Tuesday, April 18, 2017

I try not to be repetitious or redundant, but allow me to reiterate: Determining how big your breach was is not that difficult if you keep adequate records!
Maria Nikolova reports:
More than a month has passed since Japanese provider of payment processing services GMO Payment Gateway Inc confirmed that personal data leakage that had affected the websites of two of its clients – the Tokyo Metropolitan Government and the Japan Housing Finance Agency.
[…]
At the end of last week, GMO Payment Gateway updated the numbers for the data leaked, referring to “doubling of information”.
Read more on FinanceFeeds.
[From the article: 
According to the initial assessments, the number of “units of information” leaked through the Tokyo Metropolitan Government website was 676,290, including 614,629 email addresses, as well as 61,661 credit card numbers and credit card expiration dates.  The number of “units” of credit card information reportedly leaked from the Japan Housing Finance Agency was 43,540, including credit card numbers, credit card expiration dates, security codes, credit card payment registration dates, addresses, email addresses, names, phone numbers, as well as dates of birth and payment joining dates.  The revised data lowers the numbers nearly two times.


Another oft repeated meme.  “Hey!  Let’s put all of the data on a portable device without encryption and then leave it in the car!” 
Aaron Gould Sheinin reports on yet another breach involving Georgia voters’ information:
State officials are investigating the theft last week of equipment from a Cobb County precinct manager’s car that could make every Georgia voters’ personal information vulnerable to theft.
The equipment, used to check-in voters at the polls, was stolen Saturday evening, Secretary of State Brian Kemp said Monday.
Read more on AJC.


Sources for my Computer Security students.
Cybercrime diaries: All the hacks and data breaches in one place
Global cybercrime damages are predicted to exceed $6 trillion annually by 2021, up from $3 trillion in 2015.  The first quarter cybercrime diaries, published by Cybersecurity Ventures, have hit the stands, breaking down cybercriminal activity by category.
Reading through the diaries, one might wonder if the $6 trillion figure is an underestimate.  The cybercrime diaries are a series of blogs that provide CIOs, CSOs, CISOs and IT security teams with bulleted datelines and high-level summary commentary on the most noteworthy cybercriminal activity in a quarterly period.
Hack Blotter diary.


Talking points for my Computer Security students.
How CISOs can explain privacy to the C-suite
    It’s the CISO’s role to help inform the C-suite, investors and board of directors about potential security.
If CISOs are wondering where to start, Malcolm Harkins, chief security and trust officer at Cylance and Ruby Zefo, vice president of the Law and Policy Group at Intel Corporation have put together four privacy and security topics to talk with stakeholders about.
1.      Privacy is not equal to security
2.      Blind spots do exist:
3.      Prep execs for tough questions
4.      BYOD and monitoring:


Not ‘amateur’ surveillance.
Lorenzo Franceschi-Bicchierai and Joseph Cox report:
Morgan Marquis-Boire is a security researcher who has spent months digging into the consumer spyware industry, and has seen it used in domestic violence cases first hand.  He has also spent years researching spyware used by governments.  For him, the former kind of surveillance, which can be also called stalkerware or spouseware, deserves more attention because it’s more common and widespread than many may think, and the victims are everyday people,” he said.
Sophisticated government malware or cyberattacks on individuals are like “a rare bloodborne pathogen,” whereas consumer spyware is more like “the common cold” or flu.  It’s not as exotic, but “it does kill a lot of people every year,” Marquis-Boire told Motherboard.
Read more on Motherboard.


When Troy goes on a rant, he is fun to read!
Mandatory ISP data retention and the law of unintended consequences
Well, good one Australia, UK and whoever else has embarked on this hare-brained scheme, you've just made things a whole lot worse.  Our respective governments (in all their ivory-towered wisdom), have decided that because one of us could one day decide to become a terrorist, they'd better keep a big whack of our internet browsing history just in case.  The theory these genius policy makers have is that if they can probe into all our lives far enough, they'll be able to see when we're doing terrorist kinda stuff.  And really, what better way is there than siphoning up info on the websites we go to?  Job done, beer o'clock, glad we solved that one.


In the UK, you have to be able to Follow your car’s directions!  (Obey your computer overlords?)  
U.K. driving tests will soon add GPS navigation as a required skill
If your car doesn’t already have GPS navigation technology built directly into the dashboard, then you probably at least have a smartphone mount for your windshield so you can use Google Maps for turn-by-turn directions.  Put simply, if you own a car, computer-based navigation likely plays a central role in your journeys.
And this is why the U.K. government will soon require all learner drivers to follow directions from a sat nav as part of their driving test.  The Driver and Vehicle Standards Agency (DVSA) will provide all driving examiners with a sat nav unit to give to budding drivers for their test — but this isn’t about having an ability to search for a route through a sat nav, it’s purely about being able to follow directions.  From December 4, 2017, learners will be expected to follow a pre-set route provided by the examiner.

(Related). 
Turns Out, a Horrifying Number of People Use Their Phones While Driving
   a new study indicates that damn near everybody uses their phone while behind the wheel, damn near all the time.  Using sensor data from more than 3 million drivers and 5.6 billion miles of trips, driving analytics company Zendrive found drivers are using their phones on 88 percent of their journeys.  The average driver spends 3.5 minutes on the phone per one hour trip, a stat that sounds worse when you realize just a two-second distraction increases your risk of crashing by 20 percent.


Model laws?
Mike Maharrey writes:
On Friday, Montana Gov. Steve Bullock signed two bills into law that will increase privacy protections in the state and hinder at least two federal surveillance programs.  The new laws will ban warrantless collection of data from an electronic device in most situations, and limit the use of Automated License Plate Readers (ALPRs) in the state.
Rep. Daniel Zolnikov (R-Billings) sponsored both House Bill 149 (HB149) and House Bill 147 (HB147).
Read more on Tenth Amendment Center.
Montana is looking more and more attractive these days, isn’t it?


A reaction to potential federal crackdown?
Ariana Rakhshani reports:
Some worried about the federal implications of marijuana are rejoicing.
Governor Kate Brown signed a bill protecting those who shop at pot retailers.  Dispensaries have been required to keep customers’ personal information; it allowed the state to audit dispensaries to make sure they were only selling the legal amount to someone within a 24 hour period.
Now, dispensaries are not allowed to keep any personal information.
Read more on KTVL.


Perspective.  For those who can’t read? 
Netflix Touts U.S. Growth—and the Market Believes It
Can Netflix keep adding U.S. subscribers quarter after quarter?  The company's CEO seems to think so, painting a rosy picture of growth even as the streaming service hits 50 million customers and faces stiff competition from Amazon.
   In a letter to investors and in the video, Netflix also dropped other nuggets of good news.  These included claims that the much-hyped Dave Chappelle exclusive, which premiered in March, was the "most viewed comedy special ever," and that subscribers have spent more than half a billion hours "enjoying" specials involving actor Adam Sandler.

(Related).  A different number?
Netflix Nears 100 Million Subscribers, But Q1 Gains Fall Short of Expectations
Netflix added fewer subscribers than expected for the first three months of 2017, while the No. 1 subscription-video provider said it will surpass the 100-million mark this coming weekend.
   In 2017, the company plans to spend more than $1 billion marketing its content, Netflix said in the shareholder letter.


Perspective.  For those who can read. 
Amazon expands its literary horizons, making big imprint in translation niche
The literary translation community in the U.S. has a tradition of being highbrow, a carefully tended yet narrow reflection of the stirrings of global culture beyond the Anglosphere.
Then Amazon.com jumped in, like a whale into a koi pond.
   AmazonCrossing, the publishing unit devoted to scouring the world for good tales, has in a short time become the most prominent interpreter of foreign fiction into English, accounting for 10 percent of all translations in 2016, more than any other publishing house in a field populated by small imprints.
   Yet Amazon’s shine has been tarnished by a contentious relationship with New York publishing houses, bookstores and some authors.  Many bookstores — hurt by the online retailer’s dominance in book sales and its pricing power — have boycotted titles published by Amazon.  They’re also less likely to get reviewed by the traditional literary outlets, experts say.


This could be amusing just for the potential comparisons!  
Steve Ballmer Serves Up a Fascinating Data Trove
   On Tuesday, Mr. Ballmer plans to make public a database and a report that he and a small army of economists, professors and other professionals have been assembling as part of a stealth start-up over the last three years called USAFacts.  The database is perhaps the first nonpartisan effort to create a fully integrated look at revenue and spending across federal, state and local governments.
   Using his website, USAFacts.org, a person could look up just about anything: How much revenue do airports take in and spend?  What percentage of overall tax revenue is paid by corporations?


For my geeks.
If you’re thinking of learning Python, you might be overwhelmed by the initial setup process.  You need to install Python on your system, then learn how to use the command line to process code, or learn how to use the interactive shell, or learn how to set up a Python IDE.
Ignore all of that. It’s unnecessary until you know whether Python is right for you.
Instead, we recommend using an online interactive shell, which is just a website that lets you write and execute Python code and instantly see the results.  No need to install anything.


Worth a look?

No comments: