Wednesday, November 16, 2016

IT Governance means you have to listen to voices outside the organization too.
And this, kids, is what happens when an entity keeps ignoring vulnerability reports from researchers or infosec folks.  In this case, an IT consultant, “N.T.R.,” hacked civilsupplieskerala.gov:
“I wrote to the NIC several times pointing to the vulnerabilities and even called the civil supplies office warning them about a possible breach, but they ignored me.  I had no option but to make the information public in a Facebook post,” N.T.R., a native of Thiruvananthapuram, said from Tokyo.
Mazhar Faroqui reports that the
breach occurred last fortnight when an Indian man living in Tokyo hacked the Kerala government’s civil supplies department website and uploaded the sensitive information of all of Kerala’s 8,022,360 Public Distribution System (PDS) beneficiaries and their family members on Facebook.
The data reveals names, addresses, birth dates, gender, monthly incomes, electoral card details, consumer numbers of power and cooking gas connections.
Read more on XPRESS.


Could this be correct?  Twitter won’t give their tweets away, but you can buy access? 
The FBI just got its hands on data that Twitter wouldn’t give the CIA
The FBI has a new view into what’s happening on Twitter.  Last week, the bureau hired Dataminr, a Twitter-linked analytics firm, to provide an “advanced alerting tool” to over 200 users.  Twitter owns a 5 percent stake in Dataminr and provides it with exclusive access to the full “firehose” of live tweets, making it a valuable resource for anyone looking for illegal activity on the service.
   However, the FBI contract seems to violate a key clause in Twitter’s Developer Agreement, which specifically forbids using the provided data to "investigate, track or surveil Twitter’s users."
   In May, Twitter revoked CIA access to Dataminr, a move that was taken as part of a larger ban on US intelligence agencies using the product.  “Data is largely public,” Twitter said in a statement at the time, “and the U.S. government may review public accounts on its own, like any user could.”
In a statement to The Verge, Dataminr confirmed that the contract was genuine.  “A limited version of our breaking news alerting product is also available to the FBI [among other clients],” the statement reads.  “Dataminr is not a product that enables surveillance.”  The company declined to elaborate on how the current FBI contract differs from the previous contract with the CIA.

(Related) A follow-up and an introduction to a new database about you.
Joe Cadillic follows up on an article out of Seattle about how those who purchased pet food using a store loyalty card at their supermarket received reminders from the government about the requirement of pet licenses.  I had noted the Seattle Times editorial on the issue.
Joe writes, in part:
Direct mailing companies are using Webtrend’s, Infintity Platform to create a real-time worldwide database of everyone’s purchases.
What they’re really saying is, “we envision a world where” where they can spy on everyone and sell it to governments and companies.
  • All collected data is available for transfer immediately so you can integrate the most recent web behavior data with your customer profile.
  • Visitor-level records are transferred so that an individual’s online behaviors can be connected with his/her offline behaviors.
  • All data is encrypted for transfer to ensure data is secure between Webtrends and your on premise environment.
  • Large amounts of data are transferred quickly due to the power of the Hadoop ecosystem
  • Monitoring and restart services provide fault tolerance and ensure all data is delivered successfully.
Read more on MassPrivateI.

(Related)
Marc Benioff says companies buy each other for the data, and the government isn’t doing anything about it
   Benioff said he pressed the Federal Trade Commission to review Microsoft’s LinkedIn deal for potential antitrust violations, but the agency decided not to investigate.  Benioff, of course, made his own play for LinkedIn but failed to reach a deal.
The European Commission, however, is looking into it.  Last month, the antitrust authority at the European Commission sent questionnaires to Microsoft’s competitors as they review the merger.
Benioff contends the acquisition is anticompetitive because Microsoft can hinder access to LinkedIn’s data, making it harder for competitors.


Even if they think there is no risk, should they have considered the users perceptions? 
Lorenzo Franceschi-Bicchierai reports:
What’s that song? On yo ur cellphone, the popular app Shazam is able to answer that question by listening for just a few seconds, as if it were magic.  On Apple’s computers, Shazam never turns the microphone off, even if you tell it to.
When a user of Shazam’s Mac app turns the app “OFF,” the app actually keeps the microphone on in the background.  For the security researcher who discovered that the mic is always on, it’s a bug that users should know about.  For Shazam, it’s just a feature that makes the app work better.
Read more on Motherboard.
h/t, Joe Cadillic
UPDATE: Shazam, responding to the publicity and concerns, is changing Shazam:
Even though we don’t recognize a meaningful risk, we want to make this configuration change to show that we care, and we pay attention, and we want them to feel good about using Shazam on their Mac.


Redundant repetition of our reiteration is our goal.  (Who writes these headlines?)
DHS: Securing Internet of Things a matter of homeland security
The Department of Homeland Security (DHS) has released guidelines for internet of things cybersecurity, the second federal agency to do so on Tuesday.
The DHS guide offers advice on improving security while products are being designed, risk management, supporting updates and general security mindfulness.


If at first you don’t succeed, lie, lie again?
US Navy Acknowledges Installing $600M In Software Without Paying, Denies Wrongdoing
   Starting back in 2011, the Department of Defense's US Navy worked with German company Bitmanagement to license 38 copies of its BS Contact Geo software, with the intent of giving the software a test run.  Later, that installation number burst to over 100,000, and ultimately reached a staggering 558,466.  The problem?  The DoD didn't want to pay for those excess licenses; only the original 38.


Only in California?  Somehow, I’ll fit this into my outsourcing lecture.
Laid-off IT workers fight University of California outsourcing
   Hatten-Milholin was among about 80 laid-off IT workers who held a rally on Tuesday, calling for an end to the university's outsourcing program.  The IT department workers, including permanent staff and contract employees, will be replaced by workers from HCL, an India-based IT services company.
   Experts who study IT outsourcing say the UCSF case is a rarity but could influence IT practices throughout higher education. 
   "I’ve never heard of a case where university workers were being forced to train replacements," Hira said.


Perspective.  I don’t think we understand this yet.
How the blockchain will radically transform the economy
Say hello to the decentralized economy — the blockchain is about to change everything.  In this lucid explainer of the complex (and confusing) technology, Bettina Warburg describes how the blockchain will eliminate the need for centralized institutions like banks or governments to facilitate trade, evolving age-old models of commerce and finance into something far more interesting: a distributed, transparent, autonomous system for exchanging value.


The future of campaigning.
Here’s How Facebook Actually Won Trump the Presidency
Mark Zuckerberg is trying hard to convince voters that Facebook had no nefarious role in this election.  But according to President-elect Donald Trump’s digital director Brad Parscale, the social media giant was massively influential—not because it was tipping the scales with fake news, but because it helped generate the bulk of the campaign’s $250 million in online fundraising.
   “Facebook and Twitter were the reason we won this thing,” he says. “Twitter for Mr. Trump. And Facebook for fundraising.”


Something to chat about…
Snapchat Parent Files for $25 Billion IPO
Snap Inc. has confidentially filed paperwork for an initial public offering that may value the popular messaging platform at as much as $25 billion, a major step toward what would be one of the highest-profile stock debuts in recent years.


For my students.  Hey, it can’t hurt!
Tech employers are turning to San Francisco-based startup CodeFights, which hosts online coding competitions for programmers, to find talented coders outside regular recruiting channels.


With my (non-existent) artistic ability, I could set Artificial Intelligence back 50 years!
Google Quick, Draw! Needs Your Doodles
   Google's Quick, Draw! AI experiment is an example of machine learning.  The user is tasked with drawing a wide range of doodles, for example, a snake, shoe, or elbow.  The neural network powering Quick, Draw! attempts to predict what you are drawing.  If the prediction matches the initial request, you are asked to draw another doodle.  For the user it's a fun distraction, but for the neural network it's an essential learning tool.


I’m sure New Balance is thrilled!  (I declare Neo-Nazis as permanent members of my Officially Stupid list.)
We live in crazy times: Neo-Nazis have declared New Balance the ‘Official Shoes of White People’


Strangely enough, it means I don’t have to post the truth if I believe something is true. 
Word of the Year 2016 is...
After much discussion, debate, and research, the Oxford Dictionaries Word of the Year 2016 is post-truth – an adjective defined as ‘relating to or denoting circumstances in which objective facts are less influential in shaping public opinion than appeals to emotion and personal belief’.

No comments: