Hiding in the weeds.
Mueller
report sheds new light on how the Russians hacked the DNC and the
Clinton campaign
The
Mueller report contains new information about how the Russian
government hacked documents and emails from Hillary
Clinton’s presidential
campaign and theDemocratic
National Committee.
At
one point, the Russians used servers located in the U.S. to carry out
the massive data exfiltration effort, the report confirms.
…
The
operatives working for the Russian intelligence directorate, the GRU,
sent dozens of targeted spearphishing emails in just five days to the
work and personal accounts of Clinton Campaign employees and
volunteers, as a way to break into the campaign’s computer systems.
…
By
stealing the login details of a system administrator who had
“unrestricted access” to the network, the hackers broke into 29
computers in the ensuing weeks, and more than 30 computers on the
DNC.
…
In
all, some 70 gigabytes of data were exfiltrated from Clinton’s
campaign servers and some 300 gigabytes of data were obtained from
the DNC’s network.
…
“I
hope you’re able to find the 30,000 emails that are missing,”
said then-candidate Trump at
a press conference,
referring to emails Clinton stored on a personal email server while
she headed the State Department. Mueller’s report said “within
approximately five hours” of those remarks, GRU officers began
targeting for the first time Clinton’s personal office.
Big, but not a record.
Remember
what I said earlier today about India being a
data protection mess?
Here’s another example. Mohit Kumar reports:
An unprotected database belonging to JustDial, India’s largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy “88888 88888” customer care number, The Hacker News has learned and independently verified.
Founded over two decades ago, JustDial (JD) is the oldest and leading local search engine in India that allows users to find relevant nearby providers and vendors of various products and services quickly while helping businesses listed in JD to market their offerings.
Rajshekhar Rajaharia, an independent security researcher, yesterday contacted The Hacker News and shared details of how an unprotected, publicly accessible API endpoint of JustDial’s database can be accessed by anyone to view profile information of over 100 million users associated with their mobile numbers.
Read
more on The
Hacker News,
Completely foreseeable. Outages will identify
organizations that didn’t monitor the growth of the routing table.
Some
internet outages predicted for the coming month as '768k Day'
approaches
An internet milestone known as "768k Day"
is getting closer and some network administrators are shaking in
their boots fearing downtime caused by outdated network equipment.
The fear is justified, and many companies have
taken precautions to update old routers, but some cascading failures
are still predicted.
The term 768k Day
comes from the original mother of all internet outages known as 512k
Day.
512k Day happened on
August 12, 2014, when hundreds of ISPs from all over the world went
down, causing billions of dollars in damages due to lost trade and
fees, from a lack of internet connectivity or packet loss.
The original 512k Day took place because routers
ran out of memory for storing the global BGP routing table, a file
that holds the IPv4 addresses of all known internet-connected
networks.
… Many
legacy routers received emergency firmware patches that allowed
network admins to set
a higher threshold for
the size of the memory allocated to handle the global BGP routing
table.
Most
network administrators followed documentation provided at the time
and set the new upper limit at 768,000 – aka 768k.
Another swing of the pendulum.
Nathan
Sheard and Jennifer Lynch of EFF write:
Thanks
to a recent ruling
by
Fairfax County Circuit Court Judge Robert J. Smith, drivers in
Fairfax County, Virginia need not worry that local police are
maintaining ALPR records of their travels for work, prayer, protest
or play.
Earlier
this month, Judge Smith ordered an injunction against the use of the
license plate database, finding that the “passive” use of Fairfax
County Police Department’s Automated
License Plate Reader (ALPR) system
violated Virginia’s Government
Data Collection and Dissemination Practices Act (Data
Act).
People are responsible for Privacy Policies? What
a concept!
Federal
investigation of Facebook could hold Mark Zuckerberg accountable on
privacy, sources say
Federal regulators investigating Facebook for
mishandling its users’ personal information have set their sights
on the company’s chief executive, Mark Zuckerberg, exploring his
past statements on privacy and weighing
whether to seek new, heightened oversight of his leadership.
The discussions about how to hold Zuckerberg
accountable for Facebook’s data lapses have come in the context of
wide-ranging talks between the Federal Trade Commission and Facebook
that could settle the government’s more than year-old probe,
according to two people familiar with the discussions. Both
requested anonymity because the FTC’s inquiry is confidential under
law.
… Often,
the FTC does not target executives in cases where it finds a
company’s business practices have violated web users’ privacy.
But critics said that targeting Zuckerberg could send
a message to other tech giants that
the agency is willing to hold top executives directly accountable for
their firms’ repeated data misdeeds.
“The
days of pretending this is an innocent platform are over,
and citing Mark in a large scale enforcement action would drive that
home in spades,” said Roger McNamee, an early investor in the
company and one of Zuckerberg's foremost critics.
(Related)
How to bury bad news.
Facebook
perfects the art of the news dump
On the Thursday before a major holiday weekend,
and an hour before the much-anticipated Mueller report was released
to the public, Facebook updated a month-old blog post titled "Keeping
Passwords Secure" with a few lines of italicized text.
"Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users," says the update.
The original post revealed Facebook stored
passwords for hundreds of millions of its Facebook users and "tens
of thousands" of Instagram users as plain text in a database
that could be accessed by its staff.
Almost three years now and some people still
haven’t read it?
GDPR
Article 27 … The ‘Unknown Obligation’ of Appointing a Nominated
European Representative
… Whilst the GDPR is a European regulation,
many organizations outside of Europe will be unaware that they are
required to appoint a Nominated European Representative under certain
conditions (as per Article 27 of the GDPR).
(Related) Dead because tech companies had input?
Hunton
Andrews Kurth writes:
The much-discussed Washington Privacy Act, Senate Bill 5376 (“SB 5376”), appears to have died after failing to receive a House vote by an April 17, 2019 deadline for action on non-budget policy bills. Though the bill could be revived before the regular session ends on April 28, 2019, Washington lawmakers expressed doubt.
Read
more on their Privacy
& Information Security Law Blog.
I’m detecting a strong anti-AI bias…
Some AI
just shouldn’t exist
Human
bias can seep into AI systems. Amazon
abandoned a recruiting algorithm after
it was shown to favor men’s resumes over women’s; researchers
concluded an algorithm
used in courtroom sentencing was
more lenient to white people than to black people; a study found that
mortgage
algorithms discriminate
against Latino and African American borrowers.
The
tech industry knows this, and some companies, like IBM,
are releasing “debiasing toolkits” to tackle the problem. These
offer ways to scan for bias in AI systems — say, by examining the
data they’re trained on — and adjust them so that they’re
fairer. [A
great entry point for hackers. Bob]
But
that technical debiasing is not enough, and can potentially result in
even more harm, according to a new
report from the AI Now Institute.
The
three authors say we need to pay attention to how the AI systems are
used in the real world even after they’ve been technically
debiased. And we need to accept that some AI systems should not be
designed at all.
… In
other words, ensuring that an AI system works just as well on
everyone does not mean it works just as well for
everyone.
Attempts to have AI interpret politicians caused
the AI to stroke out.
A neural
network can read scientific papers and render a plain-English summary
… a form of artificial intelligence (AI) ...
can read scientific papers and render a plain-English summary in a
sentence or two.
Even in this limited form, such a neural network
could be useful for helping editors, writers, and scientists scan a
large number of papers to get a preliminary sense of what they're
about.
Interesting. Managers don’t want to listen to
their lawyers?
The Rise of
Risk Management in Financial Institutions – Diminution of Legal
Function
Business
Law Today – The
Rise of Risk Management in Financial Institutions and a Potential
Unintended Consequence – The Diminution of the Legal Function
By:
Thomas
C. Baxter, Jr.
After the global financial crisis, a highly respected group of
financial supervisors from the industrialized world convened to
consider what might have caused the worst financial crisis
experienced since the Great Depression. This group – aptly named
the “Senior Supervisors Group” – concluded that a material
contributing cause was what they characterized as a “colossal
failure of risk management.” The Senior Supervisors Group was not
alone. Many other bodies have taken up the same topic and reached a
similar conclusion. In the 10 years since the global financial
crisis ended, the financial community has responded to the identified
causes of the financial crisis, adopting lessons learned and
significantly reforming the financial system. This work has resulted
in a financial system with individual institutions that are
demonstrably more safe and more sound than before, and a much more
resilient banking system overall. In contrast to what existed on the
eve of the crisis – early 2007 – today’s financial system has
considerably higher capital and liquidity, as government officials
and other commentators have observed. In addition, and perhaps even
more importantly if we accept the conclusion of the Senior
Supervisors Group, there has been a revolution in the discipline of
risk management and in the “build-out” of processes and
procedures for identifying, measuring, monitoring, and controlling
risk. In the United States, for example, one may witness the
Dodd-Frank Wall Street Reform and Consumer Protection Act, which
President Obama signed into law on July 21, 2010 (the “Dodd-Frank
Act”). The Dodd-Frank Act introduced varied and different
requirements for risk management, including a series of “enhanced
prudential standards,” as well as governance directed at risk
management requirements, like the requirement for a risk committee of
the board of directors….
This article will discuss whether the rise of the risk management function has had one very specific unintended consequence – the diminution of the legal function. To place such an important question in a proper context, this article will focus on the potential inverse relationship – it is not only that the legal function has declined in importance, but it is also that the decline has come as the direct result of the rise in risk.
No comments:
Post a Comment