s growth.
3. Microsoft will not earn a positive net
present value on its investment.
To be sure, I have not reviewed the financial projections
on which Microsoft justified paying a near 50% premium for LinkedIn.
But since LinkedIn is losing money, there is little reason
to believe that Microsoft will boost its cash flow — which has fluctuated from negative to positive over the last few years
— enough to earn back the $26.2 billion it is paying.
4. It will be difficult to integrate the two
companies.
How will Weiner continue to be CEO of LinkedIn? Sure he can keep the title if he wants — but
he will report to Nadella instead of a board of directors. So he is no longer CEO.
What process will he have to go through if he wants to
introduce a new service, make an acquisition, or target a new set of customers?
It is also unclear why employees will want to stay at
LinkedIn once it is owned by Microsoft.
(Related) Harvard
will see your four and raise you three more.
7 Ways Microsoft Can Make LinkedIn Worth $26 Billion
… Microsoft is
known for overpaying for its acquisitions, including Skype, Nokia’s handset business, aQuantive, and the attempted deal for Yahoo. So how can it avoid repeating its past
mistakes?
I like to go to the big used book sales the libraries hold
once or twice a year. Often, on the last
day they let you fill a grocery bag for 5 or six bucks. Then I grab anything that looks like it will
fit in the bag. This is clearly more
scientific.
5 Curious Ways to Find Interesting Books to Read
Because you never know when a dancing gerbil could become
your best illustrator of quantum computing?
3 Best Tools to Make Animated GIFs Images on Windows
No comments:
Post a Comment