If you don’t want that Facebook post seen, act now

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Facebook’s search fea­ture now will let peo­ple explore all pub­lic posts on the world’s largest social network—that’s 2 tril­lion pieces of search­able con­tent. As Face­book Vice Pres­i­dent of Search Tom Stocky explained in a post, Face­book is rolling out uni­ver­sal search across the entire net­work. “When some­thing hap­pens in the world, peo­ple often turn to Face­book to see how their friends and fam­i­ly are react­ing,” he wrote. “We’re updat­ing Face­book Search so that in addi­tion to friends and fam­i­ly, you can find out what the world is say­ing about top­ics that mat­ter to you.” You won’t be able to see updates that aren’t pub­lic unless they’ve specif­i­cal­ly been shared with you. But posts that were rel­a­tive­ly pri­vate because they weren’t eas­i­ly find­able are now tru­ly pub­lic. With uni­ver­sal search, Face­book has removed “pri­va­cy by obscurity”—which means that you should dou­ble-check your pri­va­cy set­tings each time you post. Source: The Huff­in­g­ton Post

Taking a bit of the sting out of stingray spying

sh_homeland security_280The Depart­ment of Home­land Secu­ri­ty has released its own stingray require­ments, requir­ing agents to get a war­rant before deploy­ing the sur­veil­lance tool as part of crim­i­nal inves­ti­ga­tions. This new pol­i­cy comes more than a month after the Depart­ment of Jus­tice released a sim­i­lar pol­i­cy. Not only can stingrays be used to deter­mine loca­tion by spoof­ing a cell tow­er, but in some cas­es, they also can be used to inter­cept calls and text mes­sages. Once deployed, the devices inter­cept data from a tar­get phone as well as infor­ma­tion from oth­er phones with­in the vicin­i­ty. The new rules will apply to DHS, as well as agen­cies that fall under its umbrel­la, such as the Secret Ser­vice, Cus­toms and Bor­der Pro­tec­tion, Immi­gra­tion and Cus­toms Enforce­ment. DHS offi­cial said that the Secret Ser­vice uses the tech­nol­o­gy as part of its “pro­tec­tive mission”—making sure the pres­i­dent and oth­er dig­ni­taries are not assas­si­nat­ed. That’s believed to be the first time the Secret Ser­vice has explic­it­ly acknowl­edged its use of the devices. Chris Soghoian, a tech­nol­o­gist at the Amer­i­can Civ­il Lib­er­ties Union and a long­time stingray watch­er, said he felt vin­di­cat­ed. Source: Ars Tech­ni­ca

The FBI is on the CIA case

The FBI and Secret Ser­vice have opened crim­i­nal inquiries into the hack­ing of a pri­vate email account used by CIA Direc­tor John Bren­nan and his fam­i­ly, the FBI said. The inves­ti­ga­tions fol­lowed the post­ing on social media ear­li­er this week by the hack­ers of data stolen from an AOL account. Intel­li­gence offi­cials said the account was used by Bren­nan and his fam­i­ly, but was not used to trans­mit or store gov­ern­ment secrets. Mate­r­i­al from the Bren­nan account was pub­lished by a hack­er who called him­self “Crac­ka” and said he was work­ing with a group called CWA, or Crackas With Atti­tude. It includ­ed email con­tact address­es, some of which were out of date, and the Social Secu­ri­ty num­bers and per­son­al infor­ma­tion of U.S. intel­li­gence offi­cials. Source: Reuters

Buying up security with an eye on future

sh_microsoft_280Microsoft is set to buy Israeli cyber­se­cu­ri­ty com­pa­ny Secure Islands for $100 mil­lion to $150 mil­lion. Secure Islands has devel­oped tech­nol­o­gy that allows the track­ing of an organization’s doc­u­ments through­out the Web and pro­tect­ing unstruc­tured data through­out its life cycle—from con­tent cre­ation through col­lab­o­ra­tion to stor­age. Unlike tra­di­tion­al solu­tions that deal main­ly with the perime­ter, and focus only on entry and exit points, Secure Island’s prod­uct, IQPro­tec­tor, offers data immu­niza­tion on each file, to pro­vide pro­tec­tion for sen­si­tive data whether it is at rest, in motion or in use. Source: The Jerusalem Post

We’re more cautious online

A sur­vey from the Uni­ver­si­ty of Phoenix found that 74 per­cent of U.S. adults have changed their online behav­ior as attacks on large retail­ers become more fre­quent. “We are glad there is an increased aware­ness, but peo­ple have to know that secu­ri­ty is lay­ered,” said Wael Yousif, a cyber­se­cu­ri­ty expert who chairs Valen­cia College’s net­work engi­neer­ing pro­gram. “You have to be able to pro­tect your­self on so many fronts. Tech­nol­o­gy is involved in every aspect of your life.” Accord­ing to the poll, which sur­veyed 2,028 U.S. adults in Sep­tem­ber, 46 per­cent of peo­ple do not con­duct finan­cial trans­ac­tions on shared com­put­ers. In addi­tion, 35 per­cent say they change their pass­words more often, don’t use pub­lic Wi-Fi or don’t give out per­son­al infor­ma­tion online. Source: The Orlan­do Sentinel

Standards and practices still in development

sh_price war_280There is no stan­dard cyber-insur­ance pol­i­cy, but they share the com­mon char­ac­ter­is­tic of cov­er­ing Inter­net-based risks. With­in that broad cat­e­go­ry, poli­cies can pro­vide cov­er­age for a range of loss­es, from direct and expect­ed harms, such as first-par­ty lia­bil­i­ty asso­ci­at­ed with lost or destroyed data, to fur­ther atten­u­at­ed dam­ages, such as the rep­u­ta­tion­al injury brought about by a breach. A height­ened sense of vul­ner­a­bil­i­ty and the real­iza­tion that exist­ing com­mer­cial gen­er­al lia­bil­i­ty poli­cies exclude cyber loss­es has seen the take­up rate at rel­e­vant firms rise to 52 per­cent, says insur­ance con­sul­tan­cy Advisen. But there are obsta­cles: capac­i­ty; under­writ­ing expe­ri­ence; and reg­u­la­to­ry inter­est. The Fed­er­al Insur­ance Office, a U.S. Trea­sury Depart­ment advi­so­ry office estab­lished by the Dodd-Frank Con­sumer Pro­tec­tion Act, report­ed there is a need for poli­cies with $1 bil­lion cov­er­age lim­its. That’s dou­ble the cur­rent high­est-lim­it cyber insur­ance poli­cies. Among com­pet­i­tive­ly priced prod­ucts, lim­its tend to hov­er between $100 and $200 mil­lion. There is a lim­it­ed pool of actu­ar­i­al expe­ri­ence with cyber loss­es, which leaves under­writ­ers strug­gling to price the prod­uct. Source: R Street

CISA sees some action, at last

A long-stalled cyber­se­cu­ri­ty bill cleared its first pro­ce­dur­al hur­dle in the Sen­ate, which vot­ed 83–14 to end debate on a major pack­age of amend­ments to the Cyber­se­cu­ri­ty Infor­ma­tion Shar­ing Act (CISA). The bill gives com­pa­nies incen­tives to share cyber threat data with the gov­ern­ment. It still faces oth­er pro­ce­dur­al votes—and like­ly more days of debate—before it gets to a final vote, but Thursday’s move was the first seri­ous step for­ward for CISA after months of false starts. “We have been at this for six years,” said Sen. Dianne Fein­stein, D-Calif., a CISA co-spon­sor, just before the vote. “This is the third bill. We have been bipar­ti­san.” The manager’s amend­ment, from Fein­stein and CISA co-spon­sor Sen. Richard Burr, R-N.C., is meant to mit­i­gate some pri­va­cy and sur­veil­lance fears that have kept CISA off the Sen­ate floor for so long. The pack­age is expect­ed to be adopt­ed by the Sen­ate. Source: The Hill

Sprint becomes a marathon for government agencies

sh_digital footprint_280A fol­low-up plan to the two-fac­tor authen­ti­ca­tion “cyber sprint” man­dat­ed this sum­mer by U.S. CIO Tony Scott will be a broad, com­pre­hen­sive strat­e­gy for imple­ment­ing addi­tion­al secu­ri­ty mea­sures, says Chris DeRusha, a senior ana­lyst in OMB’s Cyber and Nation­al Secu­ri­ty Unit. It will con­tain more threat indicators—the code sig­na­tures left behind by cyber intruders—than were uncov­ered dur­ing the ini­tial sprint, DeRusha said at a meet­ing of the Infor­ma­tion Secu­ri­ty and Pri­va­cy Advi­so­ry Board at the Nation­al Insti­tute of Stan­dards and Tech­nol­o­gy. “CSIP will con­tain more guid­ance, but the sprint focused on the ones we knew we need­ed to know about,” he said. The new plan “will close a lot of pol­i­cy and secu­ri­ty gaps” that pose longer-term threats. “Post-sprint, CSIP will focus on gaps that will take more time to close.” Source: FCW

Better spread the word about scams

The online Scam Track­er, pow­ered by the Bet­ter Busi­ness Bureau, lets vic­tims warn oth­ers about the bad guys. Each scam report is ver­i­fied before it’s post­ed. Debt col­lec­tions, lot­tery, tech sup­port, it’s all there. You can search for scams via loca­tion, date or name. “I wouldn’t even know who to report that to,” said Lucas Grif­fin, who recent­ly got a bogus call say­ing he had won a BMW. He hap­pens to work for a BMW rac­ing team, so he knew it was a fake. Tam­my Dankovich with the BBB, says con­sumers’ help in warn­ing oth­ers through the Scam Track­er is cru­cial. “It gives the pulse of being able to local­ly see how many dif­fer­ent peo­ple are get­ting called about a par­tic­u­lar scam and being able to get that word out to media, law enforce­ment and our busi­ness­es, our con­sumers, as fast as we can,” Dankovich said. Source: WSPA, Charleston, S.C.

Talk isn’t cheap after hack

TalkTalk logo_280Police are inves­ti­gat­ing after a “sig­nif­i­cant and sus­tained cyber-attack” on the Talk­Talk web­site, the U.K. com­pa­ny con­firmed. The phone and broad­band provider, which has more than 4 mil­lion cus­tomers in the Unit­ed King­dom, said cred­it card and bank details could have been accessed. The Met­ro­pol­i­tan Police Cyber Crime Unit is inves­ti­gat­ing the attack. It is the sec­ond time the com­pa­ny has been tar­get­ed by hack­ers this year. Source: BBC