“Hey, we’re boring old lawyers. Who would
want our data? Encryption? Never heard of it.”
Joe Eskenazi reports:
Car break-ins in San Francisco have
reached epidemic proportions, and city employees aren’t immune.
Now it’s the Office of the District
Attorney’s turn. Thankfully, it wasn’t a gun stolen from a car
this time. But the item lost to a burglar or burglars is tied to San
Francisco homicides.
An alert sent to San Francisco police
officers this week noted that a stolen work laptop left overnight in
a DA employee’s car contained “sensitive information related to
SFDA homicide cases.”
And don’t you just love lines like, “DA
spokesman Max Szabo said that his office was in the process of
drafting policy regarding the stowing of work laptops in cars prior
to the theft.” Right. I wish the reporter had filed under FOIA
to see for how long they had presumably been drafting that policy.
Because if the damned burglar had only waited a week or so, there
would have been nothing to steal, right?
Why was the DA’s office years – and I do
mean years – behind in having a firm policy in place already?
A huge theft that hasn’t been noticed yet? Or
noticed and suppressed?
Andrew Fraser reports:
A huge trove of data,
containing the personal information of millions of South Africans,
including property ownership, employment history, income and company
directorships, has been discovered by information security researcher
Troy Hunt.
Hunt, the founder of HaveIbeenPwned.com,
said the breach contains data of more than 30m unique South African
ID numbers.
The data trove was discovered among a
large dump of other breaches, and Hunt could identify it as South
African source by the personal address details contained in it. He
said that to date he hasn’t seen it offered for sale, but that “it
is definitely floating around between traders”.
[From
the article:
The date of the database file indicates that the
breach took place in March 2017, or perhaps before. The actual data
includes information from at least as far back as the early 1990s.
Probably not the best message to send. The IRS
seems to be saying that so many identities have already been stolen
that a few million more won’t make a noticeable difference.
(What’s an extra 45%?)
Many
Equifax Hack Victims Had Info Stolen Prior to Breach: IRS
The
U.S. Internal Revenue Service (IRS) believes the recent Equifax
breach will not make a significant difference in terms of tax fraud
considering that many victims already had their personal information
stolen prior to the incident.
IRS
Commissioner John Koskinen told the press on Tuesday that 100 million
Americans have had their personally identifiable information (PII)
stolen by hackers, according to
The Hill. He
also advised consumers to assume that their data has already been
compromised and act accordingly.
The
Equifax
breach, which affected more than 145 million individuals, allowed
cybercriminals to access social security numbers, dates of birth and
other information. Despite this being one of the largest data
breaches in history, Koskinen said it likely “won’t make any
significantly or noticeable difference.”
Some interesting ideas, but I suspect many who
might need this level of security won’t bother to implement it.
Google now
offers special security program for high-risk users
Today, Google rolled out
a
new program called Advanced Protection for personal Google
accounts, intended to provide much higher account security to users
of services like Gmail and Drive who are at a high risk of being
targeted by phishers, hackers, and others seeking their personal
data. The opt-in program makes Google services
much
less convenient to use, but it's built to prevent the
sorts of breaches that have been making recent headlines.
Examples of users who could benefit include
journalists, politicians, and other public figures who may be running
up against hostile actors with considerable resources—and also for
private individuals in dangerous situations, like those escaping
abusive relationships. In its
blog
post announcing this program, Google specifically named
"political campaign managers," which harkens back to the
breach
of Hillary Clinton Presidential Campaign Chairman John Podesta's
e-mails, which led to a release from WikiLeaks that may have
played a significant role in the US presidential election last year.
You don’t need a “X9$$wordy” password.
NIST –
Passphrases are the new way to protect your digital world
NIST
Blog, Mike Garcia: “…First, I’m going to share the
takeaways from our new password guidance. Simply put: Use
passphrases, not passwords. Then, I’m going to explain the
absolute most important thing to know about passwords:
Try
not to use them at all. And if you do, don’t rely on
passwords, or even passphrases, alone. Over the years, our reliance
on passwords, and the ease with which our adversaries can defeat
those passwords, resulted in a negative feedback loop where users
were subjected to increasingly complex, stressful and exhausting
composition rules (upper, lower, and special characters, oh my!),
increasing length requirements, password rotation requirements, and
on and on. Like pounding out more and more miles faster and faster,
these looked like gains on paper but undermined the outcome we
wanted: a safer and more convenient online experience…”
Adding vulnerabilities to your home?
Common
Internet of Things Devices May Expose Consumers to Cyber Exploitation
From
FBI News Release, October 17, 2017: “In conjunction with
National Cyber Security Awareness Month, the FBI is re-iterating the
growing concern of cyber criminals targeting unsecure Internet of
Things (IoT) devices. The number of IoT devices in use is expected
to increase from 5 billion in 2016 to an estimated 20 to 50 billion
by 2020. Once an IoT device is compromised, cyber criminals can
facilitate attacks on other systems or networks, send spam e-mails,
steal personal information, interfere with physical safety, and
leverage compromised devices for participation in distributed denial
of service (DDoS) attacks. [h/t Pete Weiss]
IoT refers to a network of physical devices,
vehicles, buildings, and other items (often called “smart devices”)
embedded with electronics, software, sensors, actuators, and network
connectivity enabling these objects to collect and exchange data.
Below are examples of IoT devices:
-
Home automation
devices (e.g., devices which control lighting, heating and cooling,
electricity, sprinklers, locks);
-
Security systems
(e.g., alarm systems, surveillance cameras);
-
Medical devices
(e.g., wireless heart monitors, insulin dispensers);
-
Wearables (e.g.,
fitness trackers, clothing, watches);
-
Smart appliances
(e.g., refrigerators, vacuums, stoves);
-
Office equipment
(e.g., wireless printers, computer mouse, outlets, interactive
whiteboards);
-
Entertainment
devices (e.g., DVRs, TVs, gaming systems, music players, toys); and
-
Hubs (devices that control other IoT
devices through a single app)….”
I did not see this App coming. If I had done more
than laugh at all those celebrity nude photos, I might have thought
of this myself.
Nude is a
next-generation photo vault that uses AI to hide your sensitive
photos
Nudes are an inconvenient truth of the mobile era.
The combination of ever-more-powerful cameras and
ever-more-convenient sharing mechanisms has made the exchange of
explicit pictures a fact of life for nearly everyone seeking romantic
connections online.
… Private
photo
vault apps have existed for years.
Nude,
a new app from two 21-year-old entrepreneurs from UC Berkeley,
attempts to create the most sophisticated one yet. Its key
innovation is using machine learning libraries stored on the phone to
scan your camera roll for nudes automatically and remove them to a
private vault. The app is now available on iOS
Good news and bad news? Good for Mom and Dad, not
so good if you are being stalked by that crazy ex-boyfriend.
WhatsApp’s
Live Location feature lets friends track each other in real time
WhatsApp has
announced
a notable new feature today, one that may prove popular with millions
of security-conscious, nosy, and impatient people globally.
Landing on both Android and iOS “in the coming
weeks,” the new Live Location feature allows WhatsApp users to
share their real-time location with friends and family. It’s worth
noting here that WhatsApp already allows you to share your current
location, however that feature is static — if you’re moving
around, friends are not able to see where you’re going.
The new Live Location feature, on the other hand,
lets people track where you are for a period of time stipulated by
you.
With the same intent, Russia is bad but it’s
okay for Google and Facebook?
Facebook
and Google Helped Anti-Refugee Campaign in Swing States
In the final weeks of the 2016 election campaign,
voters in swing states including Nevada and North Carolina saw ads
appear in their Facebook feeds and on Google websites touting a pair
of controversial faux-tourism videos, showing France and Germany
overrun by Sharia law. French schoolchildren were being trained to
fight for the caliphate, jihadi fighters were celebrated at the Arc
de Triomphe, and the “Mona Lisa” was covered in a burka.
(Related).
Report:
Google ran hoax news ads on fact-checking sites
Google has been
running hoax news ads on fact-checking sites like Politifact and
Snopes, The New York Times reported
on Tuesday.
The newspaper found
that the ads would often mislead readers with false headlines about
celebrities, and the articles that the ads led to would invariably be
about skin cream products.
Curious. Logic overcoming bias?
Facebook
Executives Find A New Crisis Communications Tool: Twitter
As Facebook grapples with the
unprecedented
crisis that's arisen around its role in the 2016 US presidential
election, some of the company's top executives have begun doing
damage control on an unlikely platform — Twitter.
In recent weeks, these executives — Facebook
Chief Security Officer Alex Stamos, VP of Augmented and Virtual
Reality Andrew Bosworth, and News Feed chief Adam Mosseri — have
been engaging in public and sometimes heated discussion on Twitter,
sounding off in what has been a largely Facebook-antagonistic
conversation about Russia's effort to use the company's platform to
undermine American democracy.
Facebook's leadership has long ignored Twitter —
Mark Zuckerberg last tweeted in 2012 and Sheryl Sandberg in 2013 —
and its decision to do so has essentially freed reporters, academics,
and the general public to criticize and lambast the company
unchallenged by those who know it best. Now, with Facebook
executives wading deep into a particularly fraught Twitter
discussion, it's clear the company has begun to view it as a tool
critical to shaping public perception. Facebook might prefer to
ignore Twitter, but it can't afford to do so when a conversation
shaping how people perceive its most grave crisis is unfolding there.
Boeing has only one rival, Airbus. Did they
really not see this as driving Bombardier into their arms? Someone
at Boeing needs to rethink their future!
Boeing’s
future plans threatened by Airbus-Bombardier pact
Airbus’s surprise move to swallow Bombardier’s
CSeries airplane program gives it a new small-jet family without
spending the billions of dollars it would take to develop one itself.
Besides the likely impact of the deal on the
Boeing-instigated U.S. trade case against Bombardier, that leg up for
Airbus could trigger a serious strategy shift for Boeing.
The deal Airbus announced Monday, giving it
control of Bombardier’s freshly introduced two-model family of
small narrowbody jets — the 110-seat CS100 and the 130-seat CS300,
— could ultimately force Boeing to redraw the road map of new
airplane development that it had settled on.
Can we learn anything from developing countries?
Please?
Intellectual
Property for the Twenty-First-Century Economy
“Developing countries are increasingly pushing
back against the intellectual property regime foisted on them by the
advanced economies over the last 30 years. They are right to do so,
because what matters is not only the production of knowledge, but
also that it is used in ways that put the health and wellbeing of
people ahead of corporate profits… The IP standards advanced
countries favor typically are designed not to maximize innovation and
scientific progress, but to maximize the profits of big
pharmaceutical companies and others able to sway trade negotiations.
No surprise, then, that large developing countries with substantial
industrial bases – such as South Africa, India, and Brazil – are
leading the counterattack. These countries are mainly taking aim at
the most visible manifestation of IP injustice: the accessibility of
essential medicines. In India, a 2005 amendment created a unique
mechanism to restore balance and fairness to patenting standards,
thereby safeguarding access. Overcoming several challenges in
domestic and international proceedings, the law has been found to
comply with WTO standards. In Brazil, early action by the government
to treat people with HIV/AIDS resulted in several successful
negotiations, lowering drug prices considerably…”
Perspective. If you can’t come here, we’ll
invest heavily in countries you can get to. Take that potential
immigrants!
Mexico tech
industry benefits from U.S. anti-immigration stance
Amazon, Facebook and other U.S. tech companies are
expanding operations south of the border as Mexico works to
capitalize on the Trump administration’s anti-immigration stance.
Clearly, we ain’t there yet. (Assuming that is
where we want to go.)
Research –
The enduring power of print for learning in a digital world
The
Conversation: “Today’s students see themselves as
digital
natives, the first generation to grow up surrounded by technology
like smartphones, tablets and e-readers. Teachers, parents and
policymakers certainly acknowledge the growing influence of
technology and have responded in kind. We’ve seen
more
investment in classroom technologies, with students now equipped
with school-issued iPads and access to e-textbooks. In
2009,
California passed a law requiring that all college textbooks be
available in electronic form by 2020; in
2011,
Florida lawmakers passed legislation requiring public schools to
convert their textbooks to digital versions. Given this trend,
teachers, students, parents and policymakers might assume that
students’ familiarity and preference for technology translates into
better learning outcomes. But we’ve found that’s not necessarily
true. As researchers in learning and text comprehension, our recent
work has focused on the differences between reading print and digital
media. While new forms of classroom technology like digital
textbooks are more accessible and portable, it would be wrong to
assume that students will automatically be better served by digital
reading simply because they prefer it… To explore these patterns
further, we conducted
three
studies that explored college students’ ability to comprehend
information on paper and from screens…”
For my geeks.
When Apple announced Swift
way
back in 2014, people were rightfully skeptical. Nobody knew if
it would catch on, and many questioned the need for yet
another
programming language to learn.
Once
you’re comfortable with the language, consider testing your skills
with these Swift coding challenges.
(Ditto).
With a
virtual
machine like VirtualBox you can virtually install multiple
operating systems, without having to buy any new hardware.
Maybe you’ve heard of virtual machines (VM), but
never tried one out yourself. You might be scared that you won’t
set it up correctly or don’t know where to find a copy of your
preferred operating system (OS). VirtualBox is
the
best virtual machine for home users, and you can use this
virtualization software with our help.
Hey! It can’t hurt!
…
Writing is different from good
writing. It is the difference between a dime novel and an
NYT Bestseller. It can mean the difference between letting your
ideas die or using them to
sharpen
your communication skills.
The good news is that you can hone your
wordsmithery. The art can be mastered step-by-step. In our
continuing series on the best
Udemy
classes, let’s see how we can take a step in that direction.
Sometimes I feel like Dilbert after class.