Use this as a negative model for security. Does your policy address
everything and do your procedures make certain your policy is
followed?
Senate
Permanent Subcommittee on Investigations Rips Into Equifax Over Its
Massive 2017 Data Breach.
So the Congressional report on Equifax’s massive
2017 databreach was released. The title gives you a clue as to what
you can expect to read in it:
HOW EQUIFAX NEGLECTED CYBERSECURITY AND SUFFERED A DEVASTATING
DATA BREACH
STAFF REPORT
PERMANENT SUBCOMMITTEE ON
INVESTIGATIONS
UNITED STATES SENATE
You
can access the whole report on the Senate’s web site, here
I’ve also made a copy available on this site
(Related)
Take a look at a credit report from one of the big
three credit reporting agencies, and you’re likely to see certain
types of accounts listed: credit cards, mortgages, car payments, and
student loans, for instance.
How you pay those bills impacts the credit score
that lenders use to determine how risky you are. But other types of
accounts don’t generally show up on your traditional credit report.
Those include phone and electric bills, rent, and payments to many
types of credit providers such as payday lenders, rent-to-own stores,
and online personal lenders.
The country’s biggest credit bureaus—Experian,
Equifax, and TransUnion—are trying to change that. As part of a
growing push to expand the population to whom lenders can offer
loans, the companies are helping lead an industry push to gather
“alternative” credit data, in what’s been called one of the
biggest changes to credit scoring in years.
Do
you rely on a computer to monitor and adjust your machines? What if
these are proof of concept attacks, gathering a portfolio of systems
an aggressor could take down in the first seconds of a cyber war.
Most
OT Organizations Hit by Damaging Cyberattacks: Survey
A majority of organizations that have operational
technology (OT) infrastructure experienced at least one damaging
cyberattack in the past two years, according to a survey conducted by
Ponemon Institute and Tenable.
… The
report shows that 90% of respondents admitted suffering at least one
damaging cyberattack in the past two years, and nearly two-thirds
were hit at least two times. These statistics include attacks on IT
systems, which are still relevant as attackers may be able to move
from IT to OT systems.
Half
of respondents said they had experienced an attack on their OT
infrastructure that resulted in downtime of the plant and/or
operational equipment. Many organizations also admitted suffering
significant business disruptions and downtimes as a result of
cyberattacks.
Furthermore,
nearly a quarter of
respondents believed they had been targeted by a nation-state actor.
Why two-factor authentication is better.
FOOLING
FINGERPRINT SCANNERS WITH A RESIN PRINTER
Biometrics
have often been used as a form of access control. While this was
initially limited to bank vaults in Hollywood movies, it’s now
common to see such features on many laptops and smartphones. Despite
the laundry list of reasons why this is a bad idea, the technology
continues to grow in popularity. [darkshark] has shown us an easy
exploit, using
a 3D printer to fool the Galaxy S10’s fingerprint scanner
The
Galaxy S10 is interesting for its
use of an ultrasonic fingerprint sensor ,
which continues to push to hardware development of phones
minimal-to-no bezels by placing the sensor below the screen. The
sensor is looking for the depth of the ridges of your fingerprint,
while the touchscreen verifies the capacitive presence of your meaty
digit. This hack satisfies both of those checks.
What
if your decrypted data still looked like gibberish?
Orin
Kerr writes:
I am pleased to say that the Texas Law Review has published the final version of my article on how the Fifth Amendment applies to compelling a person to enter a password: Compelled Decryption and the Privilege Against Self-Incrimination This article has roots in some blog posts that I wrote here at the Volokh Conspiracy a few years ago. Given the recurring and difficult nature of the question, I decided to expand considerably on the posts by writing the full article. It’s still relatively short by law review article standards, though, at a relatively svelte 33 pages.
Here’s the abstract:
This Essay considers the Fifth Amendment barrier to orders compelling a suspect to enter in a password to decrypt a locked phone, computer, or file. It argues that a simple rule should apply: an assertion of privilege should be sustained unless the government can independently show that the suspect knows the password. The act of entering a password is testimonial, but the only implied statement is that the suspect knows the password. When the government can prove this fact independently, the assertion is a foregone conclusion and the Fifth Amendment poses no bar to the enforcement of the order. This rule is both doctrinally correct and sensible policy. It properly reflects the distribution of government power in a digital age when nearly everyone is carrying a device that comes with an extraordinarily powerful lock.
Read
more of his post on Reason.com.
An
expansion of the GDPR or a replacement?
Why
the UK is moving to regulate the internet
…
In
a world first, the UK has published a blueprint
for new legislation that
will hold tech companies to account and protect those using their
platforms.
The online world is changing rapidly, and it needs
an independent regulator. It will enforce a new legal obligation for
online platforms to exercise a
duty of care to their users. This means that companies
will have a responsibility to take reasonable and proportionate steps
to protect their users from harm. It is similar to the principle
that when you take your child to a playground, you trust that the
builder made sure the equipment was safe and that no harm will come
to them. Why should it be any different online?
A source of GDPR integration wisdom?
Let’s start this week with some positive news.
From the Information Commissioner’s Office in the UK:
Recognising the increasingly vital role played by
professionals working in the sector, the second ICO Practitioner
Award for Excellence in Data Protection was presented to Mikko Niva,
Group Policy Officer at Vodafone Group Services Ltd based in London.
Chosen by an independent panel, Mr Niva has been
recognised for delivering a pioneering global privacy compliance
programme for Vodafone across 21 different countries, and for being a
constant advocate for information and privacy rights.
… Paul
Jordan, Managing Director Europe at the International Association of
Privacy Professionals (IAAP), who was one of the judges, said:
“This
year nominations were all of high calibre, having done some really
great GDPR integration work for their respective organizations and
stakeholders;
… Source:
INFORMATION COMMISSIONER’S OFFICE
Seems like a lot of thought.
Aspen
Institute – Automation and a Changing Economy
Automation
is an important ingredient driving economic growth and progress.
“Automation
has enabled us to feed a growing population while allowing workers to
transition from subsistence farming to new forms of work. Automation
helped moved us from a craft system to mass production, from
blue-collar to white-collar to “new collar” work—with better
work, higher wages, more jobs, and better living standards.
But
without adequate policies and institutions, automation can also have
negative effects on individuals and communities. Emerging
technologies—including artificial intelligence, machine learning,
and advanced robotics—have the potential to automate many tasks
currently performed by workers, leading to renewed questions over
what the future holds for the American workforce. We must ensure the
proper support structures are in place to promote opportunity and
prosperity for all. Automation
and a Changing Economy
is divided into two sections. – Automation
and a Changing Economy: The Case for Action
and Policies
for Shared Prosperity.”
I
think they released these as a draft back in December. Maybe.
European
Commission announces pilot program for AI ethics guidelines
… Last
summer, the commission appointed a group of independent experts
appointed to help develop a set of ethical guidelines. That group
created seven general guidelines that were presented today officially
and will be reviewed at a forum scheduled for tomorrow:
Human agency and oversight: AI systems should enable equitable societies by supporting human agency and fundamental rights, and not decrease, limit or misguide human autonomy.
Robustness and safety: Trustworthy AI requires algorithms to be secure, reliable and robust enough to deal with errors or inconsistencies during all life cycle phases of AI systems.
Privacy and data governance: Citizens should have full control over their own data, while data concerning them will not be used to harm or discriminate against them.
Transparency: The traceability of AI systems should be ensured.
Diversity, non-discrimination and fairness: AI systems should consider the whole range of human abilities, skills and requirements, and ensure accessibility.
Societal and environmental well-being: AI systems should be used to enhance positive social change and enhance sustainability and ecological responsibility.
Accountability: Mechanisms should be put in place to ensure responsibility and accountability for AI systems and their outcomes.
The
commission is seeking partners to test these guidelines and offer
feedback. Details of how the pilots will work have yet to be
announced.
Almost
everyone hates social media. Almost everyone uses social media.
Poll:
Americans give social media a clear thumbs-down
The
American public holds negative views of social-media giants like
Facebook and Twitter, with sizable majorities saying these sites do
more to divide the country than unite it and spread falsehoods rather
than news, according to results from the latest national NBC
News/Wall Street Journal poll.
What’s more, six in 10 Americans say they don’t
trust Facebook at all to protect their personal information, the poll
finds.
For my Architecture students. How do we speed up
change?
The First
Law of Digital Innovation
By
now, most of us have heard of Moore’s law.
The
“law,” coined more than 40 years ago by Intel cofounder Gordon
Moore, has helped to shape the pace of innovation for decades.
… I’d
like to propose a new law. It’s one I know to be true, and one
that too many people forget. We can call it the first law of digital
transformation. Or we can just call it George’s law. It goes like
this:
Technology
changes quickly, but organizations change much more slowly.
I’d
call it, fooling the censors. (Youtube video)
Manipulating
the YouTube Algorithm – (Part 1/3)
Smarter
Every Day – “This
is video 1 of a 3 part series on Social Media Algorithm manipulation
and
countermeasures. Even if you’re aware of these issues, odds are
your friends and parents are not. I’m hoping we can use this video
series to educate an incredible amount of people about the realities
of algorithmic manipulation online. The engineers tasked with
working on these problems take their jobs very seriously and they are
truly the unsung heroes in this fight…”
Cenosillicaphobia
is the fear of an empty beer glass. Don't live in fear: go, get a
beer.
No comments:
Post a Comment