Perhaps there is bliss in ignorance? There seems
to be no significant downside – so why bother with security?
Interesting research: "Long-term
market implications of data breaches, not," by Russell Lange
and Eric W. Burger.
Abstract: This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to the performance of the firms' peer industries, as represented through selected indices rather than the market as a whole. Financial performance is considered over a range of dates from 3 days post-breach through 6 months post-breach, in order to provide a longer-term perspective on the impact of the breach announcement.
There are some things it is best NOT to ignore.
A friend tweeted to me tonight:
Commissioner Miner @fanCRTCProfling
.@PogoWasRight you have been beating this drum and saying this for a long time now... years. "report reveals they are instead 'frequently ignored or misunderstood". Now u have a report! ;) https://www.theinquirer.net/inquirer/news/3024702/hackerone-2018-hacker-report…
5:45 PM - Jan 18, 2018
Indeed we do.
Carly Page reports:
One in four ethical hackers have not reported a vulnerability that they found because the company didn’t have a channel to disclose it.
That’s according to HackerOne’s ‘2018 Hacker Report‘, which surveyed 1,698 members of the hacking community – making it the largest documented survey ever conducted of the ethical hacking community.
One of the standout discoveries was that almost 25 per cent of respondents said they were unable to disclose a security flaw because the bug-ridden company in question lacked a vulnerability disclosure policy (VDP).
This doesn’t mean the hackers don’t try – with HackerOne noting that many attempt to contact firms via social media and email but are “frequently ignored or misunderstood.”
Read more on Inquirer.net.
And keep in mind that the rate of reporting will drop and/or be
chilled if law enforcement treats ethical hackers or greyhats like
blackhats and attempts to prosecute them. Our federal hacking
statute, CFAA, needs updating and revision and the revisions need to
provide protection to researchers who attempt to responsibly disclose
what they have found.
Here’s another thing to ignore?
How to
Comply with GDPR
… A recent study from HyTrust, conducted at
the VMworld 2017 conference in Las Vegas, found that a whopping 79
percent of companies have no
plans in place for GDPR. Another study from Varonis
revealed that a whopping 90 percent of IT decision makers saw
challenges complying with GDPR a year before the enforcement date.
Businesses must have surveillance cameras tied
into the police system.
New year, new surveillance expansion. Chad
Livengood reported this on January 3, and Joe Cadillic kindly sent it
along for all of us to mutter about:
-
Plan would eventually mandate every retail business in Detroit with late-night hours to have surveillance cameras
-
City will start with requiring camera systems for businesses open midnight-4 a.m.
-
City will then move to businesses open after 10 p.m.
Mayor Mike Duggan’s administration is moving forward with a plan to eventually mandate every retail business in Detroit with late-night hours have surveillance cameras tied into Project Green Light, the Detroit Police Department’s real-time crime monitoring system credited with a decrease in carjackings and overall crime around participating businesses.
In an interview Wednesday with Crain’s, Duggan said he will ask City Council later this year to mandate Project Green Light high-definition video systems for all retail businesses open after 10 p.m.
Read more on Crain’s.
Why would this police officer want to disable the
camera? To avoid another ‘through the door” shooting? But
shouldn’t they reconnect the camera when done?
From the
this-almost-feels-like-opposites-day dept., Meghan McRoberts
reports:
An Indian River County man feels his privacy was violated after he captured Vero Beach police disconnecting a surveillance camera outside his front door.
Police were investigating a crime the man says he had nothing to do with.
Vero Beach Police Chief David Currey stands by his officers’ actions.
Of course he does. But this is a weird one – is
removing surveillance a privacy violation? I think if we view it as
law enforcement damaging or seizing property, then there’s an
issue, but is it a privacy issue? Help!
Read more on ABC.
Makes me ask if these guys know how to run a bank.
Wells Fargo
apologizes for glitch that emptied out some bank accounts
Reports show a glitch caused some online bill
payments to be processed twice. That is triggering overdraft
protection fees. Some customers have gotten emails saying their
checking accounts had nothing in them.
"Some customers may be having an issue with
their Bill Pay transactions. We are working to fix the issue and
resolve this tonight. Thanks for your patience," the company
tweeted Wednesday evening.
The bank said Thursday morning that technical
teams have corrected the errors, but customers should still check to
make sure all is well with their accounts.
Did you think of Lebanon as a major hacking
nation?
Report
links hacking campaign to Lebanese security agency
A major hacking operation tied to one
of the most powerful security and intelligence agencies in
Lebanon has been exposed after careless spies left hundreds of
gigabytes of intercepted data exposed to the open internet, according
to a report
published Thursday.
Mobile security firm Lookout, Inc. and the
Electronic Frontier Foundation, a digital rights group, said the
haul, which includes nearly half a million intercepted text messages,
had simply been left online by hackers linked to Lebanon’s General
Directorate of General Security.
… EFF and Lookout’s report:
https://www.lookout.com/info/ds-dark-caracal-ty
Another tease for my students.
What is
blockchain? The most disruptive tech in decades
The distributed
ledger technology, better known as blockchain, has the potential to
eliminate huge amounts of record-keeping, save money and disrupt IT
in ways not seen since the internet arrived.
Free tool for business.
WhatsApp
officially launches its app for businesses in select markets
WhatsApp today
officially launched
its new WhatsApp
Business app in select markets, including Indonesia, Italy,
Mexico, the U.K. and the U.S., ahead of its planned worldwide
rollout. The addition of business profiles and new messaging tools
aimed at business customers is part of the company’s broader
plan to generate revenue by charging larger enterprises for
advanced tools to communicate with customers on the platform now used
by over a billion people worldwide.
The WhatsApp Business app is the initial entry
point in this market.
Aimed at smaller businesses, the free
app – Android-only for now – helps companies better
connect with their customers and establish an official presence on
WhatsApp’s service. Essentially, it’s the WhatsApp version of a
Facebook Page.
No one reads the Users Manual.
Guide offer
tips and tricks to enhance value of Google Maps
Digital Trends: “Google Maps boasts more than 1
billion active users today, making it the most popular navigation
software in the world. It gets millions of us where we need to go
every day, but are you sure you’re getting the most out of it?
It’s easy to miss new features or hidden options. That’s why
we’ve compiled this
guide on how to use Google Maps. It’s time to take your first
step on the road to mastery with our Google Maps tips and tricks…”
I didn’t know you could still do this.
My students should be interested!
Google
Opens Up Its Tech Training Program to All, Giving You a Reason to
Learn New Skills
If you want to work at Google
someday but aren’t sure you have the resume for it, the company
wants to train you. To help prospective employees bridge skills
gaps, the tech giant is partnering with online course provider
Coursera to offer access to its IT training program, previously only
open to existing Googlers.
It may seem counterintuitive for Google to invest
in the education of people who don’t and may never work for the
company. It could even bolster the skills of individuals who work
for competitors, you might imagine. But of the 10,000 U.S. residents
who receive scholarships from Google to complete the certificate,
Google is betting that it will be able to hire some of them down the
road.
… The program will involve 64 hours of video
lessons as well as labs and evaluations, and it will teach IT basics
such as troubleshooting, customer service, networking, operating
systems, system administration, automation and security. It will
take about eight months to complete if a student spends eight to 10
hours a week on the program, though students can work at their own
pace, according to Coursera.
Those interested in financial aid can apply
by Feb. 20, while others may be selected by participating nonprofits.
You don’t need an IT background or a four-year college degree to
qualify. For those who don’t get a free ride, the full cost of the
program is $49 a month.
2 comments:
Hey Thanks for sharing this blog it is very helpful to implement in our work
Regards
LANDSCAPE COMPANY IN MUMBAI MAHARASHTRA
Hey Thanks for sharing this blog it’s very helpful to implement in our work
Regards
Landscape Company In Chandigarh
Post a Comment