And this, kids, is what happens when an entity keeps
ignoring vulnerability reports from researchers or infosec folks. In this case, an IT consultant, “N.T.R.,”
hacked civilsupplieskerala.gov:
“I wrote to the NIC several times
pointing to the vulnerabilities and even called the civil supplies office
warning them about a possible breach, but they ignored me. I had no option but to make the information
public in a Facebook post,” N.T.R., a native of Thiruvananthapuram, said from
Tokyo.
Mazhar Faroqui reports that the
breach occurred last fortnight
when an Indian man living in Tokyo hacked the Kerala government’s civil
supplies department website and uploaded the sensitive information of all of
Kerala’s 8,022,360 Public Distribution System (PDS) beneficiaries and their family
members on Facebook.
The data reveals names,
addresses, birth dates, gender, monthly incomes, electoral card details,
consumer numbers of power and cooking gas connections.
Read more on XPRESS.
Could this be correct?
Twitter won’t give their tweets away, but you can buy access?
The FBI just got its hands on data that Twitter wouldn’t give
the CIA
The FBI has a new view into what’s happening on Twitter. Last
week, the bureau hired Dataminr, a Twitter-linked analytics firm, to
provide an
“advanced alerting tool” to over 200 users. Twitter owns a 5 percent stake in Dataminr and
provides it with exclusive access to the full “firehose” of live tweets, making
it a valuable resource for anyone looking for illegal activity on the service.
… However, the FBI
contract seems to violate a key clause in Twitter’s
Developer Agreement, which specifically forbids using the provided data to
"investigate, track or surveil Twitter’s users."
… In May, Twitter revoked
CIA access to Dataminr, a move that was taken as part of a larger ban on US
intelligence agencies using the product. “Data is largely public,” Twitter said in a
statement at the time, “and the U.S. government may review public accounts on
its own, like any user could.”
In a statement to The Verge, Dataminr confirmed
that the contract was genuine. “A
limited version of our breaking news alerting product is also available to the
FBI [among other clients],” the statement reads. “Dataminr
is not a product that enables surveillance.” The company declined to elaborate on how the
current FBI contract differs from the previous contract with the CIA.
(Related) A follow-up and an introduction to a new
database about you.
Joe Cadillic follows up on an article out of Seattle about
how those who purchased pet food using a store loyalty card at their
supermarket received reminders from the government about the requirement of pet
licenses. I had noted the Seattle
Times editorial
on the issue.
Joe writes, in part:
Direct mailing companies are
using Webtrend’s, Infintity
Platform to create a real-time
worldwide database of everyone’s purchases.
What they’re really saying
is, “we envision a world where” where they can spy on everyone and sell it
to governments and companies.
- All collected data is available for transfer immediately so you can integrate the most recent web behavior data with your customer profile.
- Visitor-level records are transferred so that an individual’s online behaviors can be connected with his/her offline behaviors.
- All data is encrypted for transfer to ensure data is secure between Webtrends and your on premise environment.
- Large amounts of data are transferred quickly due to the power of the Hadoop ecosystem
- Monitoring and restart services provide fault tolerance and ensure all data is delivered successfully.
Read more on MassPrivateI.
(Related)
Marc Benioff says companies buy each other for the data, and
the government isn’t doing anything about it
… Benioff said he
pressed the Federal Trade Commission to review Microsoft’s LinkedIn deal for
potential antitrust violations, but the agency decided not to investigate. Benioff, of course, made his own play for
LinkedIn but failed to reach a deal.
The European Commission, however, is looking
into it. Last month, the antitrust
authority at the European Commission sent
questionnaires to Microsoft’s competitors as they review the merger.
Benioff contends the acquisition is
anticompetitive because Microsoft can hinder access to LinkedIn’s data, making
it harder for competitors.
Even if they think there is no risk, should they have
considered the users perceptions?
Lorenzo Franceschi-Bicchierai reports:
What’s that song? On yo ur
cellphone, the popular app Shazam is able to answer that question by listening
for just a few seconds, as if it were magic. On Apple’s computers, Shazam never turns the
microphone off, even if you tell it to.
When a user of Shazam’s Mac
app turns the app “OFF,” the app actually keeps the microphone on in
the background. For the security
researcher who discovered that the mic is always on, it’s a bug that users
should know about. For Shazam, it’s just
a feature that makes the app work better.
Read more on Motherboard.
h/t, Joe Cadillic
UPDATE: Shazam, responding to the
publicity and concerns, is changing
Shazam:
Even though we don’t recognize a meaningful risk, we want to
make this configuration change to show that we care, and we pay attention, and
we want them to feel good about using Shazam on their Mac.
Redundant repetition of our reiteration is our goal. (Who writes these headlines?)
DHS: Securing Internet of Things a matter of homeland
security
The Department of Homeland Security (DHS) has released
guidelines for internet of things cybersecurity, the second federal
agency to do so on Tuesday.
The DHS guide offers advice on improving security while
products are being designed, risk management, supporting updates and general
security mindfulness.
If at first you don’t succeed, lie, lie again?
US Navy Acknowledges Installing $600M In Software Without
Paying, Denies Wrongdoing
… Starting back in 2011, the Department of Defense's US Navy
worked with German company Bitmanagement to license 38 copies of its BS Contact
Geo software, with the intent of giving the software a test run. Later, that installation number burst to over
100,000, and ultimately reached a staggering 558,466. The problem? The DoD
didn't want to pay for those excess licenses; only the original 38.
Only in California? Somehow, I’ll fit this into my outsourcing
lecture.
Laid-off IT workers fight University of California
outsourcing
… Hatten-Milholin
was among about 80 laid-off IT workers who held a rally on Tuesday, calling for
an end to the university's outsourcing program. The IT department workers, including permanent
staff and contract employees, will be replaced
by workers from HCL, an India-based IT services company.
… Experts who
study IT outsourcing say the UCSF case is a rarity but could influence IT
practices throughout higher education.
… "I’ve never
heard of a case where university workers were being forced to train
replacements," Hira said.
Perspective. I don’t
think we understand this yet.
How the blockchain will radically
transform the economy
Say hello to
the decentralized economy — the blockchain is about to change everything. In this lucid explainer of the complex (and
confusing) technology, Bettina Warburg describes how the blockchain will
eliminate the need for centralized institutions like banks or governments to
facilitate trade, evolving age-old models of commerce and finance into
something far more interesting: a distributed, transparent, autonomous system
for exchanging value.
The future of campaigning.
Here’s How Facebook Actually Won Trump the Presidency
Mark Zuckerberg is trying
hard to convince voters that Facebook had no nefarious role in this
election. But according to
President-elect Donald Trump’s digital director Brad Parscale, the social media
giant was massively influential—not because it was tipping the scales with fake
news, but because it helped generate the bulk of the campaign’s $250 million in
online fundraising.
… “Facebook and
Twitter were the reason we won this thing,” he says. “Twitter for Mr. Trump.
And Facebook for fundraising.”
Something to chat about…
Snapchat Parent Files for $25 Billion IPO
Snap Inc. has confidentially filed paperwork for an
initial public offering that may value the popular messaging platform at as
much as $25 billion, a major step toward what would be one of the
highest-profile stock debuts in recent years.
For my students.
Hey, it can’t hurt!
Tech employers are turning to San Francisco-based startup
CodeFights, which hosts online coding competitions for programmers, to find
talented coders outside regular recruiting channels.
With my (non-existent) artistic ability, I could set
Artificial Intelligence back 50 years!
Google Quick, Draw! Needs Your Doodles
… Google's Quick, Draw!
AI experiment is an example of machine learning. The user is tasked with drawing a wide range
of doodles, for example, a snake, shoe, or elbow. The neural network powering Quick, Draw!
attempts to predict what you are drawing. If the prediction matches the initial request,
you are asked to draw another doodle. For the user it's a fun distraction, but for
the neural network it's an essential learning tool.
I’m sure New Balance is thrilled! (I declare Neo-Nazis as permanent members of
my Officially Stupid list.)
We live in crazy times: Neo-Nazis have declared New Balance
the ‘Official Shoes of White People’
Strangely enough, it means I don’t have to post the truth
if I believe something is true.
Word of the Year 2016 is...
After much discussion, debate, and research, the Oxford
Dictionaries Word of the Year 2016 is post-truth
– an adjective defined as ‘relating to or denoting circumstances in which
objective facts are less influential in shaping public opinion than appeals to
emotion and personal belief’.
No comments:
Post a Comment