Saturday, April 07, 2018

As some day it may happen that a victim must be found
I've got a little list – I've got a little list
Of society offenders
who might well be underground
And
who never would be missed – who never would be missed
         Sung by the Lord High Executioner in the Mikado.
I’m not sure I like being on this list.
Homeland Security to Compile Database of Journalists, Bloggers
The U.S. Department of Homeland Security wants to monitor hundreds of thousands of news sources around the world and compile a database of journalists, editors, foreign correspondents, and bloggers to identify top “media influencers.”
It’s seeking a contractor that can help it monitor traditional news sources as well as social media and identify “any and all” coverage related to the agency or a particular event, according to a request for information released April 3.
The data to be collected includes a publication’s “sentiment” as well as geographical spread, top posters, languages, momentum, and circulation. No value for the contract was disclosed.


(Related) Always good to have a polite, well reasoned reply to our concerns...
DHS: Fears over journalist database 'fit for tin foil hat wearing ... conspiracy theorists'
… In a Friday column that was tweeted out by the Committee to Protect Journalists, Forbes writer Michelle Fabio referred to the move as "today's installment of 'I'm Not Terrified, You Are,'" and said the details of the plan "are enough to cause nightmares of constitutional proportions, particularly as the freedom of the press is under attack worldwide."
A DHS spokesperson took to Twitter on Friday to emphasize that the request is nothing out of the ordinary.
"Despite what some reporters may suggest, this is nothing more than the standard practice of monitoring current events in the media," DHS spokesman Tyler Houlton tweeted after the Committee to Protect Journalists tweeted out a link to a Forbes article about the request. "Any suggestion otherwise is fit for tin foil hat wearing, black helicopter conspiracy theorists."




Just because?
Dimensions - An Academic Research Engine
When it comes to searching for research studies and other academic articles many people turn to Google Scholar. But as your friendly librarian will tell you, there are still other databases that you should try. Dimensions is one such example of that.
Dimensions is a search engine focused on helping users discover research publications including clinical study reports. To help users get the whole picture, Dimensions will provide information about the grants that funded a study and report. You can filter Dimensions search results to show only open-access papers, to show only papers from a particular year, and according to field of research.
Dimensions is a search engine that will be of use primarily to university students. Some high school science teachers may find Dimensions useful for introducing their students to academic research related to clinical studies.


Friday, April 06, 2018

It’s time once again for the Privacy Foundation at University of Denver Sturm College of Law to have its spring seminar! It will be taking place April 20th, from 10:00am-1:00pm (with lunch to follow) at the Ricketson Law Building. The topic is: Workplace Privacy and Bring Your Own Device.
This Workplace Privacy Seminar will focus on the major privacy issues in the workplace: (1) the legal and technical concerns surrounding employee BYOD policies, i.e., employee access to other employee privacy data and employee use of non-work employee information found on social media via employees’ own smart phones and note books; (2) the “metes and bounds” of employee monitoring, i.e., verbal, written, and electronic communications while working and after hours; and (3) geographic tracking of employees, onsite and after hours.






This is a bit more complicated than normal.
https://krebsonsecurity.com/2018/04/secret-service-warns-of-chip-card-scheme/
Secret Service Warns of Chip Card Scheme
The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When the unsuspecting business receives and activates the modified card, thieves can start draining funds from the account.
… The reason the crooks don’t just use the debit cards when intercepting them via the mail is that they need the cards to be activated first, and presumably they lack the privileged information needed to do that. So, they change out the chip and send the card on to the legitimate account holder and then wait for it to be activated.
The Secret Service memo doesn’t specify at what point in the mail process the crooks are intercepting the cards. It could well involve U.S. Postal Service employees (or another delivery service), or perhaps the thieves are somehow gaining access to company mailboxes directly.






Everyone loves those Reality TV stars.
Dozens of hospital staff access medical records of suicidal reality soap star
Dozens of people have been able to access the medical files of a television reality show star who tried to commit suicide, according to television current affairs show EenVandaag.
Samantha de Jong, better known as Barbie, was admitted to hospital in January after trying to kill herself. She had hardly been off the tv since she took part in reality soap Oh Oh Cherso, about a group of Dutch youngsters on Crete, in 2010.
The hospital has confirmed it is investigating the security breach. EenVandaag said routine checks revealed that ‘dozens’ of members of staff had accessed her files, even though they were not involved in her treatment.
Do they not have “break the glass” procedures or other controls there? Have they not been firm enough about firing snoopers? Why did this happen and happen so extensively?
I have noted snooping in celebrities’ medical files in too many cases over the years. There are some technological solutions that can help as well as other strategies. Maybe the Dutch hospitals should invite my sponsors from Protenus, Inc. over there to show them how they can prevent this kind of thing in the future? If this is what is holding up progress in creating a digital EMR system, then they really really need to deal with this already.
Read more at DutchNews.nl.






No rush?
https://globalnews.ca/news/4122202/data-breach-canada-privacy-commissioner/
Companies will now have to tell Canadian consumers when their privacy is breached — and do it quickly
… The Digital Privacy Act became law in August 2015, but several of its provisions were not immediately implemented and have languished on the books pending official authorizations needed to bring them into force.
… Under the new rules, organizations must notify consumers “as soon as feasible after an organization determines that a breach has occurred.”






Something for my students to consider?
https://www.entrepreneur.com/article/311284?utm_source=google-news&utm_medium=syndication&utm_campaign=google-editors-pick&google_editors_picks=true
10 Ways Technology Hijacks Your Behavior






The problem with “Ready, Fire, Aim” Don’t worry, we’ll figure something out.
https://taskandpurpose.com/northcom-trump-troops-mexico-border/
NORTHCOM Caught Off Guard As Trump Orders Troops To US-Mexico Border
After what insiders say was a surprise announcement by President Donald Trump on Tuesday, the Colorado Springs command that could send U.S. troops to the Mexican border was waiting for guidance.
… “We are standing by for guidance,” a spokeswoman said.
Other sources said the command, led by Air Force Gen. Lori Robinson, didn’t have notice of the presidential directive.






Is this what started talks of a summit?
http://www.businessinsider.com/north-korea-could-nuke-us-as-early-as-july-23-2018-says-british-mod-2018-4
North Korea could nuke the US as early as July 23, according to Britain's Ministry of Defense
… Lord Howe, a British defense minister, told parliament's Defense Committee that the Defense Ministry thought North Korea would be fully nuclear-capable within "six to 18 months."
The statements, made at a January 23 hearing, were published Thursday in a committee report on North Korea's nuclear ambitions. The earliest possible date for a strike in Howe's time frame is July 23; the far estimate is the same date in 2019.






Because you never have enough to read?
https://www.bespacific.com/magazine-rack-the-internet-archives-collection-of-34000-digitized-magazines/
Magazine Rack – the Internet Archive’s Collection of 34,000 Digitized Magazines
Open Culture: “Before we kept up with culture through the internet, we kept up with culture through magazines. That historical fact may at first strike those of us over 30 as trivial and those half a generation down as irrelevant, but now, thanks to the Internet Archive, we can all easily experience the depth and breadth of the magazine era as something more than an abstraction or an increasingly distant memory. In keeping with their apparent mission to become the predominant archive of pre-internet media, they’ve set up the Magazine Rack, a downloadable collection of over 34,000 digitized magazines and other monthly publications…”






I use Feedly myself. Beats visiting 25 sites to see what’s new.
https://www.bespacific.com/why-rss-still-beats-facebook-and-twitter-for-tracking-news/
Why RSS Still Beats Facebook and Twitter for Tracking News
Gizmodo: “You’d be forgiven for thinking RSS died off with the passing of Google Reader, but our old friend Really Simple Syndication (or Rich Site Summary) still has a role to play on the web of 2017. It’s faster, more efficient, and you won’t have to worry as much about accidentally leaking your news reading habit to all your Facebook friends. Whether you’ve never heard of it before or you’ve abandoned it for pastures new, here’s why you should be using RSS for your news instead of social media…”
See also via LLRXWhat is RSS and How to Use it Effectively – by Pete Weiss.






Only the weak-minded fall for fake news?
http://dilbert.com/strip/2018-04-06



Thursday, April 05, 2018

No breach is ever so bad that it can’t become worse.
Malicious actors’ collected data on 2 billion Facebook users worldwide
It is not surprising to now today from Facebook that the debacle of Cambridge Analytica harvesting data on 87 million people has escalated monumentally to the level of 2 billion users worldwide per the Washington Post: “Facebook said Wednesday that “malicious actors” took advantage of search tools on its platform, making it possible for them to discover the identities and collect information on most of its 2 billion users worldwide. The revelation came amid rising acknowledgement by Facebook about its struggles to control the data it gathers on users… But the abuse of Facebook’s search tools — now disabled — happened far more broadly and over the course of several years, with few Facebook users likely escaping the scam, company officials acknowledged. The scam started when malicious hackers harvested email addresses and phone numbers on the so-called “Dark Web,” where criminals post information stolen from data breaches over the years. Then the hackers used automated computer programs to feed the numbers and addresses into Facebook’s “search” box, allowing them to discover the full names of people affiliated with the phone numbers or addresses, along with whatever Facebook profile information they chose to make public, often including their profile photos and hometown…”


(Related)
Practical Approaches to Big Data Privacy Over Time
“The Berkman Klein Center is pleased to announce a new publication from the Privacy Tools project, authored by a multidisciplinary group of project collaborators from the Berkman Klein Center and the Program on Information Science at MIT Libraries. This article, titled “Practical approaches to big data privacy over time,” analyzes how privacy risks multiply as large quantities of personal data are collected over longer periods of time, draws attention to the relative weakness of data protections in the corporate and public sectors, and provides practical recommendations for protecting privacy when collecting and managing commercial and government data over extended periods of time. …




I’d like someone to step up and give my Computer Security students good example for a change.
Protect Yourself from Panera’s Half-Baked Security
Have you ever noticed that most companies say, “We take your security very seriously” only after they demonstrably didn’t take your security all that seriously? The latest business to let its customers down is Panera Bread, a popular bakery chain, whose security countermeasures probably needed a little more time in the oven.
A huge flaw could expose as many as 37 million user accounts. That’s bad enough on its own, but what’s even worse is that Panera has known about the underlying flaw for eight months, and did not address it.
The frankly incredible story comes courtesy of security researcher Dylan Houlihan and his colleague Brian Krebs. Houlihan explained the full story in a detailed Medium post, while Krebs added additional commentary on his own blog.
To simplify a very complex issue: Anyone who’s ever signed up for a Panera account can leverage a flaw in its website to view another user’s information. This includes his or her username, phone number, birthday, and last four digits of a credit card — in addition to a full name, physical address, e-mail address and even your dietary restrictions.




I would not be pleased with a vendor who failed to notify me for months!
Delta, Sears are part of credit card data breach at tech firm
Delta Air Lines Inc. and Sears Holding Corp., including its Kmart stores, confirmed late Wednesday that select customer payment information may have been exposed in a cybersecurity breach at a software service provider they both use, called [24]7.ai.
The tech firm found that a cybersecurity incident affected online customer payment information of its clients, it said. The incident happened on or after Sept. 26, 2017, and was found and resolved on Oct. 12 that year.
Delta and Sears said they were notified of the incident last week and that certain customer payment information may have been accessed.




For my Software Architecture students.
Smartphones becoming primary device for physician and patient communications
Hospitals are making significant investments in smartphone and secure mobile platforms to enable communications between clinicians and between them and patients, according to a new survey.
Nine of 10 healthcare systems plan significant investments in smartphones and secure unified communications over the next 12 to 18 months, according to the results of the survey, performed in person by Spyglass Consulting Group; the survey included more than 100 healthcare professionals working in hospital environments.
… "The whole idea of patient-staff communications is a relatively new concept," Malkary said, referring to the 2012 requirements set down by the federal government's "meaningful use" of electronic healthcare records (EHR) standards.




While my students are still healthy?
HHS Releases a New Resource to Help Individuals Access and Use Their Health Information
“The US Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) today released the ONC Guide to Getting and Using your Health Records, a new online resource for individuals, patients, and caregivers. This new resource supports both the 21st Century Cures Act goal of empowering patients and improving patients’ access to their electronic health information and the recently announced MyHealthEData initiative.
… In fact, a new ONC data brief – PDF shows that in 2017, half of Americans reported they were offered access to an online medical record by a provider or insurer…” [h/t Pete Weiss]




I’m sure my students will want to build one. They’re still divided as to the targets.
'Killer robots': AI experts call for boycott over lab at South Korea university
… More than 50 leading academics signed the letter calling for a boycott of Korea Advanced Institute of Science and Technology (KAIST) and its partner, defence manufacturer Hanwha Systems. The researchers said they would not collaborate with the university or host visitors from KAIST over fears it sought to “accelerate the arms race to develop” autonomous weapons.


(Related) Overreaction? I bet the Pentagon uses Google search too.
Google employees demand the company pull out of Pentagon AI project
Last month, it was revealed that Google was offering its resources to the US Department of Defense for Project Maven, a research initiative to develop computer vision algorithms that can analyze drone footage. In response, more than 3,100 Google employees have signed a letter urging Google CEO Sundar Pichai to reevaluate the company’s involvement, as “Google should not be in the business of war,” as reported by The New York Times.
Work on Project Maven began last April, and while details on what Google is actually providing to the DOD are not clear, it is understood that it’s a Pentagon research initiative for improved analysis of drone footage. In a press statement, a Google spokesperson confirmed that the company was giving the DOD access to its open-source TensorFlow software, used in machine learning applications that are capable of understanding the contents of photos.




I often tell my students where to go.


Wednesday, April 04, 2018

Important only because it points to pipelines as a target. This did not disrupt the flow of gas and oil, just the automated paperwork.
`Cyber attack' shuts Energy Transfer's pipeline data system
A system that digitally processes customer transactions for a major pipeline network in the U.S. was shut down Monday after a cyber attack.
The electronic data interchange provided by third-party Energy Services Group LLC for Energy Transfer Partners's natural gas pipeline system was attacked Monday and will be hobbled until "further notice," Energy Transfer said in a notice to shippers.
… The EDI system, designed to cut costs and boost speed, is used to conduct business through a computer-to-computer exchange of documents.




That’s pretty much all of them.
Edward McAndrew of Ballard Spahr LLP writes:
Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018. The law will take effect on May 1, 2018. Although it was last in the country to enact such a data security law, Alabama’s new law will immediately take its place among the most stringent in the nation.
Read more of this Ballard Spahr article, courtesy of JDSupra, below:




Strange that DHS didn’t look for devices like this as soon as they became aware that the capability existed. Did they think no one else was technically advanced enough to build their own? I wonder how many governments were listening to Hillary Clinton’s cell phone conversations? (Good image of a StingRay)
Homeland Security finds suspected phone surveillance devices in Washington
The U.S. government has acknowledged the existence in Washington D.C. of what appear to be devices that could be used by foreign spies and criminals to track individual cellphones and intercept calls and messages, the Associated Press reported Tuesday.
In a March 26 letter to Sen. Ron Wyden, D-Ore., the Department of Homeland Security admitted that it "has observed anomalous activity in the [Washington D.C. area] that appears to be consistent with International Mobile Subscriber Identity (IMSI) catchers." DHS added that it had not determined the type of devices in use or who might have been operating them, nor did it say how many it detected or where.
However, a DHS official who spoke on condition of anonymity because the agency's reply to Wyden has not been publicly released told AP that the devices were detected in a 90-day trial that began in January 2017 ...
… The devices work by tricking mobile devices into locking onto them instead of legitimate cell towers, revealing the exact location of a particular cellphone. More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware.
… Christopher Krebs, the top official in the department's National Protection and Programs Directorate, noted in the letter that DHS lacks the equipment and funding to detect Stingrays even though their use by foreign governments "may threaten U.S. national and economic security."
Legislators have been raising alarms about the use of Stingrays in the capital since at least 2014, when Goldsmith and other security-company researchers conducted public sweeps that located suspected unauthorized devices near the White House, the Supreme Court, the Commerce Department and the Pentagon, among other locations.




Interesting how long it takes Facebook to find out what is happening on its own servers.
Facebook shuts down additional accounts tied to Russia’s Internet Research Agency
Facebook head of security Alex Stamos today announced that roughly 140 Facebook and Instagram accounts, as well as 138 Facebook Pages controlled by the Internet Research Agency (IRA) have been removed from its platforms. IRA is best known as a state-sponsored propaganda machine that has disseminated Russian propaganda for years and employs hundreds of so-called trolls.
In February, U.S. Special Counsel Robert Mueller indicted a dozen current or former IRA employees, as well as IRA funder Evgeny Prigozhin, for their roles in spreading misinformation on Facebook and other social media platforms from 2014 to 2016. The Facebook and Instagram accounts shut down today were aimed primarily at Russian-speaking populations within Russia and other parts of the world, with one Page garnering more than 1 million followers.


(Related) Except when it wants to…
Trump’s Campaign Said It Was Better at Facebook. Facebook Agrees
Donald Trump’s presidential campaign has boasted often that it made better use of Facebook Inc.’s advertising tools than Hillary Clinton’s campaign did. An internal Facebook white paper, published days after the election, shows the company’s data scientists agree.
… The paper, obtained by Bloomberg and discussed here for the first time, describes in granular detail the difference between Trump’s campaign, which was focused on finding new donors, and Clinton’s campaign, which concentrated on ensuring Clinton had broad appeal. The data scientist says 84 percent of Trump’s budget asked people on Facebook to take an action, like donating, compared with 56 percent of Clinton’s.
… Trump ran 5.9 million different versions of ads during the presidential campaign and rapidly tested them to spread those that generated the most Facebook engagement, according to the paper. Clinton ran 66,000 different kinds of ads in the same period.




This could be amusing, and expensive!
Amazon May Start a Bidding War With Walmart Over a Huge International Retailer
Amazon may put in a rival bid to acquire Bangalore-based Flipkart Online Services even as the Indian e-commerce market leader is in talks with Walmart for a majority stake sale, according to the Mint newspaper.
Amazon has held early exploratory discussions to buy Flipkart, the newspaper reported citing unidentified people, who said a deal with Walmart is more likely to go through. The world’s biggest retailer is closing in on acquiring 55% of Flipkart through a mix of primary and secondary share purchases that could value the Indian company at $21 billion, according to the report.




Perspectives (and opinions) vary.
Trump is hitting Amazon where it hurts


(Related) Some interesting points here.
Trump Can't Hurt Amazon. It's Dumb to Try.
… For all of Trump's huffing and puffing, there is little he can do to inflict pain on Amazon and its chief executive, Jeff Bezos. It's amazing that he can't see it.




Perspective. Clearly not reacting to new highs or other imminent threat.
Trump's call to militarize border comes as illegal crossings last year were lowest since 1971
… He seized on reports of a caravan of over a thousand migrants who have been dispersing in Oaxaca, Mexico. According to the Mexican government, the caravan has taken place every year at this time since 2010.
… While presidents have in the past sent the National Guard to the border to assist Customs and Border Patrol, they did not act as law enforcement personnel.




Something for the University’s computers?
ReCall Study Time - An Extension to Get You Back on Task
ReCall Study Time is a Chrome extension that is designed to help you stop wasting time on social media sites and get back on task. With the extension installed and enabled you'll see a big reminder to get back on task whenever you try to open Facebook, Twitter, YouTube, Google+, or Instagram in a new browser tab. You can ReCall Study Time to block you from those sites for two hours or for 24 hours.
Stay Focusd is a similar Chrome extension. Stay Focusd works by setting daily time limits for viewing social media sites.




Who knew?
NATIONAL BURRITO DAY
National Burrito Day is observed annually on the first Thursday in April.


Tuesday, April 03, 2018

Why I (try to) teach my Computer Security students to listen!
Brian Krebs and I were both on the same mission today – to get Panera Breach to secure their customer data. I had been alerted to the situation by a reader who saw a paste explaining it all and revealing some customer data. Brian heard about it earlier from security researcher Dylan Houlihan, who had first notified Panera of the problem last year, he told Brian. Brian reports:
Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.
The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com. The St. Louis-based company, which has more than 2,100 retail locations in the United States and Canada, allows customers to order food online for pickup in stores or for delivery.
Read more on KrebsOnSecurity.com.




This is not how one demonstrates ‘additional attention to detail.’
The last thing they needed was more bad press, right?
Javier E. David of CNBC reports:
Equifax, which suffered a massive data breach in 2017 that exposed the personal information of nearly 150 million consumers, has been sending out erroneous notification letters to a “small percentage” of those affected, the company confirmed Monday.
Hackers breached the credit reporting agency’s records, exposing data belonging to millions of accounts monitored by Equifax. Since then, the company has been reaching out to people who were affected by the breach, offering free credit monitoring and other remediation efforts.
Read more on CNBC.
[From the article:
Yet an apparent glitch in Equifax's system has generated a batch of letters containing incorrect personal data, raising questions about the efficacy of the company's efforts — or whether there might be more shoes to drop. Since it first disclosed the breach last year, Equifax has upwardly revised the numbers affected on at least two separate occasions, though the latest group of consumers exposed did not include Social Security numbers, according to the company.




I wonder if anyone asked the students how to secure their school? Lots of talk about how smart they are, but the actions taken suggest they will still be ignored.
How Parkland students feel about their new mandatory clear backpacks
Survivors of a school shooting in Parkland, Florida, returned from spring break Monday to new security measures that some students said made them feel like they were in prison.
Marjory Stoneman Douglas students encountered security barriers and bag check lines as they entered campus Monday morning.
Inside the school, administrators handed out the students' newest mandatory accessories: a see-through backpack much like the ones required at some stadiums and arenas, and an identification badge they must wear at all times.
… Senior Delaney Tarr tagged Rubio in a tweet of a picture of her bag with feminine products and the orange price tag attached to it.
"Starting off the last quarter of senior year right, with a good ol' violation of privacy!" she said in another tweet.
In addition to displaying the orange tag, senior Carmen Lo stuffed a sign into her backpack that read "this backpack is probably worth more than my life."
… "You know it's only difficult because if we were being listened to and common sense gun legislation was brought into play we wouldn't need all of this to be safe."




How do you kill in a city that bans guns?
London murder rate beats New York as stabbings surge
London overtook New York in murders for the first time in modern history in February as the capital endured a dramatic surge in knife crime.
Fifteen people were murdered in the capital, against 14 in New York. Both cities have almost exactly the same population.
London murders for March are also likely to exceed or equal New York’s. By late last night there had been 22 killings in the capital, according to the Metropolitan police, against 21 in the US city.
Eight Londoners were murdered between March 14 and March 20 alone and the total number of London murders, even excluding victims of terrorism, has risen by 38% since 2014.




Is this now “Fake News” or just another government lie? Either way, if the cause is not mentioned how can any “cure” be justified?
Anticipated Park Service Report on risks from sea level rise delayed after extensive data censorship
Reveal – Center for Investigative Reporting: “National Park Service officials have deleted every mention of humans’ role in causing climate change in drafts of a long-awaited report on sea level rise and storm surge, contradicting Interior Secretary Ryan Zinke’s vow to Congress that his department is not censoring science.
Originally drafted in the summer of 2016 yet still not released to the public, the National Park Service report is intended to inform officials and the public about how to protect park resources and visitors from climate change.
… The 87-page report, which was written by a University of Colorado Boulder scientist, has been held up for at least 10 months, according to documents obtained by Reveal. The delay has prevented park managers from having access to the best data in situations such as reacting to hurricane forecasts, safeguarding artifacts from floodwaters or deciding where to locate new buildings…”




No, no, NO! This is not what I teach my Data Management students!


(Related) A rebuttal from Harvard!


Monday, April 02, 2018

Many of the things I hate about a breach. Not detected internally. Probably operated for almost a year.
Matt O’Brien reports:
A data breach at department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores.
The chains’ parent company, Canada-based Hudson’s Bay Co., announced the breach of its store payment systems on Sunday. The company said it was investigating and taking steps to contain the attack.
Read more on SacBee. What’s of special note is that it was a security firm, Gemini Advisory LLC , who picked up on this one and made the Hudson Bay aware:
Gemini Advisory LLC revealed on Sunday that a hacking group known as JokerStash or Fin7 began boasting on dark websites last week that it was putting up for sale up to 5 million stolen credit and debit cards.
  • We estimate the window of compromise to be May 2017 to present.
  • Based on the analysis of the available data, the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations have been compromised. The majority of stolen credit cards were obtained from New York and New Jersey locations.
You’ll probably want to read the entire advisory on this one.




Nothing in the article suggests they need a password. I wonder if the FBI knows about this one?
Hayley Dixon reports:
Police forces across country have been quietly rolling out technology which allows them to download the entire contents of victim’s phone without a warrant.
At least 26 forces now use technology which allows them to to extract location data, conversations on encrypted apps, call logs, emails, text messages, photographs, passwords and internet searches among other information.
Read more on The Telegraph.
[From the article:
The searches can be done instantly at a local police station and are used by many forces for low level crime – regardless of whether or not someone is charged – and can be used on victims and witnesses as well as suspects.
The Metropolitan Police, which was the first force to introduce the extraction devices during the London 2012 Olympics, has admitted that when a single photograph is required from a victim's phone every one is downloaded.
The revelations have led to concern that it could prevent victims coming forward, particularly in domestic abuse or rape cases.
… Some forces, each of which provide different guidance, have even equipped officers with portable mobile phone extraction kits which can be used on the go.
… Though guidelines say consent should be obtained from a witness before their phone is accessed, it is possible for this need to be overridden.




That’s a change!
Gert-Jan Fraeyman and Peter Craddock of DLA Piper write:
On 22 February 2018, the European Court of Human Rights (ECHR) decided a case concerning the alleged violation of Article 8 of the European Convention on Human Rights (the Convention) in the context of controlling an employee’s personal files stored on the hard drive of his work computer. The judgment of the ECHR (in French) can be accessed here and the press release (in English) can be accessed here.
The applicant, Eric Libert, is a French national who had been working at the French railway company SNCF. In 2007, Mr Libert had been temporarily suspended from his duties because his employer found that Mr. Libert’s work computer contained, inter alia, address change certificates drawn up for third persons and bearing the official Surveillance unit logo, and a large number of files containing pornographic images and films. He was dismissed from his post on 17 July 2008. After being unsuccessful before the national courts, Mr. Libert lodged an application with the ECHR against the French Government while primarily relying on Article 8 (right to respect for private and family life) of the Convention.
Read more on DLA Piper Privacy Matters.




Perspective.
Amazon Exec: IoT Reverses the Internet
… The Internet today is designed to deliver mass volumes of content, particularly video, from the center to "masses of endpoints" that want to consume that content, Cooper said. IoT does the opposite – it requires bringing masses of data from the edge inward. And that requires fundamental changes to Internet technology.




Something for my Students. Determine if this is a fact.
Hand-crafted fact-checking matters in an algorithmic world
Inside Higher Education: “It’s International Fact-Checking Day, a project of the Poynter Institute. What a quaint concept! It’s intrinsic to good journalism, but it can’t be done by algorithm or en masse – it’s lovingly hand-crafted work in pursuit of nailing down something that’s often ambiguous and needs to be considered in context and without confirmation bias. In an era when the deadline is eternally now (newspapers are no longer put to bed, they have to be up and at ‘em 24/7) and lies travel to the top of Google search results before the truth can get its pants on, there’s little time to check the facts and few staff to do. The efforts librarians and media literacy folks have launched to help citizens sort it all out are needed, but outsourcing the work to individuals isn’t a solution any more than privacy self-defense is the fix for surveillance capitalism. Yes, we need to know how to weigh information we encounter every day, but we also need to acknowledge that it’s coming at us fast and at volume. We need some quality fact-checkers working in critical places, which means we need to support trustworthy human gatekeepers…”




Something to compliment my next spreadsheet class.


Sunday, April 01, 2018

Some perspective for my Computer Security students.
Theodore J. Kobus III writes:
On Monday we published our fourth annual Data Security Incident Response Report, which provides an analysis of the more than 560 cyber incidents handled by the team in 2017. Reflecting on the increasingly sophisticated nature of attacks, the aggressiveness by regulators in researching breaches and the expectations of highly developed responses, the report offers intelligence to help entities reduce their risk profile, build resilience, and be better prepared to respond when incidents occur.
Read more on BakerHostetler Data Privacy Monitor.




TL;DR? Is this an April Fool’s joke?
Quickly Summarize Long Articles With SummarizeThis
SummarizeThis is a free tool that will quickly create a summary of long passages of text. To use SummarizeThis you just copy and paste text into the summary box and click "summarize." A summary of the text then appears above the original text that you copied.
I included SummarizeThis in my recent search strategies webinar. There are often times when students won't look at a PDF or Word document that pops-up in search results because they think that the article will take too long to read or because they don't see a particular keyword in the beginning of the article. By using SummarizeThis students can save time by getting a sense of what a long article is about before reading the whole thing in detail.