Helsinki Times reports:
The Finnish Defence Forces’
accusations that researchers have leaked the results of psychological tests
conducted on hundreds of thousands of
conscripts are exceptional, estimates Reijo Aarnio, the Data
Protection Ombudsman of Finland.
[…]
The scope of the alleged data
leak is very unusual, if not outright unprecedented, says Aarnio. “But you’re talking about an exceptional case
when you take into consideration the kind of information [that was allegedly
leaked],” he says in an interview with Uusi Suomi.
Read more on Helsinki
Times.
Ever more popular, think of all the ways this can injure a
firm.
The Hindu reports:
A diagnostic centre in the
national Capital was recently targeted by unknown hackers, who through a
ransomware gained illegal access to its servers and encrypted the data.
They demanded ransom from the
owner in the form of bitcoins to restore the data.
[…]
Based on a complaint from the
diagnostic centre, the Central Bureau of Investigation has registered a case
under Section 384 (punishment for extortion) of the Indian Penal Code and
Section 66 (computer related offences) read with Section 43 (damages and
compensation for the offence) of the Information Technology Act.
Read more on The
Hindu
This is why I have my Computer Security students read and
analyze articles on recent breaches.
F5 Networks: It’s time to rethink security architecture
F5 Networks held its annual industry analyst conference
this week within its user conference, Agility in Chicago. One of the main messages F5 tried to get
across to its customer base is that it’s time to rethink security.
I agree with that thesis wholeheartedly, and it is
consistent with many of the posts I have written in the past year, including
one I wrote about defining the new rules of security in a digital world.
F5 had several interesting supporting data points that
show businesses are investing their security dollars in the wrong places. F5’s director of systems engineering, Gary
Newe, pointed out that 90 percent
of security budget is focused on the network perimeter, although only 25
percent of the attacks are focused on that point in the network. Juxtapose that with the fact that 72 percent of attacks now are aimed at the user
identity and applications—and only 10 percent of security budget is used for
that—and it’s easy to see why F5 is telling its customers their
security strategy needs to change.
… Today the world
is entirely different. Workers are
mobile, applications are in the cloud, and we’re connecting billions of devices
to our networks. Newe gave an example of
a typical worker today who could spend his or her day using applications such
as Salesforce.com, Office 365, Dropbox, Concur and Service Now. It’s possible for a worker to spend the entire
day working on applications that are not behind the company firewall. This has been the trend for a while, yet
businesses spend billions annually on firewalls. Security teams now need to protect dozens,
maybe hundreds or even thousands, of entry points, but the bad guys need to
merely find one way in.
(Related)
How Cybercrime Has Changed (Infographic)
I’ll ask my Computer Security students to design a much
more secure system for poor old Chrysler.
Houston Car Hackers Suspected Of Theft of More than 100 SUVs
and Trucks
Houston police have arrested
two men for a string of high-tech thefts of trucks and SUVs in the Houston
area. The Houston Chronicle reports
that Michael Armando Arce and Jesse Irvin Zelaya were charged on August 4th,
and are believed to be responsible for more than 100 auto thefts. Police said Arce and Zelaya were shuttling the
stolen vehicles across the Mexican border.
… The July video
shows the thief connecting a laptop to the Jeep before driving away in it. A Fiat-Chrysler spokesman told
ABC News that the thieves
used software intended to be used by dealers and locksmiths to reprogram the
vehicle’s keyless entry and ignition
system.
A new record, but probably not for long. (Is $1.39 per person adequate?)
I’ve had a lot of coverage of Advocate Health’s
breaches over the past years that you can access
here. Here’s is HHS’s announcement
of the settlement of their charges:
Advocate Health Care Network (Advocate) has agreed to a
settlement with the U.S. Department of Health and Human Services, Office for
Civil Rights (OCR), for multiple potential violations of the Health Insurance
Portability and Accountability Act (HIPAA) involving electronic protected
health information (ePHI). Advocate has
agreed to pay a settlement amount of $5.55
million and adopt a corrective action plan. This significant settlement, the largest to-date against a single entity,
is a result of the extent and duration of the alleged noncompliance (dating
back to the inception of the Security Rule in some instances), the involvement
of the State Attorney General in a corresponding investigation, and the large
number of individuals whose information was affected by Advocate, one of the
largest health systems in the country.
… OCR began its
investigation in 2013, when Advocate submitted three breach notification
reports pertaining to separate and distinct incidents involving its subsidiary,
Advocate Medical Group (“AMG”). The combined breaches affected the ePHI of approximately
4 million individuals.
Pay for privacy!
What a great business model.
Dan Seitz reports:
There’s no privacy on the
internet. Facebook will only begrudgingly let you talk privately with your
friends, the government wants to look at your browsing history without a warrant, and Comcast looks at every piece of data
you transmit over the internet to learn more about you. But the cable company will stop, if you
pay them for the privilege.
Comcast is trying to make this
change because the FCC is considering new rules that would force internet
service providers to disclose all the information they collect and sell. Comcast wants to be able to charge users who’d
rather not be spied on by a large company not well-known for its people skills, which they argue is a
perfectly acceptable business practice.
Read more on Uproxx
No more drinking beer in private!
Ron Brown reports:
Alabama wants to know who’s
buying beer from it’s craft breweries and taking it home to drink…but industry
groups say it’s an invasion of privacy.
The Alabama Alcoholic Beverage
Control Board wants to require brewers to collect the name, address, age and
phone number from anyone who purchases beer at a brewery.
Read more on Rivet.
[From the
article:
The Control Board hasn't publicly explained WHY it wants
to collect detailed information...the new rule will be considered in September.
Taking another shot a “harm?”
Natalie Garcia and Charles W. Mondora write:
Two class actions currently
pending in the United States Court of Appeals for the Third Circuit, In re
Horizon Healthcare Services Inc. Data Breach Litigation (D. N.J. Mar.
31, 2015), appeal docketed, No. 15-2309, and Storm v. Paytime,
90 F.Supp. 3d 359 (M.D. Pa. 2015), appeal docketed, No. 15-3690, are
being monitored closely by cybersecurity attorneys and their corporate clients.
In both of these data-breach cases, the
plaintiffs are appealing the district court’s dismissal of their respective
complaints because the district courts found that the plaintiffs lack Article
III standing and suffered no injury-in-fact, relying heavily upon Reilly
v. Ceridian Corp., 664 F.3d 38 (3d Cir. 2011), the controlling Third
Circuit precedent.
Read more on New
Jersey Law Journal.
Are we so naïve that we are fooled into thinking that Peyton
Manning eats nothing but Papa John’s pizza?
FTC to Crack Down on Paid Celebrity Posts That Aren’t Clear
Ads
… This uptick in
celebrities peddling brand messages on their personal accounts, light on
explicit disclosure, has not gone unnoticed by the U.S. government.
… This means more
cases like the one against Warner Bros. Home Entertainment Inc., which last
month settled with the FTC over charges that
it deceived customers by paying internet influencers such as PewDiePie – who
has about 50 million followers on YouTube -- to promote the video game
Middle-Earth: Shadow of Mordor with positive reviews, without disclosing that
they were paid and told how to promote it. In March, the FTC issued a complaint against Lord & Taylor
for paying fashion influencers to create posts about one of its dresses on
Instagram, without disclosing that the retailer paid them and gave them the
dresses for free. Any compensation,
including free products, should be disclosed, the FTC says. [Just so you know, I’d be happy to endorse free
beer. Bob]
Useful?
PrepFactory - Free SAT & ACT Prep Activities
As autumn approaches many high school students in the
United States will turn their attention to college applications and the SAT or
ACT exams. Some students' parents will
spend lots of money on test prep materials and or tutors. But students don't have to spend money to
access excellent SAT and ACT preparation materials.
PrepFactory
is a free service that offers excellent SAT and ACT preparation activities. The site offers free guides to SAT and ACT
strategy along with a plenty of review activities to help students sharpen
their skills and knowledge before taking the ACT or SAT.
… One of the
better ways to prepare for a test is to review small chunks frequently. PrepFactory provides students with a good review system
that breaks SAT and ACT review into bite-sized modules for each of the topics
on the tests; each module contains a 3-5 minute video, notes on the video, and
a five question video review quiz.
No comments:
Post a Comment