Yahoo and Other Breaches Drive Surge in Corporate Hacking
Insurance
Cyberinsurance is the fastest-growing insurance product in
America, fueled by a slate of recent corporate and government hackings.
A very clever illustration of growing breaches.
How data breaches grew to massive proportions in 11 years|
It signals the era in which journalist caught up with
security experts. We have been hacking
into individual voting machines for many election cycles. It is still difficult to “hack an election” because
there is still not voting machine standard and a large percentage of the vote
is still on paper ballots. If you want
to hack the whole thing, wait until Internet voting is the rule.
Does Russia’s Election Hacking Signal a New Era in Espionage?
This weekend, Michael Morell, the former acting director
of the CIA, was asked about the intelligence community’s findings that Russia
interfered in the presidential election. His answer was unequivocal: The country isn’t
grasping the magnitude of the story, he told The Cipher Brief. “To me, and this is to me not an overstatement,
this is the political equivalent of 9/11.”
… In spite of the
distinctive 21st-century flavor of the digital intrusions, the data breaches
that affected Democrats are just a modern example of routine country-on-country
spying. What sets them apart, though, is
the high profile of their mark—an American presidential election—and the
hackers’ willingness to leak stolen information to influence voters’ opinions. Altogether, it’s perhaps one of the greatest
examples of a successful espionage operation in history.
(Related). Perhaps
this was intended to be an ‘equal opportunity hack’ but the hackers
concentrated on their first success? I
find it hard to believe that Republican security was significantly better than
Democratic security.
http://www.wsj.com/articles/republican-national-committee-security-foiled-russian-hackers-1481850043
Republican National Committee Security Foiled Russian Hackers
Russian hackers tried to penetrate the computer networks
of the Republican National Committee, using the same techniques that allowed
them to infiltrate its Democratic counterpart, according to U.S. officials who
have been briefed on the attempted intrusion.
But the intruders failed to get past security defenses on
the RNC’s computer networks, the officials said. And people close to the investigation said it
indicated a less aggressive and much less persistent effort by Russian
intelligence to hack the Republican group than the Democratic National
Committee. Only a single email account
linked to a long-departed RNC staffer was targeted.
Was no one thinking like a customer? More likely, they never asked for that type
of review.
Evernote Ditches Privacy Policy Allowing Note Access, Says
Sorry To Furious Customers
After many of its customers promised to quit Evernote over
an update to its privacy policy that allowed its employees to access user
notes, the cloud software provider has decided to backtrack.
FORBES was the first to report the updates to the policy, one described by
some customers as "disgusting" and "hard to believe." Evernote justified the update saying it wanted
to test new machine learning features and only vetted staff would e able to see
unspecified portions of those notes. The
updated policy was due to go into force in late January, but it'll no longer be
implemented.
A casual “we can ignore our policy for the time being?”
Twitter Cuts Off Fusion Spy Centers’ Access to Social Media
Surveillance Tool
… After the ACLU
of California discovered
the domestic spy centers had access to this tool, provided by Dataminr (a company partly owned by
Twitter), Dataminr was forced to comply with Twitter’s clear
rule prohibiting
use of data for surveillance.
Twitter sent a
letter to the ACLU of California this week confirming that Dataminr has
terminated access for all fusion center accounts. The letter also makes clear that Dataminr will
no longer provide social media surveillance tools to any local, state, or
federal government customer.
… This Twitter and
Dataminr announcement
applies to all seventy-seven
fusion centers (six in California alone) that are currently operating in
states across the country.
… Through a public
records request, the ACLU of California discovered
that the Los Angeles area fusion center, JRIC, was using
Dataminr and had access to the company’s powerful Geospatial Analysis
Application that enables
keyword searches and location-based tracking.
We will won’t will!
Verizon changes its mind and will kill Samsung’s Galaxy Note
7 on January 5th
Verizon has just
announced that it plans to roll out Samsung’s upcoming Note 7 update, which
permanently stops the recalled smartphone from charging and disables its
wireless radios, on January 5th. Only
last week, the leading US carrier took
a controversial stance when it said it would “not be taking part in this
update because of the added risk this could pose to Galaxy Note 7 users that do
not have another device to switch to.”
Always an interesting topic.
Risk and Anxiety: A Theory of Data Breach Harms
by Sabrina
I. Pacifici on Dec 15, 2016
Solove, Daniel J. and Citron, Danielle Keats, Risk and
Anxiety: A Theory of Data Breach Harms (December 14, 2016). Available for
download at SSRN: https://ssrn.com/abstract=2885638
“In lawsuits about data breaches, the issue of harm has
confounded courts. Harm is central to
whether plaintiffs have standing to sue in federal court and whether their
claims are viable. Plaintiffs have
argued that data breaches create a risk of future injury from identity theft or
fraud and that breaches cause them to experience anxiety about this risk. Courts have
been reaching wildly inconsistent conclusions on the issue of harm,
with most courts dismissing data breach lawsuits for failure to allege harm. A sound and principled approach to harm has
yet to emerge, resulting in a lack of consensus among courts and an incoherent
jurisprudence. In the past five years,
the U.S. Supreme Court has contributed to this confounding state of affairs. In 2013, the Court in Clapper v. Amnesty
International concluded that fear and anxiety about surveillance – and the cost
of taking measures to protect against it – were too speculative to constitute
“injury in fact” for standing. The Court
emphasized that injury must be “certainly impending” to warrant recognition. This past term, the U.S. Supreme Court in
Spokeo v. Robins issued an opinion aimed at clarifying the harm required for
standing in a case involving personal data. But far from providing guidance, the opinion
fostered greater confusion. What the
Court made clear, however, was that “intangible” injury, including the “risk”
of injury, could be sufficient to establish harm. In cases involving informational injuries,
when is intangible injury like increased risk and anxiety “certainly impending”
or “substantially likely to occur” to warrant standing? The answer is unclear. Little progress has been made to harmonize
this troubled body of law, and there is no coherent theory or approach. In this essay, we examine why courts have
struggled when dealing with harms caused by data breaches. The difficulty largely stems from the fact
that data breach harms are intangible, risk-oriented, and diffuse. Harms with these characteristics need not
confound courts; the judicial system has, been recognizing intangible,
risk-oriented, and diffuse injuries in other areas of law. We argue that courts are far too dismissive of
certain forms of data breach harm. In
many instances, courts should find that data breaches cause cognizable harm. We explore how existing legal foundations
support the recognition of such harm. We
demonstrate how courts can assess risk and anxiety in a concrete and coherent
way.”
Twit-in-Chief?
Poll: Most say Trump’s Twitter use ‘reckless and distracting’
Sixty-six percent of registered voters say they find
President-elect Donald Trump’s
handling of his Twitter account “reckless and distracting,” according to a poll
released Thursday
Twenty-one percent in the McClatchy/Marist survey consider it “effective and
informative,” while 13 percent remain uncertain.
I haven’t seen a good summary of this meeting. Still haven’t.
Who said what inside the Trump tech meeting: Immigration,
paid maternity leave and becoming the ‘software president’
The leaders of tech were closemouthed about their
meeting with President-elect Donald Trump yesterday in New York, saying
little about it — before and after, in public and online. Amazon CEO Jeff Bezos called the confab “very
productive” — the verbal equivalent of dead air — but execs including Facebook
COO Sheryl Sandberg, Alphabet CEO Larry Page, Apple CEO Tim Cook and SpaceX and
Tesla CEO Elon Musk did not comment about what was said in the room, and most
of the press reports afterward were very vague.
… Trump’s three
eldest kids were present, which most sources close to the execs (no, I am not
saying which ones) thought was inappropriate on a number of levels.
… Microsoft CEO Satya
Nadella brought up perhaps the most thorny issue: Immigration and how the
government can help tech with things like H-1B visas to keep and bring in more
talent. Nadella pointed out that much of
the company’s spending on research and development was in the U.S., even if 50
percent of the sales were elsewhere, so that immigration would benefit those
here.
Surprisingly to the group, Trump apparently
responded favorably, “Let’s fix that,” he said, without a specific promise, and
then asked, “What can I do to make it better?”
Apple CEO Cook brought up a related issue, that
of science, technology engineering and math education, which has been a big
initiative of President Barack Obama, and also was pushed by Trump’s campaign
rival Hillary Clinton.
… One of the most
interesting exchanges was with Alphabet executive chairman Eric Schmidt, who
briefly noted that he pondered what he would do if he were president, and then
made the point that governmental information-technology programs were
antiquated and unsafe, and needed to be upgraded.
… Amazon CEO Jeff
Bezos was apparently very voluble, and aimed many of his points at how U.S.
companies had a hard time succeeding in China, and what the government could do
about it. Oracle CEO Safra Catz talked
about the cloud, which she characterized as a little hyped (not a surprise from
a database company). IBM CEO Ginni
Rometty talked about job creation, having earlier penned an op-ed promising
that the company would bring 25,000 more jobs to the U.S.
… Also brought up
— but no one would say by whom — was the tax treatment of the repatriation of
tech company profits from abroad, which would be a windfall for them. (And which is why they were all there, IMHO.)
No comments:
Post a Comment