Friday, September 07, 2018

plus ça change, plus c'est la même chose” I hope my students can change that.
A year later, Equifax slammed while boasting of change
A year after hackers broke into Equifax’s network and stole the personal information of 148 million Americans, a report by a consumer watchdog group is lambasting the credit reporting agency for not addressing its vulnerabilities earlier and for botching its response to the unprecedented breach.
Moreover, the report — issued Thursday by the U.S. Public Interest Research Group and the National Consumer Law Center — criticized lawmakers and regulators for not holding the Atlanta-based company accountable for its failures.
“Equifax has yet to pay a price or provide consumers with the information and tools they need to adequately protect themselves,” said Mike Litt, consumer campaign director for the U.S. Public Interest Research Group.




Will we share our wisdom? Will other states ask?
Homeland Security Head: Colorado Tops US in Vote Security
Colorado, whose election systems are ranked among the nation's safest, held a cyber-security and disaster exercise Thursday for dozens of state, county and federal elections officials to reinforce the state's preparedness for, and public confidence in, November's midterm elections.
Colorado was the only one among 21 targeted states to report to Homeland Security — not the other way around — that Russian interests attempted to hack into its systems in 2016, said state elections director Judd Choate.
It's invested in new vote tabulating machines and creates a separate paper trail of each ballot cast. Since 2013, it's required two-factor authentication for elections systems operators to access equipment. The secretary of state's office has more internet technology staff than purely elections-related staff, and it has plans, which Choate wouldn't disclose for security reasons, to guarantee security and privacy in the remote case the state's voter registration database is hacked.
This year, the state also will monitor Facebook, Twitter and Instagram starting well ahead of the election to detect and respond to false rumors about voting procedures, outages, and other voting problems. It also will collect intelligence on efforts to sway voters on social media, Choate said. He noted that Colorado's collaboration with Homeland Security is strong.




“Golly gee willikers Bob, why bother naming these guys? You know North Korea will never extradite them.”
“True grasshopper, but telling North Korea or Russia that we know exactly who was responsible also suggests we also know where to drop a smart bomb if it comes to that.”
David E. Sanger, Katie Benner and Adam Goldman report:
The Justice Department plans to charge a North Korean spy in the hacking of Sony Pictures Entertainment in 2014, according to three government officials familiar with the indictment.
The attack wiped out 70 percent of Sony Pictures’ computer capability and was done in retaliation for the company’s production of a comedic film, “The Interview,” that mocked the North Korean leader Kim Jong-un and depicted a plot to assassinate him.
The United States government has long explored charging the hacker, Pak Jin-hyok, but indicting him took time because much of the information against him had been classified and could not be included in a criminal indictment.
Read more on The New York Times.


(Related)
Opsec Mistakes Allowed U.S. to Link North Korean Man to Hacks


(Related) To stimulate the discussion…
Talking Global Cyberwar With Kaspersky Lab's Anton Shingarev
Theory Suggests we Need to Come to the Very Brink of Cyberwar Before Humanity Backs Down and Finds a Solution




A compliance issue.
Are You Ready to Report on GDPR Compliance?
Part 1: Enterprise Level Reporting
Organisations had two years to prepare for GDPR compliance in the run-up to May 25, 2018. Now that the GDPR is in force, what will Regulators want to see? The question is no longer theoretical. The Dutch DPA recently announced an investigation into 30 large organisations regarding their GDPR compliance and at the outset will ask to see their records of processing activities.
Regulator Ready reporting means organisations have the capacity to efficiently produce reports that clearly tell a story reflecting GDPR compliance and accountability and align with legal requirements.
… Nymity Accountability Report
To assist organisations in being able to report on GDPR compliance, Nymity Research™ identified 39 Articles under the GDPR that require evidence of a technical or organisational measure to demonstrate compliance. We have mapped those to the free Nymity Privacy Management Accountability Framework™. Nymity provides a host of free resources to assist organisations in understanding their GDPR obligations and prioritising compliance. To learn more about Regulator Ready reporting, read our white paper.




I wonder if Apple would share enough to allow us to train our CJ students?
Apple will launch a global web portal for law enforcement requests later this year
Apple has announced that it will launch a global web portal for processing and tracking requests from law enforcement officers for data, via MacRumors.
It’s a change from the current system, where law enforcement officers submit requests by messaging an Apple law enforcement email account. A website would offer a more convenient, centralized hub for requests that will make it easier to track current inquiries and manage responses.
In addition to the new portal, Apple has also said that it will build a team to help train law enforcement officers around the world (including developing a new online training module), with an aim toward helping smaller police forces and agencies that may not have the same resources as larger organizations.
According to a letter from Apple’s senior vice president and general counsel Katherine Adams that was obtained by MacRumors, Apple is working on these changes in response to recommendations from a recent report from the Center for Strategic and International Studies.
Apple has strict, published guidelines about what information it does and doesn’t give to law enforcement officers both within and outside of the US. The company also publishes transparency reports twice a year detailing requests for information from law enforcement and government agencies.




Perspective. Will they succeed?
Lyft rolls out its first electric scooters in Denver
Lyft is the latest company to jump on the shared-scooter bandwagon, announcing on Thursday that Denver would be its first market in the US for its dockless electric scooters. The ride-hail company is playing catch-up in a market that’s already flush with billion-dollar startups, but it believes its ability to play nice with city officials will allow it to scale more rapidly than its rivals.
… It won’t be a 24-hour operation, though: Lyft says the scooters will only be available to rent between 6AM and 8PM every day. Similar to other major operators, the scooters cost $1 to unlock and then 15 cents for each minute of riding.
The scooters are made by Chinese electronics giant Xiaomi, and they retail for around $500. They have a top speed of around 15 mph and a range of around 15 miles. When users locate the scooters through Lyft’s app on their phone, they can see the mileage and battery range before deciding to unlock them.




Perspective. Brazil would not have lost so much of their culture in that museum fire if they had digitized more.
Reinventing Museums for the Digital Generation




Something for my researching students.


No comments: