Tag archive for "Cloud Risks"
CFO/CSO/CPO, CISSP, Events, Presentations
http://www.dhses.ny.gov/ocs/awareness-training-events/conference/2013/index.cfm
June 4, 2012, 3 PM
Following on the heels of the critically acclaimed NCSC.NL presentation, we look at how Governments, Corporations and Private Citizens are using Cloud Computing, Social Media and the lack of Civil Rights on the internet to compromise Privacy and Security.
See http://www.rajgoel.com/ncsc-conference-2013 and http://www.brainlink.com/de-volkskrant/
After the NCSC 2013 presentation, Peter Teffer interviewed me.
Here’s a (very poor) Google translation of his original Dutch article
If we do not ask, we will not get. Facebook, Google, Apple and other Internet and technology companies are only good for our privacy concerns, as consumers make on the barricades stand. “It is time to demand that your data are yours and not others,” said the American consultant Raj Goel, who recently gave a lecture in The Hague on social media and privacy.
Goel earns his money include giving such lectures – he has written a book that he wants to sell and companies hire him because he was known as a computer security expert. But that does not mean he does not believe in the importance of his message. “The battle for privacy is the next step in the civil rights struggle.”
It is not in the interest of Internet to our privacy and actually we do governments do not expect much. Only when consumers require smart phones and social networking really consider privacy, we will not thousands of times per month be spied, argues Goel.
Can we ordinary people large, powerful companies have reason to do what we want? “Yes,” says Goel. “Look at the history. 150 years ago we had no right to clean air or clean water and food. Only when someone like Upton Sinclair in 1905 the unhealthy conditions of the food described, the company said: enough, we want clean and healthy food. “
Cultural change is not impossible, emphasizes Goel. Forty years ago nobody read leaflets for drugs or labels of food. Nowadays. “If you are willing to five or ten minutes to devote to reading your food packaging and ask your doctor why certain medications are needed, then why not five minutes can take time to ask questions about the technology you use? “
Instead of just saying, wow, what a nice phone, we should also look at the privacy concerns of a product. “Make sure you’re more conscious consumer. Twenty years ago you had only eggs. Now you have free range eggs, organic eggs, free range. We have fair clothing and food. It is now time for honest technology. “
http://peterteffer.com/2013/03/29/strijd-voor-privacy-is-volgende-stap-van-burgerrechtenstrijd/
850 people from 12 countries
NATO personnel, Military lawyers, Europol, Private Sectors, US DHS and FBI…all gathered in the Conference Center at The Hague.
Best conference I’ve been to in over a decade – HIGHLY educational, AMAZING hosts and world class presentations.
(Yes, I spoke on Day 1 – and lots of folks enjoyed it)
(Yes, I had Apple Maps on the brain and referred to Holland and Denmark…and Peter Teffer won’t let me forget it!)
We would like to thank all our speakers and guests for making this year’s event an outstanding conference! We worked hard on delivering a high quality programme built on the theme ‘Many partners, one team, one goal’ and we exceeded our expectations.
This first edition of the NCSC Conference has brought two days of inspiring speakers and opportunities to exchange ideas about the latest developments in the field of information security.
The conference was opened by Dutch Minister of Security and Justice Ivo Opstelten, one year after the start of the NCSC, which has now incorporated GOVCERT.NL.
The programme offered something of interest for a wide variety of participants, from technical specialists, decision-makers to researchers, from both the private and the public sector. In plenary and parallel sessions, with leading experts and inspiring speakers, a variety of topics were presented.
The NCSC conference 2013 was an amazing event #1
Michael Ahti’s presentation on how China controls their internet (and how other countries are copying their model) was education and slightly frightening.
He clearly explains why the Chinese government encourages copycat sites and how Beijing uses citizens and the internet to control the regional Mandarins.
HIGHLY RECOMMENED!
The NCSC conference 2013 was an amazing event #2
My presentation went over well – got lots of kudos and De Volkskrant selected it as one of their favorite presentations!
Read the 2 page article at the link below.
Everybody spies on everybody on the Internet. Your blogs, emails, tweets and Photos can [and will] always and everywhere be used against you ICT expert Raj Goel warns. He fights for privacy and self-determination rights of the computer user.
Beware The Little Sisters
By Wil Thijssen, Photo by An-Sofie Kesteleyn
Being a racist is stupid. Human, but stupid.
Being a racist AND posting online…that’s just dumb.
Racist + online postings + assassination threats against a US president? That’s the holy trifecta of stupid, dumb and criminally moronic.
Here’s hoping she develops SOME brain cells…
“I didn’t think it would be that big of a deal.”
These are words so many of us have used, just before someone slapped us across the chops.
So it has proved for Denise Helms, a 22-year-old woman from Turlock, Calif., who used Facebook to express her own miffedness with the re-election of the president.
As Fox 40 in Sacramento records it, she wrote: “Another 4 years of this n*****. Maybe he will get assassinated this term.”
Oddly, this post seems to have incurred something of a reaction itself. Not everyone was at one with her sentiment.
Indeed, her employer, Cold Stone Creamery, looked at it chillingly and fired her.
via Racist anti-Obama Facebook post gets woman fired | Technically Incorrect – CNET News.
Your email has LESS protections than postal mails, or even postcards.
Cops can search your emails without notifying you.
The feds have a large body of tools, and legal maneuvers (prosecutorial subpeonas, not judge-approved search warrants) that make acquiring emails and cell-phone logs a point-and-click affair.
We also learn that the former head of the CIA used immature communication subterfuge tactics (storing emails as drafts, not hitting send on a shared account). Teenagers today use better avoidance-detection methods…
If former CIA Director David Petraeus had secretly stashed love letters he exchanged with his paramour at home under his mattress, he might have actually done a better job of protecting his privacy.
Blame federal law for this counterintuitive result. Because it’s so easy to dash off an e-mail — or edit a Gmail draft — you might think electronic correspondence should receive far greater legal protections and be more difficult for the FBI to read.
Not quite. Because of the way a key federal privacy law was worded in 1986, back in the pre-Internet days of analog modems, floppy disks, and the 2.8 MHz Apple IIgs, e-mail stored in the cloud receives less legal protection than it would if printed out.
For love letters stashed under a mattress, FBI agents would have had to secure a search warrant from a judge to enter Petraeus’ bedroom. Perhaps just as important, he would likely have known that his house had been raided. Front doors bashed in with a “Hydra Ram” forcible entry tool tend to make that obvious. So does Rule 41 of the Federal Rules of Criminal Procedure.
But for love letters stored in draft format on Gmail, something that Petraeus and biographer Paula Broadwell reportedly did, the Justice Department claims that police have the right to access those without a search warrant. It says only a subpoena, signed by a prosecutor without a judge’s prior approval and without demonstrating probable cause related to a crime, is necessary.
In a legal brief (PDF) filed with a federal appeals court in a previous case, the Justice Department argues that draft e-mail messages aren’t in “electronic storage” and therefore “do not” require the FBI to obtain search warrants to peruse them.
Another oversight in the 1986 law, called the Electronic Communications Privacy Act (ECPA), is that you won’t even know if police are poking through your e-mail accounts. (Contrast this with the notification requirements for searching bank records.)
Courts have not required police to notify account holders of e-mail searches. In a 2009 ruling (PDF), a federal district judge in Oregon ruled that notifying the Internet or Web e-mail provider was sufficient under both ECPA and the Fourth Amendment. The court’s conclusion: the “notice requirement is satisfied when a valid warrant is obtained and served on the holder of the property to be seized, the ISP.”
via Petraeus e-mail affair highlights U.S. privacy law loopholes | Politics and Law – CNET News.
Extra-judicial 1st, 4th & 5th amendment violations…all in the name of “security”.
From Nov 27, 2012 NY Times:
When a cellphone is reported stolen in New York, the Police Department routinely subpoenas the phone’s call records, from the day of the theft onward. The logic is simple: If a thief uses the phone, a list of incoming and outgoing calls could lead to the suspect.
But in the process, the Police Department has quietly amassed a trove of telephone logs, all obtained without a court order, that could conceivably be used for any investigative purpose.The call records from the stolen cellphones are integrated into a database known as the Enterprise Case Management System, according to Police Department documents from the detective bureau.
via New York City Police Amassing a Trove of Cellphone Logs – NYTimes.com.
Welcome to the Balkanization of the internet.
While I’m no fan of Facebook, laws like these will hamper freedom & civil rights.
I’ve always said that with Social Media, you need to worry about your friends – even if you do everything right, and your friends make a mistake or break the law, you may be found guilty by association.
This law turns that premise into reality. If you ‘like’ a friend’s post, and that friend is found guilty of ["cybersex," identity theft, hacking, spamming, or pornography], then you are automatically guilty of the same.
From CBSnews.com
With more than 25 million Filipinos on Facebook and close to 10 million on Twitter, Filipinos rank among the top 10 users of both sites in the world.
But if you’re one of those who seldom think twice about “liking” a friend’s post on Facebook or re-tweeting someone else’s tweet, think again. Doing so in the Philippines may land you in jail.
On Sept. 12, President Benigno Aquino III signed into law the Cybercrime Prevention Act, which defines several new acts of crimes committed online, including, among others, “cybersex,” identity theft, hacking, spamming, and pornography.But while all that’s good, certain provisions of the law have millions of Filipinos up in arms – foremost of which is online libel.
“If you click ‘like,’ you can be sued, and if you share, you can also be sued,” said Sen. Teofisto Guingona III, one of the lawmakers who voted against the passage of the law.
“Even Mark Zuckerberg can be charged with cyber-libel,” the senator said.
via Facebook’s “like” may land Filipinos in jail – CBS News.
Amazon closed a Norwegian woman’s Amazon account AND DELETED all books off her Kindle for violating some secret Amazon policy.
Amazon will NOT disclose what policy she violated; nor restore her books; nor provide refunds for all the books that she purchased.
Moral of the story: You do NOT own ebooks (or downloaded music, movies or games). You are merely RENTING IT as a serfs from the digital landlord. As a serf, the only rights you have are given to you by the landlord, and can be revoked at whim.
This isn’t the first time Amazon played digital bully. In 2009, they settled a lawsuit for deleting 1984 from kindles (irony, thy name is Amazon!). See http://www.pcworld.com/article/172953/amazon_kindle_1984_lawsuit.html
Amazon just closed her account and wiped her Kindle. Without notice. Without explanation. This is DRM at it’s worst.Linn travels a lot and therefore has, or should I say had, a lot of books on her Kindle, purchased from Amazon. Suddenly, her Kindle was wiped and her account was closed. Being convinced that something wrong had happened, she sent an e-mail to Amazon, asking for help. This was the answer:
Dear Linn [last name], My name is Michael Murphy and I represent Executive Customer Relations within Amazon.co.uk. One of our mandates is to address the most acute account and order problems, and in this capacity your account and orders have been brought to my attention. We have found your account is directly related to another which has been previously closed for abuse of our policies. As such, your Amazon.co.uk account has been closed and any open orders have been cancelled. Per our Conditions of Use which state in part: Amazon.co.uk and its affiliates reserve the right to refuse service, terminate accounts, remove or edit content, or cancel orders at their sole discretion. Please know that any attempt to open a new account will meet with the same action. You may direct any questions to me at resolution-uk@amazon.co.uk. Thank you for your attention to this email. Regards Michael Murphy Executive Customer Relations Amazon.co.uk
Cop posts his photo on Facebook.
Cop goes undercover, and a convict’s girlfriend outs him.
Umm…remind me again why cops need a facebook page?
A Texas woman (Melissa Walthall) has been arrested and charged with a felony for posting a publicly available photograph of an undercover police officer to her Facebook profile, reports say.According to the Associated Press, Melissa Walthall, 30, of Mesquite, Tex., was arrested last week and charged with retaliation, a felony, for posting the photo.
via Melissa Walthall, Texas Woman, Arrested For Posting Photo Of Undercover Cop On Facebook.
Historically, I’ve spoken about the stupid/vain/dump things that users do on their Facebook profiles.
I’ve also warned about friending people.
Here’s an unfortunate case of social media revealing hidden data in VERY public manner.
From the Oct 14, 2012 Wall Street Journal
Bobbi Duncan desperately wanted her father not to know she is lesbian. Facebook told him anyway.
One evening last fall, the president of the Queer Chorus, a choir group she had recently joined, inadvertently exposed Ms. Duncan’s sexuality to her nearly 200 Facebook friends, including her father, by adding her to a Facebook Inc. discussion group. That night, Ms. Duncan’s father left vitriolic messages on her phone, demanding she renounce same-sex relationships, she says, and threatening to sever family ties.The 22-year-old cried all night on a friend’s couch. “I felt like someone had hit me in the stomach …
via When the Most Personal Secrets Get Outed on Facebook – WSJ.com.
accountants, CFO/CSO/CPO, CISSP, Events
On Friday October 12, 2012 at the American Association of Physicians of Indian Origin, Information Technology Security expert and author, Raj Goel, will be presenting “What Should Medical Practices know about HIPAA/HITECH Compliance.”
Goel’s presentation will describe HIPAA and its new changes and greater penalties. He will discuss the FTC Breach Rule as well where organizations that are not bound by HIPAA must report breaches. He will talk about the problem of ID theft that can not only lose data, but also lose customers. There will be real world case studies of the effects of HIPAA as well throughout his presentation. He will inform everyone that there are new requirements for private practices and hospitals, and that there are thousands of dollars you can save by complying with HIPAA regulations.
Raj Goel, CISSP, is the co-founder of Brainlink International, Inc., an IT consulting company based in New York City. With over twenty years of experience in the IT industry, Goel has helped developed security solutions for financial services and banking, along with pharmaceutical and health care industries. He has also worked with hospitals and regional medical centers in the northeast. Working with small to medium-sized companies, Goel provides technology solutions that facilitate the growth of revenues and profitability. He has presented over 100 seminars and conferences across the United States and Canada. He has appeared as an IT Security Expert in interviews on television and in newspapers and magazines including PBS Nightly Business Review, Entrepreneur Magazine, Information Security Magazine, and The New York Times. His recently published book The Most Important Secrets to Getting Great Results from IT: Everything Your Computer Consultant Never Told You focuses on the various options of using technology to help a business run more efficiently.
accountants, CFO/CSO/CPO, CISSP, Events
On Oct 23, 2012, Raj Goel, CISSP will conduct a live webinar for members of the
Joplin, MO Medical Community in conjunction with SNC Squared Networks
and
Jackson, MO Medical Community in conjunction with The Rite Group
This webinar follows in thw footsteps of the highly successful HIPAA Presentation that aj conducted for the New Haven Medical Community, in conjunction with SMB Networks, LLC.
New York, NY
Social Media has quickly woven itself into the very fabric of everyday life. This boom in sharing, even the most banal of details, has had a resounding impact on how our children, employees and colleagues communicate.
Using case studies from the US and around the world, we’ll examine how people have lost jobs, college admissions, college degrees, fortunes and freedom through (un)social media.
We’ll also investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations and governments.
We’ll also discuss some strategies and steps we can take to protect civil liberties and privacy in the age of Social Media.
New York, NY
Social Media has quickly woven itself into the very fabric of everyday life. This boom in sharing, even the most banal of details, has had a resounding impact on how our children, employees and colleagues communicate.
Using case studies from the US and around the world, we’ll examine how people have lost jobs, college admissions, college degrees, fortunes and freedom through (un)social media.
We’ll also investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations and governments.
We’ll also discuss some strategies and steps we can take to protect civil liberties and privacy in the age of Social Media.
Learn more at http://www.nyit.edu/conferences/cyber_security_conference/
Webinar -Sustainable Defense: How To Stop Chasing Security and Win the BattleSep 5, 2012
2:00 PM EST
Data protection, Privacy Compliance and Network Defense can seem like a never-ending tower defense game. And just like PvZ, you’ve got to identify your resources, plant your defenses, and watch as the horde of zombies, spam bots, and your own users batter your defenses.
Remember…when you lose, you get to play again.
When you win, the threats become stronger, the stakes higher, and the stress…incredible.
This presentation will take a critical view towards “vendor pitches”, and provides common-sense based, practical strategies for winning the game.
Register Here – http://www.brighttalk.com/r/SWj
accountants, CFO/CSO/CPO, CISSP, Events
2012-08-16-RajGoel-HIPAA_PCI_REDFLAG_Effective_MulticomplianceWe had a FANTASTIC turnout at the Second Annual Medical Practice Technology Day on Thursday August 16th 2012 from 8:00 am till 12:00 pm at the New Haven Lawn Club.
Raj Goel, CISSP, presented on Continous Compliance – HIPAA, PCI-DSS & RED FLAG.
Dr. K.J. Lee presented effective strategies for getting $44,000 from the US Government for implementing EHR & EMRs.
Raj’s Slides are available here – 2012-08-16-RajGoel-HIPAA_PCI_REDFLAG_Effective_Multicompliance
Philadelphia, PA.
http://www.asis2012.org/Pages/Seminar-Home-Page.aspx
Social Media has quickly woven itself into the very fabric of everyday life. This boom in sharing, even the most banal of details, has had a resounding impact on how our children, employees and colleagues communicate.
Using case studies from the US and around the world, we’ll examine how people have lost jobs, college admissions, college degrees, fortunes and freedom through (un)social media.
We’ll also investigate the rampant OVERCOLLECTION of customer and subscriber data by major corporations and governments.
We’ll also discuss some strategies and steps we can take to protect civil liberties and privacy in the age of Social Media.
Katherine Losse was Facebook’s employee #51 and personal ghost writer for Zuckerberg. Here’s what she revealed about DARK PROFILES.
NB: LinkedIn does this as well. So do most other social media & dating firms. Facebook does it best (or worst..)
From TheWashingtoinPost:
Facebook engineers was developing what they called “dark profiles” — pages for people who had not signed up for the service but who had been identified in posts by Facebook users. The dark profiles were not to be visible to ordinary users, Losse said, but if the person eventually signed up, Facebook would activate those latent links to other users.
All the world a stage
Losse’s unease sharpened when a celebrated Facebook engineer was developing the capacity for users to upload video to their pages. He started videotaping friends, including Losse, almost compulsively. On one road trip together, the engineer made a video of her napping in a car and uploaded it remotely to an internal Facebook page. Comments noting her siesta soon began appearing — only moments after it happened.
“The day before, I could just be in a car being in a car. Now my being in a car is a performance that is visible to everyone,” Losse said, exasperation creeping into her voice. “It’s almost like there is no middle of nowhere anymore.”
via Refugee from Facebook questions the social media life – The Washington Post.
ISC(2) SecureSanAntonio – Jan 19, 2012
ISC(2) SecureDallas – Jan 20 2012
© 2013 Raj Goel, CISSP. Powered by WordPress.
