Very timely since the Privacy Foundation’s topic on
October 28 is Encryption and Privacy!
“Encryption is a process to secure information from unwanted
access or use. Encryption uses the art
of cryptography to change information which can be read (plaintext) and make it
so that it cannot be read (ciphertext). Decryption
uses the same art of cryptography to change that ciphertext back to plaintext. Encryption takes five elements to work:
plaintexts, keys, encryption methods, decryption methods, and ciphertexts. Data that are in a state of being stored or in
a state of being sent are eligible for encryption. However, data that are in a state of being processed—that
is being generated, altered, or otherwise used—are unable to be encrypted and
remain in plaintext and vulnerable to unauthorized access.”
As someone who has made “configuration errors” I can
sympathize. There are ways [Best
Practices] which significantly reduce the probability of introducing those errors
into your network.
On October 4, our
voice network experienced a service disruption affecting some of our customers
in North America due to a configuration error. We know how important these services are to
our customers. As an organization, we’re
putting processes in place to prevent issues like this from recurring in the
future. We were able to restore all
services by 9:31 a.m. Mountain time.
Social media sites such as Reddit and Twitter erupted on
Tuesday morning with
inquiries
and complaints about the outage from Level 3 customers , as well as customers
of other big carriers like AT&T and Verizon that were affected by the
outage.
If you are going to do this, stream it from someone else’s
account! (Like a law school professor’s,
for example.)
AP reports on this story out of Indonesia:
Indonesian police say a man they
arrested for broadcasting pornography on an electronic billboard in the
country’s capital gained access to the system after it displayed its log-on credentials. [Not very secure, that. Bob]
Jakarta Police Chief Muhammad
Iriawan said Wednesday that the suspect, 24-year-old Samudera Al Hakam Ralial,
admits he hacked the IT system of the billboard operator but claims that the
broadcast of the porn movie was accidental.
Something for my IT Governance students to discuss.
A “safe” Galaxy Note 7 caught fire on an airplane
…
Earlier today, a
Southwest Airlines flight that was due to depart for Baltimore was evacuated.
The reason: a passenger’s Galaxy Note 7 became
incredibly hot and started belching out greenish-gray smoke.
Brian Green, who owned the Note 7 that
grounded the plane, confirmed that it was
most definitely a replacement device .
Green also offered up photographic proof: a picture of the
box that his new Note 7 came in when he made the exchange at an AT&T store.
Right there on the label next to the
model number SM-N930A is a small black box. That box was one of the ways Samsung told us
we could reassure ourselves that we weren’t in possession of a pocket-sized
incendiary device.
… So what’s going
on here? Does Samsung not actually know
which Galaxy Note 7s are safe? Are
there really any that are safe ? They
just had a report of one catching fire in China — after previously announcing
that all Note 7s sold in China were fine because they were a different
production run.
Now that a replacement Note 7 has gone up in smoke, you
really have to wonder. Maybe the
investigation will reveal a different cause for the failure in Green’s phone,
but it’s hard to give Samsung the benefit of the doubt at this point.
Another Governance consideration.
In a recent white paper I co-authored with Protenus, Inc.,
we noted the
significant
risks of a breach involving a vendor or business associate .
In following up in a subsequent post, I also
included a “
pop
quiz ” for readers to use to test their understanding about the terms of any
contract they have in terms of responsibilities following a breach.
Now Scott Nonaka and Kevin Rubino have written a more
lawyerly analysis about contractual clauses that may be very important in
determining who pays for what in the event of a breach involving a cloud
service. Here’s part of their article:
Although much is at stake, the
answer to the question is not always clear because allocating costs will
usually depend on the terms of the cloud services contract, which in most cases
will contain a limitation of liability clause that is commonplace in contracts
for the sale of goods and services. Standard clauses usually state that, in the
event of a breach, neither party will be responsible for the other party’s
“consequential damages,” thereby limiting their potential liability to “direct
damages.” While the clause may seem
clearly worded, the meaning of the term “consequential damages” is by no means
clear, let alone in the context of a cloud services contract. Below, we identify some issues to consider
when negotiating and drafting a limitation of liability clause so as to provide
greater clarity and predictability in allocating risk and costs.
[…]
At this time, and for the
foreseeable future, it will be difficult to predict with great certainty how
courts will decide whether any particular harm arising from a data breach is
direct or consequential damages. Given
this uncertainty, as well as the potentially massive costs associated with a
data breach, both consumers and providers of cloud services would be
well-advised not to rely on standard, boilerplate language in limitation of
liability clauses that simply waives consequential damages to allocate their
potential liability. They should instead
address the issue of potential future costs associated with a data breach in
detail at the outset of their relationship by bargaining for and expressly
assigning or excluding those costs in their agreement.
Read more on Bloomberg
BNA .
IoT hacking for fun (and profit?)
…
With a little
work, Dash Buttons can actually be modified to perform a variety of tasks
without ever contacting
Amazon .
If you’ve got some new Dash Buttons sitting
around or want to spend just $5 to
dip your toe into the Internet of Things , here are some of
the coolest hacks we’ve found.
Note that beyond the initial setup, setting up these hacks
requires a bit of programming knowledge. As a matter of scope, we won’t be going
in-depth into any code. Instead, we’ll
be linking to the best setups — their developers have provided instructions for
replicating them on your own devices, so it shouldn’t be too hard to get going.
Alternatives are good.
… Slack’s success
is built upon a simple understanding — life is all about
communication. And email is no longer
appropriate for fast-paced working environments.
That isn’t to say
there is no place for email .
But email conversation threads often
become
disjointed, tangled messes with multiple respondents .
Why waste time when there is simply a better
option available?
More free stuff. I
use a couple of these myself.
For my researching students.
SSRN launches beta of new features and full text search
Follow up to previous posting –
SSRN Acquired by Elsevier – “At the beginning of
Summer, we promised to share our evolving technology roadmap.
With new resources for design and development,
we are reimagining SSRN’s possibilities.
First,
we
implemented our long-awaited full-text search .
Now we’re sending a portion of our users to a
Beta version of the new site.
Go to the
Home page
and you may be lucky enough to get a sneak peak (visitors are being randomly
sent to the new site) so do try your luck.
Here’s a little more information on what we’re planning .
We’re excited to share a cleaner,
simpler site with easier navigation.
The
new Home page design is the first of a series of new pages we’ll be rolling out
over the next few months.
We hope you
like the new look and, more importantly, that it makes it easier for you to
find what you need on SSRN…”
Me: Look at all this wonderful free stuff I find for you!
My students: We don’t need no stinking notes!
My students, after the Midterm Exam: Ah. What were those
note taking Apps again?
7 Best Note Taking Apps
For any of my students so inclined.
Internships, Fellowships, and Other Work Experience
Opportunities in the Federal Government
CRS report via FAS –
Internships, Fellowships, and Other Work Experience
Opportunities in the Federal Government . Christina Miracle Bailey, Senior
Research Librarian; Jennifer E. Manning; Senior Research Librarian. September
30, 2016.
“While there are many opportunities in the federal
government for internships, fellowships, and other work experience, there is no comprehensive source to assist
in locating these opportunities. This report describes Internet resources
for prominent and popular opportunities for internship, fellowship, and work
experience programs within the federal government. The report is intended as a selective guide
for students of all levels: high school, undergraduate, graduate, and
postgraduate. It provides information on
legislative, executive, and judicial branch opportunities and links to several
aggregators of jobs data. The
introduction provides a number of insights to assist applicants on
understanding terminology, timing applications, and expectations for types of
work involved.”
No comments:
Post a Comment