Archive for the ‘privacy and security’ Category

ComputerCOP: The Dubious ‘Internet Safety Software’ That Hundreds of Police Agencies Have Distributed to Families

October 2, 2014 Comments off

ComputerCOP: The Dubious ‘Internet Safety Software’ That Hundreds of Police Agencies Have Distributed to Families
Source: Electronic Frontier Foundation

For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the “first step” in protecting their children online.

Police chiefs, sheriffs, and district attorneys have handed out hundreds of thousands of copies of the disc to families for free at schools, libraries, and community events, usually as a part of an “Internet Safety” outreach initiative. The packaging typically features the agency’s official seal and the chief’s portrait, with a signed message warning of the “dark and dangerous off-ramps” of the Internet.

As official as it looks, ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies.

About these ads

Full Committee Hearing: White House Perimeter Breach: New Concerns about the Secret Service

October 1, 2014 Comments off

Full Committee Hearing: White House Perimeter Breach: New Concerns about the Secret Service
Source: U.S. House of Representatives, Committee on Oversight & Government Reform

Date: Tuesday, September 30, 2014 – 10:00am
Location: 2154 Rayburn House Office Building

The Honorable Julia Pierson
United States Secret Service

The Honorable W. Ralph Basham
Former Director
United States Secret Service

The Honorable Todd M. Keil
Senior Advisor
TorchStone Page, Inc
Former Assistant Secretary for Infrastructure Protection
Department of Homeland Security

Ranking Member Cummings’s Opening Statement

See also: Archived webcast

New From the GAO

September 30, 2014 Comments off

New From the GAO
Source: Government Accountability Office

1. Afghanistan Equipment Drawdown: Progress Made, but Improved Controls in Decision Making Could Reduce Risk of Unnecessary Expenditures. GAO-14-768, September 30.
Highlights –

2. Bureau of Prisons: Information on Efforts and Potential Options to Save Costs. GAO-14-821, September 30.
Highlights –

3. Unmanned Aerial Systems: Department of Homeland Security’s Review of U.S. Customs and Border Protection’s Use and Compliance with Privacy and Civil Liberty Laws and Standards. GAO-14-849R, September 30.

4. Elections: Observations on Wait Times for Voters on Election Day 2012. GAO-14-850, September 30.
Highlights –

Press Release

1. GAO Makes Appointment to PCORI Governing Board. September 30.

Dialing Back Abuse on Phone Verified Accounts

September 26, 2014 Comments off

Dialing Back Abuse on Phone Verified Accounts (PDF)
Source: George Mason University

In the past decade the increase of for-profit cybercrime has given rise to an entire underground ecosystem supporting large-scale abuse, a facet of which encompasses the bulk registration of fraudulent accounts. In this paper, we present a 10 month longitudinal study of the underlying technical and financial capabilities of criminals who register phone verified accounts (PVA). To carry out our study, we purchase 4,695 Google PVA as well as pull a random sample of 300,000 Google PVA that Google disabled for abuse. We find that miscreants rampantly abuse free VOIP services to circumvent the intended cost of acquiring phone numbers, in effect undermining phone verification. Combined with short lived phone numbers from India and Indonesia that we suspect are tied to human verification farms, this confluence of factors correlates with a market-wide price drop of 30{40% for Google PVA until Google penalized verifications from frequently abused carriers. We distill our findings into a set of recommendations for any services performing phone verification as well as highlight open challenges related to PVA abuse moving forward.

Tactical Cyber: How to Move Forward

September 24, 2014 Comments off

Tactical Cyber: How to Move Forward
Source: Small Wars Journal

Cyberspace operations, both defensive and offensive, captured the attention of many pundits, military professionals, and interested observers. Their attention has increased focus on the viability of military operations in cyberspace, specifically at the tactical and operational levels. Some argue cyberspace will cause transformational change to warfare, while others argue cyber operations are more likely to evolve into the canon of older, traditional military means. This paper argues from the latter viewpoint, but focuses on the obstacles and opportunities inherent in providing timely cyberspace effects to tactical level commanders. There is currently a lack of literature and thinking on tactical cyberspace employment relative to strategic, and this paper argues for more focus on solving the issues presented by it in order to prepare for potential adversaries who are certainly experimenting with tactical cyber operations now.

HHS OIG — Health Insurance Marketplaces Generally Protected Personally Identifiable Information but Could Improve Certain Information Security Controls

September 24, 2014 Comments off

Health Insurance Marketplaces Generally Protected Personally Identifiable Information but Could Improve Certain Information Security Controls
Source: U.S. Department of Health and Human Services, Office of Inspector General

This summary report provides an overview of the results of three reviews of the security of certain information technology at the Federal, Kentucky, and New Mexico Health Insurance Marketplaces. These reviews generally examined whether information security controls were implemented in accordance with relevant Federal requirements and guidelines and whether vulnerabilities identified by prior assessments were remediated in a timely manner.

Although CMS had implemented controls to secure and consumer personally identifiable information (PII) on the Federal Marketplace, we identified areas for improvement in its information security controls. Kentucky had sufficiently protected PII on its Marketplace Web sites and databases in accordance with Federal requirements. However, opportunities to improve the Kentucky Marketplace’s database access and information security controls remain. Although New Mexico management had implemented security controls, policies, and procedures to prevent vulnerabilities in its Web site, database, and supporting information systems, its information technology policies and procedures did not always conform to Federal requirements to secure sensitive information stored and processed by the New Mexico Marketplace.

We recommended that the Marketplaces’ management address the findings identified in its reports.

On September 4, 2014, CMS issued a statement regarding an intrusion on a server that supports testing of but does not contain consumer personal information. The intrusion occurred after the period of our audit and involved technology outside our audit scope.

Deloitte Survey: Where There is Reward for Travel, There is Risk

September 23, 2014 Comments off

Deloitte Survey: Where There is Reward for Travel, There is Risk
Source: Deloitte

Three-quarters (75 percent) of frequent travelers expect their loyalty program data to be secured to at least the same standard as a financial institution — but only 33 percent feel their accounts are secure enough, according to a new Deloitte study, “Loyalty data security: Are hospitality and travel companies managing the risks of their rewards programs?”

Few frequent travelers appear fully aware of the wider risks involved when loyalty data — including travel schedules and other personal data — is lost or stolen. Roughly one in seven (15 percent) are simply concerned that a breach would result in a loss of loyalty points, while the majority of travelers (76 percent) worry about the loss of credit card numbers.


Get every new post delivered to your Inbox.

Join 930 other followers