Pete Recommends – weekly highlights on cyber security issues – April 29 2018

Subject: Bitcoin (BTC): The Real Purpose of Cryptocurrency
Source: InvestorPlace

For many people the purpose of cryptocurrencies, like Bitcoin (BTC), has always been a mystery. There is no such thing as a Bitcoin “coin”. It is shown as a coin because that’s a useful analogy. But it’s an encryption key, one of roughly 21 million answers to an intricate computer puzzle, that can only exist on a computer supporting the currency’s blockchain. What can you do with it? You can buy an Initial Coin Offering (ICO), but most ICOs fail. The joke is you can buy pizza with it. The “Bitcoin Pizza,” bought with 10,000 coins in 2010, is now worth over $82 million. It was once assumed you could run away from the law with it, but that’s no longer true, as law enforcement has learned how to break the currency’s supposed anonymity.

Fleeing Failure – The best use of Bitcoin is fleeing a failing economy. But coins, real and imagined, aren’t the only stores of value. Oil is also a store of value. Oil bulls are now predicting a price of $100 per barrel. Unfortunately, a Russian oligarch can’t just leave the country with barrels of the gooey burnable under his arms. It would be messy. What has happened, instead, is that the price of the ruble has stabilized and so (coincidentally) has Bitcoin.

The Bottom Line on Bitcoin – Two economists recently got drunk together and calculated the “real” value of a Bitcoin at $200.
That’s not true. A Bitcoin is worth what someone will pay for it, just as anything is worth only what someone will pay for it. There are often “Bitcoin premiums” when a country’s traders can’t easily meet demand. This happened last year in Zimbabwe and (curiously enough) South Korea.

Subject: The RISKS Digest Volume 30 Issue 66
Source: Forum on Risks to the Public in Computers and Related Systems

Don’t Blame Me for Facebook’s Privacy Crisis – via New Scientist – Mark Zuckerberg wonders what is going on at Cambridge University – I can tell him, but he won’t like what privacy researchers have found, says Ross Anderson.

“Mark Zuckerberg has tried to deflect blame for Facebook’s privacy crisis by pointing the finger at my university. “We do need to understand whether there was something bad going on in Cambridge University overall, that will require a stronger action from us,” he told the US Senate this week. There is a short answer to that, and a deeper one. The short answer is that when Aleksandr Kogan, the researcher whose “This Is Your Digital Life” app is at the heart of the current row, applied to use the data collected by his company in university research, our ethics committees turned him down flat. The reason? While the people who installed his app had consented to their data being used in research, their Facebook “friends” had not…”

Subject: Facebook and Cambridge Analytica
Source: via CRYPTO-GRAM – Schneier on Security – Bruce Schneier, March 28, 2018

In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos, things we type and delete without posting, and things we do while not on Facebook and even when we’re offline. It buys data about us from others. And it can infer even more: our sexual orientation, political beliefs, relationship status, drug use, and other personality traits—even if we didn’t take the
personality test that Cambridge Analytica developed. But for every article about Facebook’s creepy stalker behavior, thousands of their companies are breathing a collective sigh of relief that it’s Facebook and not them in the spotlight. Because while Facebook is one of the biggest players in this space, there are thousands of other companies that spy on and manipulate us for profit.

Subject: Enigma machine collection recalls computer science victory
Source: Tribune-Review (Trib LIVE) via The Republic

PITTSBURGH — Carnegie Mellon University will hire a researcher from the Library of Congress to help it decode a collection that includes two WWII German Enigma machines. The university wants to encourage the study of 19th and 20th century computers, calculators, encryption machines and other materials related to the history of computer science.

“When we look back and we see this, we see who we remember,” Andrew Moore, dean of CMU’s School of Computer Science, said, adding his students are increasingly asking for courses about the history of the field. “We see people who took technology to save lives and save the world.”

Subject: Five myths about internet privacy where nothing is what is seems to be
Source: Special for USA Today via beSpacific

You have precious little privacy on the web – whether you are browsing, using Facebook or Gmail, public WiFi, disk cleaning applications, or using the same “strong” passwords on multiple sites. USAToday reports – Many of us think we’re taking the right precautions, when in fact we’re putting our info at risk. The following are five such misconceptions, the truth behind them, and what to do about it…”

More: Why you should think twice before you ‘sign in with Facebook
More:7 steps for crafting the perfect password

Subject: Cybersecurity: DHS Needs to Enhance Efforts to Improve and Promote the Security of Federal and Private-Sector Networks
Source: U.S. Government Accountability Office (GAO)

What GAO Found – In recent years, the Department of Homeland Security (DHS) has acted to improve and promote the cybersecurity of federal and private-sector computer systems and networks, but further improvements are needed. Specifically, consistent with its statutory authorities, DHS has made important progress in implementing programs and activities that are intended to mitigate cybersecurity risks on the computer systems and networks supporting federal operations and our nation’s critical infrastructure. For example, the department has: provided limited intrusion detection and prevention capabilities to entities across the federal government; issued cybersecurity related binding operational directives to federal agencies; served as the federal-civilian interface for sharing cybersecurity related information with federal and nonfederal entities; promoted the use of the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity; and partially assessed its cybersecurity workforce.

Other topics/articles on InfoSec:

Lots of RSS feeds by topic:

Subject: Amazon Map Tracking allows shoppers to track delivery drivers
Source: Business Insider

  • Amazon Map Tracking allows shoppers to track the location of delivery drivers in real time, Amazon told Business Insider.
  • The tool tells shoppers how many stops drivers have remaining on their routes before their package is delivered.
  • Amazon quietly rolled out map tracking in November. It’s now available for all packages delivered by Amazon in the US.
  • Many shoppers love the new tool, though some have called it “creepy.”

Subject: Government Leads Major Industries In Email Security
Source: NextGov via beSpacific

NextGov: The federal government is now using anti-phishing security on its emails at a higher rate than any major industry sector, according to a report released Thursday. The study from the email security firm ValiMail comes roughly six months after the Homeland Security Department mandated the email security tool called DMARC for all federal agencies. As of the first quarter of 2018, 68 percent of federal government email domains had the tool installed compared with only 50 percent of tech sector domains, 36 percent of bank domains, and 26 percent of health care sector domains. The lowest adoption was among media companies where only 13 percent of email domains used DMARC. That’s a big change from the final quarter of 2017, before the Homeland Security deadline, when government was near the bottom of the list with about 19 percent adoption. ValiMail CEO Alexander Garcia-Tobar described that shift as evidence that “a well-thought-out, carefully crafted directive” can “be incredibly effective in turning a lagging sector into a leading one” when it comes to email security…

Subject: What’s the best email service that doesn’t scan emails for ad-targeting?
Source: The Guardian – Technology

Free email services are usually paid for by showing you advertisements. Some email services scan your emails in order to show you personalised or targeted ads. You could argue that that’s a benefit, because you’ll see ads in which you might have some interest. You could also argue that your emails are private, so it’s an invasion of privacy. Either way, it’s different from scanning your emails to stop viruses and phishing attempts, which nobody wants to stop. There are several options, but the problem is bigger than you may think, and likely to get worse.

Posted in: Blockchain, Cybercrime, Cyberlaw, Cybersecurity, Email, Email Security, Privacy