Pete Recommends – Weekly highlights on cyber security issues September 15 2018

Subject: Cybersecurity the right way
Source: FCW

FCW recently gathered a group of IT security leaders from across government to discuss how they bring organization and prioritization to their many cybersecurity efforts. The discussion was on the record but not for individual attribution (see below for a list of participants), and the quotes have been edited for length and clarity. Here’s what the group had to say.

Subject: Peeled onions and a Minus Touch: Verizon data breach digest lifts the lid on theft tactics
Source: ZDNet

Data breaches, successful cyberattacks, and hacking events are often shrouded in silence. Beyond the bare-bones facts, it is often difficult for companies which have become victims of such crimes — as well as the external cybersecurity experts which perform forensics and damage control after — to admit to more than they have to. Legal ramifications, prized reputations which may take a beating, and protective non-disclosure agreements often mean that very little is shared publicly which relates to how a security incident was able to take place, the timelines involved, or any of the gritty, contextual details.

While anonymized, Verizon’s new 2018 Data Breach Digest (DBD) contributes towards this goal and also gives us a look into how cyberforensics teams tackle data breaches.

Previous and related coverage

Related Topics: Apple Security TV Data Management CXO Data Centers

RSS feed:

Subject: Everything You Should Do Before You Lose Your Phone
Source: Wired

It’s an unfortunate fact that the pricey pocket computers we carry around with us at all times are prime targets for thieves—as well as very easy to leave behind in subway cars or on coffee shop tables. Now that we all rely on our smartphones for so much, having one stolen or misplaced can feel like the end of the world. But it doesn’t have to be, not quite. Here are the preparations you can take before the worst happens, and what to do if it does.

Other Wired SECURITY articles:

Subject: Apple Announces New Initiative to Aid Law Enforcement Worldwide
Source: Digital Trends

In 2016, Apple and the FBI went to court over the company’s unwillingness to hand over private data. Now, the company is working to find a better way to handle law enforcement requests for data and information pertaining to criminal investigations. According to its website, the company is currently working on building an online portal which will make it easier for law enforcement to submit requests to Apple regarding such data.

Apple’s website says that, by the end of the year, it hopes to have created an” online portal for authenticated law enforcement officers globally to submit lawful requests for data, track requests, and obtain responsive data from Apple.” However, a letter sent to Senator Sheldon Whitehouse (D-RI), seen by CNET, provides some more information on the company’s plans.

In regards to the company’s customers, Apple in its letter to Whitehouse says it remains committed to protecting user privacy. It doesn’t provide details regarding how these new initiatives will affect existing customers, but it does promise that these new plans are consistent with its goals of protecting its customers’ privacy and data.

Recent APPLE-tagged stories:

RSS feed:

Subject: Amazon, Apple, others to testify before U.S. Senate on data privacy September 26
Source: Reuters via Yahoo

WASHINGTON (Reuters) – Six major web and internet service companies, including AT&T Inc, Twitter Inc and Alphabet Inc’s Google, will detail their consumer data privacy practices to a U.S. Senate panel on Sept. 26, according to a congressional statement on Wednesday.

They will also testify on “how they plan to address new requirements from the European Union and California, and what Congress can do to promote clear privacy expectations without hurting innovation,” Thune said.

Subject: What to Put in Your Medication Go Bag
Source: Consumer Reports

A well-stocked medication go bag can be used to soothe a cut or burn—or to save your life during a hurricane, flood, fire, or other emergency.

But it’s important not to wait until you’re faced with the need to leave your home in a hurry to assemble your medication go bag, says Geoffrey C. Wall, Pharm.D., a professor of clinical sciences at Drake University in Des Moines, Iowa. Whether you buy a kit from a drugstore or build it yourself, Wall recommends that all households keep a medication go bag on hand. It should contain the essentials, including:

Subject: Decentralisation: the next big step for the world wide web
Source: The Guardian via beSpacific

The Guardian – “The decentralised web, or DWeb, could be a chance to take control of our data back from the big tech firms. So how does it work and when will it be here?

What is the decentralised web?
It is supposed to be like the web you know but without relying on centralised operators. In the early days of the world wide web, which came into existence in 1989, you connected directly with your friends through desktop computers that talked to each other. But from the early 2000s, with the advent of Web 2.0, we began to communicate with each other and share information through centralised services provided by big companies such as Google, Facebook, Microsoft and Amazon. It is now on Facebook’s platform, in its so called “walled garden”, that you talk to your friends. “Our laptops have become just screens. They cannot do anything useful without the cloud,” says Muneeb Ali, co-founder of Blockstack, a platform for building decentralised apps. The DWeb is about re-decentralising things – so we aren’t reliant on these intermediaries to connect us. Instead users keep control of their data and connect and interact and exchange messages directly with others in their network.

Why do we need an alternative?

Subjects: Cybercrime, Cybersecurity, E-Commerce, Freedom of Information, Internet, Knowledge Management, Privacy

Ed Note: the above article’s link to The Guardian contains these topics and keywords:


RSS available, too.

Subject: Who controls your data?
Source: Engadget via beSpacific

Engadget – We requested our personal information from dozens of companies. Here’s what they gave us — and what they didn’t: “The average American, one study tell us, touches their phone 2,600 times per day. By the end of a given year, that’s nearly a million touches, rising to two million if you’re a power user. Each one of those taps, swipes and pulls is a potential proxy for our most intimate behaviors. Our phones are not only tools that help us organize our day but also sophisticated monitoring devices that we voluntarily feed with interactions we think are private. The questions we ask Google, for instance, can be more honest than the ones we ask our loved ones — a “digital truth serum,”

Subjects: Civil Liberties, Financial System, Freedom of Information, Government Documents, Health Care, Internet, Knowledge Management, Privacy, Social Media

One of the many RSS Subject aka Category feeds:

Engadget articles:

Subject: Program on Extremism
Source: The George Washington University

GW Program on Extremism – ISIS in America

Our report, ISIS in America: From Retweets to Raqqa, is part of our ongoing mission to provide balanced, empirical analysis of the threat posed to the United States by Islamic State. The first-of-its-kind, in-depth analysis of Americans who have joined and acted on behalf of IS has received extensive media coverage since its release in 2015.

Subject: Samsung SmartThings Tracker Locates People, Pets, and Things
Source: Digital Trends

The Tracker has a power button that can also be used to send pre-configured notification alerts. For example, you can set it up so a double button push sends an “I’m home” or “I’m ready to be picked up” or “My flight just landed” notification. The tracker can also send an SOS signal if someone is in trouble.

Tracker location alerts and signals are restricted to users with pre-configured shared access to the SmartThings App, so, for example, everyone with a scanner won’t know when your kid gets out of school.

Geo-fencing, the ability to establish a location zone, is another versatile Tracker feature. When someone with the Tracker exits or enters a geo-fenced zone, the system can be configured to send a notification alert to the SmartThings App. The geo-fencing feature also can act as a proximity sensor to trigger other SmartThings devices, such as turning on lights as you get close to home.

The SmartThings Tracker will be available through AT&T beginning on September 14 and with Verizon later in 2018. The AT&T price for the Tracker is $100 including the first year’s connectivity. Subsequent service costs $5 per month or $50 for a year.

Subject: Text message on Sept. 20 will test two national alert systems | Penn State University
Source: Penn State News

As part of September’s National Preparedness Month, the Federal Emergency Management Agency and the Federal Communications Commission (FCC) will send a test message on Sept. 20 to all cellphone users within range of an active cell tower. If messages cannot be sent Sept. 20, this test of these two national alert systems will have a backup date of Oct. 3.  

The message will read “THIS IS A TEST of the National Wireless Emergency Alert System.  No action is needed.” This will be the first national test of the Wireless Emergency Alert System (WEA).

Penn State faculty, staff and students who receive PSUAlerts by text messages are already receiving messages via the same system on which the test message will be sent. These cellphone users, who currently receive tornado warnings and severe thunderstorm alerts, will likely receive the WEA test. 

[Ed. Comment: I’m not a fan of communications that are ambiguous e,g., what does it mean to the person who does NOT receive it? was it a technical “failure to communicate”? /pmw1

Subject: Google fights battle over whether expanding the ‘right to be forgotten’ is censorship
Source: Business Insider

  • Google is currently fighting a big battle in the EU’s top court about whether people’s “right to be forgotten” should apply globally to its search engine.
  • The right means private citizens in Europe can ask Google and other search engines to scrub certain unflattering results about them.
  • France’s data protection agency said Google only deletes results from its EU search engines, and that the information is still visible on non-EU domains.
  • Google argued on Tuesday that applying the rule globally would impinge on people’s right to free expression.

Most people outside Europe don’t know much about the digital “right to be forgotten,” the idea that private citizens can ask search engines to scrub certain search results about them.

It’s a comparatively new idea, but a landmark ruling in 2014 from the European Court of Justice set the initial parameters of how it might apply. That ruling said search engines like Google could be forced to delete results.

see also:

SEE ALSO: Millions of Europeans are asking Google to be ‘forgotten’ — here’s why Americans don’t have that option

Subject: What to Do After a Disaster Hits Your Home, Mortgage
Source: NerdWallet

If you’re affected by a hurricane, flood or another natural disaster, what does it mean for your mortgage? With Hurricane Florence getting ready to make landfall, this is especially important for homeowners on the East Coast. Here are frequently asked questions and answers.

What should I do first? Get in touch with the following entities:

  • The Federal Emergency Management Agency. You can register with FEMA online, in person at a disaster recovery center or by calling 800-621-3362.
  • Your homeowners insurance company, plus your flood or earthquake insurance company, if either applies to your situation.
  • Your mortgage servicer. That’s the company that you send your monthly payments to; it might not be your original mortgage lender.


More from NerdWallet

Subject: Hurricane Florence sets wireless providers’ recovery plans in motion
Source: USA Today – Tech

As millions evacuate the mid-Atlantic coastal region ahead of Hurricane Florence, wireless providers are mounting an invasion of support crews and high-tech machinery to repair and restore connectivity in the storm’s wake.

The incursion includes a menagerie of machines with animal monickers meant to help mend the hurricane-hit area’s communications network. There are COWs (cells on wheels), COLTs (cells on light trucks), CROWs (cellular repeaters on wheels), GOATs (generators on a trailer) and Spiders, webs of circuitry meant to improve connectivity in hotels, command centers and temporary shelters.

In advance of the storm, wireless companies fortify offices and buildings that house critical network junctions called switches. Those windowless, nondescript buildings are constructed to withstand Category 5 winds and even bomb blasts, but they still get a pre-storm once-over to check batteries, generators and fuel supplies.

Once the storm has passed, providers will use drones to assess damage and, if needed, a drone called a “flying COW” could be used to provide temporary wireless coverage until cell sites are back up and running, Mair said.

Verizon also said data speed restrictions have been lifted for first responders in North Carolina, South Carolina and Virginia. Last month, the company took criticism for throttling a fire department’s data speeds during a wildfire and, subsequently, announced it would no longer place such restrictions on first responders during emergencies on the West Coast.

• Use text messages whenever possible during and after a major weather event to lessen network congestion. “Texting is a lot less resource-intensive for the wireless networks, and it’s a lot better on your batteries,” Entner said. [Remember: if there is no cellular service, place in Airplane mode (turn on Wi-Fi, if necessary) to conserve battery; you might update your VoiceMail Outgoing Message to give folks a heads up on your status] /pmw1]

Posted in: Big Data, Cybercrime, Cyberlaw, Cybersecurity, Government Resources, Privacy