jump to navigation

Chris Mark @ AT&Ts #ChatDPD talking about Privacy July 8, 2014

Posted by Chris Mark in Uncategorized.
Tags: , , , , , ,
add a comment

HeadshotChris2013_COMPJoin AT&T tomorrow (July 9th) at 3pm Eastern for an AT&T Small Business Twitter discussion where we will be answering questions related to privacy.  You can tweet your questions in real time or follow us in real time at: https://twitter.com/hashtag/chatdpd?f=realtime  I look forward to catching up on Twitter!

DMCA..Ignore at Your Own Peril February 23, 2014

Posted by Chris Mark in Uncategorized.
Tags: , , , , ,
add a comment

dmcaIn May 2012, I wrote a blog titled “Competitive Intelligence 201: Locating and Protecting your Web IP”…In the blog post, I gave a couple of examples of companies that appeared to ‘borrow’ from competitors.  It appears as if one of the competitors was already on the case. I would have hoped the blog would have served as a warning.  Clearly, by this default judgement against the company referenced, it did not.

As can be seen in the judgement, no only was a 5 figure award granted but the judge also found that:

“FURTHER ORDERED that Defendants, their officers, agents, servants, employees, attorneys, and those persons in active concert or participation with them who receive actual notice of the injunction are enjoined from directly or indirectly reproducing, preparing derivative works, distributing copies, performing, publicly displaying the copyrighted elements of the Triple Canopy website, including, but not limited to, using or distributing any material on the (COMPANYP website located at www.COMPANY.com that infringes Triple Canopy, Inc.’s copyrighted material. Within 15 days from receipt of this Order, Defendants shall deliver to Triple Canopy or certify under oath that all copies of infringing material have been taken down and destroyed;”

A quick review of the website shows that it was indeed taken down. Only a landing page currently exists.

What can be done?  Potential legal action may be justified.  According to Terry Church (Chairperson of the IP and licensing group): Website content is protected under federal copyright laws. The law protects your exclusive right to reproduce or display copies of your written work, including your written work on the Internet. No one else may use it without your permission. Many people don’t know that you don’t have to register website content to claim copyright rights on it. Under federal law, copyright rights arise automatically when a piece of written work is created.”

In several previous posts, I have introduced basic concepts of competitive intelligence and vetting organizations. (you can read the posts here OneTwoThreeFour)

 

How to choose a VPN that will protect your privacy (Guest Post by IVPN) June 2, 2013

Posted by Chris Mark in Uncategorized.
Tags: , , , , , ,
add a comment

logo@2xThis article is written by Christopher Reynolds, head of business development at IVPN – a VPN service, and EFF member, dedicated to protecting users’ online privacy.  I don’t often allow guest posts but Mr. Reynolds and IVPN have done a great job of providing valuable info.  Certainly worth taking a look!

Online privacy is coming under increasing attack from governments around the world. Legislation such as CISPA in the US, the CCDP in the UK and Australia’s data retention proposals, have generated real worry among privacy-conscious internet users over our law enforcement’s desire to increase their powers of surveillance to unprecedented levels. This culture of fear is driving more and more people toward commercial Virtual Private Networks (VPNs), which promise to protect user data and offer online anonymity. But choosing a VPN that actually protects privacy is not straightforward. In this blog post I will go over the key issues you must consider before signing up to any VPN service.

Data retention

The biggest issue when it comes to using a VPN in order to protect your privacy is data retention. Government surveillance is primarily facilitated by the data retention policies of your ISP. In Europe your ISP’s data retention policy is mandated by the EU Data Retention Directive, which forces all European ISPs to retain users’ personal information for between 6 months and 2 years after the user leaves the ISP’s service. This data includes web logs, which essentially means a record of every website you’ve visited and the times you visited them. The data your ISP holds won’t typically contain email logs – despite popular perception- unless you use your ISPs own email service. But it will include which third party email services you use and when you’ve used them. (more…)

“Pleased to meet you…hope you guessed my name…” – Sophisticated CyberAttack hits US Dept of Energy February 4, 2013

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , ,
add a comment

 

CT2013UPDATE: A new report released shows that Chinese military is involved in CyberAttacks.   Read the full story here and download the report.

Foxnews released an article today that outlines a sophisticated cyberattack targetting the US Dept of Energy.  Surprisingly, the suspect is China.  According to the story, the attack compromised the information of several hundred employees with the expected outcome to be to compromise more information .  According to the article:

“It’s a continuing story of negligence,” former Energy Department security official Ed McCallum told the Free Beacon, explaining that the department continues to have security problems despite controlling some of the most “sophisticated military and intelligence technology the country owns.” 

He said China, as well as Iran, have been after Energy Department secrets. Several groups and agencies have warned about stepped-up cyber activities out of China. 

“China continues to develop its capabilities in the cyber arena,” the U.S. China Economic and Security Review Commission said in a November 2012 report to Congress. “U.S. industry and a range of government and military targets face repeated exploitation attempts by Chinese hackers as do international organizations and nongovernmental groups including Chinese dissident groups, activists, religious organizations, rights groups, and media institutions.” 

Read more: http://www.foxnews.com/politics/2013/02/04/sophisticated-cyber-attack-hits-energy-department-china-possible-suspect/#ixzz2Jwn0Yycu

Beating an Old Drum October 27, 2012

Posted by Heather Mark in cybersecurity, Data Breach, Industry News, InfoSec & Privacy.
Tags: , , , , , , ,
add a comment

It’s the end of what has already been a tough year for data security.  And the news just got worse.  South Carolina has announced that its Department of Revenue suffered a major breach.  The breach is so massive, in fact that more than 75% of the state’s residents have been affected.  The compromised data consisted of the (unencrypted) social security numbers of more than 3.6 million residents.  Also included in the breach were about 390,000 payment cards.  Most of those were encrypted, though.

This is disturbing on a number of levels.  I find it curious, for example, that while encryption was deployed, it was only deployed on payment cards (and not even on all of those).  Consumers have built in protections on payment cards.  As long as those cards are branded by one of the major card brands, consumers are protected against liability for fraudulent transactions.  The far more sensitive data, the social security numbers, were not encrypted, though.  This defies logic.  Consumers have little to no protection against misuse of SSNs.  Not only can very real financial damage be done, consumers have to spend enormous resources (time, money, emotions) in untangling the identity theft knot that comes with stolen SSNs.

Secondly, in the wake of the breach, Governor Nikki Haley issued an executive order that read: “I hereby direct all cabinet agencies to immediately designate an information technology officer to cooperate with the State Inspector General who is authorized to make recommendations to improve information security policies and procedures in state agencies.”  WHAT?  If I’m inferring correctly, it seems that these agencies didn’t have an information technology officer already?? That is very troubling, particularly considering the types of data that state agencies hold.  After 3.6 million (out of about 4.7 million) residents have had their sensitive data stolen is not a great time to decide that data security and privacy should become priority.

Private sector organizations have been working for years to shore up their data security, and in some cases (PCI DSS, HIPAA/HITECH, GLBA, SOX, state laws) face real consequences for failure to protect that data.  It’s long past time states put forth the same level of protection.  On the plus side, the state did comply nicely with its own data breach notification law.

Follow

Get every new post delivered to your Inbox.

Join 230 other followers

%d bloggers like this: