Pete Recommends – Weekly highlights on cyber security issues February 16 2019

Subject: Social Security scam calls 2019: Latest scheme makes you the criminal
Source: Detroit Free Press via USA Today

The scam isn’t just targeting seniors. “It’s happening to everyone and they are targeting all ages,” said Amy Nofziger, AARP fraud expert. “They’re definitely casting a wider net to see if they can get anything.”

That’s why it’s important to reach out to millennials and teens, as well, when talking to family members about this scam.

What to expect: Social Security and Medicare scam calls heating up
Fake check scam: How one consumer desperate for a loan fell victim
Social Security calling? Nope, it’s just scammers out to grab your cash

The drug bust angle is relatively new but it does have a ring of truth to it. After all, many times you hear that law enforcement discovers Social Security cards and stacks of counterfeit checks as part of some drug bust.

Subject: Why data, not privacy, is the real danger
Source: NBCNews via beSpacific

NBCNews: “While it’s creepy to imagine companies are listening in to your conversations, it’s perhaps more creepy that they can predict what you’re talking about without actually listening…First, understand that privacy and data are separate things. Your privacy — your first and last name, your Social Security number, your online credentials — is the unit of measure we best understand, and most actively protect. When a bug in FaceTime allows strangers to hear and watch us, we get that, in the same visceral way we can imagine a man snooping outside our window. But your data — the abstract portrait of who you are, and, more importantly, of who you are compared to other people — is your real vulnerability when it comes to the companies that make money offering ostensibly free services to millions of people. Not because your data will compromise your personal identity. But because it will compromise your personal autonomy…

beSpacific Subjects: Civil Liberties, E-Commerce, Internet, Legal Research, Privacy, Social Media

sample RSS feed:

Subject: Bill and Melinda Gates letter on at-home DNA tests like 23andMe
Source: Business Insider

Many were concerned that the genetic data they’d shared with a DNA testing company could be subject to use by police. And as it turns out, the testing service Family Tree DNA has previously complied with law enforcement requests to look at its data, BuzzFeed News reported. However, other personal DNA testing companies — including Ancestry and 23andMe — said they have not shared any of their data with police and would not in the future. Business Insider took a deep dive into each company’s policy here.

In addition to being used in forensics, personal genetic tests are yielding some intriguing health-related findings.

Subject: How to Wipe a Hard Drive
Source: Digital Trends

If you’re getting rid of an old computer or upgrading your hard drive or SSD for something bigger, faster, or just newer, you need to make sure your data is wiped clean from your old hardware. Why? Because if you don’t, someone else could easily get hold of the drive and look at all of your personal files and folders.

Subject: Which Country has the Best Cybersecurity? It Isn’t the U.S.
Source: Nextgov

The United States ranks fifth among 60 nations in a study released last week comparing cybersecurity measures across numerous factors, including malware rates and cybersecurity-related legislation.

Japan, France, Canada and Denmark all scored higher than the U.S., according to a study by tech research firm Ireland, Sweden, the United Kingdom, Netherlands and Singapore rounded out the top 10 nations for best cybersecurity.

The firm scored nations based on seven criteria, with a substantial portion of the scores based on the percentage of cybersecurity attacks each nation faced in 2018. Researchers said countries’ preparedness for cyberattacks were scored using data compiled in the Global Cybersecurity Index. The study weighted the following criteria equally:


Security Research

Subject: Chinese Telecommunications Device Manufacturer and US Affiliate Indicted for Theft of Trade Secrets
Source: DOJ News via beSpacific

DOJ news release: Huawei Corporate Entities Conspired to Steal Trade Secret Technology and Offered Bonus to Workers who Stole Confidential Information from Companies Around the World A 10-count Indictment unsealed [January 28, 2019] in the Western District of Washington State charges Huawei Device Co., Ltd. and Huawei Device Co. USA with theft of trade secrets conspiracy, attempted theft of trade secrets, seven counts of wire fraud, and one count of obstruction of justice. The indictment, returned by a grand jury on January 16, details Huawei’s efforts to steal trade secrets from Bellevue, Washington based T-Mobile USA and then obstruct justice when T-Mobile threatened to sue Huawei in U.S. District Court in Seattle. The alleged conduct described in the indictment occurred from 2012 to 2014, and includes an internal Huawei announcement that the company was offering bonuses to employees who succeeded in stealing confidential information from other companies.

beSpacific Subjects: Defense, Government Documents, Legal Research

Subject: Internet Privacy: Additional Federal Authority Could Enhance Consumer Protection and Provide Flexibility
Source: U.S. GAO

In April 2018, Facebook said that up to 87 million users’ personal data may have been improperly disclosed. This was one of many recent Internet privacy incidents.

We found that there is no comprehensive U.S. Internet privacy law governing private companies’ collection, use, or sale of users’ data. Consumer advocates and others told us greater regulatory powers are needed. Most industry representatives we interviewed favored the current enforcement approach and warned that regulations could hinder innovation.

We recommended that Congress consider developing comprehensive Internet privacy legislation to better protect consumers.

Additional Materials:

Highlights Page: (PDF, 1 page)
Full Report: (PDF, 56 pages)
Accessible Version: (PDF, 59 pages)

Multimedia: PODCAST: Oversight of Internet Privacy (Title was changed to reflect proper report name.)

Download | Subscribe

Podcast RSS feed:

Subject: CFPB proposal would weaken oversight of “fintech” and put consumers at risk
Source: Consumer Reports /Advocacy/

February 11, 2019 – Consumer Reports opposes CFPB proposal that would give providers “safe harbor” from some consumer protection laws

WASHINGTON, D.C. – A proposal by the Consumer Financial Protection Bureau (CFPB) would put consumers at risk by loosening oversight of financial products and services touted as “fintech,” according to Consumer Reports. In a letter sent to the CFPB, Consumer Reports called on the Bureau to refrain from creating a “sandbox” that would allow companies to operate in the consumer market without appropriate oversight and with exemptions from several important consumer protection laws and regulations.

“Few, if any fintech products are truly novel,” said Christina Tetreault, senior policy counsel for Consumer Reports. “Most fintech offerings fall within established legal definitions of products and services for deposit-taking, money transmission or lending, Consumer financial products should not be exempt from oversight simply because they rely on the latest whiz bang technology or gather and often share large amounts of customer data.”

“This proposal opens the door to broad exemptions from laws and regulations, and is unnecessary for innovation to flourish,” said Tetreault. “The CFPB should avoid treating consumers as guinea pigs by weakening oversight of fintech products and services.”

site RSS feed:

Subject: A secure relationship with passwords means not being attached to how you pick them
Source: The Conversation

When you are asked to create a password – either for a new online account or resetting login information for an existing account – you’re likely to choose a password you know you can remember. Many people use extremely basic passwords, or a more obscure one they reuse across many sites. Our research has found that others – even ones who use different passwords for each site – have a method of devising them, for instance basing them all on a familiar phrase and making site-specific tweaks.

In all those cases, the people are creating weak passwords that are easily guessed – especially when up against automated password-cracking software that can test thousands of possibilities a second. One reason for this weakness might well be their users’ emotional connection to their preexisting password creation routine.

Cybersecurity efforts often encourage people to choose stronger passwords, but rarely acknowledge the idea that people have this feeling of attachment. They focus on the measurable improvement in security without realizing they’re trying to persuade people to switch to a less personal method.


Sample RSS feed:

Posted in: Cybercrime, Cybersecurity, E-Government, Elder Law, Financial System, Healthcare, Intellectual Property, Privacy, Social Media