Somehow, a mere 100 million seems small…
Saheli Roy Choudhury reports:
Quora, the popular question-and-answer
website, said Monday evening that hackers broke into one of its
systems and compromised information from approximately 100 million
users.
CEO Adam D’Angelo said in a blog post
the company discovered last week that a malicious third party had
gained unauthorized access to one of its systems.
Account information, including names,
email addresses and encrypted passwords, may have been illegally
accessed, according to the post. User-imported data from other
social networks could also have been taken.
Quora’s statement on their
blog:
Talk to the business side of the house! Something
I try to teach my Computer Security students.
Knowing
Value of Data Assets is Crucial to Cybersecurity Risk Management
Understanding
the value of corporate assets is fundamental to cybersecurity risk
management. Only when the
true value is known can the correct level of security be applied.
Sponsored
by DocAuthority
and based on Gartner's Infonomics Data Valuation Model, Ponemon
Institute queried 2,827 professionals across the U.S. and UK to gauge
how different business functions value different information assets.
The business functions included in the research comprise IT security,
product & manufacturing, legal, marketing & sales, IT,
finance & accounting, and HR.
These
groups were asked to put a financial cost to the hypothetical loss of
36 different information types on a per record basis -- such as R&D,
M&A documents, source code and customer contracts. The results
show a consistent and sometimes marked difference in value perception
between different business functions.
For
example, IT Security departments undervalued documents including
research and development (R&D) and financial reports, while
excessively prioritizing less sensitive Personally Identifiable
Information (PII) data." ('Excessively' and 'less sensitive' are
DocAuthority terms.)
Further
examples that show what is almost a dichotomy of attitudes between
ITsec and the rest of the business include ITsec valuing R&D
documents at less than 50% of the business valuation ($306,504 versus
$704,619 for reconstruction); and the leaking of financial reports at
$131,570 versus the Financial department's valuation of $303,182.
Oops? I will be interested to see how (if) this
works.
Australia
Set to Pass Sweeping Cyber Laws Despite Tech Giant Fears
Australia's
two main parties struck a deal Tuesday to pass sweeping cyber laws
requiring tech giants to help
government agencies get around encrypted communications used by
suspected criminals and terrorists.
The
laws are urgently needed to investigate serious crimes like terrorism
and child sex offences, the conservative government said, citing a
recent case involving three men accused of plotting attacks who used
encrypted messaging applications.
But
critics including Google and Facebook as well as privacy advocates
warn the laws would weaken cybersecurity and be among
the most far-reaching in a Western democracy.
… Under
the planned laws, Canberra could compel local and international
providers to remove electronic protections, conceal covert operations
by government agencies, and help with access to devices or services.
… The
draft legislation expands obligations to assist investigators from
domestic telecom businesses to encompass foreign companies, including
any communications providers operating in Australia.
This
means social media websites and messaging services such as Facebook
and Whatsapp, as well as gaming platforms with chat facilities, could
be covered.
The
government has said it is not asking tech firms to build in backdoors
to access people's data.
But
the Digital Industry Group Inc (DIGI) -- which represents major
players such as Twitter and Amazon -- said in a submission to
parliament last week that the bill as it is currently written would
force them to create vulnerabilities in their operations which could
be exploited by hackers.
The
proposed changes are based on the UK's "snooper's
charter" surveillance powers passed in 2016.
Compliance is not guaranteed.
Paper –
‘Modernised’ Data Protection Convention 108 and the GDPR
Greenleaf, Graham, ‘Modernised’ Data
Protection Convention 108 and the GDPR (July 20, 2018). (2018) 154
Privacy Laws & Business International Report 22-3. Available at
SSRN:
https://ssrn.com/abstract=3279984
“One week before the GDPR came into force on 25
May 2018, the ‘modernisation’ of data protection Convention 108
was completed by the Council of Europe on 18 May, by the parties to
the existing Convention agreeing to a Protocol amending it
(‘Protocol’). The new version of the Convention is now being
called ‘108 ’ to distinguish it. This article analyses some
aspects of the relationships between 108 and 108 , and further
developments at the Plenary Meeting of the Convention’s
Consultative Committee in Strasbourg, 19-21 June 2018 including a
conference to ‘launch’ the new 108. The transition from 108 to
108 is complex. Any new countries wishing to accede will have to
accede to the Protocol (ie to 108 ) as well as to Convention 108,
except for a handful of countries previously invited to accede.
There are two options for when Convention 108 will come into force.
One involves ratification by all existing 52 parties; the other could
see it in force between ratifying parties as early as 2023.
Accession to Convention 108 will have a positive effect on
applications for ‘adequacy’ assessments to the EU under the
General Data Protection Regulation (GDPR), but the
extent to which 108 compliance will be sufficient for EU adequacy is
uncertain. The article discusses these various
complexities.”
So, the world is flat after all.
Paper –
Common-Knowledge Attacks on Democracy
“Existing approaches to cybersecurity emphasize
either international state-to-state logics (such as deterrence
theory) or the integrity of individual information systems. Neither
provides a good understanding of new “soft cyber” attacks that
involve the manipulation of expectations and common understandings.
We argue that scaling up computer security arguments to the level of
the state, so that the entire polity is treated as an information
system with associated attack surfaces and threat models, provides
the best immediate way to understand these attacks and how to
mitigate them. We demonstrate systematic differences between how
autocracies and democracies work as information systems, because they
rely on different mixes of common and contested political knowledge.
Stable autocracies will have common knowledge over who is in charge
and their associated ideological or policy goals, but will generate
contested knowledge over who the various political actors in society
are, and how they might form coalitions and gain public support, so
as to make it more difficult for coalitions to displace the regime.
Stable democracies will have contested knowledge over who is in
charge, but common knowledge over who the political actors are, and
how they may form coalitions and gain public support. These
differences are associated with notably different attack surfaces and
threat models. Specifically, democracies
are vulnerable to measures that “flood” public debate and disrupt
shared decentralized understandings of actors and coalitions, in ways
that autocracies are not.”
Interesting
approach. Why only “camera equipt” phones?
Want to See
All the Vermeers in the World? Now’s Your Chance
The
New York Times: “Johannes Vermeer, whose acute eye captured the
quiet beauty of Dutch domestic life, was not a prolific artist: Just
36 paintings are widely acknowledged as his work. Still, anyone who
wanted to see them all had to travel far and wide — to New York,
London, Paris and beyond. Until now. The Mauritshuis museum in The
Hague, which owns what is perhaps Vermeer’s best-known masterpiece,
“
Girl
With a Pearl Earring,” has teamed up with
Google
Arts & Culture in Paris to build
an
augmented-reality app that creates a virtual museum featuring all of
the artist’s works. For the app, the Metropolitan
Museum of Art has contributed images of all five of its Vermeer
masterpieces, while the National Gallery of Art in Washington and the
Rijksmuseum in Amsterdam, each with four, have also given photographs
of theirs. Two more have come from the Louvre, and three from the
Frick Collection. The Isabella Stewart Gardner Museum in Boston has
shared an image of “
The
Concert,” the Vermeer that disappeared after being stolen from
the museum’s collection in 1990. That painting will be on view
once again in Meet Vermeer, the digital museum. Starting Monday,
the
free app will be accessible to anyone with a camera-equipped
smartphone…”
I’m assuming they can be recorded along with
your talk.
Microsoft
PowerPoint is getting real-time captions and subtitles for
presentations
Microsoft is adding real-time
captions and subtitles to PowerPoint early next year. The subtitles
and captions are designed to help support the deaf or hard of hearing
community, and even
allow
speakers to include a translation of a presentation. Live
captions and subtitles will support 12 spoken languages and display
on-screen in more than 60 different languages.
Deaf communications is a niche I follow.
Huawei’s
StorySign app can translate kids’ books into sign language
Chinese smartphone giant Huawei has launched a new
Android app that leverages AI tools such as image recognition and
optical character recognition (OCR) to translate popular children’s
books into sign language.
For my (Graduate!) students who did not know what
RSS was…