jump to navigation

Privacy, Social Media, and Legislation September 29, 2012

Posted by Heather Mark in InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , , , , ,
add a comment

This week marks the opening of a new chapter in the rocky marriage of privacy and social media.  California has passed two laws related to the protection of privacy on social media platform.

In SB1349, the state prohibits public or private post-secondary educational institutions from requiring students to provide the organization with access to the student (or student groups) social media sites.  Nor can the student or group be forced to divulge information contained on those sites.

AB 1844 is similar in nature, but applies to employers.  Specifically, the bill “would prohibit an employer from requiring or requesting an employee or applicant for employment to disclose a username or password for the purpose of accessing personal social media, to access personal social media in the presence of the employer, or to divulge any personal social media. This bill would also prohibit an employer from discharging, disciplining, threatening to discharge or discipline, or otherwise retaliating against an employee or applicant for not complying with a request or demand by the employer that violates these provisions.”

These bills are interesting in that they address a core concern around privacy and labor laws as they relate to social media.  Employers (and potential lenders) are prohibited from making decisions based upon race, gender, religion, politics, sexual orientation.  Most of this information, though, is available on individuals’ private social media profiles.  Amid increasing reports of employers requiring prospective employees to turn over credentials or access their sites in view of the employer, privacy advocates were becoming increasingly, and rightly, concerned that the rights of individuals to protect their personal lives from employers were being diluted.  These actions on the part of California serve to protect those rights.  Frankly, these actions can also protect employers and schools from being accused of discriminatory behavior by not providing them access to this information, which would otherwise be unavailable to them.

It will be interesting to see how quickly other states follow the lead that California has set.  Recall that California was the first state to pass a breach notification law and we now have 46 such laws nationwide.  So the question, to me, is when, not if, we are going to see the trend take shape.

 

 

 

“123456, password, welcome” – Yahoo Password Posted Online July 12, 2012

Posted by Chris Mark in News, PCI DSS, Risk & Risk Management.
Tags: , , , , , , , ,
add a comment

A story today on MSNBC says that Yahoo Voices was compromised and 450,000 usernames/password posted online.  Not surprisingly, the passwords were not hashed or otherwise protected using encryption.  While the posting of passwords is nothing new what is interesting is what the researchers found when looking at user generated passwords.  The most common passwords were ‘123456’ followed by ‘password’ and ‘welcome’.  Fully 1/3 of the passwords used lower case letters only.  Here is where I get on my soapbox.  According to the story:

“Yahoo! Voices’ administrators made a big mistake storing the passwords in plaintext, but all users need to bolster their own security as well. Make passwords harder to guess by making them more than eight characters long, and pepper them with upper-case letters, numbers and punctuation marks.”

First, strong passwords would not have helped because YAHOO WAS STORING THEM IN CLEARTEXT!..and they were stolen! Second, the company should enforce strong passwords.  While all users should use strong passwords, when dealing with 450K users it is prudent to understand that either some users aht a will not understand what a strong password is or will simply ignore the directions.  Yahoo should have forced strong passwords…

“Al Qeada is Promoting!”- Job Duties Probably Include Getting Killed by Hellfire missiles June 8, 2012

Posted by Chris Mark in News, terrorism.
Tags: , , , , , , ,
add a comment

After killing Osama Bin Laden in 2011, the US embarked on a mission to remove any heir apparants that may have been waiting in the wings.  With this weeks’ killing of Abu Yahya al-Libi, the US has now killed 4 of the top 5 candidates for the #2 spot in Al Qeada.  Like any company in need of a new C-level to support their operations, the terrorist organization is now looking for a new #2 for their organization.   There are at least five names believed to be considered with several who have lived in the US and one American being considered.  While likely a very good job for an up and coming terrorist, it should be noted that one major job responsibility is probably going to include getting blown up by Hellfire missiles.

“Viva La Revolucion!”- Social Media; The New Yellow Journalism? May 3, 2012

Posted by Chris Mark in Industry News, Risk & Risk Management.
Tags: , , , ,
add a comment

In the late 19th Century, a phenomenon known as ‘yellow journalism’ took hold as newspapers battled for marketshare.  More specifically, it was the battle between Joseph Pulitzer and William Randolph Hearst which fostered the coining of the phrase.  At a high level, Yellow Journalism is defined as: “…a type of journalism that presents little or no legitimate well-researched news and instead uses eye-catching headlines to sell more newspapers.[1] Techniques may include exaggerations of news events, scandal-mongering, or sensationalism.”  In fact, Yellow journalism was blamed for the start of the Spanish American War.  In response, responsible journalists founded organizations such as the Society of Professional Journalists (founded 1909) and developed codes of ethics and responsible reporting.  Today, responsible, professional journalists adhere to a code of ethics or canons which dictate that they will report the truth accurately.  As stated in the SPJ: “Seek Truth and Report It”.   While some bend the rules, most reporters are accurate and professional.

With the rise of “bloggers”(this author included) and other social media ‘experts’ could it be that we are seeing the rise of a new wave of ‘Yellow Journalism’?  (more…)

Random Thoughts On Piracy Summit (I have to talk about guns a little ;) May 1, 2012

Posted by Chris Mark in Industry News, Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , , , , , ,
add a comment

In reflecting upon the Piracy Europe even in Hamburg that I attended last week, I was struck by a few things that were said and proposed.   The speakers were generally very good although the material is getting a bit old at this point.  With piracy at near 2007 levels, security vendors are scrambling to convince shipping companies that they are still needed.  Selling on Fear, Uncertainty, and Doubt (FUD) seems to be the new way of business development.

With regard to the security vendors, there appeared to be two distinct perspectives on how to stop pirates.  Neither seemed appropriate.  One company had a rep get up and show a picture of himself with a Barrett .50 cal SASR (special application scoped rifle) (shown in the pic above with the very skilled, handsome and smart USMC Sniper..yeah its me).  The intimation was that if you have larger guns, you have more ‘firepower’ and thus better security.  This is a very simplistic way of thinking about security and demonstrates one of the challenges of maritime security.  Security is not about technology…it is about people, strategies, and tactics.  Tools (such as weapons) are useful but only if employed correctly.  You can read the whitepaper “weapons and tactics in the prevention of piracy” here. This “goons with guns” approach was not well received and quite frankly, I felt it perpetuated what the attendees think of American security…knuckle-dragging, goons with guns. Blackwater is alive and well in the minds of most of those who attended the event. (more…)

%d bloggers like this: