Car conveniences come with cautions

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Automak­ers plan to bring e-com­merce to the dash­board. Ford Motor has an app that lets dri­vers dic­tate an order to Domino’s Piz­za using voice con­trols and a smart­phone. Gen­er­al Motors is offer­ing AtY­ourS­er­vice, which alerts dri­vers to deals at Dunkin’ Donuts or lets them book a hotel room on Priceline.com using voice com­mands. By 2020, as many as 40 per­cent of new vehi­cles sold world­wide will let dri­vers shop from behind the wheel, pre­dicts Thi­lo Koslows­ki, vice pres­i­dent of the auto prac­tice at Gart­ner, an infor­ma­tion tech­nol­o­gy research and advi­so­ry firm. Con­nect­ed cars present a rich tar­get that hack­ers can troll for cred­it card num­bers, home address­es, email infor­ma­tion and all the oth­er per­son­al details required for iden­ti­ty theft. “Today the moti­va­tion for hack­ing a car is mis­chief, with an objec­tive of hurt­ing peo­ple or car com­pa­nies,” Koslows­ki said. Once dri­vers can shop with impuni­ty as they roll down the high­way, “the car will def­i­nite­ly be viewed as a vul­ner­a­ble device.” Source: Insur­ance Jour­nal

This is when we want IRS to get more money

sh_IRS money_170The Inter­nal Rev­enue Ser­vice is hav­ing trou­ble assist­ing iden­ti­ty fraud vic­tims because of bud­get con­straints imposed by Con­gress, says the Trea­sury Inspec­tor Gen­er­al for Tax Admin­is­tra­tion. In tes­ti­mo­ny at a Sen­ate Bud­get Com­mit­tee hear­ing, Inspec­tor Gen­er­al J. Rus­sell George said to pro­vide relief to vic­tims of iden­ti­ty theft, the IRS began issu­ing Iden­ti­ty Pro­tec­tion Per­son­al Iden­ti­fi­ca­tion Num­bers to eli­gi­ble tax­pay­ers in fis­cal 2011. The iden­ti­ty theft vic­tim uses the PIN for tax fil­ing to pre­vent fur­ther mis­us­es of the person’s Social Secu­ri­ty num­ber. The IRS also decid­ed to assign a ded­i­cat­ed employ­ee to work with each iden­ti­ty theft vic­tim. How­ev­er, with Con­gress slash­ing the agency’s bud­get, the IRS couldn’t afford to assign a sin­gle employ­ee for each iden­ti­ty theft vic­tim. Because of that, George told the com­mit­tee, TIGTA found that not all eli­gi­ble indi­vid­u­als are receiv­ing a PIN. Specif­i­cal­ly, in Sep­tem­ber 2014, the IRS did not pro­vide a PIN to 532,637 tax­pay­ers who had an iden­ti­ty theft indi­ca­tor on their tax account. Source: Fierce Gov­ern­ment

Breach could haunt you for years

While breach reports fix­ate on the num­ber of records stolen, accounts com­pro­mised and peo­ple affect­ed, the real ques­tion is what will hack­ers even­tu­al­ly do with the data they’ve tak­en. “When you look at it today … almost 80 per­cent of [hack­ers] are in the busi­ness for prof­it,” said Al Berman, pres­i­dent of New York’s Dis­as­ter Recov­ery Insti­tute Inter­na­tion­al. Peo­ple with secu­ri­ty clear­ances and sen­si­tive infor­ma­tion, com­bined with ver­i­fied extra­mar­i­tal affairs, could rank as a blackmailer’s eas­i­est tar­get. With a bil­lion records stolen by hack­ers in 2014 and like­ly more in 2015, cross-ref­er­enced data breach­es may become the norm, explod­ing months or even years after the ini­tial hack. Source: ZDNet

An ironic act of revenge

sh_lizard_280Hack­ers have attacked the web­site of the U.K.‘s Nation­al Crime Agency in revenge for the arrests of six peo­ple who pur­chased an illic­it tool designed to … take web­sites offline. The NCA’s web­site was unre­spon­sive Tues­day, though there is no indi­ca­tion any secure servers or oper­a­tional infor­ma­tion has been com­pro­mised. The hack­ing group Lizard Squad claimed respon­si­bil­i­ty for the hack on Twit­ter. The NCA made its arrests in August as part of Oper­a­tion Vivar­i­um, which is designed specif­i­cal­ly to attack Lizard Squad and peo­ple who pur­chased its code to run denial-of-ser­vice (DDoS) attacks on web­sites. The same code, known as Lizard Stress­er or Stressed Out, was report­ed­ly used to run attacks on Sony’s PSN and Microsoft’s Xbox Live gam­ing net­works in Decem­ber 2014. Source: Wired

Driven to distraction

Min­neso­ta offi­cials say driver’s license infor­ma­tion on 18 res­i­dents was accessed after a pass­word-pro­tect­ed por­tal was inad­ver­tent­ly opened online. The Depart­ment of Pub­lic Safe­ty said the breach hap­pened when a serv­er update acci­den­tal­ly removed the authen­ti­ca­tion process to access the state’s driver’s license data­base. Two indi­vid­u­als used the por­tal 55 times from Aug. 2 through 24. The depart­ment says they’re send­ing let­ters to the 18 res­i­dents whose data was accessed. That infor­ma­tion includes pic­tures, names, address­es and dates of birth. The state says Social Secu­ri­ty num­bers weren’t involved in the breach. The faulty access site has been dis­abled. Source: KARE, Min­neapo­lis

Lack of contract delays OPM contact

sh_delay_260The 21.5 mil­lion fed­er­al employ­ees, con­trac­tors and oth­ers exposed in the Office of Per­son­nel Man­age­ment secu­ri­ty clear­ance data breach have yet to receive offi­cial noti­fi­ca­tion of their expo­sure, cred­it mon­i­tor­ing and oth­er iden­ti­ty pro­tec­tion ser­vices, and until a con­trac­tor gets the award for those ser­vices, they’ll con­tin­ue to wait. Ini­tial esti­mates said that a con­tract would be out by Aug. 21. The agen­cies charged with award­ing the con­tract for the noti­fi­ca­tion job—the Gen­er­al Ser­vices Admin­is­tra­tion and the Naval Sea Sys­tems Command—are miss­ing self-imposed dead­lines. Quo­ta­tions from ven­dors were due Aug. 14. Source: FCW.com

From the tool box

sh_Qualcomm Snapdragon_170Mobile chip­mak­ing giant Qual­comm is hop­ing to tamp down wor­ries about the Android ecosys­tem with Snap­drag­on Smart Pro­tect, which keeps tabs on how apps are behav­ing. The soft­ware only works for Android phones equipped with Qualcomm’s Snap­drag­on proces­sor. (With the excep­tion of Samsung’s lat­est phones, near­ly every high-end phone uses Snap­drag­on proces­sors.) It will be avail­able in Qualcomm’s upcom­ing Snap­drag­on 820 chip due out in Android phones some­time next year. Qual­comm is part­ner­ing with antivirus soft­ware devel­op­ers and phone mak­ers to take advan­tage of the prod­uct. So far, three antivirus app mak­ers have signed up for Smart Pro­tect: Look­out, AVG and Avast. Source: Qual­comm

States step up for students

sh_student records_280States are get­ting seri­ous about pro­tect­ing stu­dents’ pri­va­cy. The non­prof­it Data Qual­i­ty Cam­paign report­ed that 182 bills were intro­duced in 46 states this year, aim­ing to pro­tect stu­dent data. Of those, 15 states passed 28 laws. Geor­gia passed a bill in May that pro­hibits sell­ing stu­dents’ per­son­al data or using data to tar­get ads to stu­dents. Using the data to improve teach­ing or for com­pa­nies to improve how their soft­ware works is fine, accord­ing to the leg­is­la­tion. Some par­ents are ner­vous about the shad­ow of data that could fol­low stu­dents, includ­ing infor­ma­tion on social-emo­tion­al issues. Source: EdSurge