Unless something bigger happens, this is probably
the breach I’ll talk about in my first Computer Security class.
Not just another case of: “The default is ‘Public’ and we
forgot to change it.” Amazon has changed the default to “Specified
users only.” These bozos changed it to, “Anyone with a free
Amazon Web Services Account!”
Massive
leak exposes data on 123 million US households
… Though no names were exposed, the data set
included 248 different data
fields covering a wide variety of specific personal
information, including address, age, gender, education, occupation
and marital status. Other fields included mortgage and financial
information, phone numbers and number of children in the household.
"From home addresses and contact information,
to mortgage ownership and financial histories, to very specific
analysis of purchasing behavior, the exposed data constitutes a
remarkably invasive glimpse into the lives of American consumers,"
UpGuard researchers Chris Vickery and Dan O'Sullivan wrote in their
analysis.
… The repository contained massive data sets
belonging to Alteryx partner Experian,
a consumer credit reporting agency that competes with Equifax, and
the US Census Bureau, researchers said.
(Related). More details…
… While
the Census data consists entirely of publicly accessible statistics
and information, Experian’s ConsumerView marketing database, a
product sold to other enterprises, contains a mix of public details
and more sensitive data. Taken together, the exposed data reveals
billions of personally identifying details and data points about
virtually every American household.
…
While, in the words of Experian, “protecting consumers is our top
priority,” the accumulation of this data in “compliance with
legal guidelines,” only to then see it left downloadable on the
public internet, exposes affected consumers to large-scale misuse of
their information - whether through spamming and unwanted direct
marketing, organized fraud techniques like “phantom
debt collection,” or through the use of personal details for
identity theft and security verification.
… On
October 6, 2017, UpGuard Director of Cyber Risk Research Chris
Vickery discovered an Amazon Web Services S3cloud storage bucket
located at the subdomain “alteryxdownload” containing sensitive
consumer information. While the default security setting for S3
buckets would allow only specifically authorized users to access the
contents, this bucket was configured via permission settings to allow
any AWS “Authenticated Users” to download its stored data. In
practical terms, an AWS
“authenticated user” is “any user that has an Amazon AWS
account,” a
base that already numbers over a million users; registration
for such an account is free. Simply put, one dummy
sign-up for an AWS account, using a freshly created email address, is
all that was necessary to gain access to this bucket’s contents.
…
While the spreadsheet uses anonymized record IDs to identify
households, the other information in the fields - as well as another
spreadsheet in the bucket, to be discussed shortly - are sufficiently
detailed as to be not merely often identifying, but with a high
degree of specificity.
[A
very long list of fields follows this paragraph. Bob]
Good News: The threat from North Korea is
temporarily reduced. Bad News: Angering the “little fat guy”
might result in an attack like the one on Sony.
U.S. says
Facebook and Microsoft disabled North Korean cyber threats
Facebook Inc and Microsoft Corp disabled a number
of North Korean cyber threats last week, a White House official said
on Tuesday, as the
United States publicly blamed Pyongyang for a May cyber attack
that crippled hospitals, banks and other companies.
(Related).
Australia,
Canada, Others Blame North Korea for WannaCry Attack
The
United States is not the only country to officially
accuse North Korea this week of being behind the WannaCry
ransomware campaign. Canada, Japan, Australia and New Zealand have
also blamed Pyongyang for the attack.
The
U.K.
accused North Korea in late October, and the other Five Eyes
countries and Japan have now done the same.
(Related).
Three
Questions on the WannaCry Attribution to North Korea
… Nonetheless, the attribution raises several
important questions.
1. Where’s the evidence?
2. What should be the
respective roles of the government and private companies?
3. Did North Korea violate
international law?
If any of my Computer Security students admit to
using one of these passwords, they immediately fail the course.
An excellent example of a social media “Oopsie!”
Elon Musk
accidentally tweets his private phone number
Energy and transport entrepreneur Elon Musk
accidentally tweeted his private phone number to his 16.7 million
followers on Tuesday.
The Telsa and SpaceX CEO divulged the number in
what was meant to be a message to John Carmack, head of technology at
virtual reality firm Oculus.
"Do you have a
sec to talk? My cell is ..." Mr Musk wrote.
Social media monitoring? We don’t offer that
class, yet. (Had some training on similar topics last night though.)
The People
Who Read Your Airline Tweets
… Nowadays, people have gotten used to having
back-and-forths with customer service representatives. In any given
hour, JetBlue makes public contact with 10, 15, 20 different people.
American Airlines receives 4500 mentions an hour, 70 to 80 percent of
them on Twitter. Both companies staff their social teams with
long-time employees who are familiar with the airlines’ systems.
Both hire internally out of the “reservations” team, so they know
how to rebook flights and make things happen. At American, the
average social-media customer-support person has been at the company
for 17 years.
Every major airline has a team like this.
Southwest runs what it calls a “Listening
Center.” American Airlines calls it their “social-media
hub” in Fort Worth, Texas. Alaska has a “social
care” team in Seattle that responds to the average tweet for
help in two minutes and 34 seconds, according
to a report by Conversocial.
“We settled on this, so it’s a new law?”
Cory L. Andrews of Washington Legal Foundation has
an OpEd that begins:
The Federal Trade Commission (FTC) has developed a well-known penchant for using individually negotiated settlement agreements and consent decrees to announce for the first time what qualifies as “unfair” or “deceptive” conduct under the FTC Act. In the data-privacy arena, FTC views these enforcement actions (and the resulting consent decrees) as a source of “common law” that places the business community on sufficient notice of what data-security practices § 5 of the FTC Act requires.
The U.S. District Court for the Western District of Washington recently ratified that view in a controversial ruling, Veridian Credit Union v. Eddie Bauer. The case arose following a 2016 cyberattack on Eddie Bauer’s network that compromised customers’ payment-card data. Veridian Credit Union, whose cardholders had their data stolen after shopping at Eddie Bauer, brought suit under Washington’s Consumer Protection Act (CPA), which like § 5 of the FTC Act also allows courts to award treble damages to private plaintiffs who are injured by “unfair” or “deceptive” acts. Veridian alleged that Eddie Bauer’s failure to adopt data-security measures that FTC has required in other cases constitutes an “unfair” practice under the Washington CPA.
Read more on Forbes.
The concerns raised in this piece will sound
familiar to those who have followed the LabMD case and/or the
academic scholarship of Dan Solove and Woodrow Hartzog, who have
written extensively about the consent decrees as a source of “common
law.”
I suppose I will need to explain the “Streisand
Effect” to my Computer Security students.
So I’m not sure whether to tag this as “shoot
the messenger” or an attack on press freedom – or maybe both, but
MANX
Radio reports:
The firm at the centre of the Paradise Papers says it’s pursuing legal action against those who made allegations.
Appleby, which has a large office in Douglas, had millions of confidential files leaked earlier this year, sparking a global debate about tax ethics.
Many of them surrounded the affairs of wealthy individuals operating in the Isle of Man.
There has been speculation over the legality of the data leak since it went public in November – and now Appleby has formally hit back, saying it is ‘obliged’ to file proceedings against the UK outlets who broke many of the stories.
I know that press rules are different in the UK
and other areas than they are here, but I’d love to know exactly
what law(s) Appleby alleges have been violated – are they claiming
that the news outlets violated law by simply receiving/possessing the
leaked documents?
Bosses have demanded The Guardian and the BBC hand over the documents they’ve seen and used in investigations.
Oh my. I don’t know how that works elsewhere,
but over here, there would certainly be vigorous resistance to any
such demand.
The firm is also seeking damages, claiming there was ‘no public interest’ in any of the stories published.
Did the public read the stories and discuss them?
Did they seek more coverage? And if so, was their interest just idle
curiosity or was there something meaningful to the public about
revelations in the news reports?
Both media outlets have vowed to defend themselves in any future proceedings.
I wonder if Appleby’s has heard of the Streisand
Effect. I just don’t see this litigation really helping them.
Interesting. Could the state of Colorado do the
same?
High-speed
broadband to be legal right for UK homes and businesses
Government says internet providers will be legally
obliged from 2020 to meet user requests for speeds of at least 10Mbps
Perspective.
Here come
the drones
December 19, 2017 – 8%
of Americans say they own a drone, while more than half have seen one
in operation: “Drones are catching on as consumer goods. As of
mid-2017, 8% of Americans
say they own a drone and 59% say they have seen one in
action, according to a Pew Research Center survey. But while drones
– that is, aircraft without on-board human pilots – are more
prevalent than they were a few years ago, many have reservations
about where and under what circumstances their use should be allowed.
The survey shows modest differences in rates of ownership by gender
and age. Slightly more men (11%) than women (6%) say they own a
drone, as do more people ages 18 to 49 (12%) compared with those 50
and older (4%).
Perspective.
…
In an October study with nearly 2,000 American participants aged 18
to 59, the percentage of consumers who utilized cable TV and
Netflix in
2017 were even.
The report reveals that 73 percent of respondents
were subscribed to pay-TV this year, which is 'down from 76 per cent
last year and 79 per cent the year before,' according to the survey
conducted by PricewaterhouseCoopers.
Another shocking part of
the survey finds that a whopping 82 per cent of sports watchers admit
they would 'end or trim their pay-TV subscription if they no longer
needed it to access live sports.'
As we expand our use of the “flipped classroom”
these become more useful. Ans not just on Chromebooks.
Seven Ways
to Create Screencasts on Chromebooks
With the addition of Screencast-O-Matic
there are now seven tools that teachers and students can use to
create screencast videos on their Chromebooks.
If you missed yesterday's news, Screencast-O-Matic
is currently offering a public
beta of their Chrome app. To use Screencast-O-Matic on your
Chromebook you will need to go
to this page while on your Chromebook, click launch recorder,
install the Chrome app when prompted, and then start recording your
screen. Screencast-O-Matic on a Chromebook will let you record for
up to fifteen minutes per video. You can include your own narration
as well as sounds from your Chromebook in your screencasts.
Completed videos can be saved to Chromebook or saved directly to
Google Drive.
Loom
is a free screencasting tool that works on Chromebooks, Macs, and
Windows computers. Loom is a Chrome extension. With Loom installed
you can record your desktop, an individual tab, and or your webcam.
That means that you could use Loom to just record a webcam video on a
Chromebook. Of course, this also means that you can use Loom to
record your webcam while also recording your desktop. Loom
recordings can be up to ten minutes long. A completed recording can
be shared via social media and email. You can also download your
recordings as MP4 files to upload to YouTube or any other video
hosting service.
Soapbox
is a free tool from Wistia that makes it easy to create great
screencast videos on a Chromebook or any computer that is using the
Chrome web browser. With Soapbox installed in the Chrome web browser
you can quickly record your screen and your webcam at the same time.
The most distinguishing feature of Soapbox is that you can have your
video transition from your screen to your webcam to a combination of
the two. Soapbox includes some simple editing tools for zooming in
on an area of your screen and calling attention to specific parts of
your screen.
ViewedIt
is a free Chrome extension that makes it quick and easy to create and
share screencast videos. With the extension installed you can record
your entire screen or just one window tab. ViewedIt will let you
record yourself with your webcam too. The best part of ViewedIt is
that you can track who watches your video. To record on ViewedIt
you simply have to click the extension icon then choose what you want
to record. When you're done recording your video is automatically
stored on ViewedIt. From ViewedIt you can share your video via email
and social media. If you choose to share via email, you will be able
to track who watched your video.
Nimbus
Screenshot is my favorite tool on this list because of its ease
of installation and it is the only tool on this list that provided a
customizable countdown timer. I like the countdown timer because it
gives me a few seconds to prepare to start talking over my
screencast. The other tools just started recording the second that I
hit the record button. Nimbus Screenshot was also the easiest to
install and configure on my Chromebook. Screencasts recorded with
Nimbus Screenshot can be saved to your local drive or to an online
Nimbus account. I usually choose to save to my local drive then
upload to my
YouTube channel. You can also save to your local drive then send
it to Google Drive or another online storage service.
CaptureCast
lets you record your webcam while recording your screen which you
cannot do with the Nimbus tool. You can choose to record your
screen, your screen and your webcam, or just your screen or just your
webcam. CaptureCast gives you three options for recording
definition. So if you're on a slower network you can choose a lower
resolution recording to save processing time. CaptureCast lets you
save a recording locally or send it to YouTube or to Vimeo.
Screencastify
might have the most name recognition in this list, but I don't like
it as much as some other tech bloggers like it. The set-up process
asks a lot questions that could confuse new users. The free version
limits recordings to ten minutes and puts a watermark on the
recording. On the upside, there is an option to upload directly to
YouTube.
Since Math is a prerequisite for any of the
programming classes, this could become useful too.
ADA Project
- An Open Multimedia Mathematics Textbook
ADA
Project is a great resource being developed by a mathematics
teacher named Sam Powell. The ADA Project is an open multimedia
mathematics textbook that covers everything from basic arithmetic
through calculus.
When you visit the ADA Project's homescreen you
can choose a category then choose a topic. Within each topic you
will find a set of sample problems. Each sample problem is
accompanied by a link to reveal the answer, the solution, a video
about the solution, and a link to a discussion forum. Take a look at
this
set of long division problems to get a sense of how the ADA
Project works.
Teachers are invited to contribute to the ADA
Project's development by submitting problems, solutions, videos, and
discussions. You can submit one or all four of those pieces for
inclusion in the ADA Project. The submission form is found here.
Although it is off to a great start, the ADA
Project is still a work in progress. At this point it will make a
good supplement to the textbook and other reference materials that
you use in your mathematics lessons.
The ADA Project will get better through the
contributions of other mathematics teachers who make submissions to
it.
No comments:
Post a Comment