Observations on articles I read to keep current about technology. My interests are: Privacy, security, business, the computer industry, and geeky stuff that catches my eye.
I don't think I have an agenda beyond my own amusement.
Note that I lump all my comments into a single post. This is not a typical BLOG technique, It's just an indication that I'm lazy.
Saturday, July 29, 2017
Perfect timing? Remember, it’s the hack that aren’t shared that
you have to worry about.
Security researchers from
China-based tech company Tencent have once again demonstrated that they can
remotely hack a Tesla. The
vulnerabilities they leveraged were quickly patched by the carmaker.
Tencent’s Keen Security Lab published a video last year
showing how they could hack a Tesla Model S, both while it was parked and on
the move. They took control of the
sunroof, turn signals, displays, door locks, windshield wipers, mirrors, the
trunk and even the brakes.
At the time, Tesla patched the vulnerabilities within 10
days, but claimed that the vulnerabilities were not as easy to exploit as it
appeared from the video published by Keen Security Lab researchers.
In a new video and blog
post published this week, the researchers claim they’ve once again
managed to hack a Tesla, this time a Model X, via a Controller Area Network
(CAN bus) and Electronic Control Unit (ECU) attack.
…In its video,
Keen Security Lab showed that it managed to remotely unlock the doors and trunk
in parking mode, control the brake in driving mode, and put on a light show
using the car’s headlights and taillights by taking control of multiple ECUs.
Rumba
attempts a foot-ectomy after sticking its foot firmly in its mouth.
iRobot, the maker of Roomba, made big news this week when an interview with its CEO mentioned plans to sell
the map data of customers’ homes to third parties. Today, the company launched damage control
measures and the CEO is spreading assurances that this is all just a big
misunderstanding.
…We reached out
to a spokesperson for iRobot, who tells Gizmodo that Reuters’ original article about iRobot contained “an
unintentional misinterpretation of Colin’s statements.” In fact, Reuters issued a correction today. The paragraph that set off a firestorm has now
replaced the words “sell maps” with “share maps for free with customer
consent.”
…So we know that
Reuters admits to the misunderstanding, but iRobot is still saying that it’s
considering sharing all that map data, just that they won’t sell it for cash. And a great way to guarantee “iRobot will never
sell your data” would be to include those exact words in Roomba’s privacy
policy. But iRobot wouldn’t commit to that.
…We’ve attempted
to get more information about exactly what data is being stored by iRobot but
company reps have avoided specificity.
Critical infrastructure operators
have long faced the formidable security challenges of zero-day vulnerabilities
and advanced persistent threats (APTs), both of which were employed in some of
the most prominent cyberattacks in the sectors to date. But one researcher is warning leaders in
government and industry of an old threat that, fueled by recent legislation and
commercial practices, is quickly surpassing zero days and APTs as perhaps the
greatest risk to critical infrastructure security.
The threat is what might be
called “weaponized metadata,” and the risks are detailed extensively in a new
report, Metadata:
The Most Potent Weapon in this Cyberwar, recently published by the
Institute for Critical Infrastructure Technology (ICIT), a Washington,
D.C.-based cybersecurity think tank.
The US-Led Coalition Is Steadily Decimating ISIS’s Propaganda
Operation
U.S.-executed decapitation strikes are eliminating key
ISIS propaganda leaders and hacking away at the terror group’s ability to
broadcast its jihadist message across the world from its dwindling holdfasts in
Syria and Iraq, Operation Inherent Resolve announced on July 27.
Friday, July 28, 2017
Is
nothing sacred? A very understandable
illustration.Now think about the same
types of hack in other environments.
Researchers Demo Physical Attack via Car Wash Hack
LAS VEGAS - BLACK HAT USA -
Researchers have created proof-of-concept (PoC) exploits to demonstrate how hackers can
cause physical damage to vehicles and injure their occupants by remotely
hijacking a connected car wash.
The attack was detailed in a presentation
at the Black Hat security conference this week by WhiteScope founder Billy
Rios, a researcher best known for finding vulnerabilities in medical
devices and industrial control systems (ICS),
and Dr. Jonathan Butts, founder of QED Secure Solutions and committee chair for
the IFIP Working Group on Critical Infrastructure Protection.
The experts pointed out that automated car wash systems
are essentially ICS and, just like industrial systems, they can be hacked and
manipulated.
…Rios and Butts discovered that the web-based
administration panel for the product, which is in many cases accessible
directly from the Internet, has many features, including for sending email
alerts and a widget for social media.
However,
the more problematic issue is that both the owner and engineer accounts for the
web interface are protected by weak
default passwords. They also discovered that the
authentication mechanism can be bypassed by a hacker.
Cyber mercenaries are breaching
the systems of governments, financial institutions, critical infrastructure,
and businesses, then selling access to them on a marketplace on the darknet, a
hidden internet accessible only via specialized software.
All of this is happening on a
darknet black marketplace known as the CMarket or “Criminal Market,” formerly
known as “Babylon APT.” The marketplace
contains a public market, invite-only submarkets, and hacker-for-hire services
ready to breach any network in any country.
The Epoch Times was provided with
analysis, screenshots, and chat logs from the marketplace by darknet
intelligence company BlackOps Cyber. An
undercover operative for the company gained access to the marketplace’s
invite-only sections and grew close to several of its top members.
Wells Fargo
Broadsided Anew With an Auto Insurance Sales Scandal
Wells Fargo & Co.’s campaign to
rebuild customer and shareholder trust just hit another bump, as the bank said it
may have pushed thousands of car buyers into loan defaults and repossessions by
charging them for unwanted insurance.
An internal review of the bank’s auto lending found more
than 500,000 clients may have unwittingly paid for protection against vehicle loss
or damage while making monthly loan payments, even though many drivers already
had their own policies, Wells Fargo said
in a statement late Thursday. The firm said it may pay as much as $80
million to affected clients -- with extra money for as many as 20,000 who lost
cars, “as an expression of our regret.”
Very
timely.My Architecture class will be
discussing metrics this week!
Report Depicts Shameful State of Cybersecurity Metrics
For years, Security has sought the ear of the Board and
claimed it was not offered. Today the
Board is listening; but all too often Security talks in a language that
Business does not understand. There is a
solution, but it is not yet maximized. That
solution is Metrics, a language spoken and understood by both Business and
Security; but not widely or effectively used.
The size of the task can be seen in just two statistics
from Thycotic's 2017 State of Cybersecurity Metrics Annual Report (PDF). Firstly, 1 in 3
companies invest in cybersecurity technologies without any way to measure their
value or effectiveness.
…The second
statistic is that four out of every five companies fail to include business
stakeholders in cybersecurity investment decisions. The result, in combination, is that through no
direct fault of its own, Business
doesn't understand what Security is doing, and has no way of knowing whether it
is effective.
…Using metrics to
demonstrate the overall efficiency or lack of efficiency in a company's
cybersecurity posture is difficult but not impossible. At the moment, however, companies are not
making use of, or even collecting, the statistics that are readily available. For example, four out of five companies never
measure the success of security training investments.
Two out of three companies don't fully measure whether
their disaster recovery will work as planned. And while 80% of breaches involve stolen or
weak credentials (from Verizon's DBIR),
60% of companies still do not adequately protect privileged accounts.
An all too common failure, given low priority.Watch what happens when North Korea crashes
their systems.
SEC must improve how it protects its networks against
cyberattacks, says watchdog
Wall Street’s top U.S. regulator needs to improve the way
it protects its own computer networks from cyber attacks, according to a new
report by a congressional watchdog office.
The 27-page report by the Government Accountability Office
found the Securities and Exchange Commission did not always fully encrypt
sensitive information, used unsupported software, failed to fully implement an
intrusion detection system and made missteps in how it configured its
firewalls, among other things.
“Information security control deficiencies in the SEC
computing environment may jeopardize the confidentiality, integrity, and
availability of information residing in and processed by its systems,” the GAO
said.
Just in case you Mac users were starting to feel all safe
and secure…
WikiLeaks Details Mac OS X Hacking Tools Used by CIA
The latest round of
documents published by WikiLeaks as part of a leak dubbed by the organization
“Vault 7” describes several tools allegedly used by the U.S. Central
Intelligence Agency (CIA) to target Mac OS X and other POSIX systems.
The tools, said to be part of a CIA project named “Imperial,” are
called Achilles, Aeris and SeaPea.
Large collections of data are valuable.No surprise that people will want to use a
database that contains information on everyone in the country!
Ola employee accused of data theft from Aadhaar website
The Unique Identification Authority of India (UIDAI) has registered a case with the Bengaluru
Police against Abhinav Srivastava and Qarth Technologies Pvt Ltd for misusing Aadhaar data obtained from its website without any
authentication.
Chennai-based Qarth Technologies was acquired by India's largest taxi
aggregator Ola in March last year, to help grow its in-house payments service.
…While the report
does not divulge any further details on the nature of the violation, a cyber
expert who did not want to be named speculated that Qarth could have been using
someone else's license to access Aadhaar data for eKYC, which is not allowed as per the
regulations set by the Aadhaar Act.
If the courts do it this way, following their example
might be wise.
The report begins: “As state and local courts
progressively convert their business processes from paper to electronic
formats, policies around remote electronic access to court case information by
the public become ever more important. COSCA last addressed this
issue comprehensively in 2002 with a report authored by Martha Steketee and
Alan Carlson that proposed a model policy for public access. At that time, few courts had implemented
electronic filing, so the model policy addressed both manual and electronic
access. In the fifteen years since then,
courts have learned a lot about living in an electronic world and providing
remote access to their case data and documents.Consequently, there is a need to update what we know about this topic
and revise the model policy.”
Can we expect the same for President Trump as he deletes
tweets and blocks people?
Court Rules Against Politician Who Banned Access to Her
Facebook Page
A federal court in Virginia ruled that a local politician
violated the free-speech rights of a constituent she banned from her Facebook
page, in a case the judge said raises “important questions” about the
constitutional restrictions that apply to social media accounts of elected
officials.
Perhaps Rolls Royce is showing us what will be possible
with self-driving cars.(This one is not
self-driving.)
Phantom VIII Heralds Arrival Of The House Of Rolls-Royce
…The 8-speed ZF
gearbox retains satellite-linked
intelligence, which reads GPS data about the road ahead then
preloads shift sequences for upcoming corners.
Wednesday, July 26, 2017
Big Data, big breaches, huge numbers of records stolen…The market for my Computer Security students
should also be huge.
2,227 Breaches Exposed 6 Billion Records in First Half of
2017: Report
The number of publicly disclosed data compromise events
through June 30 remained in line with the number of breaches disclosed mid-way
through 2015 and 2016, but the total number of records exposed surpassed 2016’s year-end high mark.
The top 10 data breaches exposed 5.6 billion of the 6
billion records compromised, and had an average severity score of 9.82 out of
10.0, Risk Based Security’s report (PDF) reveals.
(Related). Sounds
small compared to the cost of all security breaches, but smaller victims are
hit hard.
Ransomware victims have
paid more than $25 million in ransoms over the last two years, according to a
study presented today by researchers at Google, Chainalysis, UC San Diego, and
the NYU Tandon School of Engineering. By
following those payments through the blockchain and comparing them against
known samples, researchers were able to build a comprehensive picture of the
ransomware ecosystem.
“The U.S. Department of Health and Human Services (HHS),
Office for Civil Rights (OCR) today launched a revised web tool that puts
important information into the hands of individuals, empowering them to better
identify recent breaches of health information and to learn how all breaches of
health information are investigated and successfully resolved. The HIPAA Breach Reporting Tool (HBRT)
features improved navigation for both those looking for information on breaches
and ease-of-use for organizations reporting incidents.
Newly declassified memos detail extent of improper Obama-era
NSA spying
The National Security Agency and Federal Bureau of
Investigation violated specific civil liberty protections during the Obama
years by improperly searching and disseminating raw intelligence on Americans
or failing to promptly delete unauthorized intercepts, according to newly
declassified memos that provide some of the richest detail to date on the spy
agencies’ ability to obey their own rules.
The memos reviewed by The Hill were publicly released on
July 11 through Freedom of Information Act litigation by the American Civil
Liberties Union.
They detail specific violations that the NSA or FBI
disclosed to the Foreign Intelligence Surveillance Court or the Justice
Department's national security division during President Obama’s tenure between
2009 and 2016.
…The NSA says
that the missteps amount to a small number — less than 1 percent —
when compared to the hundreds of thousands of specific phone numbers and email
addresses the agencies intercepted through the so-called Section 702
warrantless spying program created by Congress in late 2008.
I wonder how our intelligence services are using
this.Could we be supplying a bit of
propaganda?Trolling for potential
defectors?Attempting to recruit regime
changers?
North Korea's Elite More Connected Than Previously Thought
Telecommunications
capability in North Korea is three-tiered. The vast majority of people have neither internet
nor North Korean intranet connectivity -- they simply have mobile telephony
voice, text and picture/video messaging within the domestic provider, Koryolink.
A small group of others, including university students,
scientists and some government officials, can access the state-run North Korean
intranet, Kwangmyong, that links libraries, universities and government
departments and comprises a limited number of domestic websites.
A much smaller group from the ruling elite does, however,
have full access to the internet. From
April 1 through July 6, 2017, Recorded Future analyzed internet traffic from
this small group of officials, and concluded that the standard view of North
Korea is not entirely accurate: its leadership at least is not isolated from
the rest of the world.
In
a report and analysis conducted in partnership with Team Cymru and published today, Recorded Future notes that North Korean
leadership's internet activity is little different to the rest of the world's
internet activity: "North Koreans spend much of their time online checking
social media accounts, searching the web, and browsing Amazon and
Alibaba," notes the report. "Facebook
is the most widely used social networking site for North Koreans, despite
reports that it, Twitter, YouTube, and a number of others were blocked by North
Korean censors in April 2016."
Google Fights Against Canada's Order to Change Global Search
Results
In June, Canada's Supreme
Court came down on Google—hard. It ruled
that the tech giant must take down certain Google search results for pirated
products. And not just in Canada, but
globally. Now, Google is going south of
the Canadian border to push back on this landmark court ruling. The tech giant filed an injunction Monday with the US District Court for
Northern California, arguing that globally removing the search results violates
US law, and thus Google should not be forced to comply with the Canadian
ruling.
Because the case had already made its way to the highest
court in Canada, Google should have not been able to fight the ruling. But Google is hoping to find a loophole on
American soil by arguing this violates the First Amendment.
“We’re taking this court action to defend
the legal principle that one country shouldn’t be able to decide what
information people in other countries can access online,” says David Price,
senior product counsel at Google. “Undermining
this core principle inevitably leads to a world where internet users are
subject to the most restrictive content limitations from every country.”
Disrupting advertising?Probably won’t win Facebook many friends. Could Russia (or an agent) promote the “news”
it prefers?
Paying To Promote News Stories On Facebook Is The Ad World’s
Favorite New Tactic
When the workplace gossip app Blind expanded its product’s
availability earlier this summer, it got the word out via an age-old tactic:
advertising. But instead of running a
traditional ad campaign, the company took a route gaining favor among
advertisers big and small: It paid Facebook to promote a favorable review of
its service.
Blind spent thousands of dollars promoting a Mashable
article headlined “Silicon Valley's secret app Blind opens the floodgates.” The post drove more than 11,000 visits to its
app download page, according to publicly available analytics. The campaign worked out nicely for Blind — and
for Facebook, a master at making money off of other people’s content. But Mashable, which sells advertising to
companies like Blind, didn’t see a dime. Neither did any other traditional publisher.
In the 1980s and 1990s, Blockbuster modernized the movie rental business. It offered far more movies than its smaller
rivals, used computers to better manage that inventory, and designed its stores
to be bright and family friendly. By
1993, just eight years after its founding, Blockbuster was the global leader in
movie rentals, with more than 3,400 stores worldwide.
Then Netflix happened. Blockbuster went bankrupt in 2010.
Economist Luigi Zingales mentions the Blockbuster story in
a recent
paper as an example of how the economy ought to work. A company has an innovative idea, which for a
while provides competitive advantage. Later on, a new innovator comes along and
pushes it aside.
But Zingales fears that this isn’t happening as often as
it should. Instead, he argues, the U.S.
economy may be succumbing to what he calls “the Medici cycle,” named for the
powerful family of medieval Florence. Their motto — or at least the motto often
attributed to them — was “Money to get power. Power to protect money.” And Zingales fears that a version of this
motto aptly describes the true strategy of at least some of corporate America.
Zingales’s paper is the latest in a flurry of research
and commentary on the rising concentration of corporate power
in the U.S.
A slight exaggeration but I wonder why President Trump
hasn’t claimed victory?
Now hiring every available human: Amazon posts 50,000
warehouse jobs in U.S.
…Of those postings, 10,000 are for
part-time gigs, while the rest are for full-time positions. The roles span the
duties required to “pick, pack, and ship customer orders” across its various
warehouses, the company said.
Back in January, Amazon
said it would increase its U.S. headcount over the next 18 months to
280,000 employees, an increase of around 55 percent.
…The company is
hosting job fairs at 10 of its fulfillment centers on August 2 to give
candidates a look inside, and it plans to make job offers to some candidates on
the spot.
For my students, because I want recent article, nothing
more than two years back.(200 Internet
years)
One in Ten U.S. Organizations Hit by WannaCry: Study
WannaCry stormed the world in mid-May by leveraging a previously patched
exploit called EternalBlue,
which hacker group Shadow Brokers allegedly stole from the NSA-linked Equation
Group. The ransomware mostly infected Windows 7
computers that hadn’t been patched in due time, and also revealed
the destructive impact of a global outbreak. NotPetya
confirmed the risk in late June.
According to a survey (PDF)
from software lifecycle automation solutions provider 1E, 86% of the
organizations in the U.S. had to “divert significant resources” to safeguard
themselves during the WannaCry attack. Only
14% of the respondents revealed their organization was prepared for such an
attack.
The study also shows that 86% of organizations don’t apply
patches immediately after they are released, thus leaving endpoints and entire networks
exposed to such attacks. While 14% of
respondents said they apply patches immediately, 36% apply them within one week
after release, and 27% need up to a month for that, while 23% don’t apply
patches within a month after release.
It’s the same with vampires.You are only at risk when you invite them
in.
iRobot wants to sell Roomba-generated maps of your home
iRobot,
creator of the Roomba,
plans to sell the data the house-cleaning robot collects when it maps your
house. Potential buyers include smart home
device manufacturers, such as Amazon, Apple and Google.
iRobot's business strategy hinges on regular updates[Because furniture moves, not walls.Bob] and understanding the floor plan of your home, according to Reuters.
…Roombas have
been mapping homes since 2015 using a camera and sensors or visual localisation
and cloud-connected app control. The
Roomba uses these maps to avoid toppling over lamps and ramming into your
furniture. It was made
compatible with Amazon's Alexa voice assistant in March.
Ubiquitous surveillance.Is it possible to go unnoticed and unrecorded?
Google snaps every search your phone makes – yes, even that
one
Google’s latest update keeps a screenshot for later. Much like how Google Maps remembers everywhere
you’ve ever been so you can find your car, Google (the search engine app) keeps a
snapshot history of what you’ve searched for in Google Search. This search history does not make a
significant impact on your smartphone’s data storage space as it’s all stored
with Google on Google’s servers.
Did anyone check?Were
there any managers involved?
Is this why United, TSA clashed on Twitter over comic books
on planes?
Passengers flying with United Airlines UAL, out of San
Diego — site of the popular Comic-Con event this weekend — were greeted by a
message telling them to remove books from their checked luggage. United then responded on Twitter to a post
with a picture of the message saying the requirement was set by the
Transportation Security Administration.
Subsequently, the TSA sent out its own tweet noting that
there are no restrictions on checking books, which a spokesperson confirmed to
MarketWatch.
[At 8am on July 24, 2017] the National Archives released a
group of documents (the first of several expected releases), along with 17
audio files, previously withheld in accordance with the JFK Assassination Records Collection
Act of 1992. The materials released
today are available online only. Access to the original paper records will
occur at a future date. Download the
files online: https://www.archives.gov/research/jfk/2017-release.
Highlights of this release include 17
audio files of interviews of Yuri Nosenko, a KGB officer who defected to the
United States in January 1964. Nosenko
claimed to have been the officer in charge of the KGB file on Lee Harvey Oswald
during Oswald’s time in the Soviet Union. The interviews were conducted in January,
February, and July of 1964. This set of
3,810 documents is the first to be processed for release, and includes FBI and
CIA records—441 documents previously withheld in full and 3,369 documents
previously released with portions redacted. In some cases, only the previously redacted
pages of documents will be released. The
previously released portions of the file can be requested and viewed in person
at the National Archives at College Park
(these records are not online). The
re-review of these documents was undertaken in accordance with the John F. Kennedy Assassination Records
Collection Act of 1992, which states: “Each assassination
record shall be publicly disclosed in full, and available in the Collection no
later than the date that is 25 years after the date of enactment of this Act,
unless the President certifies, as required by this Act, that continued
postponement is made necessary” by specific identifiable harm. The act mandated that all
assassination-related material be housed in a single collection in the National
Archives and defined five categories of information that
could be withheld from release. The act
also established the Assassination Records Review Board to weigh agency
decisions to postpone the release of records. The National Archives established the John F.
Kennedy Assassination Records Collection in November 1992, and it consists of
approximately five million pages of records. The vast majority of the collection (88
percent) has been open in full and released to the public since the late 1990s.
The records at issue are documents
previously identified as assassination records but withheld in part or in full.
Federal agencies have been re-reviewing
their previously withheld records for release, and will appeal to the President
if they determine that records require further postponement. Online resources:
45,000 Facebook Users Leave One-Star Ratings After Hacker's
Unjust Arrest
Over 45,000 users have left one-star reviews on a
company's Facebook page after the business reported a security researcher to
police and had him arrested in the middle of the night instead of fixing a
reported bug.
…The young man
discovered that he could access BKK's website, press F12 to enter the browser's
developer tools mode, and modify the page's source code to alter a ticket's
price.
Because there was no client or server-side validation put
in place, the BKK system accepted the operation and issued a ticket at a
smaller price.
…The teenager —
who didn't want his name revealed — reported the issue to BKK, but the
organization chose to contact the police and file a complaint, accusing the
young man of hacking their systems.
…BKK management
made a fatal mistake when they brazenly boasted in a press conference about
catching the hacker and declaring their systems "secure." Since then, other security flaws in BKK's
system have surfaced on Twitter.[This flags their system as ‘hackable’ and challenges
hackers at the same time.Probably not a
wise decision.Bob]
Not very subtle.A
clear message from Big Brother, “I don’t trust you.”Will hackers find a way to spoof this
App?
China forces its Muslim minority to install spyware on their
phones
China has ramped up surveillance measures in Xinjiang,
home to much of its Muslim minority population, according to reports from Radio Free Asia.
Authorities sent out a notice over a week ago instructing
citizens to install a "surveillance app" on their phones, and are
conducting spot checks in the region to ensure that residents have it.
…Android users
were instructed to scan the QR code in order to install the Jingwang app that
would, as authorities claimed, "automatically detect terrorist and illegal
religious videos, images, e-books and electronic documents" stored in the
phone. If illegal content was detected,
users would be ordered to delete them.
Users who deleted, or did not install the app, would be
detained for up to 10 days, according to social
media users.
“Since its 2008 incursion into Georgia (if not before),
there has been a remarkable evolution in Russia’s approach to propaganda. The country has effectively employed new
dissemination channels and messages in support of its 2014 annexation of the
Crimean peninsula, its ongoing involvement in the conflicts in Ukraine and
Syria, and its antagonism of NATO allies. The Russian propaganda model is high-volume
and multichannel, and it disseminates messages without regard for the truth. It is also rapid, continuous, and repetitive,
and it lacks commitment to consistency. Although these techniques would seem to run
counter to the received wisdom for successful information campaigns, research
in psychology supports many of the most successful aspects of the model. Furthermore, the very factors that make the
firehose of falsehood effective also make it difficult to counter. Traditional counterpropaganda approaches will
likely be inadequate in this context. More effective
solutions can be found in the same psychology literature that explains the
surprising success of the Russian propaganda model and its messages.”
Bashing companies with no underlying theory as justification
seems to be a trend.If a company
competes globally, are they automatically too big because they are bigger than
companies that do not go after global markets?
As a former tour manager for Bob Dylan and The Band,
Jonathan Taplin isn’t your typical academic. Lately, though, he’s been busy writing somber
tomes about market shares, monopolies, and online platforms. His conclusion: Amazon.com, Facebook, and Google have
become too big and too powerful
and, if not stopped, may need to be broken up.
Very interesting.References a University of Colorado Law Library study that suggests that
even the best legal search engines are inadequate if used alone.
Via LLRX – The Real “Black Box” Dilemma of Legacy Legal Research
Tools – Andrew Arruda, CEO/Co-founder of ROSS Intelligence
talks about how new artificial intelligent methods currently under development
to leverage deep learning and neural nets will be game changers in the area of
legal research.
Another “This is good for you” study.Since I drink coffee in the morning, have a
glass of wine in the evening, and read constantly, I might live forever!
Mic.com – “It’s no secret that reading
is good for you. Just six minutes of reading is enough to reduce stress by 68%, and numerous studies have
shown that reading keeps your brain functioning effectively as you age.
One study even found that elderly individuals
who read regularly are 2.5 times less likely to develop Alzheimer’s than their peers. But not all forms of reading are created
equal. The debate between paper books
and e-readers has been vicious since the first Kindle came out in 2007. Most arguments have been about the sentimental
versus the practical, between people who prefer how paper pages feel in their
hands and people who argue for the practicality of e-readers. But now science has weighed in, and the
studies are on the side of paper books. Reading in
print helps with comprehension. A
2014 study found that readers of a short mystery story on a Kindle were significantly worse at remembering
the order of events than those who read the same story in paperback. Lead researcher Anne Mangen of Norway’s
Stavanger University concluded that “the haptic and tactile feedback of a
Kindle does not provide the same support for mental reconstruction of a story
as a print pocket book does.”
The Swedish government has exposed sensitive details on
millions of citizens in one of the biggest government screw-ups ever, and the
official responsible for the whole fiasco was fined only half of her’s monthly
salary, which is 70,000 Swedish krona — or around $8,500.
The leak happened in September 2015, when the Swedish
Transport Agency (STA) decided to outsource the management of its database and
other IT services to companies such as IBM in the Czech Republic, and NCR in
Serbia.
It was only in March 2016 that the Swedish Secret Service
realized what happened, and started an investigation, warning other government
agencies that unauthorized foreigners were now in control of their IT systems
after the STA had bypassed necessary security checks just to expedited the
transition to the new IT system as they wanted to fire local IT
staff.
According to several Swedish newspapers, the leaked data included:
- Data from all drivers licenses in
Sweden
- Personal details of all persons
in Sweden's witness relocation program
- Personal details of Sweden's
elite military units
- Personal details of Sweden's
fighter pilots
- Personal details of all of
Sweden's pilots and air controllers
- Personal details of all Swedish
citizens in a police register
- Details of all Swedish government
and military vehicles
- Details about Sweden's road and
transportation infrastructure
How do errors like this even happen?Normal procedure would be to look at the
entire dataset and copy selected records to a new file.This looks like, “Give them a copy of the
file.The data they want is probably in
there somewhere.”
Wells Fargo Accidentally Releases Trove of Data on Wealthy
Clients
When a lawyer for Gary Sinderbrand, a former Wells Fargo
employee, subpoenaed the bank as part of a defamation lawsuit against a bank
employee, he and Mr. Sinderbrand expected to
receive a selection of emails and documents related to the case.
But what landed in Mr. Sinderbrand’s hands on July 8 went
far beyond what his lawyer had asked for: Wells Fargo had turned over — by
accident, according to the bank’s lawyer — a vast trove of confidential
information about tens of thousands of the bank’s wealthiest clients.
The 1.4 gigabytes of files that Wells Fargo’s lawyer sent
included copious spreadsheets with customers’ names and Social Security
numbers, paired with financial details like the size of their investment
portfolios and the fees the bank charged them.
…By Mr.
Sinderbrand’s estimate, he has financial information for at least 50,000
individual customers.
…The files were
handed over to Mr. Sinderbrand with no protective orders and no written
confidentiality agreement in place between his lawyers and Wells Fargo’s.
…The disclosure
is a data breach that potentially violates a bevy of state and federal consumer
data privacy laws that limit the release of personally identifiable customer
information to outside parties.
State and
federal regulations also require companies to notify customers when their
information has been improperly released, as Wells Fargo may now do.
…Based on the
fairly narrow subpoena that his lawyer submitted — it sought communications
about Mr. Sinderbrand’s employment and compensation — there was no reason for
the bank to turn over such information, especially without any redactions, Mr.
Sinderbrand said.
It will affect anyone who owns a drone which weighs more
than 250 grams (8oz).
…There is no time
frame or firm plans as to how the new rules will be enforced and the Department
of Transport admitted that "the nuts and bolts still have to be ironed
out".
…"There will
be people who will simply not be on the system, that's inevitable."
Dr McKenna said there were also issues around how a
drone's owner could be identified by police and whether personal liability
insurance should also be a legal requirement in the event of an accident.
I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.