1 / 16

InfoSec News From All Over

InfoSec News From All Over. Information Security and Privacy Office Q1 2012. New Authentication Method. Researchers at Japan’s Advanced Institute of Industrial Technology have developed a seat that can identify the user by the shape and heft of their buttocks

jfritz
Download Presentation

InfoSec News From All Over

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. InfoSec News From All Over Information Security and Privacy Office Q1 2012

  2. New Authentication Method • Researchers at Japan’s Advanced Institute of Industrial Technology have developed a seat that can identify the user by the shape and heft of their buttocks • Currently designed for use in the car industry • Seat contains 360 sensors measuring pressure points on a scale of one to 256 • Uses the data to build a “fanny fingerprint” of the designated driver • System is 98% accurate

  3. Adults-Only Vending Machine • Kraft Foods has teamed up with Intel to unveil a new high-tech vending machine that doles out free samples of Jell-O Temptations desserts — but only if you’re an adult •  The sci-fi gizmo uses a camera and (creepy-sounding) “Anonymous Video Analytics technology” to determine, among other things, a customer’s age — baby faces will be asked to back away from the machine

  4. Forget Your Password? • If you forget your password to Louis C.K.’s site, he will insult you via email

  5. Mythbusters vs RFID • Mythbusters planned a segment on how “trackable and hackable” the RFID chips found in many credit cards are • Adam Savage reported that Visa, Mastercard, and Discover had the Discovery Channel put the kibosh on the episode

  6. Anonymous Hacks Syrian President • Anonymous hacked Syrian president Bashar al-Assad’s email account (2/5/2012) • His password was 12345 • Anonymous also accessed 78 accounts belonging to al-Assad’s staff • 33 staff members used the same 12345 or 123456 passwords • Al-Assad is facing public ridicule

  7. 18 Firms Sued for Invading Privacy • A group of 13 individuals filed suit in the US District Court for the Western District of Texas week of March 12 • The case is expected to go to court next year • Suit charges 18 companies that their mobile apps surreptitiously gather data from the address books of tens of millions of smartphone users • Includes Facebook, Apple, Twitter, and Yelp • Lawsuit seeks a permanent injunction against such data collection and the destruction of all personal data collected by mobile application vendors so far • One lawyer for the plaintiffs says, “The idea that you play a video game and your address book is given away is really disconcerting”

  8. Target Knows You’re Pregnant • Target assigns every customer a Guest ID number • Tied to their credit card, name, or email address • Tracks everything they’ve bought and any demographic information Target collected or bought • Target statistician looked at historical buying data for all the ladies who had signed up for Target baby registries • Statistician identified about 25 products that, when analyzed together, allowed him to assign each shopper a “pregnancy prediction” score and estimate her due date • Target would send coupons timed to very specific stages of pregnancy • Example: Fictional Target shopper, 23 year old woman in Atlanta • In March bought cocoa-butter lotion, a purse large enough to double as a diaper bag, zinc and magnesium supplements and a bright blue rug • There’s an 87 percent chance that she’s pregnant and that her delivery date is sometime in late August

  9. The Laser Unprinter • New – a laser unprinter that can remove ink without damaging the paper • Developed by researchers from the University of Cambridge in England • Uses very short (picosecond) pulses of laser light to vaporize the toner

  10. Women Are Smarter Than Men • When it comes to managing their social media profiles, women, on average, behave more like mature, responsible adults while men act like impulsive adolescents • Nearly twice as many men as women (15% vs. 8%) regretted something they had posted

  11. Dumb Hacker of the Quarter • Hungarian Attila Nemeth, 26, sent Trojan-infected emails to Marriott employees in late 2010 • He got confidential and financially sensitive information • He then threatened to reveal information unless he was given a job maintaining Marriott’s systems • Marriott contacted the US Secret Service, which set up a sting • Agent posed as a Marriott HR, talked to Nemeth about a job, and invited him to the U.S. for a “job interview” • During the “interview” Nemeth revealed how he broke into Marriott’s systems and was arrested • Marriott estimates breach cost $400,000 plus $1m in consultant fees and others costs to deal with the security breach and figure out what damage Nemeth might have caused

  12. Why Read the Fine Print • Warranty is not valid if • “The product has been tampered with, repaired and/or modified by non-authorized personnel” • “There is damage caused by natural disaster, intentional or unintentional misuse, acts of war, space invasions, abuse, neglect, improper maintenance, or use under abnormal conditions” • Source: Asus, Taiwanese computer, component, and gadget manufacturer

  13. Legislation Pending and Passed

  14. Risk of Cyber Attack • FBI Director Robert Mueller briefed Congress about worldwide threats • “… the danger of cyber attacks will equal or surpass the danger of terrorism in the foreseeable future.” • So new legislation is emerging that would give DHS the power to require better computer security of companies with systems “whose disruption could result in the interruption of life-sustaining services, catastrophic economic damage or severe degradation of national security capabilities”

  15. New Privacy Bill of Rights • White House’s Consumer Privacy Bill of Rights calls for seven rights • Issued 2/23/2012 • Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it • Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices • Respect for Context: Consumers have a right to expect that companies will collect, use and disclose personal data in ways that are consistent with the context in which consumers provide the data

  16. New Privacy Bill of Rights • Security: Consumers have a right to secure and responsible handling of personal data • Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate • Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain • Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the consumer-privacy bill of rights

More Related