Leaked records up 566 percent to 4 billion in 2016: IBM
Security
In 2016, more than 4 billion records were leaked
worldwide, exceeding the combined total from the two previous years, according
to a report from IBM Security.
In its IBM X-Force Threat Intelligence Index 2017,
Big Blue explained the leaked documents comprised the usual credit cards,
passwords, and personal health information, but also noted a shift in
cybercriminal strategies, finding a number of significant breaches were related
to unstructured data such as email archives, business documents, intellectual
property, and source code.
… "While the
volume of records compromised last year reached historic highs, we see this
shift to unstructured data as a seminal moment. The value of structured data to
cybercriminals is beginning to wane as the supply outstrips the demand.
Unstructured data is big-game hunting for hackers and we expect to see them
monetise it this year in new ways."
Turn off ‘surveillance by default.’
… Right-click on
the Start Button and open Device Manager.
In the Device Manager window, expand the Audio
inputs and outputs section and you will see your Microphone listed
there as one of the interfaces. Right
click on Microphone and select Disable.
Paper – Encryption Workarounds
by Sabrina
I. Pacifici on Apr 2, 2017
Kerr, Orin S. and Schneier, Bruce, Encryption Workarounds
(March 20, 2017). Available at SSRN: https://ssrn.com/abstract=2938033
or http://dx.doi.org/10.2139/ssrn.2938033
“The widespread use of encryption has triggered a new step
in many criminal investigations: the encryption workaround. We define
an encryption workaround as any lawful government effort to reveal an
unencrypted version of a target’s data that has been concealed by encryption.
This essay provides an overview of
encryption workarounds. It begins with a
taxonomy of the different ways investigators might try to bypass encryption
schemes. We classify six kinds of
workarounds: find the key, guess the key, compel the key, exploit a flaw in the
encryption software, access plaintext while the device is in use, and locate
another plaintext copy. For each
approach, we consider the practical, technological, and legal hurdles raised by
its use. The remainder of the essay
develops lessons about encryption workarounds and the broader public debate
about encryption in criminal investigations. First, encryption workarounds are inherently
probabilistic. None work every time, and
none can be categorically ruled out every time. Second, the different resources required for
different workarounds will have significant distributional effects on law
enforcement. Some techniques are
inexpensive and can be used often by many law enforcement agencies; some are
sophisticated or expensive and likely to be used rarely and only by a few. Third, the scope of legal authority to compel
third-party assistance will be a continuing challenge. And fourth, the law governing encryption
workarounds remains uncertain and underdeveloped. Whether encryption will be a game-changer or a
speed bump depends on both technological change and the resolution of important
legal questions that currently remain unanswered.”
Now we need to consider how to make hacking
defensible.
New Report Aims to Help Criminal Defense Attorneys Challenge
Secretive Government Hacking
by Sabrina
I. Pacifici on Apr 2, 2017
“Lawyers at EFF, the ACLU, and the
National Association of Criminal Defense Lawyers released a report today outlining strategies for challenging law
enforcement hacking, a technique of secretly and remotely spying on computer
users to gather evidence. Federal agents
are increasingly using this surveillance technique, and the report will help
those targeted by government malware—and importantly their attorneys—fight to
keep illegally-obtained evidence out of court.
A recent change in little-known federal criminal court procedures, which
was quietly pushed by the Justice Department, has enabled federal agents to use
a single warrant to remotely search hundreds or thousands of computers without
having to specify whose information is being captured or where they are. We expect these changes to result in much
greater use of the technique, and the guide will arm attorneys with information
necessary to defend their clients and ensure that law enforcement hacking
complies with the Constitution and other laws…”
Basing an insurance rate on the manufacturer’s programming
skills?
Self-Driving Cars Raise Questions About Who Carries Insurance
… Billionaire
investor Warren Buffett, whose company, Berkshire Hathaway, owns the insurance
giant Geico, told
CNBC in a February interview: "If the day comes when a significant
portion of the cars on the road are autonomous, it will hurt Geico's business
very significantly."
That would seem to make sense. If humans aren't driving the cars, who needs a
car insurance policy?
… Right now,
insurance rates are calculated mostly based on attributes of drivers — their
claims histories, driving records and such. Increasingly, some insurers also use apps
or devices that allow them to track speeding and other behaviors. Insurers can then offer discounts as rewards
for safe driving.
A driverless car changes that model, shifting the
insurance toward automakers, and away from drivers or car owners.
… Right now, Smith
says, one of the biggest obstacles for insurers is a lack of data.
"Insurance is a data-based effort to really predict
the future based on the past, and when you have dramatically different
technologies and new applications for automated driving, it makes predicting
the future much harder because you don't have those reliable data about the
past and present," he says.
Juliet: "What's
in a name? That which we call a rose by any other name would smell as
sweet." Romeo and Juliet (II, ii,
1-2)
“If we don’t talk about it, it will go away.” DOE
“No, it won’t!” Al
Gore
Energy Department climate office bans use of phrase ‘climate
change’
by Sabrina
I. Pacifici on Apr 2, 2017
Politico, Eric Wolff – “The Office of International Climate
and Clean Energy is the only office at DOE with the words ‘climate’ in its
name, and it may be endangered as Trump looks to reorganize government
agencies. A supervisor at the Energy
Department’s international climate office told staff this week not to use the
phrases “climate change,” “emissions reduction” or “Paris Agreement” in written
memos, briefings or other written communication, sources have told POLITICO. Employees of DOE’s Office of International
Climate and Clean Energy learned of the ban at a meeting Tuesday [March 28,
2017], the same day President Donald Trump signed an executive order [Presidential Executive Order on Promoting Energy
Independence] at EPA headquarters to reverse most of former President
Barack Obama’s climate regulatory initiatives. Officials at the State Department and in other
DOE offices said they had not been given a banned words list, but they had
started avoiding climate-related terms in their memos and briefings given the
new administration’s direction on climate change…”
No comments:
Post a Comment