Pete Recommends – Weekly highlights on cyber security issues November 24 2018

Editor’s Preface: Many of these columns by Pete Weiss reference RSS feeds that he identified on each respective web site that he is highlighting, or via his expert research.  To learn more about the value of using RSS, please see Pete’s LLRX article on this topic – What is RSS and How to Use it Effectively.


Subject: The Fax Is Not Yet Obsolete
Source: The Atlantic via beSpacific
https://www.bespacific.com/the-fax-is-not-yet-obsolete/

The AtlanticLaw and medicine still rely on the device. Maybe they shouldn’t. An Object Lesson.
“…Fax, once at the forefront of communications technologies but now in deep decline, has persisted in many industries. Law-enforcement agencies remain heavily reliant on fax for routine operations, such as bail postings and return of public-records requests. Health care, too, runs largely on fax. Despite attempts to replace it, a mix of regulatory confusion, digital-security concerns, and stubbornness has kept fax machines droning around the world… Doctors rely heavily on faxes in both routine and high-stakes situations. According to Vox, one industry analyst estimates that 75 percent all of all medical communications still happen by fax. Occasionally, news outlets describe this phenomenon, mostly as human-interest stories: “Medical Students Flummoxed by Fax Machines” or “Med Students Are Puzzled When Forced to Use This Ancient Technology.” Despite confusion and frustration, though, the business of faxing continues on. Part of this has to do with an interpretation of a clause in HIPAA, a U.S. health-privacy law, which requires health providers to take reasonable steps to safeguard patient information. Because this rule explicitly mentions fax and not email, some providers interpret the law to mean that records must go by fax.

That habit dies hard. A start-up called PatientBank, which allowed users to share and receive medical records digitally, shut down in January, partly because weaning hospitals from fax proved too difficult. Paul Fletcher-Hill, a PatientBank co-founder, told me that one reason hospitals cited for their continued dependency was security: Many believed that hacking computer systems were easier to hack than fax machines—and that computer hacks were more damaging…”

Subjects: Health Care, Knowledge Management, Legal Research

NB US-CERT issues guide on how to properly dispose of your electronic devices
https://www.us-cert.gov/ncas/tips/ST18-005


Subject: How to Tell if Your Account Has Been Hacked
Source: Motherboard via beSpacific
https://www.bespacific.com/how-to-tell-if-your-account-has-been-hacked/

Motherboard – How to check if your Gmail, Facebook, Instagram, Twitter, and other accounts have been hacked. “Hackers routinely target high profile victims like politicians or wealthy cryptocurrency investors. But you could become a target too

Subjects: Cybercrime, Cybersecurity, E-Mail, PC Security, Social Media

Motherborad tagged:

RSS feed for Motherboard:
https://motherboard.vice.com/en_us/rss


Subject: Facebook Increasingly Reliant on A.I. To Predict Suicide Risk
Source: NPR
https://www.npr.org/2018/11/17/668408122/facebook-increasingly-reliant-on-a-i-to-predict-suicide-risk

A year ago, Facebook started using artificial intelligence to scan people’s accounts for danger signs of imminent self-harm.

Facebook Global Head of Safety Antigone Davis is pleased with the results so far.

“In the very first month when we started it, we had about 100 imminent-response cases,” which resulted in Facebook contacting local emergency responders to check on someone. But that rate quickly increased.

“To just give you a sense of how well the technology is working and rapidly improving … in the last year we’ve had 3,500 reports,” she says. That means AI monitoring is causing Facebook to contact emergency responders an average of about 10 times a day to check on someone — and that doesn’t include Europe, where the system hasn’t been deployed. (That number also doesn’t include wellness checks that originate from people who report suspected suicidal behavior online.)

Davis says the AI works by monitoring not just what a person writes online, but also how his or her friends respond. For instance, if someone starts streaming a live video, the AI might pick up on the tone of people’s replies.

NPR RSS feed:
https://www.npr.org/rss/rss.php


Subject: USPS finally fixes website flaw that exposed 60 million users’ data
Source: ZDNet
https://www.zdnet.com/article/usps-finally-fixes-website-flaw-that-exposed-60-million-users-data/

The US Postal Service has fixed a security bug in its website that allowed anyone with an account to see the account details of the site’s 60 million users.

The flaw was patched this week after USPS was informed of the issue by Krebs on Security, which reports that an unnamed independent researcher reported the bug a year ago but never received a response.

According to Krebs, the flaw was caused by an authentication weakness in the application programming interface (API) on usps.com that supported the USPS ‘Informed Visibility’ program, which offers business customers “near real-time tracking data” about mail campaigns and packages.

“Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously. Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law.”

[huh? /pmw1]

However, a recent vulnerability assessment of the Informed Visibility program by the Office of Inspector General of the US Postal Service turned up weaknesses, including a lack of audit logs, in the Informed Visibility database.

USPS has faced scrutiny in the past, after a 2014 hack exposed personal information on 800,000 employees, 485,000 workers’ compensation records, and 2.9 million customer-inquiry records.

The OIG in 2015 criticized the USPS for focusing on compliance and failing to foster a “culture of effective cybersecurity across the enterprise”.

More security news


Subject: Cybersecurity and Infrastructure Security Agency | Homeland Security
Source: DHS – CISA Cyber+Infrastructure
https://www.dhs.gov/cybersecurity-and-infrastructure-security-agency

On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This landmark legislation elevates the mission of the former National Protection and Programs Directorate (NPPD) within DHS and establishes the Cybersecurity and Infrastructure Security Agency (CISA).

CISA leads the national effort to defend critical infrastructure against the threats of today, while working with partners across all levels of government and in the private sector to secure against the evolving risks of tomorrow.
The name CISA brings recognition to the work being done, improving its ability to engage with partners and stakeholders, and recruit top cybersecurity talent.

What Does CISA Do?

Organizational Changes Related to the CISA Act
The CISA Act establishes three divisions in the new agency: Cybersecurity, Infrastructure Security and Emergency Communications.


Subject: Vancouver cops are baiting coffee-shop thieves—with traceable laptops
Source: Maclean’s
https://www.macleans.ca/news/canada/vancouver-police-laptop-coffee-shop-thieves/

The day of the theft, Brian Schreiber started his morning in a bustling Vancouver Starbucks at Homer and Robson to perk up with a coffee and write a card to a friend. With him was his laptop in an expensive leather bag, and five USB sticks containing personal information. He set the bag on the table beside him and went to the counter to buy a coffee. He ran into a friend in the lineup, and the two chatted for a bit. It might have been at that moment the thief struck, nabbing his bag and laptop. Schreiber isn’t sure. “I’m a bit embarrassed to say that I did leave without the bag.” When he realized it was missing and called the shop, staff were sympathetic but told him no one had turned it in. He reported the theft to police, who so far have not found his bag. “It was a real bad mistake,” says Schreiber, a self-employed lawyer who used the laptop for work.

Schreiber is not alone in his misfortune. He’s one of a rash of victims targeted by thieves this summer in coffee-crazy Vancouver’s cafés. There are dozens, if not hundreds, of coffee shops in downtown Vancouver where people go with their expensive laptops and phones to grab a latte and surf the net or work, using free WiFi and chargers. Their clientele has come to reflect Vancouver’s disparate socio-economic profile. On any given day, an aspiring novelist could be seated beside a moneyed stock trader. And beside them both could very well be a thief. At some point, someone gets up to use the washroom—it’s a coffee shop, after all—and doesn’t bother to pack up their belongings for the quick trip. Waiting to strike are opportunistic petty thieves, many of whom are addicted to drugs and steal to pay for their next fix.

READ:  Canada’s Most Dangerous Places 2019

RSS feed: https://www.macleans.ca/feed/

Other CRIME stoppers 😉
https://www.macleans.ca/tag/crime/
RSS:
https://www.macleans.ca/tag/crime/feed/


Subject: Passwords Aren’t Enough. The Key to Online Security Is a Key
Source: The Wall Street Journal
https://www.wsj.com/articles/passwords-arent-enough-the-key-to-online-security-is-a-key-1542834498

These physical devices by Yubico and Google are helping guard you against online hackers. Just don’t lose them

NO MATTER how much alphanumeric complexity you add to passwords, chances are they’re still not strong enough. Don’t worry, mine are even weaker. Against all advice, I’m only willing to deliver the bare minimum asked of me when it comes to mixing numbers, letters and symbols. I stupidly use the same passwords for multiples sites, I rarely change them (unless forced to), and I hide them in very obvious places.

Any grade-school computer nerd could hack me on most platforms were it not for an extra layer of security: my YubiKey 5 (from $45, yubico.com). This encrypted device is a unique two-factor authentication system similar to what you’re already using (right?) to bolster your online security.

The keys, which fit on a ring next to ones for your house and car, automatically authenticate the sites you visit. Then each time you click “log in” and type your password, the key creates a one-time cryptographic code that pairs it with a site, completing the process. Without the key your passwords don’t work, for you or, more importantly, anyone trying to hack you.

tagged:


Subject: Technology giants didn’t deserve public trust in the first place
Source:  Zachary Loeb via LLRX
https://www.llrx.com/2018/11/technology-giants-didnt-deserve-public-trust-in-the-first-place/

Amazon may have been expecting lots of public attention when it announced where it would establish its new headquarters – but like many technology companies recently, it probably didn’t anticipate how negative the response would be. In Amazon’s chosen territories of New York and Virginia, local politicians balked at taxpayer-funded enticements promised to the company. Journalists across the political spectrum panned the deals – and social media filled up with the voices of New Yorkers and Virginians pledging resistance.

Similarly, revelations that Facebook exploited anti-Semitic conspiracy theories to undermine its critics’ legitimacy indicate that instead of changing, Facebook would rather go on the offensive. Even as Amazon and Apple saw their stock-market values briefly top US$1 trillion, technology executives were dragged before Congress, struggled to coherently take a stance on hate speech, got caught covering up sexual misconduct and saw their own employees protesting business deals.

In some circles this is being seen as a loss of public trust in the technology firms that promised to remake the worldsocially, environmentally and politically – or at least as frustration with the way these companies have changed the world. But the technology companies need to do much more than regain the public’s trust; they need to …

Posted in: Big Data, E-Commerce, KM, Privacy, Search Engines, Social Media

Example RSS feed for tag BIG DATA:
https://www.llrx.com/category/big-data/feed/


Posted in: Cybercrime, Cybersecurity, Gadgets/Gizmos, Privacy