If you don’t want that Facebook post seen, act now

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Facebook’s search feature now will let people explore all public posts on the world’s largest social network—that’s 2 trillion pieces of searchable content. As Facebook Vice President of Search Tom Stocky explained in a post, Facebook is rolling out universal search across the entire network. “When something happens in the world, people often turn to Facebook to see how their friends and family are reacting,” he wrote. “We’re updating Facebook Search so that in addition to friends and family, you can find out what the world is saying about topics that matter to you.” You won’t be able to see updates that aren’t public unless they’ve specifically been shared with you. But posts that were relatively private because they weren’t easily findable are now truly public. With universal search, Facebook has removed “privacy by obscurity”—which means that you should double-check your privacy settings each time you post. Source: The Huffington Post

Taking a bit of the sting out of stingray spying

sh_homeland security_280The Department of Homeland Security has released its own stingray requirements, requiring agents to get a warrant before deploying the surveillance tool as part of criminal investigations. This new policy comes more than a month after the Department of Justice released a similar policy. Not only can stingrays be used to determine location by spoofing a cell tower, but in some cases, they also can be used to intercept calls and text messages. Once deployed, the devices intercept data from a target phone as well as information from other phones within the vicinity. The new rules will apply to DHS, as well as agencies that fall under its umbrella, such as the Secret Service, Customs and Border Protection, Immigration and Customs Enforcement. DHS official said that the Secret Service uses the technology as part of its “protective mission”—making sure the president and other dignitaries are not assassinated. That’s believed to be the first time the Secret Service has explicitly acknowledged its use of the devices. Chris Soghoian, a technologist at the American Civil Liberties Union and a longtime stingray watcher, said he felt vindicated. Source: Ars Technica

The FBI is on the CIA case

The FBI and Secret Service have opened criminal inquiries into the hacking of a private email account used by CIA Director John Brennan and his family, the FBI said. The investigations followed the posting on social media earlier this week by the hackers of data stolen from an AOL account. Intelligence officials said the account was used by Brennan and his family, but was not used to transmit or store government secrets. Material from the Brennan account was published by a hacker who called himself “Cracka” and said he was working with a group called CWA, or Crackas With Attitude. It included email contact addresses, some of which were out of date, and the Social Security numbers and personal information of U.S. intelligence officials. Source: Reuters

Buying up security with an eye on future

sh_microsoft_280Microsoft is set to buy Israeli cybersecurity company Secure Islands for $100 million to $150 million. Secure Islands has developed technology that allows the tracking of an organization’s documents throughout the Web and protecting unstructured data throughout its life cycle—from content creation through collaboration to storage. Unlike traditional solutions that deal mainly with the perimeter, and focus only on entry and exit points, Secure Island’s product, IQProtector, offers data immunization on each file, to provide protection for sensitive data whether it is at rest, in motion or in use. Source: The Jerusalem Post

We’re more cautious online

A survey from the University of Phoenix found that 74 percent of U.S. adults have changed their online behavior as attacks on large retailers become more frequent. “We are glad there is an increased awareness, but people have to know that security is layered,” said Wael Yousif, a cybersecurity expert who chairs Valencia College’s network engineering program. “You have to be able to protect yourself on so many fronts. Technology is involved in every aspect of your life.” According to the poll, which surveyed 2,028 U.S. adults in September, 46 percent of people do not conduct financial transactions on shared computers. In addition, 35 percent say they change their passwords more often, don’t use public Wi-Fi or don’t give out personal information online. Source: The Orlando Sentinel

Standards and practices still in development

sh_price war_280There is no standard cyber-insurance policy, but they share the common characteristic of covering Internet-based risks. Within that broad category, policies can provide coverage for a range of losses, from direct and expected harms, such as first-party liability associated with lost or destroyed data, to further attenuated damages, such as the reputational injury brought about by a breach. A heightened sense of vulnerability and the realization that existing commercial general liability policies exclude cyber losses has seen the takeup rate at relevant firms rise to 52 percent, says insurance consultancy Advisen. But there are obstacles: capacity; underwriting experience; and regulatory interest. The Federal Insurance Office, a U.S. Treasury Department advisory office established by the Dodd-Frank Consumer Protection Act, reported there is a need for policies with $1 billion coverage limits. That’s double the current highest-limit cyber insurance policies. Among competitively priced products, limits tend to hover between $100 and $200 million. There is a limited pool of actuarial experience with cyber losses, which leaves underwriters struggling to price the product. Source: R Street

CISA sees some action, at last

A long-stalled cybersecurity bill cleared its first procedural hurdle in the Senate, which voted 83-14 to end debate on a major package of amendments to the Cybersecurity Information Sharing Act (CISA). The bill gives companies incentives to share cyber threat data with the government. It still faces other procedural votes—and likely more days of debate—before it gets to a final vote, but Thursday’s move was the first serious step forward for CISA after months of false starts. “We have been at this for six years,” said Sen. Dianne Feinstein, D-Calif., a CISA co-sponsor, just before the vote. “This is the third bill. We have been bipartisan.” The manager’s amendment, from Feinstein and CISA co-sponsor Sen. Richard Burr, R-N.C., is meant to mitigate some privacy and surveillance fears that have kept CISA off the Senate floor for so long. The package is expected to be adopted by the Senate. Source: The Hill

Sprint becomes a marathon for government agencies

sh_digital footprint_280A follow-up plan to the two-factor authentication “cyber sprint” mandated this summer by U.S. CIO Tony Scott will be a broad, comprehensive strategy for implementing additional security measures, says Chris DeRusha, a senior analyst in OMB’s Cyber and National Security Unit. It will contain more threat indicators—the code signatures left behind by cyber intruders—than were uncovered during the initial sprint, DeRusha said at a meeting of the Information Security and Privacy Advisory Board at the National Institute of Standards and Technology. “CSIP will contain more guidance, but the sprint focused on the ones we knew we needed to know about,” he said. The new plan “will close a lot of policy and security gaps” that pose longer-term threats. “Post-sprint, CSIP will focus on gaps that will take more time to close.” Source: FCW

Better spread the word about scams

The online Scam Tracker, powered by the Better Business Bureau, lets victims warn others about the bad guys. Each scam report is verified before it’s posted. Debt collections, lottery, tech support, it’s all there. You can search for scams via location, date or name. “I wouldn’t even know who to report that to,” said Lucas Griffin, who recently got a bogus call saying he had won a BMW. He happens to work for a BMW racing team, so he knew it was a fake. Tammy Dankovich with the BBB, says consumers’ help in warning others through the Scam Tracker is crucial. “It gives the pulse of being able to locally see how many different people are getting called about a particular scam and being able to get that word out to media, law enforcement and our businesses, our consumers, as fast as we can,” Dankovich said. Source: WSPA, Charleston, S.C.

Talk isn’t cheap after hack

TalkTalk logo_280Police are investigating after a “significant and sustained cyber-attack” on the TalkTalk website, the U.K. company confirmed. The phone and broadband provider, which has more than 4 million customers in the United Kingdom, said credit card and bank details could have been accessed. The Metropolitan Police Cyber Crime Unit is investigating the attack. It is the second time the company has been targeted by hackers this year. Source: BBC