Defending Our Data: The Need for Information We Do Not Have
by Sabrina
I. Pacifici on Aug 1, 2016
Warner, Richard and Sloan, Robert H., Defending Our Data:
The Need for Information We Do Not Have (July 29, 2016). Available for download
at SSRN: http://ssrn.com/abstract=2816010
“Data
breaches occur at the rate of over two a day. The aggregate social cost is high. Security experts have long explained how to
defend better. So why does society
tolerate a significant loss that it has the means to avoid? Current laws are ineffective in providing an
adequate incentive to avoid the loss. As
Thomas Smedinghoff notes, laws — current and proposed — “obligate companies to
establish and maintain ‘reasonable’ or ‘appropriate’ security measures,
controls, safeguards, or procedures.” However,
most the laws “simply obligate companies to establish and maintain ‘reasonable’
or ‘appropriate’ security measures, controls, safeguards, or procedures, but
give no further direction or guidance.” We
contend that the consequence is that the laws fail
to provide an adequate incentive to improve information security. The solution is to provide better guidance
about what counts as reasonable security measures. Data breach notification laws may seem like a
viable alternative, but we argue they are unlikely to sufficiently improve
security.
For my Ethical Hacking students and the Pen-Testing Club.
Researcher Earns $5,000 for Hacking Imgur
Researcher Nathan Malcolm started analyzing Imgur’s systems in the summer of 2015 and quickly
discovered several types of vulnerabilities, including clickjacking, cross-site
scripting (XSS) and cross-site request forgery (CSRF) issues.
While it had been accepting vulnerability reports, Imgur
only launched a bug bounty program in September 2015, shortly after hackers discovered a flaw that allowed them to attach
malicious code to image files. Attackers
exploited the security hole to launch a distributed denial-of-service (DDoS)
attack against the imageboard website 8chan.
Yeah, we were looking for him but we were not searching
for him.
Pinging a cellphone is justified by exigent circumstances,
court holds
In a decision issued today in United
States v. Caraballo, the U.S. Court of Appeals for the Second Circuit (per
Judge Guido Calabresi) held that police did not violate the Fourth Amendment
when they “pinged” a suspect’s cellphone because exigent circumstances existed.
I find the outcome plausible on its
facts, but the analysis strikes me as pretty unusual.
… The second part
of the exigent circumstances analysis is more doctrinally novel. Judge Calabresi quotes a passage from a prior
case saying that the amount of force and the degree of privacy invasion used in
carrying out a search and seizure are relevant to reasonableness. From that, he deduces a somewhat different
principle:
Maybe cheating a little on emissions tests was not such a
good idea?
Bavaria to sue VW over state pension fund losses
As of September 2015, when the emissions manipulation
scandal became public, Bavaria held some 58,000 preferred shares in
Lower-Saxony-based Volkswagen. They've
lost some 40 percent of their value, and dpa reports that Bavaria is seeking
700,000 euros ($781,480) in damages.
Now this could be amusing!
Washington state suing Comcast over repair fees, credit
checks
Washington state has lodged a $100 million
consumer-protection lawsuit against cable-television giant Comcast.
Comcast engaged “in a pattern of deceptive practices,” the state claimed
Monday, saying it believes Comcast committed more than 1.8 million individual
violations of the state Consumer Protection Act, affecting 500,000 state
residents.
Attorney General Bob Ferguson briefed the media about the lawsuit Monday, saying that Comcast’s “deceptive”
practices came in three areas involving repair charges and credit checks.
… The case
revolves in part around a Comcast service plan that customers can subscribe to
for a monthly $4.99 fee. The company
says the plan covers repairs to customer-owned wiring related to Xfinity TV,
voice and internet. Comcast marketing
material says the plan is “comprehensive.”
But in many cases, the state claims, Comcast charged for
or would not repair customer issues, despite the online description of the
plan.
“It simply covers the technician visiting the customer’s
house and declaring that the customer’s equipment is broken,” the lawsuit says.
So the distribution isn’t random? Will we see an investigation? Do we need Pokecops? (I hereby copyright the word Pokecops so I
can sue when they make a movie or TV show about them! I will also register a trademark, apply for a
patent, and ask my old friend Guido to break the kneecaps of any infringers.)
PokemonNo for sex offenders, New York governor says
At the request from New York Governor Andrew Cuomo, the
state’s Department of Corrections and Community Supervision will ban nearly 3,000
paroled sex offenders from playing PokemonGo.
… Cuomo said in a news release. “These actions will provide safeguards for the
players of these augmented reality games and help take one more tool away from
those seeking to do harm to our children.”
The governor’s decision came days after two New York state senators released a report
that found that Pokemon and game items often
appeared next to sex offenders’ houses. Investigators visited 100 homes
of offenders convicted of sexual abuse of children or the possession of child
pornography and found that Pokemon appeared in front of 57 percent of them. Overall, the investigation found that 73 of
the 100 addresses belonging to sex offenders that were surveyed were within
half a block from a Pokemon, PokeStop or a gym — all key locations
for the game’s players that could draw children near.
… The governor was
concerned that “lures,” a feature in the game that allows a player to attract
Pokemon to a specific location, could also be used by predators to attract
children hunting the critters.
Cuomo also sent a letter to the game’s creator, Niantic Inc., to ask
for its help to prevent offenders from downloading the game. He asked the state’s Division of Criminal
Justice Services to share an updated registry of sex offenders with the
company.
In 2008, Cuomo introduced legislation that required state
agencies to give information about sex offenders to dozens of social media
companies. The companies then use that
list to keep the offenders off their platforms.
It’s there in plain English, but not everyone reads it
like I do.
Federal Agencies Seek Cyberdefenders
The U.S. government is in the process of hiring a small
army of information technology specialists to bolster its efforts to protect
data held at federal agencies from cybersecurity threats. The federal government hired 3,000 new
cybersecurity and IT professionals in the first six months of the current
fiscal year.
In addition, the government is "committed to a plan
by which agencies would hire 3,500 more individuals to fill critical
cybersecurity and IT positions by January 2017," said Shaun Donovan,
director of the Office of Management
and Budget.
The hiring spree is just one component of a "first ever" Federal Cybersecurity Workforce
Strategy revealed by the White House last month. [Why is
this a separate strategy? Perhaps there
is no “Federal (everything else) Workforce Strategy?” Bob]
… "However, the supply of cybersecurity talent to
meet the increasing demand of the federal government is simply not sufficient," the officials added. [So it is
impossible to meet our goals? Bob]
The workforce strategy includes four major components:
Education and Training
Recruit Federal Talent
Retain Talent
Identify Requirements [Shouldn’t this be
first? Bob]
IT Architecture is changing every day.
Four U.S. companies rule the world's cloud infrastructure
There are plenty of companies vying for a piece of the
worldwide cloud infrastructure market, but the top four -- all in the U.S. --
dominate by such a wide margin as to effectively leave their competitors in the
dust.
That's the overriding conclusion of a study
released Monday by Synergy Research Group
mazon Web Services, Microsoft, IBM and Google collectively
control more than half of the worldwide cloud infrastructure service market,
Synergy found, with an overwhelming lead by AWS, which held a 31 percent share in
the second quarter. Microsoft came next
with 11 percent, while IBM weighed in at 8 percent, and Google came in with 5
percent.
Why? Are they
falling short on recruiting? Yes, they
are.
Air Force raises enlistee age limit from 27 to 39
… The new policy
comes at a time of a declining defense budget, a shrinking military and falling
recruiting goals, however. From 2009 to
2013, the number of recruits dropped from nearly 32,000 to just over 26,000. While recruiting goals for 2014 are still
being finalized, they’re likely to fall again.
They really want everyone on Windows 10.
Missed the Free Windows 10 Upgrade? Psst, Here’s a Backdoor!
… Microsoft has
left open a small backdoor that you can exploit to get the Windows 10 upgrade
after the deadline. While the offer is
closed for the general public, Microsoft invites customers who use assistive
technologies on Windows 7, 8, or 8.1 to upgrade for free anytime.
So how do you benefit? Well, Microsoft isn’t actually checking if you
use assistive technologies or not.
Something for my students?
What do they already use and what should I be recommending?
3 Easy Ways to Learn Anything on Social Media for Free
… According to a
2014 research study by Ofcom, 66% of all adults aged 16+, have at least 1 social
networking profile. That is a staggering
number. Also, each person on average spends 31 hours on the Internet every
month.
… In this article,
I will show you how to extract knowledge from the same online communities that
we spend the majority of our online time on.
… have you tried
joining one of Facebook’s many free and educational groups?
… You can create
your own closed group on Facebook and use it as a platform to
connect, collaborate, and learn with your friends.
No comments:
Post a Comment