Wednesday, July 12, 2017

VeriZone Cyber: Massive breach of employee data

New technology aims to thwart online dating fraud

“Cyber-attacks happen by the minute—and in our industry on the whole, they’re not being handled adequately. To get a better view of why that is, Citrix teamed up with the Ponemon Institute to find out what’s holding up businesses from appropriately addressing security issues. Here’s what we found and how businesses can take smarter steps to protect their most sensitive information—even while threats are on the rise.”

Public Knowledge Urges FCC to Investigate Verizon Customer Data Breach – “Today, reports indicate that one of Verizon’s business partners, Nice Systems, exposed millions of Verizon customer records. According to ZDNet, “as many as 14 million records of subscribers who called [Verizon’s] customer services in the past six months were found on an unprotected Amazon S3 storage server” controlled by a Nice Systems employee, with data available for public download. Public Knowledge urges the Federal Communications Commission to investigate this breach in customer data security and take appropriate enforcement action. The following can be attributed to Yosef Getachew, Policy Fellow at Public Knowledge:
“Telecommunications companies have a duty to protect the personal information of their subscribers. This includes ensuring that their employees, contractors, and business partners take appropriate security measures when they handle sensitive customer data. Verizon’s failure to do this led to the exposure of millions of customer records, jeopardizing the privacy of consumers across the nation. Its apparent failure to notify customers of the data breach also leaves consumers without any ability to secure their personal information from misuse. The FCC is well within its authority to investigate Verizon’s data security breach and take appropriate enforcement action. “Consumers entrust communications networks with their personal and sensitive information every day. When their data is compromised, they are exposed to fraud, identity theft, and other abuses. This is why the FCC’s broadband privacy rules required broadband service providers to take reasonable steps to protect customer data and notify subscribers in the event of a breach. Verizon’s recent data security lapse shows the Commission has a clear role to play in requiring all communications providers to safeguard their customers’ data.” 

THE CALL IS COMING FROM INSIDE THE DEVICE: Woman saved from attack when Amazon Echo’s Alexa calls 911.
Eduardo Barros was arrested July 2 after an hours-long standoff with a SWAT team at a home in Tijeras, near Albuquerque, New Mexico, according to Bernalillo County sheriff’s spokeswoman Deputy Felicia Romero.
The couple was house sitting for the victim’s parents at the time, according to the arrest warrant affidavit and criminal complaint from the sheriff’s department.
The alleged assault began when Barros’ girlfriend received a text message. Barros accused the victim of cheating and “stated he was going to kill her if she called the cops,” the complaint said.
He asked her, “Did you call the sheriff?” the complaint said. An Amazon Echo device in the home overheard this comment, apparently interpreted it as a command to call authorities and placed a call to 911.

Amazon however denies that Alexa has that ability.

Maybe Amazon didn’t program Alexa to call 911, but Alexa programed herself to…

Via LLRX– The Last Mile of Contracts: Why Human Teams Are Still Essential– Ron Friedmann gives us a rundown on technology for contracts along with the sound reasons why we still need humans to help create, analyze, and manage contracts.

Cybersecurity: The cold war online, Steven Aftergood. Nature 547, 30–31 (06 July 2017) doi:10.1038/547030a. Published online 05 July 2017.
“The Internet is under attack, and not just by hackers, thieves and spies. As Alexander Klimburg reports in The Darkening Web, governments that insist on their own primacy are increasingly assaulting the idea of this digitized landscape as a transnational commons. Cyberspace is becoming a war zone in a new era of ideological combat. Klimburg — director of cyber policy at the Hague Centre for Strategic Studies in the Netherlands — sees the combatants as belonging to two groups. The forces of the ‘free Internet’ favour the unconstrained flow of information, independent of national borders or cultural barriers. The ‘cybersovereignty’ camp, led by Russia and China, demands greater government control of the Internet and of information. To sustain its massive censorship operation, China’s ‘Great Firewall’ employs more people than serve in the country’s armed forces…

Follow up to previous posting of November 2016 – Audit of OPM Security Systems Shows Continued Material Weakness – an update via NextGov: “More than two years after suffering a massive data beach [of over 20 million current and past federal employee personal data], the Office of Personnel Management still isn’t sufficiently vetting many of its information systems, an auditor found. In some cases, OPM is past due to re-authorize IT systems, the inspector general’s audit said. In other cases, OPM did reauthorize those systems but did it in a haphazard and shoddy way during a 2016 “authorization sprint,” the IG said. “The lack of a valid authorization does not necessarily mean that a system is insecure,” the auditors said. “However, it does mean that a system is at a significantly higher risk of containing unidentified security vulnerabilities.” The audit is dated June 20 but was publicly released July 7…”