Sunday, July 16, 2017

Something for my students to kick around.  Did they have a massive breach?  How do you determine the facts, and would that impact their stock price? 
Jio breach prompts calls for new cyber law
Fears that Indian telecom upstart Reliance Jio suffered a major data breach, compromising the personal data of over 100 million customers, have prompted calls for India to adopt more robust laws to protect consumers.
Jio has repeatedly denied that any breach took place and said that names, telephone numbers and email addresses of Jio users on a website called “Magicapk” appeared to be “unauthentic.” The website was later shut down.
   In contrast to companies in the European Union, which has stringent data protection standards, companies in India do not have to disclose data breaches to clients, information security professionals said.

(Related)  Do they start their inquiry with a presumption of a coverup? 
Telecom department to seek detail over data breach from Jio
The Department of Telecom (DoT) will soon seek details of alleged subscriber data breach of Reliance Jio, a top official said today.
   A Maharashtra Cyber Police senior officer confirmed that some leak had occurred but declined to share details about the quantum of the breach.


Failure to disclose even before President Trump.
So what did we miss because the Veterans Administration stopped posting their monthly breach reports to Congress on their web site?  DataBreaches.net filed a Freedom of Information request on June 7, and the VA has responded by providing all of the requested monthly reports for the period May, 2016 – June 7, 2017.  As an overview: there appears to be no major shift in the number of breaches reported each month by the VA.
The monthly reports generally contain descriptions of incidents in which numbers of veterans were either sent HIPAA notifications or offers of credit protection services.  In addition, the VA provides a summary of how many mishandling incidents, mismailing incidents, and mismailed  Consolidated Mail Outpatient Pharmacy (CMOP) incidents there were.  For comparison purposes, in June 2016, there were 186 mismailing incidents, 6 mismailed CMOP incidents, and 117 mishandling incidents.  In May, 2017, there were 199 mismailing incidents, 7 mismailed CMOP incidents, and 111 mishandling incidents.  To keep these in perspective, however, it is important to note that these are a tiny percentage of all of the incidents VA facilities handle on a monthly basis.
But here are 22 breach incidents I found in the reports, below.  Only one resulted in any press release or media coverage at the time – at least as far as DataBreaches.net can determine – which is why we need the VA to be transparent and make these reports publicly available.
In chronological order, beginning with May, 2016: [Omitted.  Bob]


Unlikely to find a home in Washington…
(14 July 2017) The Privacy Commissioner for Personal Data, Hong Kong (“Privacy Commissioner”) Mr Stephen Kai-yi WONG welcomed the passing of the Apology Bill by the Legislative Council yesterday (13 July).
Mr Wong said, “The enactment of the Apology Ordinance will generally help to protect persons who wish to make an apology without fear of attracting legal liability.  In the handling of complaints involving personal data privacy, the parties being complained against (“PCAs”) may become more willing to make an apology on, which helps ease the tension between the affected data subjects and the PCAs, and hence mitigate the damage to the data subjects.  The legislation also generally facilitates and promotes conciliation of disputes by other means such as mediation.  By making apologies, the PCAs are usually more co-operative and willing to accept the PCPD’s recommendations and take appropriate remedial measures in a positive manner.”
Having regard to past data breach cases involving government departments or public bodies, for those that made apologies, they also took prompt actions to mitigate the damages and took proactive steps toward data protection without delay.
The Privacy Commissioner believed that the enforcement of the Apology Ordinance will encourage the PCAs to become more willing to make apologies to the data subjects involved for infringement of their privacy rights, which generally facilitates and promotes conciliation of disputes.


Less than complete re-engineering, but still may work.  Perhaps the smaller battery won’t be as likely to short out? 
iFixit teardown confirms Note 7 Fan Edition is just a Note 7 with a new, smaller battery
Like a phoenix from the ashes, Samsung’s ill-fated Galaxy Note 7 has emerged from the fires of its battery woes reborn as the Samsung Galaxy Note 7 Fan Edition, a refurbished Note 7 that, hopefully, won’t explode.


So I guess that was “Fake News?” 
An Amazon Echo Can't Call the Police—But Maybe It Should
Despite what you may have heard, an Amazon Echo did not call the police earlier this week, when it heard a husband threatening his wife with a gun in New Mexico.
   Someone called the police that day.  It just wasn't Alexa.
   Alexa's current calling limitations won't last forever.  The Echo's biggest competitor, Google’s Home, will soon allow you to call any number in the US using the device–except for 911, or 1-900 numbers.
The holdup seems to be largely regulatory; according to Federal Communications Commission spokesman Mark Wigfield, providing 911 services means adhering to a host of technical regulations, everything from making sure all 911 calls route through the right call center, to making sure each one transmits the correct location of the caller.  Additionally, devices that make 911 calls must also be able to receive incoming calls, so police can call back.  Those hurdles currently prevent Google and Amazon from offering a direct emergency line.  But they can, and likely will, be overcome at some point.


How Facebook makes money.
Facebook is putting ads everywhere in hopes of finding the next News Feed
Facebook has a cash cow.  It’s called News Feed, and for the past five years, it has been the company’s core money maker and source of revenue growth.
But there is a problem looming: Facebook has been saying for the past year that it is running out of places to put ads in News Feed.  The company has determined that it can’t put more ads into users’ feeds without harming their experience.


Perhaps a life size T-Rex? 
View and Print 3D Models of Smithsonian Artifacts
Smithsonian X 3D (SIx3D) offers a neat way for students to learn about artifacts from the Smithsonian museums.  The site is the result of a collaboration between Autodesk and the Smithsonian Institution.  More than artifacts are currently featured on Smithsonian X 3D.  The artifacts can be viewed as 3D models that you can virtually manipulate.  Many of the artifacts have accompanying fact sheets through which you can learn about the artifact's history and significance.  A screenshot of the fact sheet accompanying the model of the Philadelphia (a gunboat) is included below.

No comments: