Wednesday, July 26, 2017

Big Data, big breaches, huge numbers of records stolen…  The market for my Computer Security students should also be huge. 
2,227 Breaches Exposed 6 Billion Records in First Half of 2017: Report
The number of publicly disclosed data compromise events through June 30 remained in line with the number of breaches disclosed mid-way through 2015 and 2016, but the total number of records exposed surpassed 2016’s year-end high mark.
The top 10 data breaches exposed 5.6 billion of the 6 billion records compromised, and had an average severity score of 9.82 out of 10.0, Risk Based Security’s report (PDF) reveals.

(Related).  Sounds small compared to the cost of all security breaches, but smaller victims are hit hard.
Russell Brandom reports:
Ransomware victims have paid more than $25 million in ransoms over the last two years, according to a study presented today by researchers at Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering.  By following those payments through the blockchain and comparing them against known samples, researchers were able to build a comprehensive picture of the ransomware ecosystem.
Read more on The Verge.


Addressing claims of underreporting? 
HHS Unveils Improved Web Tool to Highlight Recent Breaches of Health Information
by on
“The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) today launched a revised web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and to learn how all breaches of health information are investigated and successfully resolved.  The HIPAA Breach Reporting Tool (HBRT) features improved navigation for both those looking for information on breaches and ease-of-use for organizations reporting incidents.
   The HBRT may be found at:  https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf.  For additional information on HIPAA breach notification, visit:  https://www.hhs.gov/hipaa/for-professionals/breach-notification


For my Computer Forensic students.


Searching for Privacy violations is probably not high on their priority list. 
Newly declassified memos detail extent of improper Obama-era NSA spying
The National Security Agency and Federal Bureau of Investigation violated specific civil liberty protections during the Obama years by improperly searching and disseminating raw intelligence on Americans or failing to promptly delete unauthorized intercepts, according to newly declassified memos that provide some of the richest detail to date on the spy agencies’ ability to obey their own rules.
The memos reviewed by The Hill were publicly released on July 11 through Freedom of Information Act litigation by the American Civil Liberties Union.
They detail specific violations that the NSA or FBI disclosed to the Foreign Intelligence Surveillance Court or the Justice Department's national security division during President Obama’s tenure between 2009 and 2016.
   The NSA says that the missteps amount to a small number — less than 1 percent — when compared to the hundreds of thousands of specific phone numbers and email addresses the agencies intercepted through the so-called Section 702 warrantless spying program created by Congress in late 2008.


I wonder how our intelligence services are using this.  Could we be supplying a bit of propaganda?  Trolling for potential defectors?  Attempting to recruit regime changers?
North Korea's Elite More Connected Than Previously Thought
Telecommunications capability in North Korea is three-tiered.  The vast majority of people have neither internet nor North Korean intranet connectivity -- they simply have mobile telephony voice, text and picture/video messaging within the domestic provider, Koryolink.
A small group of others, including university students, scientists and some government officials, can access the state-run North Korean intranet, Kwangmyong, that links libraries, universities and government departments and comprises a limited number of domestic websites.
A much smaller group from the ruling elite does, however, have full access to the internet.  From April 1 through July 6, 2017, Recorded Future analyzed internet traffic from this small group of officials, and concluded that the standard view of North Korea is not entirely accurate: its leadership at least is not isolated from the rest of the world.
In a report and analysis conducted in partnership with Team Cymru and published today, Recorded Future notes that North Korean leadership's internet activity is little different to the rest of the world's internet activity: "North Koreans spend much of their time online checking social media accounts, searching the web, and browsing Amazon and Alibaba," notes the report.  "Facebook is the most widely used social networking site for North Koreans, despite reports that it, Twitter, YouTube, and a number of others were blocked by North Korean censors in April 2016."


Global company, global law?
Google Fights Against Canada's Order to Change Global Search Results
In June, Canada's Supreme Court came down on Google—hard.  It ruled that the tech giant must take down certain Google search results for pirated products.  And not just in Canada, but globally.  Now, Google is going south of the Canadian border to push back on this landmark court ruling.  The tech giant filed an injunction Monday with the US District Court for Northern California, arguing that globally removing the search results violates US law, and thus Google should not be forced to comply with the Canadian ruling.
Because the case had already made its way to the highest court in Canada, Google should have not been able to fight the ruling.  But Google is hoping to find a loophole on American soil by arguing this violates the First Amendment.
“We’re taking this court action to defend the legal principle that one country shouldn’t be able to decide what information people in other countries can access online,” says David Price, senior product counsel at Google.  “Undermining this core principle inevitably leads to a world where internet users are subject to the most restrictive content limitations from every country.”


Disrupting advertising?  Probably won’t win Facebook many friends.  Could Russia (or an agent) promote the “news” it prefers?
Paying To Promote News Stories On Facebook Is The Ad World’s Favorite New Tactic
When the workplace gossip app Blind expanded its product’s availability earlier this summer, it got the word out via an age-old tactic: advertising.  But instead of running a traditional ad campaign, the company took a route gaining favor among advertisers big and small: It paid Facebook to promote a favorable review of its service.
Blind spent thousands of dollars promoting a Mashable article headlined “Silicon Valley's secret app Blind opens the floodgates.”  The post drove more than 11,000 visits to its app download page, according to publicly available analytics.  The campaign worked out nicely for Blind — and for Facebook, a master at making money off of other people’s content.  But Mashable, which sells advertising to companies like Blind, didn’t see a dime.  Neither did any other traditional publisher.


Is “big” always “bad?”
In the 1980s and 1990s, Blockbuster modernized the movie rental business.  It offered far more movies than its smaller rivals, used computers to better manage that inventory, and designed its stores to be bright and family friendly.  By 1993, just eight years after its founding, Blockbuster was the global leader in movie rentals, with more than 3,400 stores worldwide.
Then Netflix happened.  Blockbuster went bankrupt in 2010.
Economist Luigi Zingales mentions the Blockbuster story in a recent paper as an example of how the economy ought to work.  A company has an innovative idea, which for a while provides competitive advantage.  Later on, a new innovator comes along and pushes it aside.
But Zingales fears that this isn’t happening as often as it should.  Instead, he argues, the U.S. economy may be succumbing to what he calls “the Medici cycle,” named for the powerful family of medieval Florence.  Their motto — or at least the motto often attributed to them — was “Money to get power. Power to protect money.”  And Zingales fears that a version of this motto aptly describes the true strategy of at least some of corporate America.
Zingales’s paper is the latest in a flurry of research and commentary on the rising concentration of corporate power in the U.S.


A slight exaggeration but I wonder why President Trump hasn’t claimed victory?
Now hiring every available human: Amazon posts 50,000 warehouse jobs in U.S.
   Of those postings, 10,000 are for part-time gigs, while the rest are for full-time positions. The roles span the duties required to “pick, pack, and ship customer orders” across its various warehouses, the company said.
Back in January, Amazon said it would increase its U.S. headcount over the next 18 months to 280,000 employees, an increase of around 55 percent.
   The company is hosting job fairs at 10 of its fulfillment centers on August 2 to give candidates a look inside, and it plans to make job offers to some candidates on the spot.


For my students, because I want recent article, nothing more than two years back.  (200 Internet years)


Just in case you are wondering…
Check online for contaminants in your city's drinking water
You can learn what’s in your drinking water with a new database that allows you to type in your ZIP code and find out which contaminants are going along for the ride when you turn on the faucet.

No comments: