My students easily identified this as insider
trading, why did the CIO think no one would notice?
Equifax
CIO Put ‘2 and 2 Together’ Then Sold Stock, SEC Says
The text from the
Equifax
Inc. executive sounded ominous: “We may be the one breached.”
Yet before the wider world learned of the credit
bureau’s massive hack – in which sensitive information for more
than 140 million U.S. consumers had been compromised – the
executive, Jun Ying, was selling Equifax stock, federal authorities
now say.
Six months after the cyberattack shook Equifax and
raised questions about suspicious trading by several executives
there, the Department of Justice on Wednesday charged Ying with
insider trading. Prosecutors say he
searched on the internet for what might happen to Equifax stock when
the news of the attack broke, then exercised all of his
stock options. The move netted him more than $480,000. Ying’s
lawyers, Douglas I. Koff and Craig S. Warkol of Schulte Roth &
Zabel, declined to comment on Ying’s behalf.
… Ying, who was next in line to become the
company’s global CIO, avoided more than $117,000 of losses by
selling his shares, the SEC said.
My students are aware that new technologies are
often introduced before security is considered. Not everyone has got
the “design for security” word yet.
Why do the
Vast Majority of Applications Still Not Undergo Security Testing?
Did
you know that 84% of all cyber attacks
target applications, not networks? What’s even more curious is
that 80% of Internet of Things (IoT) applications aren’t even
tested for security vulnerabilities.
It
is 2018, and despite all the evidence around us, we haven’t fully
accepted the problem at hand when it comes to software security.
Because we haven’t accepted the problem, we are not making progress
in addressing the associated vulnerabilities. Which is why after an
active 2017, we are already seeing numerous new attacks before we
leave the first quarter of the year.
Always interesting.
Microsoft
Publishes Bi-annual Security Intelligence Report (SIR)
Microsoft's
23rd bi-annual Security Intelligence Report (SIR) focuses on three
topics: the disruption of the Gamarue (aka Andromeda) botnet,
evolving hacker methodologies, and ransomware. It draws on the data
analysis of Microsoft's global estate since February 2017, including
400 billion email messages scanned, 450 billion authentications, and
18+ billion Bing webpage scans every month; together with the
telemetry collected from the 1.2 billion Windows devices that opt in
to sharing threat data with Microsoft.
…
The
report has five primary recommendations to counter the threat of
ransomware: backup data; employ multi-layered security defenses;
upgrade to the latest software and enforce judicious patching;
isolate or retire computers that cannot be patched; and manage and
control privileged credentials. A new survey from Thycotic
demonstrates just how
poor many organizations are at managing privileged accounts.
There
is no mention of a sixth potential recommendation -- if infected with
ransomware, immediately visit the NoMoreRansom
project website. This project aggregates known ransomware
decryptors, and it is possible that victims might be able to recover
encrypted files without recourse to the risky option of paying the
ransom. For now, Microsoft does not appear to be a partner in this
project.
Cool! I could ping your phone to get the same
information. If I was a stalker, I be giggling! On the other hand,
I don’t own a smartphone. Will I still be able to drive?
Joe Cadillic sent me an email with a subject line
comment all in capital letters. That’s usually a clue that I’m
about to read a very disturbing news development.
Jerry Smith reports:
Delaware could be among the first states
to use mobile driver’s
licenses.
[…]
Features
of the mDL that will be tested include:
•
Enhanced privacy for age verification: No need to show a person’s
address, license number and birthdate. The mobile driver’s license
will verify if the person is over 18 or 21 and display a photo.
•
Law enforcement use during a traffic stop: The mobile driver’s
license will allow law
enforcement officers to ping a driver’s smartphone to request their
driver’s license information before walking to the vehicle.
Read more on
Delaware
Online. I’m guessing it was that second bullet that really
made Joe apoplectic.
Guidelines for anyone wishing to influence an
election? Grab them fast, because they will likely get wiped too.
Facebook
Quietly Hid Webpages Bragging of Ability to Influence Elections
The
Intercept: “When Mark Zuckerber was asked if Facebook had
influenced the outcome of the 2016 presidential election, the founder
and CEO
dismissed
the notion that the site even had such power as “crazy.” It was
a disingenuous remark.
Facebook’s
website had an entire section devoted to touting the “success
stories” of political campaigns that used the social network to
influence electoral outcomes. That page, however, is now
gone, even as the 2018 congressional primaries get underway… The
case studies that Facebook used to list from political campaigns,
however, included more interesting claims. Facebook’s work with
Florida’s Republican Gov. Rick Scott “used link ads and video ads
to boost Hispanic voter turnout in their candidate’s successful bid
for a second term, resulting in a 22% increase in Hispanic support
and the majority of the Cuban vote.” Facebook’s work with the
Scottish National Party, a political party in the U.K., was described
as “triggering a landslide.” The “success stories” drop-down
menu that once included an entire section for “Government and
Politics” is now gone. Pages for the individual case studies, like
the
Scott
campaign and
SNP,
are still accessible through their URLs, but otherwise seem to have
been delisted…”
(Related) It’s a start, but they better not
screw it up!
YouTube
announces plan to provide users with info cues to combat conspiracy
theory videos
Wired:
“After the mass shooting in Parkland, Florida, in February, the top
trending
video on YouTube wasn’t a news clip about the tragedy, but a
conspiracy theory video suggesting survivor David Hogg was an actor.
The video garnered 200,000 views before YouTube removed it from its
platform. Until now, the company hasn’t said much about how it
plans to handle the spread of that sort of misinformation moving
forward. On Tuesday, however, YouTube CEO Susan Wojcicki detailed a
potential solution.
YouTube
will now begin displaying links to fact-based content alongside
conspiracy theory videos. Wojcicki announced the new
feature, which she called “information cues,” during a
talk
with WIRED editor-in-chief Nicholas Thompson at the South by
Southwest conference in Austin, Texas. Here’s how it will work: If
you search and click on a conspiracy theory video about, say,
chemtrails, YouTube will now link to a Wikipedia page that debunks
the hoax alongside the video. A video calling into question whether
humans have ever landed on the moon might be accompanied by the
official Wikipedia page about the Apollo Moon landing in 1969.
Wojcicki says the feature will only include conspiracy theories right
now that have “significant debate” on the platform…”
(Related) I wonder if they checked to see if a
high volume of referrals could harm Wikipedia?
YouTube
didn’t tell Wikipedia about its plans for Wikipedia
YouTube doesn’t need to officially partner with
Wikimedia to use information from Wikipedia, but it’s still a
bemusing tactic to make such an announcement without any official
word passed between the two.
This will never be anonymous. (Anonymous entity
#4567 arrested for 17 counts of murder in Parkland, Florida)
Florida
Could Start a Criminal-Justice Data Revolution
There’s no such thing as the US criminal justice
system. There are, instead, thousands of counties across the
country, each with their own systems, made up of a diffuse network of
sheriffs, court clerks, prosecutors, public defenders, and jail
officials who all enforce the rules around who does and doesn’t end
up behind bars. It’s hard enough to ensure that key details about
a case pass from one node of this convoluted web to the other within
a single county; forget about at the state or national level.
That's what makes a new criminal justice reform
bill now making its way to Florida governor Rick Scott’s desk
especially noteworthy. On Friday, the Florida Legislature approved a
bill, introduced by Republican state representative Chris Sprowls,
that requires every entity
within the state’s criminal justice system to collect an
unprecedented amount of data and publish it in one publicly
accessible database. That database will store anonymized
data about individual defendants—including, among other things,
previously unrecorded details about their ethnicities and the precise
terms of their plea deals. It will also include county-level data
about the daily number of people being held in a given jail
pre-trial, for instance, or a court’s annual misdemeanor caseload.
All in, the bill requires counties to turn over about 25 percent more
data than they currently do.
The law, she keeps a-changing!
German
Court's Privacy Ruling Against Facebook Will Have Far-Reaching
Effects
Facebook has millions of users in the European
Union, and a German court recently ruled against the company in a
case involving its Privacy Policy. Few
ever read privacy policies except judges, who must examine
them when challenges arise.
If you have any customers who are EU residents,
the new GDPR will impact you.
… A German court earlier this year ruled that
Facebook's terms of use did not comply with informed consent.
Informed consent is specific under EU rules.
Article 4(11) of the GDPR defines consent as
"any freely given, specific,
informed and unambiguous indication of the data subject's wishes by
which he or she, by a statement or by a clear affirmative action,
signifies agreement to the processing of personal data relating to
him or her."
Five criteria must be met to constitute consent:
-
freely given
-
specific
-
informed
-
unambiguous
-
affirmative
… Facebook and many U.S. websites use default
privacy settings. The German court found several of those settings
were difficult for the user to find and change. By implementing
default settings, Facebook had failed to get informed consent.
At what point do you need to talk to a real
lawyer? Perhaps an AI app could help answer that.
Legal tech
is opening the system to those who need legal representation the most
TechCrunch:
“…Emerging startups like JustFix.nyc and legal tech products like
LegalZoom and DocuSign have lowered the barrier to entry for legal
protection that was previously confined to law offices. Now anyone
can write their will or incorporate a company without having to seek
legal counsel. The dissolution of the traditional legal business
model is good news for public interest law. Access to justice is a
fundamental human right, but most can’t afford to hire legal
representation when the need arises. Public defenders, pro bono
lawyers, and immigration attorneys provide a great service to
citizens, yet the demand for legal support far outweighs the supply
of legal aid services. There simply aren’t enough public interest
lawyers to go around. Financial hardship shouldn’t be a barrier to
justice. Fortunately, simple applications of technology can
streamline legal representation, and with wider adoption, may reduce
a key contributor to the economic inequality equation. While law
firms have been slow to embrace new disruptive technologies, public
interest law is different. Tech allows them to serve more clients.
It’s a disruption for
good, and nonprofit tech companies are spearheading this movement….”
Making my students more productive?
If you’re a programmer who doesn’t use Chrome,
you’re in the minority.
Might be useful for students describing their
projects to potential employers.
A Great
List of Tools for Making Cool Infographics
Cool Infographics is
a
book and
a
blog written by Randy Krum. I read his book a few years ago and
came away with some great design ideas that I now use in my slides
and in some social media posts. On his blog Randy critiques the
design quality and information accuracy of infographics found around
the Internet. His blog also contains a section in which he lists
dozens of tools for creating all kinds of data visualizations.
The
Cool
Infographics tools page lists dozens of tools for building all
kinds of data visualizations from simple word clouds to complex
interactive designs. The Cool Infographics tools page also lists
resources for free images, resources on picking the right design for
your project, and places to find data to use in your projects.
Some of the tools on the Cool Infographics tools
page will be familiar to readers of this blog. Canva and Timeline
JS, for example, have been featured many times on this blog. Some
tools, like
Zanifesto,
were completely new to me.
This could be useful for many of my students.
(Related) This one, not so much. Apparently,
they think there is a market.
Duolingo
targets Trekkies with new Klingon language course