I don’t think investors’ lawsuits related to
data breaches have been a particularly winning strategy to date, but if
any investors’ suit has a chance, this one might – or at least, should have a
chance. Maria Dinzeo reports that those
who invested in Yahoo! are suing
the company:
A proposed class of hundreds of
thousands of Yahoo shareholders led by investor Mark Madrack says Yahoo’s
quarterly financial statements filed with the Securities and Exchange
Commission made false and misleading claims about the effectiveness of its
encryption system and caused them to buy Yahoo shares at artificially inflated
prices.
The lawsuit, which also names
Yahoo CEO Marissa Mayer and CFO Kenneth Goldman as defendants, seeks an
unspecified amount in damages on behalf of all investors who purchased shares
between Nov. 13, 2013, and Dec. 14, 2016.
Read more on Courthouse
News.
I think their strongest argument might ultimately be the
delays in discovering and disclosing the massive breaches to investors – apart
from what seems to be less than appropriate security like encryption. I’m not a Yahoo! investor, but if I had
invested, I think I’d be arguing that I never would have purchased the stock at
the price I purchased it at if I known that the company had not timely
disclosed a major breach that it had become aware of, had not properly
addressed it by forcing a password reset, had not then timely discovered an
even larger breach that had occurred earlier because it dismissed reports by a
security firm and only paid attention when the government came to them with the
same information, etc. All of those
factors, I think, would be material to any decision to invest. But then, IANAL, of course.
I am thankful that President Trump is supplying me with so
much information for my Computer Security students! I love bad examples!
Trump administration is giving us a good lesson on Twitter
security
… It turns out
that several White House-related Twitter accounts -- including the president's
official account, @POTUS -- until recently were revealing sensitive information
that hackers might be able to exploit.
The problem revolves around the service’s password reset
function. If the account holder doesn't
take certain steps to secure it, Twitter exposes information that anyone with
the right skills can use to uncover what email address -- in redacted form --
was used to secure a Twitter account.
… Exposing your
email address to the public may seem harmless. But for government officials or business
executives, it can be asking for trouble.
That’s what happened in last year’s election. An aide to presidential candidate Hillary
Clinton was hacked
by suspected Russian cyberspies through a phishing attack sent to his Gmail
address. His emails were eventually
stolen and leaked to the public.
… To prevent
exposing your email address over Twitter, you can go into your account’s
security settings and click “Require personal information to reset my
password.” That’ll force anyone trying
to reset your password to enter the correct email address or phone number to
continue.
… Securing a
presidential Twitter account with a Gmail address highlights another problem:
Why are White House officials using third-party email providers?
… He also suggests
that people secure their Twitter accounts with two-factor
authentication. This requires the
user to enter both a password and a one-time special code sent to their mobile
phone or generated over an authenticator app.
… On Thursday, White House Press Secretary Sean Spicer was found
tweeting and then deleting what appeared to be a password, although
it’s still unclear what really happened.
More for my Computer Security students.
4.2 Billion Records Exposed in Data Breaches in 2016: Report
The latest release of Risk Based Security’s annual Data
Breach QuickView report shows that there were 4,149 data breaches reported
during 2016, down from the 4,326 data breaches reported in 2015. The number of exposed records, however,
reached an all-time high that might not be easily equaled: 4.281 billion. The previous record was established in 2013 at
1.106 billion.
… According to Risk Based
Security’s report (PDF),
no less than 94 breaches in 2016 had exposed one million or more records.
They
are not us!
Thomas Fox-Brewster reports:
Amongst president Trump’s many
decrees in the last week was an ostensibly shocking order to ensure
non-Americans wouldn’t get the same privacy rights as U.S. citizens. But Trump didn’t actually make any significant
changes to U.S. law. Instead, according
to one legal expert, he sent a message to immigrants: the Obama
administration’s plans to guarantee better privacy for individuals travelling
or moving to the U.S. are being canned.
The wording in the Enhancing
Public Safety executive order signed yesterday caused immediate,
inevitable panic: “Privacy Act. Agencies shall, to the extent consistent with
applicable law, ensure that their privacy
policies exclude persons who are not United States citizens or lawful permanent
residents from the protections of the Privacy Act regarding
personally identifiable information.”
Read more on Forbes.
Amazing how many ‘content creators’ are finding President Trump
valuable.
TrumpBeat: There Is No Pivot
Welcome to TrumpBeat, FiveThirtyEight’s new weekly feature
looking at how developments in Washington affect people in the real world. We’re still experimenting with the format, so
tell us what you think. Email
us or drop a note in the comments.
Dilbert is exploring the downside of Tweeting this week.
At last! Something
worth it’s price!
Unless you’ve been living under a rock, you’ve probably
already heard of Marie Kondo’s book, The Life-Changing Magic of Tidying Up.
The self-improvement title walks readers
through how purging possessions that don’t bring you joy can make for a more
organized life.
So if you want this audiobook for free how do you go about
getting it? You will need an Audible
account to download it, but if you don’t already have one, you can just log in
with your Amazon credentials (and also
take advantage of select free content available through Amazon.) If you already have an Audible account, you’re
already one step closer to getting this audiobook for free. And you don’t need to sign up for an Audible
subscription to take advantage of this giveaway.
After you’ve logged into Audible you can search for the
title or just use this link while logged in
No comments:
Post a Comment