Pay me now or pay me later.
At $17
million, Atlanta network recovery six times more expensive than
estimated
The SamSam ransomware attack on the city of
Atlanta in March is probably one of the most expensive security
incidents, with the recovery cost adding up to some $17 million of
taxpayers’ money, according to a seven-page “confidential and
privileged” report
accessed by The Atlanta Constitution-Journal and Channel 2 Action
News. City officials had already secured $6 million for the recovery
project, while initial forecasts said it would cost about $3 million.
Now, it seems, the project will cost an extra $11 million.
After years of repeated warnings from the city’s
auditor about its security vulnerabilities and lack of disaster
recovery plans, the city of Atlanta didn’t invest much effort in
upgrading infrastructure security.
… After refusing to pay a $51,000 ransom in
bitcoin following the breach, the city is now looking at a very
expensive outlay that involves paying for improved security services,
software upgrades, as well as purchasing new desktops, laptops, smart
phones and tablets.
… When the Department of Transportation in
Colorado was hit by ransomware, by comparison, the estimated recovery
cost was $2 million.
Might be amusing to have my students “compare
and contrast” the responses from the various players.
Apple
responds to Congress' letter on data security and privacy
The House Committee on Energy and Commerce last
month sent letters to Apple CEO Tim
Cook and Alphabet CEO Larry Page asking about the companies' data
security and privacy practices. The five-page letter to Cook asked
detailed questions about how Apple collected user data and what it
used it for.
In a response Tuesday, Apple reiterated that it
collects as little data as possible as a practice.
An interesting tool from Programmers You Might
Know…
Last year, we launched an
investigation into how Facebook’s People You May Know tool
makes its creepily accurate recommendations. By November, we had it
mostly
figured out: Facebook
has nearly limitless access to all the phone numbers, email
addresses, home addresses, and social media handles most people on
Earth have ever used. That, plus its deep
mining of people’s messaging behavior on Android, means it can
make surprisingly insightful observations about who you know in real
life—even if it’s wrong about your desire to be “friends”
with them on Facebook.
In order to help conduct this investigation, we
built
a tool to keep track of the people Facebook thinks you know.
Called the PYMK Inspector, it captures every recommendation made to
a user for however long they want to run the tool. It’s how one of
us discovered Facebook had linked us with
an unknown relative. In January, after hiring a third party to
do a security review of the tool, we
released
it publicly on Github for users who wanted to study
their own People You May Know recommendations.
Would this apply to any violent rally?
Subpoena
for app called ‘Discord’ could unmask identities of
Charlottesville white supremacists
… Discord, which was started in 2015 as a
secure chat app for videogamers, also happened to be conducive for
white supremacists, white nationalists, neo-Nazis and other members
of the alt-right movement who sought to keep their identities secret.
… Attorneys for the counterprotesters have
argued that these Discord messages and hundreds of others are central
to proving that Unite the Right organizers “conspired to commit
acts of violence, intimidation and harassment” against people in
Charlottesville that weekend. The attorneys filed a subpoena for
Discord, seeking to obtain the messages and account information of
more than 30 anonymous users who appear to have participated in the
Unite the Right rally.
But one anonymous woman, the one called
“kristall.night,” filed suit seeking to quash the subpoena that
could unmask her and dozens of other users. She claimed the
counterprotesters were intentionally seeking to “out” her as a
member of the alt-right movement, putting her in fear of her own
safety. Revealing her identity, her attorney argued, would infringe
on her First Amendment rights to engage in “anonymous speech” and
to associate with a politically unpopular group.
On Monday, however, a magistrate in California
disagreed.
U.S. Chief Magistrate Judge Joseph C. Spero
declined to fully quash the Discord subpoena, finding that the
plaintiffs’ interest in discovering her identity as a possible
witness or co-conspirator behind the Unite the Right rally outweighed
her right to speak anonymously on the Internet.
… Spero agreed to quash the portion of the
subpoena seeking the contents of the messages, saying it violates the
Stored Communications Act.
Perspective. Why would anyone decide to give up
an audience? Is compliance that expensive? Perhaps this is an
opportunity for someone to provide the tools for a nominal fee?
More than
1,000 U.S. news sites are still unavailable in Europe, two months
after GDPR took effect
Websites had two
years to get ready for the GDPR. But rather than comply, about a
third of the 100 largest U.S. newspapers have instead chosen to block
European visitors to their sites.
… The GDPR requires websites to obtain consent
from users before collecting personal information, explain what data
are being collected and why, and delete a user’s information if
requested. Violating the GDPR can draw a hefty fine — as much as 4
percent of a company’s annual revenue.
Websites had two years to get ready for the GDPR.
Rather than comply, about a third of the 100 largest U.S. newspapers
have opted to block
their sites in Europe. They include the Chicago Tribune, New
York Daily News, Dallas Morning News, Newsday and The
Virginian-Pilot.
… GateHouse and Tronc did not respond to
requests for comment about the GDPR. Lee Enterprises has no plans to
comply. Company spokesperson Charles Arms said Lee’s websites
wouldn’t draw enough visitors from the more than 30 countries in
the EU and the European Economic Area to justify compliance.
“Internet traffic on our local news sites
originating from the EU and EEA is de minimis, and we believe
blocking that traffic is in the best interest of our local media
clients,” Arms said.
From a financial standpoint, that position is
justified, according to Alan
Mutter, who teaches media economics at the University of
California at Berkeley. He said international web traffic might
benefit The New York Times, Wall Street Journal and Washington Post
but “ads served in Paris, Palermo, or Potsdam don’t help
advertisers in Peoria.”
But being available in Europe can help customer
relations. And about
16 million Americans visited Europe last year.
… “It is naive and wholly irresponsible to
think that U.S. news holds no relevance beyond U.S. borders,”
Toporoff said. “U.S. brands should be better at knowledge sharing
with their European counterparts and learn how to serve audiences
within the GDPR’s parameters. Not to do so is quite undemocratic.”
(Related) Perhaps EU readers are worth something
after all?
This year Instapaper celebrated its tenth birthday
and, now that we are an independent
company, we’ve been thinking a lot about the next ten years of
Instapaper and beyond.
To ensure Instapaper can continue for the
foreseeable future, it’s essential that the product generates
enough revenue to cover its costs. In order to do so, we’re
relaunching Instapaper
Premium today.
As a reminder, Instapaper Premium is a
subscription for $2.99/month or $29.99/year
… Additionally, today we are bringing back
Instapaper to European Union users. Over the past two months we have
taken a number of actions to address the General Data Protection
Regulation, and we are happy to announce our return to the European
Union.
We are very sorry for the extended downtime and,
as a token of our apology, we are giving six months of Instapaper
Premium to all EU users affected by the outage.
We’ve updated our privacy
policy to include the rights afforded to EU users under the
General Data Protection Regulation (GDPR). Additionally, in the
interest of transparency, we are posting our privacy policy to GitHub
where you can view a versioned
history of all the changes to our privacy policy.
(Related) Action from the beginning...
Onwards and
Upwards: Our GDPR Journey and Looking Ahead
… For the
better part of the last two years, Imperva has laid the foundation
for our compliance with the
EU General
Data Protection Regulation (GDPR). At roughly ninety pages with
173 recitals and 99 articles, it’s a massive regulation that
fundamentally shifts the data privacy and data protection universe.
No comments:
Post a Comment