Sunday, February 17, 2019

Who designs the “after the breach” customer contact?
Zack Whittaker reports:
Hotel chain giant Marriott will now let you check if you’re a victim of the Starwood hack.
The company confirmed to TechCrunch that it has put in place “a mechanism to enable guests to look up individual passport numbers to see if they were included in the set of unencrypted passport numbers.” That follows a statement last month from the company confirming that five million unencrypted passport numbers were stolen in the data breach last year.
The checker, hosted by security firm OneTrust, will ask for some personal information, like your name, email address, as well as the last six-digits of your passport number.
Read more on TechCrunch.
Note that you do not have to input your passport info – that’s merely recommended. You do need to input your first and last name, email address, and town, state, country, and zip code.
I tried the form using two different email addresses. After each submission, I was told to check my email for a confirmation email link that I would need to click to confirm. It’s two hours later, and I haven’t received any emails asking me to confirm my request. Zack had reported, “The checker won’t kick back a result straight away — you’ll have to wait for a response — and Marriott doesn’t say how long that’ll take.” I didn’t anticipate that even the confirmation email might take a long time.
Surely this part could have been handled more promptly???




I do advise my Computer Security students to talk to their insurers. This seems a bit much.
Noddy A. Fernandez reports:
A gift distribution company is suing a global insurance broker, citing alleged broker malpractice.
Hampton-Haddon Marketing Corp. (HHMC) filed a complaint on Jan. 28 in the U.S. District Court for the Eastern District of Pennsylvania against Willis of Tennessee Inc. and Willis Towers Watson PLC, alleging the defendants breached their duty to advise plaintiff of reasonable business risks and the availability of insurance to cover such risks, and specifically of cyber crime risks such as the BEC scam.
Read more on Penn Record.




You will love this App. That’s not a prediction, that’s a command. (How would this work in the US?)
China’s most popular app is a propaganda tool teaching Xi Jinping Thought
A slick tool for teaching “Xi Jinping Thought” has become the most popular smartphone app in China, as the country’s ruling Communist Party launched a new campaign that calls on its cadres to immerse themselves in the political doctrine every day.
Xuexi Qiangguo requires users to sign up with their mobile numbers and real names. “Study points” are earned by users who log on the app, read articles, make comments every day and participate in multiple-choice tests about the party’s policies.
That points feature also offers a method to monitor the compulsory use of the app. Party cadres across the country are now required to use the app every day and accumulate their scores, according to recent state media reports.




Coming (not so) soon to a country near you! Meanwhile, all we have is California?
GAO gives Congress go-ahead for a GDPR-like privacy legislation
An independent report authored by a US government auditing agency has recommended that Congress develop internet data privacy legislation to enhance consumer protections, similar to the EU's General Data Protection Regulation (GDPR).
The 56-page report was put together by the US Government Accountability Office (GAO), a bi-partisan government agency that provides auditing, evaluation, and investigative services for Congress. Its reports are used for hearings and drafting legislation.
The House Energy and Commerce Committee, which requested the GAO report two years ago, has scheduled a hearing for February 26, during which it plans to discuss GAO's findings and the possibility in drafting the US' first federal-level internet privacy law.


(Related)
A Status Report on the California Consumer Privacy Act
Yesterday, I did a webinar for the California Lawyers Association on the status of the California Consumer Privacy Act (CCPA). This post recaps the discussion.




New tech, new issues. No doubt that shortly after the wheel was invented, it ran over the inventor’s foot.
New Study Highlights IoT Security and Privacy Flaws in Popular Off the Shelf Devices
According to a new report (“State of IoT Security”), so-called “smart” devices might not be so smart after all. The report from Pepper IoT and Dark Cubed detailed a wide variety of security issues and privacy flaws in common Internet of Things (IoT) devices, including some cases where devices such as smart light bulbs were communicating personal data and information to third-party companies in China. The major conclusion of the report is that both retailers and manufacturers need to be taking comprehensive new steps to resolve these IoT security and privacy issues.




This article is interesting. We are increasing the CJ/Computer Security relationship.
How the internet made it easier for all of us to be criminals, or victims
In 2007, the criminologist Karuppannan Jaishankar founded a field of research called cyber criminology, which he defined as "the study of causation of crimes that occur in the cyberspace and its impact in the physical space".
… "Cyber criminology is largely ignored or marginalised by mainstream criminology ... many criminologists refrain from examining this important, future-oriented issue. Whether it be that they are lacking the necessary understanding of technology, are intimidated by the jargon of the field, or that they continue to fail to realise the full extent of societal implications of this new type of crime, the lack of consideration is troubling."
Given that cybercrime is the single most common form of crime, this omission is unacceptable.
… This leads to a reasonable question, as Diamond and Bachmann point out: "Should cybercrime be conceptualised as a brand new crime type or traditional crimes pursued through a new medium?"
… But there is one thing that threatens the usefulness of traditional theories the most. "Criminological theories have long relied upon confluence of offenders and victims in time and space," say Diamond and Bachmann. But time and space no longer matter like they used to. We can plan an attack that happens days or years later, and never need to meet our victim.
… One theory that doesn’t completely break down in the face of this change is Routine Activity Theory (RAT), developed by Lawrence Cohen and Marcus Felson in 1979. They suggest that in order for a crime to be committed, there are three necessary ingredients. First, a motivated offender – someone who wants to commit a crime or otherwise do harm. Second, a suitable target – the offender needs a victim (barring a few exceptions such as perjury). Online, there are now billions of possible targets, all accessible without having to leave home. Third, the absence of a capable guardian. This means a lack of someone or something that can stop the offender from harming the victim, such as a police officer or a firewall.




Perspective. For my students, who seem to think every company with billions in income must be profitable.
Uber Lost $1.8 Billion in 2018 Despite Record Ride-Hailing, Food-Delivery Gains
Uber posted $50 billion in bookings for its ride-hailing and food-delivery services in 2018. However, the company still failed to turn a profit and its revenue growth slowed toward the end of last year, reports Reuters. That's bad news for Uber as the company looks to charm investors into an initial public offering (IPO) later this year.
Annual bookings were up 45 percent over 2017, according to Uber. Even then, the company's losses before taxes, depreciation, and other expenses still totaled $1.8 billion, down from the $2.2 billion loss the company posted in 2017. Uber's full-year revenue for 2018 was $11.3 billion, an increase of 43 percent from 2017.




Ford sees itself as a transportation company, not just a manufacturer. (These will also fit in a trunk.)
Ford gets into the electric scooter business, chooses Mesa for first Arizona roll out
… Spin, a micro-mobility company acquired by Ford late last year, launched 600 scooters in Mesa on Friday, competing with Lime, Bird, and Jump. Lyft also plans to begin offering electric scooters in Mesa, possibly later this month.
Spin scooters are $1 to unlock and 15 cents per minute. The bulk of the fleet has been stationed in west Mesa, near Mesa Community College. The idea is that riders will use the scooters to travel the last mile or two to their destination.
Scooters will be picked up each night and inspected before being deployed each morning.




I better start teaching AI.
Urgent need to re-skill about 50 pc of India’s IT workforce’: Nasscom official
This is due to the growth of disruptive technologies like AI and Data Analytics, as per Nasscom's IT-ITeS Sector Skills Council chief executive Amit Aggarwal.


No comments: