Tuesday, October 22, 2019

What Your Personal Information is Worth to Cybercriminals

Never has so much been decided by so few in a state of such ignorance with consequence for so many 

Why You Can’t Perform Hamlet at the Bar

Banning Out-of-Hours Email ‘Could Harm Employee Wellbeing’ BBC. This is silly and smacks of corporate-funded research favoring corporate backers. This minority needs to wrap their minds around composing now and sending later. 
The problem with Amazon’s speedy shipping, in one graphic Vox

Privacy Bill Could Put Dishonest Tech Execs Behind Bars
Equifax used ‘admin’ as username and password for sensitive data: lawsuit - Yahoo Finance: “Equifax used the word “admin” as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia. The ongoing lawsuit, filed after the breach, went viral on Twitter Friday after Buzzfeed reporter Jane Lytvynenko came across the detail. “Equifax employed the username ‘admin’ and the password ‘admin’ to protect a portal used to manage credit disputes, a password that ‘is a surefire way to get hacked,’” the lawsuit reads. The lawsuit also notes that Equifax admitted using unencrypted servers to store the sensitive personal information and had it as a public-facing website…”

A COMPELLING ARGUMENT, BUT BASICALLY IMPOSSIBLE:  Why We Must Ban Facial Recognition Software Now. Or is it?


My Family Story of Love, the Mob, and Government Surveillance


The whole truth took me decades to learn.

What Your Personal Information is Worth to Cybercriminals - Bleeping Computer -“Cybercriminals have multiple markets to get illicit goods and prices on these underground forums are likely driven by supply and demand, just like in the legal economy. Offerings found on deep and dark web (DDW) markets include anything that can be monetized in one way or another. Common goods cover any financial information that can be used for bank fraud.

Full info packages – A typical assortment of products and services comprises personally-identifiable information, payment card data, credentials, access to compromised systems, distributed denial-of-service, forged documents, credentials, and access to compromised services.
Many of the underground sites that provided the data are no longer active, some because law enforcement brought them down. Nevertheless, the data is still a good indicator of the value of stolen data to cybercriminals. Full packages of data that can be used to steal a US victim’s identity sell for $4-$10, the researchers say. These are called ‘fullz’ and include at least the name, Social Security number, date of birth, and account numbers. The price seems low but it can get as high as $65 when accompanied by financial information, such as credit scores. The better the credit score, the higher the price. A score of 700, for instance, increased the fullz’ value to $40….”

ATO fines dead man $5,000 for failing to lodge tax return


A Great Example of Better Data Visualization: This Voting Map GIF Core77 


The Law & Politics of Cyberattack Attribution

Eichensehr, Kristen, The Law & Politics of Cyberattack Attribution (September 15, 2019). UCLA Law Review, Vol. 67, (2020, Forthcoming); UCLA School of Law, Public Law Research Paper No. 19-36. Available at SSRN: https://ssrn.com/abstract=3453804
“Attribution of cyberattacks requires identifying those responsible for bad acts, prominently including states, and accurate attribution is a crucial predicate in contexts as diverse as criminal indictments, insurance coverage disputes, and cyberwar. But the difficult technical side of attribution is just the precursor to highly contested legal and policy questions about when and how to accuse governments of responsibility for cyberattacks.




How to stop Facebook from stealing your data after you die - The Next Web – “Inevitably, one day you’re going to die. While you may think your online identity will go to the grave with you, that’s not always how it works out. Without setting your account to self-implode or handing your login details to a trusted person, companies like Facebook and Google will carry on storing your data and everything else they’ve got on you. Facebook gives you multiple options for what you can do with your profile once you die. One thing you can do is select someone from your friends list to manage your account once you die. Another thing you can do is set a switch to automatically delete your account — but Facebook doesn’t exactly know when you’ve died, so let us explain…”


Following up on last week's post, The U.S. News Citation Ranking Is A 'Rigged Metrics Game' That 'Imperils Legal Academia':  LawProfBlawg (Anonymous Professor, Top 100 Law School), The Problems Of Measuring Scholarly Impact (‘Stuff’):
If we’re seeking to adopt some measure to assess scholarly impact, there are serious caveats that need to be addressed before we begin.
Professor Robert Anderson at Pepperdine Law School (place from which I wouldn’t mind a job offer — HINT) [How can we make you an offer (or measure your scholarly impact or teaching effectiveness) if we don't know who you are?] asked me a series of questions on Twitter, all of which are important.

For their latest video, Great Big Story visits a French mill that’s been making paper for 700 years. The Richard de Bas mill has supplied paper to the likes of Picasso and Dali and is today one of the few remaining places in France where paper is still made by hand; they only produce about 2 tons of paper a year. That flower paper is incredible. My only complaint about this video is that it wasn’t 6-7 minutes longer. You can see more of the mill in this video (in French, although YT’s auto-translated captions work ok).

The mill and the associated museum in Ambert, France are open to visitors and you can buy some of their paper from the online store. A pack of dozen sheets of their floral paper is €30.

See also this 1970 short film on marbled paper, a personal favorite of mine.

What does sober creativity look like? To find out, Leslie Jamison went to the archives. Early results weren’t  promising