A year
later, Equifax slammed while boasting of change
A year after hackers broke into Equifax’s
network and stole the personal information of 148 million Americans,
a report by a consumer watchdog group is lambasting the credit
reporting agency for not addressing its vulnerabilities earlier and
for botching its response to the unprecedented breach.
Moreover, the
report — issued Thursday by the U.S. Public Interest Research
Group and the National Consumer Law Center — criticized lawmakers
and regulators for not holding the Atlanta-based company accountable
for its failures.
“Equifax has yet to pay a price or provide
consumers with the information and tools they need to adequately
protect themselves,” said Mike Litt, consumer campaign director for
the U.S. Public Interest Research Group.
Will we share our wisdom? Will other states ask?
Homeland
Security Head: Colorado Tops US in Vote Security
Colorado,
whose election systems are ranked among the nation's safest, held a
cyber-security and disaster exercise Thursday for dozens of state,
county and federal elections officials to reinforce the state's
preparedness for, and public confidence in, November's midterm
elections.
… Colorado
was the only one among 21 targeted states to report to Homeland
Security — not the other way around — that Russian interests
attempted to hack into its systems in 2016, said state elections
director Judd Choate.
It's
invested in new vote tabulating machines and creates
a separate paper trail of each ballot cast. Since 2013,
it's required two-factor authentication for elections systems
operators to access equipment. The secretary of state's office has
more internet technology staff than purely elections-related staff,
and it has plans, which Choate wouldn't disclose for security
reasons, to guarantee security and privacy in the remote case the
state's voter registration database is hacked.
This
year, the state also will monitor Facebook, Twitter and Instagram
starting well ahead of the election to detect and respond to false
rumors about voting procedures, outages, and other voting problems.
It also will collect intelligence on efforts to sway voters on social
media, Choate said. He noted that Colorado's collaboration with
Homeland Security is strong.
“Golly gee willikers Bob, why bother naming
these guys? You know North Korea will never extradite them.”
“True grasshopper, but telling North Korea or
Russia that we know exactly who was responsible also suggests we also
know where to drop a smart bomb if it comes to that.”
David E. Sanger, Katie Benner and Adam Goldman
report:
The Justice Department plans to charge a North Korean spy in the hacking of Sony Pictures Entertainment in 2014, according to three government officials familiar with the indictment.
The attack wiped out 70 percent of Sony Pictures’ computer capability and was done in retaliation for the company’s production of a comedic film, “The Interview,” that mocked the North Korean leader Kim Jong-un and depicted a plot to assassinate him.
The United States government has long explored charging the hacker, Pak Jin-hyok, but indicting him took time because much of the information against him had been classified and could not be included in a criminal indictment.
Read more on The
New York Times.
(Related)
Opsec
Mistakes Allowed U.S. to Link North Korean Man to Hacks
(Related) To stimulate the discussion…
Talking
Global Cyberwar With Kaspersky Lab's Anton Shingarev
Theory
Suggests we Need to Come to the Very Brink of Cyberwar Before
Humanity Backs Down and Finds a Solution
A compliance issue.
Are
You Ready to Report on GDPR Compliance?
Part 1:
Enterprise Level Reporting
Organisations had two years to prepare for GDPR
compliance in the run-up to May 25, 2018. Now that the GDPR is in
force, what will Regulators want to see? The question is no longer
theoretical. The Dutch DPA recently announced
an investigation into 30 large organisations regarding their GDPR
compliance and at the outset will ask to see their records of
processing activities.
… Regulator
Ready reporting means organisations have the capacity to
efficiently produce reports that clearly tell a story reflecting GDPR
compliance and accountability and align with legal requirements.
… Nymity Accountability Report
To assist organisations in being able to report on
GDPR compliance, Nymity
Research™ identified 39 Articles under the GDPR that require
evidence of a technical or organisational measure to demonstrate
compliance. We have mapped those to the free Nymity
Privacy Management Accountability Framework™. Nymity provides
a host of free resources to assist organisations in understanding
their GDPR obligations and prioritising compliance. To learn more
about Regulator Ready reporting, read our white paper.
I wonder if Apple would share enough to allow us
to train our CJ students?
Apple will
launch a global web portal for law enforcement requests later this
year
Apple has announced that it
will launch a global web portal for processing and tracking requests
from law enforcement officers for data, via
MacRumors.
It’s a change from the
current system, where law enforcement officers submit requests by
messaging an Apple law enforcement email account. A website would
offer a more convenient, centralized hub for requests that will make
it easier to track current inquiries and manage responses.
In addition to the new
portal, Apple has also said that it will build a team to help train
law enforcement officers around the world (including developing a new
online training module), with an aim toward helping smaller police
forces and agencies that may not have the same resources as larger
organizations.
According to a letter from
Apple’s senior vice president and general counsel Katherine Adams
that was obtained by MacRumors, Apple is working on these
changes in response to recommendations from a recent
report from the Center for Strategic and International Studies.
Apple has strict, published
guidelines about what information it does and doesn’t give to law
enforcement officers both within and outside
of the US. The company also publishes transparency reports twice
a year detailing requests for information from law enforcement and
government agencies.
Perspective. Will they succeed?
Lyft rolls
out its first electric scooters in Denver
Lyft is the latest company to
jump on the shared-scooter bandwagon, announcing on Thursday that
Denver would be its first
market in the US for its dockless electric scooters. The
ride-hail company is playing catch-up in a market that’s already
flush with billion-dollar startups, but it believes its ability to
play nice with city officials will allow it to scale more rapidly
than its rivals.
… It won’t be a 24-hour
operation, though: Lyft says the scooters will only be available to
rent between 6AM and 8PM every day. Similar to other major
operators, the scooters cost $1 to unlock and then 15 cents for each
minute of riding.
The scooters are made by
Chinese
electronics giant Xiaomi, and they retail for around $500. They
have a top speed of around 15 mph and a range of around 15 miles.
When users locate the scooters through Lyft’s app on their phone,
they can see the mileage and battery range before deciding to unlock
them.
Perspective. Brazil would not have lost so much
of their culture in that museum fire if they had digitized more.
Reinventing
Museums for the Digital Generation
Something for my researching students.
No comments:
Post a Comment