Pete Recommends – Weekly highlights on cyber security issues September 29 2018

Editor’s Preface: Many of these columns by Pete Weiss reference RSS feeds that he identified on each respective web site that he is highlighting, or via his expert research.  To learn more about the value of using RSS, please see Pete’s LLRX article on this topic – What is RSS and How to Use it Effectively.

Subject: Paycheck direct deposits in online accounts targeted for theft: FBI
Source: FBI via Detroit Free Press via USA Today – Money
https://www.usatoday.com/story/money/columnist/tompor/2018/09/22/direct-deposit-paycheck-scam-cyberscam/1361583002/

According to the latest alert from the FBI, cybercriminals have been targeting online payroll accounts at school districts, universities, hospitals and commercial airway transportation.  Yet scammers have been known to target all types of businesses using all types of payroll providers, according to a report last year in PYMTS.com. In some cases, employers discover the payroll-related scam only when employees start complaining that they did not receive their money via direct deposit.

NB IC3 News
https://www.ic3.gov/media/default.aspx
RSS feed:
https://www.ic3.gov/rss/news.xml

PYMNTS.com News:
https://www.pymnts.com/news/
RSS feed:
https://www.pymnts.com/feed/


Subject: Be careful about what you post on social media
Source: Yahoo!
https://www.yahoo.com/news/daily-digit-looking-job-careful-post-social-media-162030047.html

Daily Digit is the story behind the numbers that make our world work. Today we’re looking at social media posts. A new study finds 70% of employers check a candidate’s social media accounts before hiring. While LinkedIn seems like the most logical site to peruse, employers head to Facebook more often. The study found that’s because Facebook often has the most incriminating information. Among the top disqualifying factors were excessive partying, poor grammar, illegal drug use and racist posts. On the flip side, 60% of job seekers look up the profile of their interviewer. However, 79% of those reported that their discoveries did not stop them from accepting the job. Maybe it’s time to make your profiles private and delete those embarrassing posts.

[maybe we need virtual social network profiles — the kind we give to employers? or the boarder agents? /pmw1]


Subject: HBR – Uninformed Consent
Source: Harvard Business Review via beSpacific
https://www.bespacific.com/hbr-uninformed-consent/

Harvard Business Review – Companies want access to more and more of your personal data — from where you are to what’s in your DNA. Can they unlock its value without triggering a privacy backlash?

Leslie K. John – Marvin Bower associate professor of business administration at Harvard Business School: “…Technology has advanced far beyond the browser cookies and retargeting that allow ads to follow us around the internet.

A dominant web business model today is to amass as much data on individuals as possible and then use it or sell it — to target or persuade, reward or penalize. The internet has become a surveillance economy. What’s more, the rise of data science has made the information collected much more powerful, allowing companies to build remarkably detailed profiles of individuals.

beSpacific summary tags:
Subjects: AI, E-Commerce, E-Records, EU Data Protection, Health Care, Internet, Legal Research, Marketing, Privacy, Social Media

[of course, all have RSS feeds]


Subject: Google Chrome changed login requirements, says Matthew Green
Source: Business Insider
https://www.businessinsider.com/google-chrome-changed-login-requirements-matthew-green-2018-9

  • A security expert has discovered that Google had quietly made important changes to Chrome’s login requirements.
  • Matthew Green spotted that Google was logging them into Chrome without their knowledge.
  • Google’s changes also made it easier for users to unwittingly turn over their browsing history to Google.
  • The company acknowledged the changes late on Sunday, but stressed that users needed to consent to a sync before their browser data was transferred.

For years, Google has given Chrome users the option of surfing the web without logging in. But on Sunday, a security expert wrote that Google had quietly changed the requirements so when users login into a Google service, such as Gmail, Chrome will automatically sign the browser into their account without consent.


Subject: Cybersecurity – Topics
Source: Lawfare
https://www.lawfareblog.com/topic/cybersecurity

Each topic has its own RSS feed
https://www.lawfareblog.com/taxonomy/term/5798/all/feed

Find out about Lawfare:
https://www.lawfareblog.com/about-lawfare-brief-history-term-and-site

See all topics:
https://www.lawfareblog.com/topics


Subject: Password-less Trello, Google Docs Left. U.N. Data Accessible to All
Source: Digital Trends
https://www.digitaltrends.com/computing/trello-google-docs-un/

Secretive documents related to the United Nations were left vulnerable to unauthorized access by anyone who stumbled upon the right link, after Trello, Jira, and Google Docs accounts were left improperly configured by staffers. The security gaffe left passwords, organizational documents, and security plans belonging to governments of the United Kingdom and Canada open to the web.

Maybe they should have read our guide on how to use Google Docs.

Some of the information he was eventually able to glean from these documents included access to a remote U.N. FTP server, credentials to log in to a Google and Vimeo account associated with the U.N.’s language and learning program, remote access information for certain U.N.-linked meetings, and detailed information about the U.N. website and its development.

NB DT RSS feed:
https://www.digitaltrends.com/feed/

DT Computing RSS feed:
https://www.digitaltrends.com/computing/feed/


Subject: Protect Yourself From a Medical Data Breach
Source: Consumer Reports
https://www.consumerreports.org/data-theft/protect-yourself-from-a-medical-data-breach/

In the meantime, however, there are some things you can do to help protect your health data. “Don’t be the low-hanging fruit,” Velasquez says.

More on Health Privacy

The Rise of Medical Identity Theft

Protect Yourself From a Hospital Data Breach

How to Keep Your Health Information Private

Should You Google Your Medical Symptoms?


Subject: Google could abandon Chrome automatic login
Source: Business Insider
https://www.businessinsider.com/google-could-abandon-chrome-automatic-login-2018-9

  • Google has indicated it will make changes regarding the new and controversial automatic login feature for the Chrome web browser.
  • After just over a decade on the market, Google made a controversial change to Chrome: If you signed into YouTube, Gmail, or any other Google-owned site, it would log you in on the Chrome browser itself with the same account.
  • Security analysts, including Matthew Green, said the automatic login resulted in less security for Chrome users — when you’re logged into Chrome, it keeps track of your browsing history and other information.

Parisa Tabriz, director of engineering at Google Chrome, indicated on Tuesday that the company is ready to make changes involving a controversial new Chrome feature that some security researchers have called a threat to privacy.

In an Twitter post, Tabriz, who calls herself the “browser boss,” said: “We’ve heard — and appreciate — your feedback from the last few days, and we’ll be making some product changes.”


Subject: If Your Data is Found on the Dark Web, Firefox Monitor Will Let You Know
Source: Digital Trends
https://www.digitaltrends.com/computing/firefox-monitor-lets-your-know-if-youve-been-pwned/

If you’ve been ‘pwned,’ Firefox will let you know. After beta testing the new Firefox Monitor service this summer, Firefox is finally rolling out its credential monitoring tool to all users. Firefox Monitor, which is based on security researcher Troy Hunt’s Have I Been Pwned (HIP) database, will notify you if it spots your email address on the dark web. By alerting users when their credentials are found on the dark web, Firefox hopes that the Monitor service will motivate vigilant consumers to change their passwords to avoid an even larger data breach.

It should be noted that the service is free to all users, and Firefox Monitor, despite the name, isn’t restricted to users of the Firefox browser. Users can type monitor.firefox.com into any browser of choice to enroll in the service. Once you’re on the Firefox Monitor webpage, you can enter your email address. Firefox Monitor will check your email against the database of Have I Been Pwned to see if it’s found on the dark web.


Subject: Overruling Constitutional Precedents
Source: Federation Of American Scientists
https://fas.org/blogs/secrecy/2018/09/overruling-precedents-crs/

Posted on Sep.25, 2018 in CRS by Steven Aftergood

A new report from the Congressional Research Service examines how and why the U.S. Supreme Court would overturn one of its own rulings interpreting the Constitution. There are at least 141 cases where such rulings have in fact been overturned, including three in the Court’s latest term, and these are tabulated in an appendix to the report. See The Supreme Court’s Overruling of Constitutional Precedent, September 24, 2018.

RSS feed for SECRECY:
https://fas.org/blogs/secrecy/feed/


Subject: Digital Deceit II: A Policy Agenda to Fight Disinformation on the Internet
Source: Shorenstein Center via beSpacific
https://www.bespacific.com/digital-deceit-ii-a-policy-agenda-to-fight-disinformation-on-the-internet/

“Digital disinformation poses a grave threat to our democracy and demands a new social contract between consumers and internet companies that is rooted in transparency, privacy and competition, according to a new report co-published by the Shorenstein Center on Media, Politics and Public Policy at the Harvard Kennedy School and New America, the Washington, D.C.-based public policy think tank. The report, titled “Digital Deceit II: A Policy Agenda to Fight Disinformation on the Internet,” argues for the codification of a set of digital rights into public law encompassing a set of regulations designed to advance democratic values and protect the public from disinformation while fostering open digital markets…The report outlines a sweeping policy framework that would address the digital threat to democracy, focused on three key principles:

beSpacific tags:

Civil Liberties, E-Commerce, Economy, Internet, Legal Research, Marketing, Privacy

[each has its own RSS feed]

Article PDF:
https://www.newamerica.org/public-interest-technology/reports/digital-deceit-ii/pdf/

Posted in: Big Data, Civil Liberties, CRS Reports, Cybercrime, Government Resources, Health, KM, Privacy, Search Engines, Social Media, Supreme Court