If you collect everything that a hacker could
possibly want into one, poorly protected database, you should expect
hackers to try for it.
Shashank Shekhar reports:
Damning details related to Aadhaar card security have emerged after the Uttar Pradesh Special Task Force on Sunday arrested 10 members of a gang allegedly involved in issuing fake biometric cards. Investigators told Mail Today that the gang members had not only hacked the secure ‘source code’ to access the application but also cloned fingerprints of authorised issuing authorities by using gelatin gel, laser and silicon.
The exposure raises serious questions on the Centre’s efforts to link its various schemes, PAN, individual bank accounts and mobile numbers with Aadhaar card, hitherto considered foolproof.
Read more on India
Today.
[From
the article:
"The operators made copies of the login
details used by valid enrolment centres, issued by UIDAI, the nodal
authority mandated to issue the 12-digit unique number. They were
also able to crack and replicate the application for the retinal
scanning, an ocular-based biometric technology."
… Singh said the team was yet to ascertain the
enormity of the operation as these members are believed to have
shared or sold these codes to other centres as well.
… "These gang members may have got the
access to that source code and tampered the biometric authentication
like fingerprints and IRIS. So now, these illegal centres had
software to login to Aadhaar sever without using any biometric
details, which is worrisome," the web security expert
added.
A most interesting email from the “IRS.” If
this is real, it is very poorly done. Perhaps this is just the
government being uniquely strange, but I can think of no legitimate
reason to change a username. I’m waiting for email number two
which will point me to a bogus IRS site.
“Due to system
updates, the IRS has changed your username for IRS online services.
No action is required on your part.”
One clue this is a phishing email:
“Your
password has not changed.”
So
I go to their site and enter a real password which they can then use
to connect to my IRS account?
We will discuss this a lot in my Digital Forensics
class.
From the law firm of Bryan
Cave LLP:
A comprehensive analysis of class action
lawsuits involving data security breaches filed in United States
District Courts.
2016 was another year in which data breaches continued to dominate the headlines, a constant reminder to people that their personal information was vulnerable and the target of criminal attacks. Yet, despite the fact that data breaches do not appear to be going away anytime soon, the risk that a company will face litigation following a data breach remains relatively low year-after-year. The reason is likely tied to the difficulty plaintiffs continue to face establishing that they were injured by a breach and, therefore, have standing as a matter of law to bring suit.
Nonetheless, fear is a powerful marketing strategy, and we continue to see misinformation disseminated to the public about the likelihood of being sued after a data breach. This is not to say that companies should not continue to devote significant resources to breach preparation, information security, and breach response. But we are firm believers in allocating resources in proportion to the risk of harm, and litigation arising from a breach generally does not occur except in cases of public breaches involving large quantities of highly sensitive information.
Bryan Cave LLP began its survey of data breach class action litigation five years ago to rectify the information gap and to provide our clients, as well as the broader legal, forensic, insurance, and security communities, with reliable and accurate information concerning the risk associated with data breach litigation. Our annual survey continues to be the leading authority on data breach class action litigation and is widely cited throughout the data security community.
Our 2017 report covers federal class actions initiated over a 12 month period from January 1, 2016 to December 31, 2016 (the “Period”). Our key findings are:
-
Modest increase in filings. 76 class actions were filed during the Period. This represents a modest 7% increase in the quantity of cases filed as compared to the 2016 Data Breach Litigation Report (the “2016 Report”).
-
Continued “lightning rod” effect. Consistent with prior years, many of these lawsuits cluster around the same high-profile breaches. When multiple filings against single defendants are removed, there were only 27 unique defendants during the Period. This indicates a continuation of the “lightning rod” effect noted in previous reports, wherein plaintiffs’ attorneys file multiple cases against companies who had the largest and most publicized breaches, and generally bypass the vast majority of other companies that experience data breaches.
-
Decrease in filings as a function of the quantity of breaches. Approximately 3.3% of publicly reported data breaches led to class action litigation. Unlike in prior years, in which the percentage of class action lawsuits has remained relatively steady at 4 or 5% of publically reported breaches, 2016 saw a slight decrease in litigation relative to the number of breaches.
-
Litigation forums cluster around location of defendants. The Northern District of California, the Middle District of Florida, and the District of Arizona were the most popular jurisdictions in which to bring suit in 2016. Choice of forum, however, continues to be primarily motivated by the states in which the company-victims of data breaches are based.
-
Medical industry disproportionately targeted by the plaintiffs’ bar; but may still be underweighted. Like the previous year, the medical industry was disproportionately targeted by the plaintiffs’ bar. Although 70% of publicly reported breaches related to the medical industry, only 34% of data breach class actions targeted the medical industry or health insurance providers.
-
Credit card breach litigation is flat. The percentage of class actions involving the breach of credit cards stayed relatively constant as compared to the 2016 Report, with credit and debit cards data accounting for 21% of the type of data involved in data breach class actions in 2016, slightly down from 23% for the previous reporting period. This may reflect the lack of high profile credit card breaches as in past years, difficulties by plaintiffs’ attorneys proving economic harm following such breaches, and relatively small awards and settlements in previous credit card related litigation.
-
Plaintiffs continue to experiment with legal theories. Plaintiffs’ attorneys continue to allege multiple legal theories. Plaintiffs alleged a total of 21 legal theories during this period.
-
Negligence has emerged as the clear theory of preference. While negligence was the most popular legal theory in the 2016 (and 2015) Report, it has increased from being included in 75% of cases to being included in nearly 95% of all cases.
-
Plaintiffs are focusing on sensitive categories of information. Plaintiffs’ attorneys overwhelmingly focused on breaches in this Period that involved information such as Social Security Numbers, medical treatment information, health insurance information, and security questions and answers, with 89% of cases in 2016 involving a breach of sensitive data.
Click here to read the full report.
No doubt many will quote this study without
reading the details.
http://wallstreetpit.com/114120-ubi-trillions-dollars-economy-study-finds/?google_editors_picks=true
UBI to Add
Trillions of Dollars to U.S. Economy, Study Finds
… In the United States, a report claims
that UBI will have a very positive impact on the country’s economy
which can attain a growth of as much as $2.5 trillion.
Roosevelt Institute research director Marshall
Steinbaum, Michalis Nikiforos of Bard College’s Levy Institute, and
Gennaro Zezza of the University of Cassino and Southern Lazio in
Italy have recently published their study
that shows the remarkable effects of three versions of UBI in an
eight-year period based on the Levy Institute macroeconometric model.
The Levy model, however, presupposes
that the potential of the economy is constrained due to low household
income. A highly-debatable opinion which the authors have
themselves admitted in the report.
… According to the authors, “Fundamentally,
the larger the size of the UBI, the larger the increase in aggregate
demand and thus the larger the resulting economy is.”
However, this
kind of growth could only be achieved if the UBI will be paid by
increasing federal debt not taxes.
“When paying for the policy by increasing taxes
on households, the Levy model forecasts no effect on the economy,”
the authors have further stated in their report. “In effect, it
gives to households with one hand what it takes away with the other.”
A trend for geeks.
The
Incredible Growth of Python
… You can see on Stack
Overflow Trends that Python has been growing rapidly in the last
few years
I don’t know if I can agree with them.
The Rise of
the Twitter Thread
The compelling,
incendiary literary form of the Trump era.
We don’t get
to choose the literary genre of our epoch, and in this
worst-of-times-worst-of-times political era, we have the Twitter
thread. A series of tweets, written by one person and strung
together by Twitter’s vertical border wall, the thread has emerged
as this year’s ascendant form of argument: urgent, galloping,
personality-driven and—depending on your view of the topic—either
tacky and misleading or damned persuasive.
… A form that requires precise and lively
storytelling, and the braiding together of seemingly disparate
details and history, has naturally attracted both literary and legal
minds.
… Sexton described threading to me as a
“linguistic exercise to see how the mind works in quick succession
while confined within a certain space.” Abramson has edited or
written more than a dozen books, mostly on or of poetry, and is also
a graduate of Harvard Law School and former public defender. He
calls threading “a formal gesture in the same way a sonnet is.”
I’m sure my students think like Dilbert when I
take points off.
No comments:
Post a Comment