Another failure to change the defaults.
California
Voter Data Stolen from Insecure MongoDB Database
An
improperly secured MongoDB database has provided cybercriminals with
the possibility to steal information on the entire voting population
of California, Kromtech security researchers reported.
The
information was taken from an unprotected instance of a MongoDB
database that was exposed to the Internet, meaning that anyone
connected to the web could have accessed, viewed, or edited the
database’s content.
Named
'cool_db',
the database contained two collections, one being a manually crafted
set of voter registration data for a local district, while the other
apparently including data on the voting population from the entire
state of California: a total of 19,264,123 records.
Bob
Diachenko, head of communications, Kromtech Security Center, explains
that the security firm was “unable to identify the owner of the
database or conduct a detailed analysis.” It appears that the
database has been erased by cybercriminals who dropped a ransom note
demanding 0.2 Bitcoin for the data.
Given
the presence of said ransom note, the incident is believed to be
related to the MongoDB ransack campaign that resulted in tens of
thousands of databases being erased in January 2017. Similar attacks
were observed in September as well, when MongoDB decided to implement
new data security measures.
… Kromtech's
security researchers haven’t determined who compiled the voter
database but believe that a political action committee might have
been behind it, given the unofficial name the repository had.
… The
researchers note that the database has been taken down after being
initially discovered in early December. The Secretary of State of
California was aware of the leak and “looking into it,” Diachenko
said.
Smarter
criminals will be monitoring Police social media accounts.
Australia
Police Accidentally Broadcast Arrest Plans on Social Media
Australian
police accidentally broadcast on social media details of an operation
to arrest a suspected North Korean agent -- three days before he was
taken into custody, media reported Wednesday.
The
Sydney-based man, described by authorities as a "loyal agent of
North Korea", was arrested on Saturday and charged with trying
to sell missile parts and technology on the black market to raise
money for Pyongyang in breach of international sanctions.
But a minute
of conversation about the case between federal police officers,
including the timing of the arrest, was broadcast on Periscope
Wednesday and linked to on Twitter, The West Australian reported
Tuesday.
The newspaper
said it had listened to the discussion, which included a suggestion
that officers are "not going in all guns blazing, it's only
half-a-dozen people and a forensic van".
The paper
added that while the tweet was deleted, the broadcast remained
live—and was watched by 40 people – before it was also removed
after the publication alerted federal police.
… Federal
police confirmed part of a conversation was mistakenly broadcast via
its Periscope account while "testing a piece of social media
broadcasting equipment". [This
is another reason why you should NEVER test with live data. Bob]
For my Computer Security students, who understand
that “official” isn’t always the same as “true.”
It’s
Official: North Korea Is Behind WannaCry
Cybersecurity isn’t easy, but simple principles
still apply. Accountability is one, cooperation another. They are
the cornerstones of security and resilience in any society. In
furtherance of both, and after careful investigation, the U.S. today
publicly attributes the massive “WannaCry” cyberattack to North
Korea.
Another topic for my Computer Security class.
Normative
Challenges of Identification in the Internet of Things: Privacy,
Profiling, Discrimination, and the GDPR
Wachter, Sandra, Normative Challenges of
Identification in the Internet of Things: Privacy, Profiling,
Discrimination, and the GDPR (December 6, 2017). Available at SSRN:
https://ssrn.com/abstract=3083554
“In the Internet of Things (IoT), identification
and access control technologies provide essential infrastructure to
link data between a user’s devices with unique identities, and
provide seamless and linked up services. At the same time, profiling
methods based on linked records can reveal unexpected details about
users’ identity and private life, which can conflict with privacy
rights and lead to economic, social, and other forms of
discriminatory treatment. A balance must be struck between
identification and access control required for the IoT to function
and user rights to privacy and identity. Striking this balance is
not an easy task because of weaknesses in cybersecurity and
anonymisation techniques. The EU General Data Protection Regulation
(GDPR), set to come into force in May 2018, may provide essential
guidance to achieve a fair balance between the interests of IoT
providers and users. Through a review of academic and policy
literature, this paper maps the inherit tension between privacy and
identifiability in the IoT. It focuses on four challenges: (1)
profiling, inference, and discrimination; (2) control and
context-sensitive sharing of identity; (3) consent and uncertainty;
and (4) honesty, trust, and transparency. The paper will then
examine the extent to which several standards defined in the GDPR
will provide meaningful protection for privacy and control over
identity for users of IoT. The paper concludes that in order to
minimise the privacy impact of the conflicts between data protection
principles and identification in the IoT, GDPR standards urgently
require further specification and implementation into the design and
deployment of IoT technologies.”
(Related). And here’s why that is important.
Cybersecurity can cause organizational migraines.
In 2016, breaches
cost
businesses nearly $4 billion and exposed an average of 24,000 records
per incident. In 2017, the number of breaches is
anticipated
to rise by 36%. The constant drumbeat of threats and attacks is
becoming so mainstream that businesses are
expected
to invest more than $93 billion in cyber defenses by 2018.
Even
Congress is acting more quickly to pass laws that will —
hopefully — improve the situation.
Despite increased spending and innovation in the
cybersecurity market, there is every indication that the situation
will only worsen. The number of unmanaged devices being introduced
onto networks daily is increasing by orders of magnitude, with
Gartner
predicting there will be 20 billion in use by 2020. Traditional
security solutions will not be effective in addressing these devices
or in protecting them from hackers, which should be a red flag, as
attacks on IoT devices were up
280%
in the first part of 2017. In fact,
Gartner
anticipates a third of all attacks will target shadow IT and IoT by
2020.
This new threat landscape is changing the security
game. Executives who are preparing to handle future cybersecurity
challenges with the same mindset and tools that they’ve been using
all along are setting themselves up for continued failure.
The government goes to Facebook (and other social
media) because “That’s where the data is!”
Governments
are asking Facebook for a lot more user account data
The number of user data requests Facebook received
from governments around the world in first half of 2017 reached an
all time high of 78,890, up 21 percent on the 64,279 requests it
received in the second half of 2016.
The social network
revealed
the figure in its Transparency Report covering January to June
2017. Previously it was called the Government Requests Report, but
it's since been renamed as it now also includes data regarding
intellectual property requests.
The largest source of user data requests came from
the US, where the government served Facebook 32,716 requests for data
from 52,280 accounts.
Might be an interesting topic for a Data
Management paper.
The Supreme
Court Should Heed Friendly Advice on Microsoft Ireland
A slew of interesting amicus briefs were filed in
the
Microsoft
Ireland case last week. They include independent briefs
(meaning not for either party) by the
United
Kingdom,
Ireland,
European
Commission (EC) and
more.
Not surprisingly,
36
state governments also filed in support of the United States,
reminding the court of the many difficulties faced in accessing
sought-after evidence that have resulted from the Second Circuit
ruling, and urging reversal as a result.
Of the many issues raised, one of the most
interesting – and still unresolved – is the question as to
whether and in what situations a decision in favor of the U.S.
government will generate a conflict of laws. The issue is at the
heart of the Irish government and EC briefs. It is also raised in
the brief of the
New
Zealand Privacy Commissioner. But despite the extensive amount
of ink spent on the matter, the answers remain murky – as is the
reality. The actual answer: It depends.
Monopoly is getting harder to define.
Germany
Says Facebook Abuses Market Dominance to Collect Data
Germany’s top antitrust enforcer opened a new
front against big tech firms on Tuesday when it said the way Facebook
Inc. harvests user data constitutes an
abuse of market dominance.
In what lawyers call a novel use of competition
law, Germany’s Federal Cartel Office published preliminary
investigative findings Tuesday that accuse Facebook of abusing its
power as the dominant social network in Germany to strong-arm users
into allowing it to collect data about them from third-party sources,
like websites with “like” buttons.
(Related) What social media is really “dominant?”
Snapchat is
still the network of choice for U.S. teens — and Instagram is
Facebook’s best shot at catching up
Some good news for Snap:
Despite its
sluggish
business and slumping stock price, Snapchat still dominates among
teenagers, a core demographic that represents the future wave of
internet consumers and what they care about.
RBC Capital published the
latest update to its regular
social
media survey this week, and a few things stood out — especially
in the battle over teenagers, where Snapchat, Instagram and Facebook
are all fighting for the next generation’s attention.
-
Some 79 percent of U.S. 13- to 18-year-olds surveyed said they have
a Snapchat account, more than any other type of social media. Of
that age group, 73 percent have an Instagram account and just 57
percent say they are on Facebook.
-
Respondents had to
choose only one social network they could keep if they were “trapped
on a deserted island.” This time, 44 percent of teens picked
Snapchat, ahead of Instagram (24 percent) and Facebook (14 percent).
So, could there be Trump videos in our future?
Bloomberg’s
TicToc 24/7 news channel launches as Twitter doubles down on live
video
… Starting at 8 a.m. on the East Coast,
Bloomberg begins
broadcasting
TicToc, a 24/7 news channel that exists solely on Twitter.
The landing page for TicToc marries a video
livestream with a curated Twitter stream. In essence, it combines
the second-screen experience many have hacked together over the years
as they watch big events like the Super Bowl or the Oscars. Live TV
viewing has long been one of Twitter’s most popular use cases, and
over the past year the company has sought to integrate that
experience into its platform.
Something to amuse my geeky friends.
Paper
Signals - Build Physical Objects to Control With Your Voice
Paper
Signals is a neat resource produced by Google that could prove to
be a fun way to provide students with hands-on programming
experience. Paper Signals is a set of templates that students can
follow to program physical objects to respond to voice commands.
There are some physical products that you will
need to have on hand in order to use
Paper
Signals. You may already have the necessary items in your
school. First, you'll need a printer to print a template (you'll be
folding and cutting paper). Second, you're going to need a small
circuit board, some wires/ cables, and a bit of glue. If you don't
want to source those items yourself, you can buy a little kit for
less than $25.
Learn more about Paper Signals in the video
embedded below.
Just like social media users?
Worth exploring.
Because this is important enough to catch the
attention of one of the best statistics websites? No, it’s
important because I’m a fan.
… I consulted the most
comprehensive archival material related to “Star Wars.” No, not
the archives of
Jocasta
Nu in the heart of the Jedi Temple. I’m talking about
Wookieepedia, one of the
best-maintained
databases on anything and everything Star Wars. We pulled the
color of every
lightsaber
described in “Star Wars”1
— that’s the chart you see above. That comes out to 132 unique
lightsabers with a known blade color. (Even
Darksaber.)