Legacy systems get a break, show that you are working to comply and
they go easy. My problem is trying to teach students to build
systems that are fully compliant from the start.
Ezra Steinhardt of Covington & Burling writes:
Earlier this year, in the run-up to the General Data Protection Regulation’s (“GDPR”) May 25, 2018 date of application, a major question for stakeholders was how zealously the GDPR would be enforced. Now, as the GDPR approaches its six-month birthday, an answer to that question is rapidly emerging. Enforcement appears to be ramping up significantly. In this post, we set out some of the most prominent regulatory enforcement developments so far — but bear in mind other investigations are also proceeding.
Read more on InsidePrivacy.
Interesting idea, but depends on timely
notification. By the time anyone who reuses passwords gets notified,
hackers have probably already used your password everywhere they can
think of. Still, for those of us who follow breaches, it might flag
one we missed.
Natasha Lomas reports:
Mozilla is adding a new security feature to its Firefox Quantum web browser that will alert users when they visit a website that has recently reported a data breach.
When a Firefox user lands on a website with a breach in its recent past they’ll see a pop up notification informing them of the barebones details of the breach and suggesting they check to see if their information was compromised.
“We’re bringing this functionality to Firefox users in recognition of the growing interest in these types of privacy- and security-centric features,” Mozilla said today. “This new functionality will gradually roll out to Firefox users over the coming weeks.”
Read more on TechCrunch.
Great new locks installed on the wrong door?
A new study finds
that credit card fraud has not declined since the introduction of
chip cards in the US. The majority of stolen card information comes
from hacked point-of-sale terminals.
The reasons seem to be twofold. One, the US uses
chip-and-signature instead of chip-and-PIN, obviating the most
critical security benefit of the chip. And two, US merchants still
accept magnetic stripe cards, meaning that thieves can steal
credentials from a chip card and create a working cloned mag stripe
card.
Boing Boing post.
For Users: Makes signing into a new site very
simple. For Hackers: Makes hacking the logon process very desirable.
Hmm. This one could result in big numbers.
A notification
from Title Nine about Annex Cloud. Annex Cloud is a service
provider that you may never have heard of but may have used many
times. The notification explains:
Annex Cloud provides a service that enables individuals to use their user name and password from social media and other websites, like Facebook and Google, to login to merchants’ websites, including www.titlenine.com. Annex Cloud recently informed Title Nine that they had detected and removed unauthorized code that had been inserted into Annex Cloud’s systems that operate its login application. In its report, Annex Cloud identified four periods of time when the unauthorized code was present and could have captured information entered during the checkout process on our website. We removed Annex Cloud’s code from our website and mailed letters to those customers to let them know what occurred.
Despite its first report that only identified four time periods, Annex Cloud informed Title Nine that they had identified additional time periods between December 28, 2017 and July 9, 2018 when the unauthorized code was or could have been present. If present, the unauthorized code could have captured information entered during the checkout process on our website. Through October 25, 2018, Title Nine sought additional information from Annex Cloud to determine the transactions that might be involved, and Annex Cloud supplied additional information about their analysis regarding these periods, including their belief that there are certain times inside these additional periods when it cannot be determined if the unauthorized code was present. Thus, we are notifying you because you entered information during the checkout process during a time period when it is possible the unauthorized code may have been present.
What Information Was Involved
The information entered during the checkout process that the code may have been accessed includes name, address, payment card number, expiration date, and card security code (CVV).
So then today, I saw saw this notification
from Stein Mart.
I wonder how many more notifications we will see
linked to Annex Cloud.
As an old guy, I can remember working with many
senior managers who had never touched a computer. That will never be
true for anyone starting out today. You have to ask: Did they hire
him to program or manage?
Japan's
cyber-security minister has 'never used a computer'
Japan's new cyber-security minister has
dumbfounded his country by saying he has never used a computer.
Yoshitaka Sakurada made the admission to a
committee of lawmakers.
"Since I was 25 years old and independent I
have instructed my staff and secretaries. I have never used a
computer in my life," he said, according to a translation by
the Kyodo news agency.
The 68-year-old
was appointed to his post last month.
… But Mr Sakurada responded that other
officials had the necessary experience and he was confident there
would not be a problem.
However, his struggle to answer a follow-up
question about whether USB drives were in use at the country's
nuclear power stations caused further concern.
The disclosure has been much discussed on social
media where the reaction has been a mix of astonishment and hilarity,
with some noting that at least it should mean Mr Sakurada would be
hard to hack.
I wonder if this asks all the required questions?
Still, it’s a start.
Mozilla
ranks dozens of popular ‘smart’ gift ideas on creepiness and
security
If you’re
planning on picking up some cool new smart device for a loved one
this holiday season, it might be worth your while to check whether
it’s one of the good ones or not. Not just in the quality of the
camera or step tracking, but the security and privacy practices of
the companies that will collect (and sell) the data it produces.
Mozilla
has produced
a handy resource ranking 70 of the latest items, from Amazon
Echos to smart teddy bears.
I’m going to look at this carefully before I
comment. I had a brief vision of TSA Agents standing next to every
computer controlled device in the country. Shudder!
Congress
Passes Bill Creating Cybersecurity Agency at DHS
The
U.S. House of Representatives this week passed a bill that creates a
new cybersecurity agency at the Department of Homeland Security
(DHS).
The
Cybersecurity
and Infrastructure Security Agency (CISA) Act, which passed
Senate in October, is headed to the president to be signed into law.
Congress passed the legislation unanimously.
The
bill reorganizes the National Protection and Programs Directorate
(NPPD) into the Cybersecurity and Infrastructure Security Agency
(CISA), and puts it in charge of cyber and physical infrastructure
security.
Finding a balance must be hard. Facebook is
missing some content they should take down and taking down some they
should not.
70 of the
world's leading human rights groups ask Mark Zuckerberg to create due
process for censored content
Pam Cowburn from Article 19 sez, "Over 70
civil society groups have written
to Mark Zuckerberg asking for Facebook to review its content removal
processes and give all users the opportunity to appeal against
content takedowns that they think have been made in error."
It’s a people problem.
Billions
spent on armored school doors, bulletproof whiteboards and secret
snipers
Washington
Post: “Although school security has grown into a $2.7
billion market — an estimate that does not account for the
billions more spent on armed campus police officers — little
research has been done on which safety measures do and do not protect
students from gun violence. Earlier this fall, The
Washington Post sent surveys to every
school in its database that had endured a shooting of some kind
since the 2012 killings of 20 first-graders in Newtown, Conn., which
prompted a surge of security spending by districts across the
country. Of the 79 schools contacted, 34 provided answers, including
Sandy Hook Elementary. Their responses to questions about what they
learned — some brief but many rich in detail — provide valuable
insight from administrators in urban, suburban and rural districts
who, as a group, have faced the full spectrum of campus gun violence:
targeted, indiscriminate, accidental and self-inflicted.
When asked what, if anything, could have prevented the shootings at their schools, nearly half replied that there was nothing they could have done. Several, however, emphasized the critical importance of their staffs developing deep, trusting relationships with students, who often hear about threats before teachers do. Only one school suggested that any kind of safety technology might have made a difference. Many had robust security plans already in place but still couldn’t stop the incidents…”
My students were adamant that no one could compete
with Amazon.
Amazon Go
competitor Standard Cognition raises $40 million to expand its
cashierless store solution
Cashierless shopping feels a little bit like
magic. There’s something indescribably awesome about being able to
grab something from a shelf, stuff it in a coat pocket, and waltz
away without having to contend with long lines or busted
self-checkout machines. That “coolness” factor — along with
the significant cost savings cashierless experiences promise — have
given rise to a cottage industry of solutions led by standard-bearer
Amazon and its Amazon
Go chain.
The space’s startups have been mostly
retailer-agnostic so far, and it’s no wonder why —
brick-and-mortar space is expensive. San Francisco-based Standard
Cognition this summer announced a partnership with Paltac in
Japan that will see its autonomous checkout solution deployed
in 3,000 stores, along with unnamed retailers in North
America and Europe — and it’s impressed investors with its
progress.
Perspective. My students have been looking at the
wider economic impacts.
How
Autonomous Vehicles Will Upend Transportation
… Knowledge@Wharton: How
will it change the trucking industry?
Burns: When you look at an
over-the-road tractor, ask yourself: What parts are on that tractor
because there’s a driver in it? The windshield, the doors, the
seats, the steering controls, the brakes — you begin to get the
picture. In fact, the
parts you can take off of that tractor will likely cost more than the
parts you’re going to add to make it autonomous.
… After this DARPA Urban Challenge, the only
company that really stepped up for public road use application of
this was Google. Larry Page and Sergey Brin challenged a small team
of the participants in that DARPA challenge to come up with a vehicle
that could go on public roads and prove the concept out.
The auto
industry was in denial for five or six years. We
re-create that in Autonomy. We tell the story of how Google
got started into this area, and then how some of the engineers on
Google’s team reached out to the auto industry and had the door
slammed in their face.
The squeaky wheel(My students would agree.)
No comments:
Post a Comment