Coming
soon to an airport near us?
Australian
airport hack was “a near miss” says government’s cybersecurity
expert
A 31-year-old Vietnamese man has been jailed for a
hacking attack that compromised the computer network of Perth
International Airport, and reportedly resulted in the theft of
building plans and sensitive security protocols.
Alistair MacGibbon, cybersecurity advisor to
Australian Prime Minister Malcolm Turnbull, told
local media that “a significant amount of data” was taken by
the hacker, although radars and other systems linked to aircraft
operations were not accessed.
… What is perhaps most interesting to us is
just how the hacker managed to breach sensitive computer systems at
the international airport.
The answer is sadly predictable. The hacker
simply used the login credentials of a third-party contractor to gain
unauthorised access to what should have been a well-secured network.
… it should never be acceptable for someone to
log into a corporate network remotely with just a username and
password. At the very least, additional measures such as two-factor
authentication and IP whitelisting can be used to reduce the chances
of an unauthorised hacker crowbarring their way onto the network.
In the case of this particular attack, with the
hacker apparently being based in Vietnam, a simple geo-IP lookup
could have ascertained that an attempt was being made to log into the
airport’s network from a country where external contractors may not
be expected to be located.
Is
this the future?
Estonia,
the Digital Republic
Its government is virtual, borderless,
blockchained, and secure. Has this tiny post-Soviet nation found the
way of the future?
For
my Data Management students.
Study
Examines Value of Data
In
mitigating an asset-risk by risk transfer (such as an insurance
policy), the value of the asset is directly related to the cost of
the transfer (the insurance premium). The same principle should be
applied to other forms of risk mitigation, such as defending the
asset. Where the asset is
data, an information security policy should reflect the value of the
data -- but this assumes that the value of data is understood.
Trustwave,
a Chicago, IL-based threat, vulnerability and compliance management
firm, wanted to see how organizations value the prime categories of
the data they hold -- which it assumes to be personally identifiable
information (PII), payment card data (PC), intellectual property
(IP), and email content information. It commissioned Quocirca to
analyze the financial value placed by different industry segments in
different geographical regions on these four categories of data.
Five hundred IT and risk managers were surveyed in the U.S., Canada,
Australia, Japan and the UK (100 for each region).
Two
specific metrics are used in the ensuing report (PDF):
the per capita value (PCV) for data; and a data risk vigilance (DRV)
score. PCV is calculated by dividing the overall value of a data set
by the number of records it contains. It consequently provides a
subjective view for each organization. The same principle was also
applied to discover the comparative data PCVs for the criminal
fraternity and regulators.
The
second metric, the DRV score, isn't simply a question of security
budgets, but aggregates ten factors -- four relating directly to
risk, four to data value assessments and two to the impact of data
theft.
Looks
like we don’t have universal agreement on this topic.
Radio NZ reports
that John Edwards, New Zealand’s Privacy Commissioner, has taken a
position opposing the United States in its case involving information
held in an Irish centre owned by Microsoft.
America’s government wants to access private information about a US citizen accused of drug trafficking, which is held in an Irish centre owned by Microsoft.
Rather than asking Ireland to hand over the information, the government wants to seize it under US search warrant laws.
Mr. Edwards’s submission took the position that
if the U.S. were to prevail, that would enable them to seize
information held in New Zealand under a U.S. search warrant, which
is… well… not acceptable.
How many countries have to push back against the
long arm of a U.S. search warrant, and will the U.S. Supreme Court
care what they say/think?
“If
we don’t say these words out loud, people will forget they exist.”
CDC gets
list of forbidden words: fetus, transgender, diversity
… Policy analysts at the Centers
for Disease Control and Prevention in Atlanta were told of the
list of forbidden words at a meeting Thursday with senior CDC
officials who oversee the budget, according to an analyst who took
part in the 90-minute briefing. The forbidden words are
“vulnerable,” “entitlement,” “diversity,” “transgender,”
“fetus,” “evidence-based” and “science-based.”
For my Spreadsheet and my Statistics students.
I’m going to save this for later…
An update on the Dotcom case.
New Zealand
judge dismisses 7 of Kim Dotcom's 8 arguments against extradition to
US
… The arguments were part of Dotcom's appeal
of a High Court decision made earlier this year, which states that he
is eligible to be extradited to the US. That appeal will be heard in
February, according
to the New Zealand Herald.
,,, The eighth argument, which was allowed to
remain, involves a decision by the deputy solicitor-general in June
to order that clones be made of the electronic devices seized from
Dotcom's home, so that they could be sent to the US.
… Dotcom has been fighting extradition to the
US since 2012, when his now defunct Megaupload file-hosting site was
shut down by the US government and Dotcom and his associates were
arrested in New Zealand.
No comments:
Post a Comment