Friday, November 24, 2017

So is this “Insider Trading?” How did it change the deal?
SoftBank Knew About Uber’s 2016 Hack Before The Public Did
SoftBank knew about the massive hack Uber suffered in late 2016 before details of the incident were publicly revealed on Tuesday, the ride-hailing company confirmed in a statement issued to Bloomberg. The breach that compromised approximately seven million drivers and 50 million riders was disclosed to the Japanese conglomerate as part of its due diligence investigation into the world’s most valuable startup which it intends to back with around $10 billion in the near future, seeking to gain at least a 14 percent stake in it. As per a statement from an Uber official, the information that was given to SoftBank was still “incomplete” as the firm didn’t conclude its investigation into the matter at that time, but the management opted for disclosure in an effort of negotiating with a potential investor in good faith.

Interesting, but when every website alerts you I suspect most people will remove the addon.
HackRead reports:
Mozilla is joining hands with popular data breach notification website (HIBP) to send an in-browser alert to Firefox browser users if they are visiting a site that was previously hacked and whether their login credentials have been involved in a data breach.
“This is an addon that I’m going to be using for prototyping an upcoming feature in Firefox that notifies users when their credentials have possibly been involved in a data breach,” Mozilla developer Nihanth Subramanya wrote in his Github repository.
Read more on HackRead.

Something for my Computer Security students to ponder.
Security Sense: You Can Outsource the Work but Never the Risk

“Welcome to the US, land of the free. Here’s how we’ll be tracking your every move.” So these are “High Risk” visitors that still qualify for a visa?
ICE asks tech companies to help them track visa holders on social media
… ICE officials explained at a conference last week that they are hoping to develop algorithms that would assess potential threats posed by visa holders, and conduct social media surveillance of those deemed high risk. Microsoft, Deloitte and Motorola Solutions were among the companies in attendance.
… Carissa Cutrell, a spokeswoman for ICE, told ProPublica that the Department of Homeland Security has not actually begun building such a program, but was simply gathering information from industry leaders.
ICE officials told tech companies last week that the department hopes to get automated notifications about any visa holders’ social media activity. ICE already monitors some social media posts, but plans to expand its operation.

Thursday, November 23, 2017

So, how is that “Don’t tell anyone we’ve been breached” tactic working for you?
Multiple countries launch probes into Uber breach
Multiple countries are launching probes into Uber after a report revealed that it had covered up a massive cyber attack that exposed the data of 57 million passengers and drivers last year.
According to Reuters, four countries — the United States, the United Kingdom, Australia and the Philippines — have vowed to investigate the matter.
At the same time, attorneys general in multiple U.S. states, including New York, Illinois and Connecticut, have begun investigating the hack, and some lawmakers are calling on the Federal Trade Commission (FTC) to launch a probe of Uber.

Each new technology must learn the security lessons older technologies have learned.
Curing The Security Sickness in Medical Devices
Just as the rapid development of the Internet of Things (IoT) has transformed traditional industries and service sectors, it is also having a great impact in the world of healthcare. It’s easy to argue, in fact, that no area is being transformed by digital technologies as rapidly or with as many benefits for society as new medical technologies.
But the understandable desire to press ahead and unlock those benefits has led to a lack of scrutiny on the subject of digital security in devices for treatment and monitoring, and a spate of high profile problems in the area has begun to concern many. In the US, the Food and Drug Agency (FDA) has issued formal warnings about cybersecurity vulnerabilities in four separate products in the last 18 months. It has also hosted an array of consultations and workshops focussing on the cybersecurity of medical devices. The most recent product notice from the FDA, regarding an exploitable flaw in connected cardiac pacemakers, seems to be finally waking the industry up to the threats that connected technologies bring.

For my students.
Google Has Some Great Advice for Your Tech Career
… The Google Tech Dev Guide is a must-read if you are considering a career in technology, or even if you’re already a few years into one.
Google’s Guide to Technical Development is a curated resource of materials that will help you learn the right topics in computer science. Think of them as “learning paths” to follow for teaching yourself pro-level skills.
These are the skills Google thinks you should have — not to become a Google Developer (though, that’s achievable) but to become a well-rounded student, educator, or software engineer.
… It includes recommendations for coding in Java, JavaScript, C++, and Python.

For the student toolkit.
How to Use Microsoft OneNote for Work

Wednesday, November 22, 2017

Probably not the best way to handle a breach. Would you trust hackers to delete the data and never use it? Pinky promise?
Uber Paid Hackers to Delete Stolen Data on 57 Million People
Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.
Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.
At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

(Related) As inevitable as night follows the day.
New York attorney general launches investigation of Uber’s $100,000 hack cover-up

The sage (unfortunately) continues.
House Committees Get Serious in New Letter to Equifax
The chairpersons of the House Science, Space, and Technology Committee and the House Oversight and Government Reform Committee on Monday sent a new letter (PDF) to Paulino Barros, the interim CEO of Equifax.
The former committee's jurisdiction includes the standards of use for securing personally identifiable information (PII), while the latter committee's jurisdiction covers how data breaches impact the federal workforce and national security. Both are investigating the loss of PII on 145 million Americans announced by Equifax on September 7, 2017.
This is not the first letter to Equifax by chairpersons Lamar Smith (R-Texas) and Trey Gowdy (R-S.C.). They also wrote (PDF) on September 14, 2017 requesting 'all documents' relevant to five specific areas; such as "to and from members of Equifax's corporate leadership", and "relating to the NIST Framework or other cybersecurity standards used by Equifax." That first letter specified no later than September 28, 2017.
It would seem that Equifax has not yet, or at least not yet satisfactorily, fulfilled this first request almost eight weeks after the deadline. "We look forward to Equifax providing all documents in response to the five categories of requested materials in the September 14 request, as well as the requests that were made at subsequent Committee briefings." It adds that the Committees expect to make additional requests in the future.
In the meantime, however, it is clear the committees are beginning to get to grips with the details of both Equifax and the breach. While the first letter requested 'areas' of documents, the second letter is far more specific. For example, it asks for documentation that would allow the identification "of any and all individuals in an executive leadership role", and those who received the DHS email alert "regarding Apache Struts 2".

Actually, he has a few ideas, but it might be amusing to ask my students to prioritize what Congress should hear.
I'm Testifying in Front of Congress in Washington DC about Data Breaches - What Should I Say?
There's a title I never expected to write! But it's exactly what it sounds like and on Thursday next week, I'll be up in front of US congress on the other side of the world testifying about the impact of data breaches. It's an amazing opportunity to influence decision makers at the highest levels of government and frankly, I don't want to stuff it up which is why I'm asking the question - what should I say?

For my Computer Security students.
Cybersecurity: Cybercrime and National Security Authoritative Reports and Resources
CRS Reports & Analysis – Cybersecurity: Cybercrime and National Security Authoritative Reports and Resources. November 14, 2017 (R44408): “As online attacks grow in volume and sophistication, the United States is expanding its cybersecurity efforts. Cybercriminals continue to develop new ways to ensnare victims, whereas nation-state hackers compromise companies, government agencies, and businesses to create espionage networks and steal information. Threats come from both criminals and hostile countries, especially China, Russia, Iran, and North Korea. Much is written on this topic, and this CRS report directs the reader to authoritative sources that address many of the most prominent issues. The annotated descriptions of these sources are listed in reverse chronological order, with an emphasis on material published in the past several years. This report includes resources and studies from government agencies (federal, state, local, and international), think tanks, academic institutions, news organizations, and other sources…”

Google wants to do what Russia did, but Russia denies it ever did what Google says it did, so Google should have just done it and denied it did.
The ominous cloud of doom surrounding the ongoing U.S. investigations into alleged Russian interference in the 2016 federal elections got a little darker on Tuesday, with Russian state communications agency Roskomnadzor allegedly threatening retaliation against Google for suggesting it could lower government-funded outlets RT and Sputnik in search rankings.

Imagine if someone on that list walked into a church in Texas and started shooting people…
Colorado VA Kept Secret List Of Patients Who Wanted Mental-Health Care
A new federal investigation revealed Thursday that VA officials in Colorado broke agency rules by using an off-the-books system to track patients who wanted mental-health therapy — a violation that caused veterans to wait for care and one that recalls past abuses by the U.S. Department of Veterans Affairs.
Investigators with the VA’s internal watchdog found that in three separate facilities — Denver, Golden and Colorado Springs — agency officials did not follow proper protocol when keeping tabs on patients who sought referrals for treatment of conditions such as post-traumatic stress disorder.
The practice hindered proper oversight and made it possible for Colorado veterans to fall through the cracks, wrote officials with the VA Office of Inspector General, which examined care at the facilities between October 2015 and September 2016.

Perspective. “They may look fake to you, but they look Okay to me.”
New York attorney general says the FCC won’t help investigate fake net neutrality comments
New York Attorney General Eric Schneiderman revealed today that his office has been investigating a flood of spam FCC comments that impersonated real people, and criticized the FCC for withholding useful information. In an open letter addressing FCC chairman Ajit Pai, Schneiderman writes that his office has spent six months investigating who submitted hundreds of thousands of identical anti-net neutrality comments under the names and addresses of unwitting Americans. But he says that the FCC has ignored multiple requests for logs and records, offering “no substantive response.”

How Amazon, Apple, Facebook and Google manipulate our emotions

For my students and the Boards of Directors of Uber, Equifax, Wells Fargo, etc.
More than 50 tech ethics courses, with links to syllabi
There has never been a more urgent moment to merge ethics and technology: this shared spreadsheet of 57 (and counting) university courses on ethics and tech includes links to syllabi, moderated by Colorado University information science assistant prof Casey Fiesler, who runs The Internet Rules Lab (hey, grad students, she's hiring!)

Tuesday, November 21, 2017

Harvard seems to agree with me, my Computer Security students will be amazed or amused.
… In analyzing the top breaches over the past few years, it is clear that executives make a set of common mistakes, which is surprising given that so many companies, often led by otherwise effective leaders, fail to learn from the botched responses and mishandled situations of the companies that were breached before them.
Here are the missteps executives make time and again, and advice for avoiding these pitfalls:
Foot dragging
Poor customer service
Not being transparent
Failing to accept accountability

Suggests to me that it is possible to secure data and processes in the cloud.
Amazon launches new cloud storage service for U.S. spy agencies
Amazon’s cloud storage unit announced Monday that it is releasing a new service called the Amazon Web Services Secret Region, a cloud storage service designed to handle classified information for U.S. spy agencies.
The service will be provided to the intelligence community through an existing $600 million contract with U.S. intelligence agencies, which has made Amazon a dominant player in federal IT contracting.
… The announcement comes at a time when Amazon’s business and government customers are under intense scrutiny over whether they are storing data securely in the cloud. Amazon’s cloud-based folders – referred to as “buckets” – have been at the center of several high-profile security incidents in recent months, in which customers inadvertently left sensitive information on an Amazon server in an unprotected format.

Looking forward.
Trends in Technology and Digital Security
“Foreword – On September 14, 2017, the George Washington University Center for Cyber & Homeland Security (CCHS) convened a Symposium on Trends in Technology and Digital Security. Four panels addressed emerging threats and their implications for security policy, with a focus on digital infrastructure protection and anticipatory analysis. In addition, a featured speaker from abroad presented a country-specific case study. In a series of Issue Briefs, compiled herein, CCHS shares the findings and recommendations that emerged from the Symposium, primarily on a not-for-attribution basis. The subject and title of each Brief is as follows:
  • Methods of Analysis and the Utility of New Tools for Threat Forecasting
  • Artificial Intelligence for Cybersecurity: Technological and Ethical Implications
  • Space, Satellites, and Critical Infrastructure
  • Cybersecurity in the Financial Services Sector
  • Israel: The Making of a Cyber Power (Case Study)
This volume is produced in and reflective of the spirit of CCHS’s work, which is to address advanced technologies and emerging (“next generation”) cyber threats, from the standpoint of U.S. policy. CCHS functions as a network of networks, acting as a hub for upcoming companies, emerging technologists, and cutting-edge public policy.”

Note: this is no help in securing the election. Voting machines and the counting process are a whole other thing.
Belfer Center Cybersecurity Campaign Playbook
This Cybersecurity Campaign Playbook was written by a bipartisan team of experts in cybersecurity, politics, and law to provide simple, actionable ways of countering the growing cyber threat. Cyber adversaries don’t discriminate. Campaigns at all levels – not just presidential campaigns – have been hacked. You should assume you are a target. While the recommendations in this playbook apply universally, it is primarily intended for campaigns that don’t have the resources to hire professional cybersecurity staff. We offer basic building blocks to a cybersecurity risk mitigation strategy that people without technical training can implement (although we include some things which will require the help of an IT professional). These are baseline recommendations, not a comprehensive reference to achieve the highest level of security possible. We encourage all campaigns to enlist professional input from credentialed IT and cybersecurity professionals whenever possible…”

So you can’t be someone different (have a public persona) online? Ask yourself: How can they do this? What tools will they use?
Tyler Durden writes:
In perhaps the most intrusive move of social media platforms’ efforts signal as much virtue as possible and appease their potentially-regulating government overlords, Twitter has announced that it is cracking down on what it defines at hate-speech and not just by looking at its own site.
In what amounts to a major shift in Twitter policy, Mashable’s Kerry Flynn reports that the company announced on Friday that it will be monitoring user’s behavior “on and off the platform” and will suspend a user’s account if they affiliate with violent organizations, according to an update to Twitter’s Help Center on Friday.
Read more on ZeroHedge.

Basic economics, right?
Mexican heroin is flooding the US, and the Sinaloa cartel is steering the flow
… Mexican cartels' shift to producing heroin — as well as synthetic drugs like fentanyl — has been driven in part by loosening marijuana laws in the US, and the Sinaloa cartel appears to be the main player in a lucrative market.
… the value of marijuana had fallen considerably — from about $74 a kilo seven years ago to a little over $26 now — due to marijuana legalization in the US. Falling prices led many marijuana growers to shift to opium.

Better emails? Why not!
Have you made email work for you? Do you spend the time and effort to make emails look perfect and professional? There’s an art to it, but it’s not that difficult. Your reward will the response from the person you want an answer from.
...Email templates are freely available on the web. Borrow them and tweak them to your situation.
ProEmailwriter gives you a neat interface to select the right kind of email template and use them in your email. The dropdown menu gives you choices for Topic, Sub-Topic, and Tone. Copy the one you need and customize it to your situation.

For my students who read…
This Chrome Extension Helps You Find Books to Borrow
Library Extension is a free Chrome extension that will show you local library listings for the books that you viewing on Amazon, Google Books, Barnes & Noble, and other popular book retailer websites.
Library Extension currently shows listings from more than 4,000 public library databases in the United States, Canada, UK, New Zealand and Australia.
… One drawback to the extension is that you can only view results from one local library at a time.

Monday, November 20, 2017

Why wait two weeks? The phones are likely not important to the investigation?
Authorities serve Apple a warrant for Texas shooter’s iPhone
Two weeks ago today, 26 people were killed by a gunman at First Baptist Church in Sutherland Springs, Texas. Two phones were discovered at the scene: older push-button LG and what local news described as a “blood spattered” Apple iPhone SE. Now local law enforcement has served Apple with a search warrant in order to retrieve information from the smartphone.
… The Tuesday following the murders, the FBI held a press conference noting the existence of one of two phones, without revealing the make, as it didn’t want to “tell every bad guy out there what phone to buy.”
As reported by The Washington Post, the mystery handset was indeed an iPhone. Apple reached out to law enforcement after the press conference, offering technical assistance in getting onto the device. The company, it seems, could have provided help early on, without much legal wrangling or more software controversial backdoors.

I think this is a really bad idea unless you are highly trained and have some good lawyers on staff. On the other hand, it would open things up for my Ethical Hackers…
For years now, there has been a discussion surrounding the feasibility of active cyber defense, and allowing private entities or individuals to “hack back” against hostile cyber activity, but there has not been a major push in Congress to explicitly authorize such activity, or to propose changes or exceptions under the current legal and statutory framework that would enable it. But a proposal by Representatives Tom Graves (R-GA), Kyrsten Sinema (D-AZ), titled the Active Cyber Defense Certainty Act (ACDC) (H.R. 4036), is starting to change the conversation. The new draft legislation provides an exception to liability under the Computer Fraud and Abuse Act (CFAA) and, in essence, would authorize individuals or organizations to go into networks outside of their own to gather intelligence on hackers for attributional purposes. To date, the proposal has undergone at least three rounds of public scrutiny, after which, to the great credit of Graves’ office, the draft language has been updated, and it now takes into account some legitimate concerns and criticisms. Some of these critiques should be examined carefully, from both a policy and legal perspective, as the bill makes its way through committee.

It’s about time! (Welcome to the 1980s?)
Rising to the risk: Cybersecurity top concern of corporate counsel
“Risk management is not just a compliance exercise but an opportunity to gain a competitive advantage. More than ever, legal departments are playing a significant role in managing risk and monitoring its effectiveness, especially in the critical area of cybersecurity. Grant Thornton and Corporate Counsel magazine recently surveyed over 190 corporate general counsel to assess their views on the keys to business growth. The topics ranged from regulatory risk management and risk assessments to cybersecurity and data analytics. Below are a sampling of insights from Grant Thornton’s 2017 Corporate General Counsel Survey:
  • 58% of legal departments are highly involved in responding to data security risks; nearly a quarter have primary responsibility for the issue
  • Less than a quarter of counsel are very satisfied with their organizaton’s risk assessment
  • Nearly three-quarters of legal departments cite cyber issues as a top risk.
  • Of those very concerned about data security, only about a third feel adequately prepared
As a result of increasing risk concerns, the role of the corporate general counsel continues to evolve to include new, important areas of focus and responsibilities. While maintaining a firm handle on the traditional functions of the legal department, the survey reveals that their role is increasingly concerned with regulation and compliance, as well as data privacy and related cybersecurity issues.”

Apparently, Congress needs a lot more “education” than we thought?
Tech beefs up lobbying amid Russia scrutiny
... Executives from Facebook, Google and Twitter testified before lawmakers this month about Russian actors using their platforms to influence the vote and tried to reassure them they were taking steps to address the issue.
But lawmakers left the hearings frustrated and say they want more details from the companies and concrete steps to prevent interference in the future. Congress is also considering legislation to toughen disclosure rules for online advertisements.
That threat of tougher regulation has tech firms scrambling.

A business model for those who are first to automate what they do well? (As long as we have to do it, can we sell it?)
The newspaper created a platform to tackle its own challenges. Then, with Amazon-like spirit, it realized there was a business in helping other publishers do the same.
… Since 2014, a new Post operation now called Arc Publishing has offered the publishing system the company originally used for as a service. That allows other news organizations to use the Post’s tools for writers and editors. Arc also shoulders the responsibility of ensuring that readers get a snappy, reliable experience when they visit a site on a PC or mobile device. It’s like a high-end version of Squarespace or, tailored to solve the content problems of a particular industry.

How can I stay anti-social?
New on LLRX – The Use and Abuse of Social Media in the Post-Truth Era
Via LLRXThe Use and Abuse of Social Media in the Post-Truth Era – Law librarian and adjunct professor Paul Gatz provides important guidance on social media discourse and information literacy that is especially timely and instructive as we are experiencing an escalating wave of highly questionable news and data through sites such as Facebook.

Sunday, November 19, 2017

I just taught my Computer Security class how to generate RSA public/private keys and encrypt messages. They each generated a unique encryption key and can keep generating unique encryption keys until they run out of random numbers. Would the FBI try to compel me to break that encryption?
Is the Government Waging an Out-of-Sight Fight With Apple on Encryption?
The Justice Department and Apple have been locked in a bitter fight for years over the company’s encryption system, which allows consumers to prevent anyone —including law enforcement—from opening their devices without permission. That’s why a security story this week should be getting more attention than it has.
Titled “Yup: The Government Is Secretly Hiding Its Crypto Battles In The Secret FISA Court,” the story appeared on the well-regarded security blog EmptyWheel, and suggests the Justice Department is using a legal backdoor to force open software backdoors at companies like Apple.
The details are complex and require some familiarity with the FISC, a closed court that oversees top secret intelligence operations, and with Section 702, an amendment to the Patriot Act that permits certain forms of warrantless surveillance. But the gist of the story is this: The Justice Department may be relying on an annual approval process at the FISC to compel “technical assistance” from Apple and others, and this assistance may include the breaking of encryption.
… The over-arching issue raised by EmptyWheel is not whether citizens should have the right to deploy unbreakable encryption (there are good arguments on each side), but instead that the government may be settling the debate in secret. The issue of encryption is too important to be stuffed into secret court proceedings. Let’s hope the Justice Department finds a way to debate this in the open.

“Oh he looks just like you!” Time for plastic surgery?
A 10-Year-Old Used Face ID To Unlock His Mom's iPhone X: Will All Families Have The Same Problem?
… Attaullah Malik uploaded a video that demonstrated how his 10-year-old son, Ammar Malik, was able to unlock the iPhone X of his wife, Sana Sherwani, through the Face ID feature.
According to Apple, there is a roughly one in 1 million chance that a random person will be able to unlock somebody else's iPhone X using their face. However, things are different in the cases of twins, siblings, and children under the age of 13 years old.

Saturday, November 18, 2017

I’m telling my Computer Security students that keeping the default settings is never a good idea.
Pentagon Accidentally Exposes Web-Monitoring Operation
The Department of Defense accidentally exposed an intelligence-gathering operation, thanks to an online storage misconfiguration.
DOD was reportedly collecting billions of public internet posts from social media, news sites, and web forums and storing them on Amazon S3 repositories. But it neglected to make those storage servers private. So anyone with a free Amazon AWS account could browse and download the data, according to Chris Vickery, a security researcher at UpGuard.
Vickery noticed the problem in September. "The data exposed in one of the three buckets is estimated to contain at least 1.8 billion posts of scraped internet content over the past 8 years," UpGuard said in a Friday report.
Much of the data was scraped from news sites, web forums, and social media services such as Facebook and Twitter. The information includes content relating to Iraqi and Pakistani politics and ISIS, but also social media posts made by Americans.
… The Defense Department isn't the only one to commit the security slip-up with AWS cloud storage. Earlier this year, UpGuard found that Verizon and Dow Jones made the same mistake, effectively exposing their private customer data to the public.

How to victimize victims. (And another federal agency that’s clueless when it comes to security breaches.)
Rachel Polansky reports:
Dozens of Southwest Floridians are sick and tired of waiting for answers from FEMA after being hit by Hurricane Irma and then, identity thieves.
A month after the NBC2 Investigators exposed a major scheme involving criminals stealing local identities to defraud the federal government, the NBC2 Investigators are finally getting answers from FEMA.
Read more on NBC-2.
[From the article:
… the agency couldn't confirm this earlier because they wanted to protect the integrity of the investigation.

This probably happens here and goes unreported. (undetected?)
Reuters reports:
Italian police are investigating a hack into the email accounts of government employees by activist group Anonymous, which then published documents it had extracted.
On its Italian blog Anonymous uploaded a screenshot of an email purportedly sent from a government email address to an employee of the prime minister’s office containing the names of a security detail that would accompany an official inspection at a site Prime Minister Paolo Gentiloni is due to visit this week.
Read more on Reuters. See also is not linking to Anonymous’s blog post so as not to facilitate leaking of the allegedly hacked data.

Oh they’re getting serious. They wrote a letter!
House panel hits Equifax with long list of investigation demands
The House Energy and Commerce Committee has sent Equifax a long list of questions related to the breach that compromised more than 100 million people's personal information.
The letter, dated Friday, contains seven pages of document requests and questions as part of the panel's investigation, nearly a full page of which is devoted to documents.
Click here to read the full letter.

Good intent? Bad outcome. Of course it could never happen here…
Germany: Please Destroy Your Child's Smartwatch
A German regulator is banning the sale of certain smartwatches designed for children because they can be used for spying. Parents who own such products should destroy them, the country's Federal Network Agency said in a Friday notice.
These watches include a listening function that lets parents monitor their child over a mobile app on a smartphone. However, that same feature can let them secretly eavesdrop on any surrounding conversation close to the watch—like listening to a teacher in a classroom. German law prohibits this kind of function, the Federal Network Agency said.

For my Computer Security students.
Why the Entire C-Suite Needs to Use the Same Metrics for Cyber Risk
When it comes to cybersecurity, the chains of communication that exist within an organization, if they exist at all, are often a mess. Multiple conversations about cyber risks are happening across a multitude of divisions in isolation. At the same time, members of the C-suite are measuring their potential impact using different metrics — financial, regulatory, technical, operational — leading to conflicting assessments. CEOs must address these disconnects by creating a culture that promotes open communication and transparency about vulnerabilities and collaboration to address the exposures.

Tips for your business plan?
Surviving in an Increasingly Digital Ecosystem
Every large and ambitious company today should be trying to figure out how to become a destination for its customers.

Worth getting my students thinking about their searches.

Something for the Movie club?
MoviePass Launches Annual Subscription Plan For Under $8 A Month: That’s Lower Than The Average Movie Ticket Price
For a limited time, MoviePass is offering a one-year subscription plan for a flat fee of $89.95, which translates to $7.50 a month (that price already includes a $6.55 processing fee). That price is under this year’s 3Q average movie ticket, which the National Association of Theater Owners pegged at $8.93.