A
problem my Computer Security students must address.
New
Zealand Says Budget Leak Was Bungled, Not Hacked
The
Treasury department called in police this week after the opposition
National Party released parts of the government's annual budget,
which was not due for release until Thursday.
At
the time, Treasury Secretary Gabriel Makhlouf said his department had
fallen victim to a "systematic" and "deliberate"
hack, rejecting "absolutely" any suggestion the information
had been accidentally posted online.
He
was forced into an embarrassing backdown Thursday after police found
no evidence that illegal activity was behind the leak.
"On
the available information, an unknown person or persons appear to
have exploited a feature in the website search tool but... this does
not appear to be unlawful," Makhlouf said in a statement.
He said Treasury prepared a "clone"
website ahead of the Budget's release but did
not realise that entering specific search terms on it revealed
embargoed information. [Did
they test it? Bob]
Interesting question. Do you want an employee who
can’t learn? I am a fan, but I suspect some lawyers might not be?
Should
Failing Phish Tests Be a Fireable Offense?
Would your average Internet user be any more
vigilant against phishing scams if he or she faced the real
possibility of losing their job after
falling for one too many of these emails? Recently, I met
someone at a conference who said his employer had in fact terminated
employees for such repeated infractions. As this was the first time
I’d ever heard of an organization actually doing this, I asked some
phishing experts what they thought (spoiler alert: they’re not fans
of this particular teaching approach).
Another Computer Security resource. If you
misidentify it, you probably won’t secure it properly.
FPF and IAF
Release “A Taxonomy of Definitions for the Health Data Ecosystem”
Healthcare technologies are rapidly evolving,
producing new data sources, data types, and data uses, which
precipitate more rapid and complex data sharing. Novel
technologies—such as artificial intelligence tools and new internet
of things (IOT) devices and services—are providing benefits to
patients, doctors, and researchers.
… Understanding the evolving health data
ecosystem presents new challenges for policymakers and industry.
There is an increasing need to better understand and document the
stakeholders, the emerging data types and their uses.
The Future of Privacy Forum (FPF) and the
Information Accountability Foundation (IAF) partnered to form the
FPF-IAF Joint Health Initiative in 2018. Today, the Initiative is
releasing A Taxonomy of Definitions for the Health Data Ecosystem;
the publication is intended to enable a more nuanced, accurate, and
common understanding of the current state of the health data
ecosystem.
[Read
the taxonomy here:
Not a backdoor, it simply removes the wall.
Apple,
Google and WhatsApp condemn UK proposal to eavesdrop on encrypted
messages
In practice, the
proposal suggests a technique which would require encrypted messaging
services — such as WhatsApp — to direct a message to a third
recipient, at the same time as sending it to its intended user.
… In
an open
letter to
GCHQ (Government Communications Headquarters), 47 signatories
including Apple,
Google and WhatsApp have jointly urged the U.K. cybersecurity agency
to abandon its plans for a so-called “ghost protocol.”
It
comes after intelligence officials at GCHQ proposed a way in which
they believed law enforcement could access end-to-end encrypted
communications without
undermining the privacy, security or confidence of other users.
… The
pair said it would be “relatively easy for a service provider to
silently add a law enforcement participant to a group chat or call.”
In
practice, the proposal suggests a technique which would require
encrypted messaging services — such as WhatsApp — to direct a
message to a third recipient, at the same time as sending it to its
intended user.
You
can tell they’ve been following this topic.
GDPR
– The Year in Review
Following
the one-year anniversary of the coming into effect of the GDPR, Hogan
Lovells’ Privacy and Cybersecurity practice has prepared a
compilation of key GDPR-related developments of the past 12 months.
The compilation covers regulatory guidance, enforcement actions,
court proceedings, and various reports and materials.
(Related) When will we hit the tipping point,
where the EU goes after these people?
One
Year Into GDPR, Most Apps Still Harvest Data Without Permission
While
good-acting companies knock themselves out trying to comply with data
protection and privacy laws, and regulators debate
the minutiae of cookie consent policies,
bad actors simply couldn’t care less.
… Apps
often presented users with a consent notice screen and then ignored
the user’s choice, transmitting the data regardless of the user’s
preference.
“The
regulation exists, but is there a body in Belgium looking at the
mobile ecosystem to try and determine which calls from a device are
legitimate or not – hell no, that’s not happening,” said Grant
Simmons, head of client analytics at Kochava.
But even if
there was, this stuff is hard to catch by design, Simmons said.
Around 30% of the data calls transmitted to and from devices are
encrypted and when fraudsters enter the picture, they usually use
transitory domains to obscure their actions, including data
harvesting.
Hey, it’s a
start!
10
things we should all demand from Big Tech right now
We
need an algorithmic bill of rights. AI experts helped us write one.
I
Transparency: We have the right to know when an algorithm is making a
decision about us, which factors are being considered by the
algorithm, and how those factors are being weighted.
VII Redress:
We have the right to seek redress if we believe an algorithmic system
has unfairly penalized or harmed us.
(Related) A
Canadian version?
Canada's
Digital Charter: Trust in a digital world
… See
Canada's
Digital Charter and
how
the Government of Canada is building this foundation of trust and
encouraging continued growth across our economy. It relies on
governments, citizens and businesses working together to ensure that
privacy is protected, data is kept safe, and Canadian companies can
lead the world in innovations that fully embrace the benefits of the
digital economy.
Will Google
become liable for ‘encouraging’ drivers to speed?
Google
Maps adds ability to see speed limits and speed traps in 40+
countries
No comments:
Post a Comment