No breach is ever so bad that it can’t become
worse.
‘Malicious
actors’ collected data on 2 billion Facebook users worldwide
It is not surprising to now today from Facebook
that the debacle
of Cambridge Analytica harvesting data on 87
million people has escalated monumentally to the level of 2
billion users worldwide per the Washington
Post: “Facebook said Wednesday that “malicious actors”
took advantage of search tools on its platform, making it possible
for them to discover the identities and collect information on most
of its 2 billion users worldwide. The revelation came amid rising
acknowledgement by Facebook about its struggles to control the data
it gathers on users… But the abuse of Facebook’s search tools —
now disabled — happened far more broadly and over the course of
several years, with few Facebook users likely escaping the scam,
company officials acknowledged. The scam started when malicious
hackers harvested email addresses and phone numbers on the so-called
“Dark Web,” where criminals post information stolen from data
breaches over the years. Then the hackers used automated computer
programs to feed the numbers and addresses into Facebook’s “search”
box, allowing them to discover the full names of people affiliated
with the phone numbers or addresses, along with whatever Facebook
profile information they chose to make public, often including their
profile photos and hometown…”
(Related)
Practical
Approaches to Big Data Privacy Over Time
“The Berkman Klein Center is pleased to
announce a new publication from the
Privacy Tools project, authored by a multidisciplinary group of
project collaborators from the Berkman Klein Center and the Program
on Information Science at MIT Libraries. This article, titled
“Practical
approaches to big data privacy over time,” analyzes how privacy
risks multiply as large quantities of personal data are collected
over longer periods of time, draws attention to the relative weakness
of data protections in the corporate and public sectors, and provides
practical recommendations for protecting privacy when collecting and
managing commercial and government data over extended periods of
time. …
I’d like someone to step up and give my Computer
Security students good example for a change.
Protect
Yourself from Panera’s Half-Baked Security
Have you ever noticed that most companies say, “We
take your security very seriously” only after they demonstrably
didn’t take your security all that seriously? The latest business
to let its customers down is Panera Bread, a popular bakery chain,
whose security countermeasures probably needed a little more time in
the oven.
A huge flaw could expose as many as 37 million
user accounts. That’s bad enough on its own, but what’s even
worse is that Panera has
known about the underlying flaw for eight months, and did not address
it.
The frankly incredible story comes courtesy of
security researcher Dylan Houlihan and his colleague Brian Krebs.
Houlihan explained the full story in a detailed
Medium post, while Krebs added additional commentary on his
own blog.
To simplify a very complex issue: Anyone who’s
ever signed up for a Panera account can leverage a flaw in its
website to view another user’s information. This includes his or
her username, phone number, birthday, and last four digits of a
credit card — in addition to a full name, physical address, e-mail
address and even your dietary restrictions.
I would not be pleased with a vendor who failed to
notify me for months!
Delta Air Lines Inc. and Sears Holding Corp.,
including its Kmart stores, confirmed late Wednesday that select
customer payment information may have been exposed in a cybersecurity
breach at a software service provider they both use, called [24]7.ai.
The tech firm found that a cybersecurity incident
affected online customer payment information of its clients, it said.
The incident happened on
or after Sept. 26, 2017, and was found and resolved on Oct. 12 that
year.
Delta
and Sears said they were notified of the incident last week
and that certain customer payment information may have been accessed.
For my Software Architecture students.
Smartphones
becoming primary device for physician and patient communications
Hospitals are making significant investments in
smartphone and secure mobile platforms to enable communications
between clinicians and between them and patients, according to a new
survey.
Nine of 10 healthcare systems plan significant
investments in smartphones and secure unified communications over the
next 12 to 18 months, according to the
results of the survey, performed in person by Spyglass Consulting
Group; the survey included more than 100 healthcare professionals
working in hospital environments.
… "The whole idea of patient-staff
communications is a relatively new concept," Malkary said,
referring to the 2012 requirements set down by the federal
government's "meaningful
use" of electronic healthcare records (EHR) standards.
While my students are still healthy?
HHS
Releases a New Resource to Help Individuals Access and Use Their
Health Information
“The US Department of Health and Human Services’
Office of the National Coordinator for Health Information Technology
(ONC) today released the ONC
Guide to Getting and Using your Health Records, a new online
resource for individuals, patients, and caregivers. This
new resource supports both the 21st Century Cures Act goal of
empowering patients and improving patients’ access to their
electronic health information and the recently announced
MyHealthEData
initiative.
… In fact, a new ONC
data brief – PDF shows that in 2017, half of Americans reported
they were offered access to an online medical record by a provider or
insurer…” [h/t Pete Weiss]
I’m sure my students will want to build one.
They’re still divided as to the targets.
'Killer
robots': AI experts call for boycott over lab at South Korea
university
… More than 50 leading academics signed
the letter calling for a boycott of Korea Advanced Institute of
Science and Technology (KAIST) and its partner, defence manufacturer
Hanwha Systems. The researchers said they would not collaborate with
the university or host visitors from KAIST over fears it sought to
“accelerate the arms race to develop” autonomous weapons.
(Related) Overreaction? I bet the Pentagon uses
Google search too.
Google
employees demand the company pull out of Pentagon AI project
Last month, it was revealed
that Google was offering its resources to the US Department of
Defense for Project Maven, a research initiative to develop computer
vision algorithms that can analyze drone footage. In response, more
than 3,100 Google employees have signed
a letter urging Google CEO Sundar Pichai to reevaluate the
company’s involvement, as “Google should not be in the business
of war,” as reported by The
New York Times.
Work on Project Maven began
last April, and while details on what Google is actually
providing to the DOD are not clear, it is understood that it’s a
Pentagon research initiative for improved analysis of drone footage.
In a press statement, a Google spokesperson confirmed that the
company was giving the DOD access
to its open-source TensorFlow software, used in machine learning
applications that are capable of understanding the contents of
photos.
I often tell my students where to go.
No comments:
Post a Comment