Perhaps there is bliss in ignorance? There seems
to be no significant downside – so why bother with security?
Security
Breaches Don't Affect Stock Price
Abstract: This report assesses the
impact disclosure of data breaches has on the total returns and
volatility of the affected companies' stock, with a focus on the
results relative to the performance of the firms' peer industries, as
represented through selected indices rather than the market as a
whole. Financial performance is considered over a range of dates
from 3 days post-breach through 6 months post-breach, in order to
provide a longer-term perspective on the impact of the breach
announcement.
There are some things it is best NOT to ignore.
A friend tweeted to me tonight:
Commissioner
Miner @fanCRTCProfling
.@PogoWasRight
you have been beating this drum and saying this for a long time
now... years. "report reveals they are instead 'frequently
ignored or misunderstood". Now u have a report! ;)
https://www.theinquirer.net/inquirer/news/3024702/hackerone-2018-hacker-report…
5:45
PM - Jan 18, 2018
Indeed we do.
Carly Page reports:
One in four ethical hackers have not
reported a vulnerability that they found because the company didn’t
have a channel to disclose it.
That’s according to HackerOne’s ‘2018
Hacker Report‘, which surveyed 1,698 members of the
hacking community – making it the largest documented survey ever
conducted of the ethical hacking community.
One of the standout discoveries was that
almost 25 per cent of respondents said they were unable to disclose a
security flaw because the bug-ridden company in question lacked a
vulnerability disclosure policy (VDP).
This doesn’t mean the hackers don’t
try – with HackerOne noting that many attempt to contact firms via
social media and email but are “frequently ignored or
misunderstood.”
Read more on
Inquirer.net.
And keep in mind that the rate of reporting will drop and/or be
chilled if law enforcement treats ethical hackers or greyhats like
blackhats and attempts to prosecute them. Our federal hacking
statute, CFAA, needs updating and revision and the revisions need to
provide protection to researchers who attempt to responsibly disclose
what they have found.
Here’s another thing to ignore?
How to
Comply with GDPR
… A recent study from HyTrust, conducted at
the VMworld 2017 conference in Las Vegas, found that a whopping
79
percent of companies have no
plans in place for GDPR. Another study from Varonis
revealed that a whopping 90 percent of IT decision makers saw
challenges complying with GDPR a year before the enforcement date.
Businesses must have surveillance cameras tied
into the police system.
New year, new surveillance expansion. Chad
Livengood reported this on January 3, and Joe Cadillic kindly sent it
along for all of us to mutter about:
-
Plan
would eventually mandate
every retail business in Detroit with late-night hours to have
surveillance cameras
-
City
will start with requiring camera systems for businesses open
midnight-4 a.m.
-
City will then move to businesses
open after 10 p.m.
Mayor Mike Duggan’s administration is
moving forward with a plan to eventually mandate
every retail business in Detroit with late-night hours have
surveillance cameras tied into Project Green Light, the
Detroit Police Department’s real-time crime monitoring system
credited with a decrease in carjackings and overall crime around
participating businesses.
In an interview Wednesday with Crain’s,
Duggan said he will ask City Council later this year to mandate
Project Green Light high-definition video systems for all retail
businesses open after 10 p.m.
Why would this police officer want to disable the
camera? To avoid another ‘through the door” shooting? But
shouldn’t they reconnect the camera when done?
From the
this-almost-feels-like-opposites-day dept., Meghan McRoberts
reports:
An Indian River County man feels his
privacy was violated after he captured Vero Beach police
disconnecting a surveillance camera outside his front door.
Police were investigating a crime the man
says he had nothing to do with.
Vero Beach Police Chief David Currey
stands by his officers’ actions.
Of course he does. But this is a weird one – is
removing surveillance a privacy violation? I think if we view it as
law enforcement damaging or seizing property, then there’s an
issue, but is it a privacy issue? Help!
Makes me ask if these guys know how to run a bank.
Wells Fargo
apologizes for glitch that emptied out some bank accounts
Reports show a glitch caused some online bill
payments to be processed twice. That is triggering overdraft
protection fees. Some customers have gotten emails saying their
checking accounts had nothing in them.
"Some customers may be having an issue with
their Bill Pay transactions. We are working to fix the issue and
resolve this tonight. Thanks for your patience," the company
tweeted Wednesday evening.
The bank said Thursday morning that technical
teams have corrected the errors, but customers should still check to
make sure all is well with their accounts.
Did you think of Lebanon as a major hacking
nation?
Report
links hacking campaign to Lebanese security agency
A major hacking operation tied to
one
of the most powerful security and intelligence agencies in
Lebanon has been exposed after careless spies left hundreds of
gigabytes of intercepted data exposed to the open internet, according
to
a report
published Thursday.
Mobile security firm Lookout, Inc. and the
Electronic Frontier Foundation, a digital rights group, said the
haul, which includes nearly half a million intercepted text messages,
had simply been left online by hackers linked to Lebanon’s General
Directorate of General Security.
Another tease for my students.
What is
blockchain? The most disruptive tech in decades
The distributed
ledger technology, better known as blockchain, has the potential to
eliminate huge amounts of record-keeping, save money and disrupt IT
in ways not seen since the internet arrived.
Free tool for business.
WhatsApp
officially launches its app for businesses in select markets
WhatsApp today
officially
launched
its new
WhatsApp
Business app in select markets, including Indonesia, Italy,
Mexico, the U.K. and the U.S., ahead of its planned worldwide
rollout. The addition of business profiles and new messaging tools
aimed at business customers is part of the company’s
broader
plan to generate revenue by charging larger enterprises for
advanced tools to communicate with customers on the platform now used
by over a billion people worldwide.
The WhatsApp Business app is the initial entry
point in this market.
Aimed at smaller businesses, the free
app – Android-only for now – helps companies better
connect with their customers and establish an official presence on
WhatsApp’s service. Essentially, it’s the WhatsApp version of a
Facebook Page.
No one reads the Users Manual.
Guide offer
tips and tricks to enhance value of Google Maps
Digital Trends: “Google Maps boasts more than 1
billion active users today, making it the most popular navigation
software in the world. It gets millions of us where we need to go
every day, but are you sure you’re getting the most out of it?
It’s easy to miss new features or hidden options. That’s why
we’ve compiled
this
guide on how to use Google Maps. It’s time to take your first
step on the road to mastery with our Google Maps tips and tricks…”
I didn’t know you could still do this.
My students should be interested!
Google
Opens Up Its Tech Training Program to All, Giving You a Reason to
Learn New Skills
If you want to work at
Google
someday but aren’t sure you have the resume for it, the company
wants to train you. To help prospective employees bridge skills
gaps, the tech giant is partnering with online course provider
Coursera to offer access to its IT training program, previously only
open to existing Googlers.
It may seem counterintuitive for Google to invest
in the education of people who don’t and may never work for the
company. It could even bolster the skills of individuals who work
for competitors, you might imagine. But of the 10,000 U.S. residents
who receive scholarships from Google to complete the certificate,
Google is betting that it will be able to hire some of them down the
road.
… The program will involve 64 hours of video
lessons as well as labs and evaluations, and it will teach IT basics
such as troubleshooting, customer service, networking, operating
systems, system administration, automation and security. It will
take about eight months to complete if a student spends eight to 10
hours a week on the program, though students can work at their own
pace, according to
Coursera.
Those interested in financial aid can
apply
by Feb. 20, while others may be selected by participating nonprofits.
You don’t need an IT background or a four-year college degree to
qualify. For those who don’t get a free ride, the full cost of the
program is $49 a month.