Hoping to clear up confusion in a snap

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Snapchat is respond­ing to fears that its lat­est update came with some unpleas­ant changes to its pri­va­cy pol­i­cy. After the social-media com­pa­ny prompt­ed users to review its new­ly rewrit­ten pol­i­cy, rumors cir­cu­lat­ed that the app would store user’s per­son­al pho­tos on its servers, and that it could share those pic­tures at will. Snapchat’s main func­tion is to give users a way to send pic­tures and videos that auto­mat­i­cal­ly “self-destruct” after being viewed. On Sun­day, Snapchat reas­sured users that their con­tent would not be stored. “The Snaps and Chats you send your friends remain as pri­vate today as they were before the update,” Snapchat said in a blog post. “Our Pri­va­cy Pol­i­cy con­tin­ues to say—as it did before—that those mes­sages ‘are auto­mat­i­cal­ly delet­ed from our servers once we detect that they have been viewed or have expired.’” Source: CBS News

Anonymous aims to make members of KKK not anonymous

sh_Ku Klux Klan_280Hack­tivist group Anony­mous has begun pub­lish­ing the per­son­al details of mem­bers of the Ku Klux Klan as its cam­paign of cyber war against the white suprema­cist group esca­lates. Anony­mous, the amor­phous online activist col­lec­tive, last week promised to reveal the iden­ti­ty of 1,000 mem­bers of the KKK after com­ing into pos­ses­sion of the pri­vate infor­ma­tion through a com­pro­mised Twit­ter account asso­ci­at­ed with the group. The details include email address­es and phone num­bers that the hack­tivist group claims belong to mem­bers of the KKK. So far, Anony­mous hack­ers have pub­lished four sep­a­rate list­ings on text-shar­ing web­site Paste­bin, includ­ing 57 phone num­bers and 23 email address­es. There has been no ver­i­fi­ca­tion of the details yet, but Anony­mous has vowed to reveal the full iden­ti­ties of up to 1,000 mem­bers of the KKK by Thurs­day, to coin­cide with the group’s glob­al protest move­ment, called the Mil­lion Mask March. Source: Inter­na­tion­al Busi­ness Times

A life lived under a cloud

The night­mare that ruined Mar­cus Calvillo’s life start­ed when he was a teenag­er and was wrong­ly accused of writ­ing bad checks. His driver’s license was revoked for unpaid traf­fic tick­ets he nev­er got. Then he got fired from his job as a cable installer. Today, the 45-year-old Tex­an can’t keep a job, pay his bills or sup­port his chil­dren. But a case in fed­er­al court in Kansas is offer­ing him hope of clear­ing his name, after fed­er­al pros­e­cu­tors charged a con­vict­ed child sex offend­er with assum­ing Calvillo’s iden­ti­ty. “My whole life has been put on hold because of this per­son,” Calvil­lo said. His case illus­trates the fall­out of “total iden­ti­ty theft,” in which con artists go beyond finan­cial fraud. Pros­e­cu­tors say undoc­u­ment­ed work­ers can use the iden­ti­ties of U.S. cit­i­zens for years—entangling employ­ment records, crim­i­nal his­to­ries, cred­it, gov­ern­ment ben­e­fit accounts, and even health infor­ma­tion. When the man who assumed Calvillo’s iden­ti­ty had his first run-in with law enforce­ment, his fin­ger­prints became linked to Calvillo’s name in crime data­bas­es. So did his con­vic­tions for inde­cent lib­er­ties with a child, bribery, drug offens­es and oth­ers. Calvil­lo was in his 20s when he learned his iden­ti­ty had been hijacked by a sex offend­er. After being turned down for numer­ous jobs, Calvil­lo demand­ed that the clerk explain why he wouldn’t be hired—prompting her to high­light the crimes on his back­ground check. To set Calvillo’s record straight, fed­er­al pros­e­cu­tors plan to go back to the coun­ties where the alleged impos­tor was con­vict­ed and seek to cor­rect the defendant’s name. Source: Claims Jour­nal

So far, so good? OPM data still not for sale

sh_black market_280Data stolen in a breach of the Office of Per­son­nel Man­age­ment has not shown up on the black mar­ket, a sign that a for­eign gov­ern­ment launched the attack, a researcher with U.S. cyber­se­cu­ri­ty firm Fire­Eye said. No cred­i­ble report­ing shows the data on more than 21 mil­lion Amer­i­cans was for sale, Richard Bejtlich, chief secu­ri­ty strate­gist at Fire­Eye said, not­ing that indi­vid­ual hack­ers tend to quick­ly sell stolen data. U.S. offi­cials have linked the breach, which was dis­closed in June, to hack­ers in Chi­na, but have not for­mal­ly iden­ti­fied the source of the attack. “Every­thing points to this being a nation-state attack, Bejtlich said. “It’s not the same as when some­one steals cred­it cards from a major retail­er and they’re for sale on the black mar­ket with­in days, and they’re adver­tised as being fresh, and here are the lim­its.” Source: NBC News

Coverage gets a new look, and it’s still changing

Insur­ers’ expe­ri­ence with data breach claims is chang­ing the way cyber cov­er­age is under­writ­ten. “We’re always try­ing to learn from our experience—and even bet­ter if we can learn from some­one else’s expe­ri­ence,” says Tim Fran­cis, enter­prise lead for Cyber insur­ance at Trav­el­ers. He said Trav­el­ers is focused on the dif­fer­ences among indus­tries and dif­fer­ent-size com­pa­nies with­in those indus­tries. “In the past, we asked the same sets of ques­tions to all cus­tomers,” he says. “Now, in many cas­es we’re actu­al­ly ask­ing few­er ques­tions, but those ques­tions are tar­get­ed to the expo­sure that class or size of busi­ness has.” For exam­ple, in the hack­er-tar­get­ed retail sec­tor, under­writ­ers are look­ing more deeply at point-of-sale sys­tems and oth­er tech­nolo­gies that store cus­tomer data. “Under­writ­ers look at whether sen­si­tive data is stored, how much data is stored, and how it is stored. They are look­ing into retail­ers’ sys­tems to be sure they have state-of-the-art secu­ri­ty in place,” says William Boeck, senior vice pres­i­dent and claims coun­sel at Lock­ton. Anoth­er dif­fer­ence between the under­writ­ing envi­ron­ment of today and just a few years ago is that com­pa­nies are employ­ing spe­cial­ists in tech­nol­o­gy. “Insur­ers that have not added staff with that spe­cial­iza­tion are using third par­ties to help them,” Boeck says. Source: Prop­er­ty Casu­al­ty 360

Paging some publishers: You’ve been hacked

sh_books_280Anti-block­ing firm Page­Fair, which works with about 3,000 pub­lish­ers, was hacked over the week­end, leav­ing vis­i­tors to 501 pub­lish­ers’ sites vul­ner­a­ble to mal­ware attacks. Any­one vis­it­ing one of these sites from a Win­dows com­put­er on Sat­ur­day evening would have been vul­ner­a­ble, though only if they clicked on what looked like an Adobe Flash update. If they did, they would have down­loaded mal­ware direct­ly to their com­put­er. In a blog post called “The Core Facts,” which went up Sun­day, CEO Sean Blanch­field explained the com­pa­ny noticed the breach almost imme­di­ate­ly, though it took more that 80 min­utes to shut it down. “If you are a pub­lish­er using our free ana­lyt­ics ser­vice, you have good rea­son to be very angry and dis­ap­point­ed with us right now,” he wrote. Source: Digi­day

No calls, please; schools’ phones are iffy

The Salt Lake City School Dis­trict phone sys­tem is work­ing after offi­cials said a cyber hack took down phone and online sys­tems Mon­day. “Our dis­trict net­work was the tar­get of a cyber attack where thou­sands of exter­nal sys­tems coor­di­nat­ed to access our sys­tem at the same time. This attack is still affect­ing both sys­tems,” a state­ment said. School offi­cials said par­ents’ and stu­dents’ data has not been com­pro­mised. Tech­ni­cians are work­ing to restore the ser­vices, includ­ing Pow­er­school Par­ent and Stu­dent Por­tals, as soon as pos­si­ble. Offi­cials said par­ents should con­tact the dis­trict by email until the issues are resolved. Source: KSTU, Salt Lake City

Sell, and sell alike

The State Department’s Defense Trade Advi­so­ry Group (DTAG) met to dis­cuss the clas­si­fi­ca­tion of “cyber prod­ucts” and rec­om­mend­ed against adding new ones to the muni­tions list. Sev­er­al cyber prod­ucts are cur­rent­ly on the muni­tions list, such as equip­ment designed or mod­i­fied to use cryp­to­graph­ic tech­niques to gen­er­ate spread­ing code, burst tech­niques, and infor­ma­tion secu­ri­ty to sup­press the com­pro­mis­ing ema­na­tions of infor­ma­tion-bear­ing sig­nals. DTAG is an advi­so­ry pan­el of pri­vate-sec­tor defense exporters and defense trade spe­cial­ists. Mem­ber Rebec­ca Conover, Intel’s export com­pli­ance pro­gram man­ag­er, said, “We do think that it would be a neg­a­tive impact to add more con­trols on cyber prod­ucts.” If the State Depart­ment fol­lows the rec­om­men­da­tions, it might make it eas­i­er for tech­nol­o­gy com­pa­nies to expand into in Chi­na, Rus­sia and Iran, among oth­er loca­tions. Source: SC mag­a­zine

Airman, we really want you to stay

sh_air force_280The Air Force added cyber war­fare oper­a­tions to its list of career fields eli­gi­ble for spe­cial duty pay. Air­men in the 1B4X1 cyber­space defense oper­a­tions career field can get paid an extra $150 per month if they’ve been on the job for six to 12 months, or $225 month­ly if they’ve been in that job more than a year.  “We use this pro­gram to ensure the Air Force is attract­ing the right peo­ple for these high-demand spe­cial­ties and appro­pri­ate­ly com­pen­sate them based on the com­plex­i­ty, dif­fi­cul­ty and degree of respon­si­bil­i­ty required of their duties,” Brig. Gen. Bri­an Kel­ly, direc­tor of mil­i­tary force man­age­ment pol­i­cy, said in a state­ment. Source: Air Force Times

Safety first, small businesses told

Small and medi­um-size busi­ness­es in the Unit­ed King­dom are being asked to prove their cyber cre­den­tials to most pro­cure­ment man­agers, who say they would con­sid­er leav­ing a sup­pli­er if they suf­fered a data breach. Accord­ing to new fig­ures pub­lished by KPMG, 70 per­cent say that such busi­ness­es could do more to pro­tect client data. “Cyber­se­cu­ri­ty is not just a tech­ni­cal issue any­more; it has become a busi­ness crit­i­cal issue,” said George Quigley, part­ner in KPMG’s cyber secu­ri­ty prac­tice. “Larg­er com­pa­nies are plac­ing an increased empha­sis on the cyber­se­cu­ri­ty of their sup­pli­ers and increas­ing­ly the onus is on (small­er busi­ness­es) to show that they are tack­ling this issue head on.” Source: Com­put­er Busi­ness Review