Saturday, July 16, 2016

Interesting.  Is the date part of mandatory disclosure?
I almost have to admire this defense logic: if you don’t know when our breach occurred or can’t allege it, you can’t prove any claims as to whether something happened before or after the breach, so we get to walk away from the consolidated class action lawsuit…?
Law360 has more, if you have a subscription.  But I was so curious that I actually acquired the filing from PACER (you can all chip in towards the $3.00 fee), and have uploaded the filing here (47 pp, pdf).
But here is the overview of the argument:
Most fundamentally, plaintiffs do not allege the date on which the breach occurred.  Yet, they speculate that they suffered damages because of Experian’s “delay” in providing notice of the breach.  But the absence of an alleged date of beach renders these claims infirm.  After all, no one was injured by delayed notification if there was no delay in providing notice.  Some plaintiffs assert that they were victims of identity theft or fraud, speculating that the attacker must have used the data it stole to commit such crimes.  But because plaintiffs do not allege a date of breach, it is unclear whether these alleged injuries occurred before or after the breach.  If they occurred before the breach, they could not possibly have been caused by the breach.  Some of the plaintiffs’ claims are grounded in fraud, yet none are pleaded with the particularity required by Rule 9(b).
I thought the breach occurred in October, 2015??  Why wasn’t there anything on that in the complaint, or was there?


Another legal defense?
I was wondering how many lawsuits we might see by employees whose firms fell for phishing schemes involving W-2 data.
From what Law360 reports, HAECO employees did sue their employer, who’s arguing that the employees can’t sue for invasion of privacy because the employees had given their information to their employer willingly.
Okay, that defense makes sense, but then what could the employees sue their employer for?  And the fact that your own employees are suing you, well…. maybe your incident response wasn’t as good as it could have been?  Just wondering….


It’s kinda like leaving your wallet behind…
Seen on FourthAmendment.com:
Defendant fled a taxicab to avoid the fare but left his cell phone behind.  The police used the phone to call 911 to capture his name, phone number, and other 911 information.  This wasn’t a search, and it was governed by Smith, that information voluntarily turned over to another is not protected by a reasonable expectation of privacy.  [The complete answer to that is that defendant didn’t turn over the information voluntarily; the police dialed 911 to make the call, and was that a seizure?  The court botches this one by deciding it this way.  Abandonment of the phone wasn’t even decided, and it clearly was the easier and more logical argument than attempting say there was a lack of a reasonable expectation of privacy without having to strain to make something up to sound profound.]  State v. Hill, 2016 Ga. App. LEXIS 432 (July 13, 2016)


Read more on FourthAmendment.com, via Joe Cadillic.
And while we’re on the Fourth Amendment, do note this development in Congress, which I’m actually happy about:  The Fourth Amendment Gets Its Own House Caucus to Demand Its Respect.


They just didn’t pay attention.  They hired an Australian firm that the Chinese them bought – and no one noticed. 
Bernard Keane and Asher Wolf write:
The ballots from the 2016 Australian election are being secured by a company owned by one of China’s most important security firms, with links deep inside the communist state’s vast surveillance system.
In 2014, the Australian Electoral Commission hired the company SecureMonitoring to provide “Security Alarm System Monitoring for AEC Warehouses and National Office”, for $360,000 over three years.
Read more on Crikey.


Perhaps my University’s Tech Support could help.  They certainly have the ability to disrupt my classroom. 
U.S. military has launched a new digital war against the Islamic State
An unprecedented Pentagon cyber-offensive against the Islamic State has gotten off to a slow start, officials said, frustrating Pentagon leaders and threatening to undermine efforts to counter the militant group’s sophisticated use of technology for recruiting, operations and propaganda.
The U.S. military’s new cyberwar, which strikes across networks at its communications systems and other infrastructure, is the first major, publicly declared use by any nation’s military of digital weapons that are more commonly associated with covert actions by intelligence services.
   But defense officials said the command is still working to put the right staff in place and has not yet developed a full suite of malware and other tools tailored to attack an adversary dramatically different than the nation-states Cybercom was created to fight.
In an effort to accelerate the pace of digital operations against the Islamic State, the Cybercom commander, Adm. Michael S. Rogers, created a unit in May headed by Lt. Gen. Edward Cardon that is tasked with developing digital weapons — fashioned from malware and other cyber-tools — that can intensify efforts to damage and destroy the Islamic State’s networks, computers and cellphones.
   scruffy insurgents aren’t the best target for high-tech weapons.”
The simple fact that the Pentagon has ordered its first major cyber-offensive campaign, and has acknowledged it publicly, is a milestone.
   Whenever the military undertakes a cyber-operation to disrupt a network, the intelligence community may risk losing an opportunity to monitor communications on that network. So military cybersecurity officials have worked to better coordinate their target selection and operations with intelligence officials.


For the Crypto chapter in the Computer Security class. 
Use Tor? Riffle promises to protect your privacy even better
Privacy-minded people have long relied on Tor for anonymity online, but a new system from MIT promises better protection and faster performance.

Dubbed Riffle, the new system taps the same onion encryption technique after which Tor is named, but it adds two others as well.  First is what's called a mixnet, a series of servers that each rearranges the order in which messages are received before passing them on to the next server.
If messages arrive at the first server in the order A, B, C, for example, that server would send them to the second server in a different order, such as C, B, A.  The second server would them reshuffle things again when sending the messages on.  The advantage there is that a would-be attacker who had tracked the messages’ points of origin would have no idea which was which by the time they exited the last server.  
   The overall result is that Riffle remains cryptographically secure as long as one server in the mixnet remains uncompromised, according to MIT.


Best analysis I’ve seen so far.
Analysis: Why the Turkey coup failed and what's likely to come next
The great irony in the coup attempt that failed in Turkey was evident.  President Recep Tayyip Erdogan has tried for years to stifle the operating freedom of social networks and has accused them of being dark forces attempting to undermine his rule.  It was these same social media networks which helped him to put down the coup.
Erdogan broadcast from his smart phone a statement to the people, tweeted to his supporters and relied on the media, even those whom he deathly hates, to spread his message in the critical first hours of the coup attempt when uncertainty gripped the country.

(Related)  I guess anyone can learn to use social media if the need is there…
As coup attempt unfolds, Turkish president appears via Facetime on live TV
Turkish President Recep Tayyip Erdogan placed what appeared to be a Facetime call to a national news broadcast early on Saturday while the world tried to figure out if a military coup against him had succeeded.
Erdogan appeared on a journalist's iPhone, held up to the camera so viewers could see and hear what he had to say.  He claimed that he remained in control and urged the public to take to the streets to oppose the coup attempt.
Erdogan's use of modern technology to speak to the nation comes with a heap of irony.  He has been keen to shut off access to the Internet during sensitive times and go after those who try to get around such bans and those who insult him.  Reporters Without Borders says Erdogan has "systematically" censored the Internet.


For the next time I teach spreadsheets.
9 Tips for Formatting an Excel Chart in Microsoft Office


I find this brilliant!  Jump on anything that hot.  (At least one third of my RSS feed articles were Pokémon related.
How 'Pokemon Go' could help you sell your house
On a steamy summer night near Manhattan's Washington Square Park, real estate agent Jay Glazer hoped a redesigned roof deck might help draw potential buyers to the open house at his $1.5 million listing but, just in case, he added this to the ad:
"I'm fairly certain there is a PIKACHU at this open house, don't miss it."
Of the dozen or so people who showed up, only one knew exactly what "Pokemon Go" was, but Glazer said it was still worth adding the app as something of an appetizer to the ad.

(Related)  But this is better!
Yelp Now Lets You Search Businesses by Pokestop
The Pokeconomy is growing by leaps and bounds as Pokemon Go continues to break app download and daily active user records.  Now, Yelp has rolled out a new filter letting users search directly for local Pokestops.
The new filter works the same way as any other.  When you open the app to search for a bar, restaurant, or other business, open the filter options and scroll down.  Right next to filters like free delivery and outdoor seating, you can now swipe to enable a "Pokestop Nearby" filter.
Local small to midsize businesses (SMBs) are already buying and dropping Lures—an in-game functionality that draws people to certain locations—and using social media to capitalize on Pokemon Go foot traffic.  The game's publisher Niantic is also teasing sponsored locations.

(Related)  A clue for cheaters?
How to Play Pokémon GO on Your Windows PC
   Warning: To play Pokémon GO on your home PC, i.e., without physically moving around, you need to engage a method called GPS spoofing.  Strictly speaking, this is a violation of the developer’s Terms of Service and could get you temporarily or permanently banned from the game.  Use at your own risk!


It must be Saturday.
Hack Education Weekly News
   Conservatives in Kansas are trying to rebrand public education with the label “government schools.”  [They are, aren’t they?  Bob] 
   5.3 Reasons Pokemon Go will Replace the LMS” by Tom Woodward.
   According to a survey by CDW-G, “67% of school IT solutions are now delivered either in part or in full through the cloud.”  [Architecture  Bob]

No comments: