Author Archive

Mooting in 2014, the Australian Government looks to strengthen data protection requirements for by requiring IT suppliers to provide a “Commonwealth Data Protection Plan” (CDPP).

The CDPP essentially describes how an agency would treat its data during the phases of its lifecycle. The data lifecycle typically entails:

Collection Usage & Disclosure Storage & Archival Disposal & Destruction

It also looks to integrate with other data protection mechanisms like:

The ISM from PSPF Privacy Assessments from the Privacy Act AML/CTF Laws Archives Act GDPR Others…

The 2019–20 coronavirus pandemic is an ongoing pandemic of coronavirus disease 2019 (COVID‑19) caused by severe acute respiratory syndrome coronavirus 2 (SARS‑CoV‑2). The outbreak was identified in Wuhan, China, in December 2019. The World Health Organization declared the outbreak a Public Health Emergency of International Concern on 30 January, and a pandemic on 11 March. As of 3 May 2020, more than 3.42 million cases of COVID-19 have been reported in 187 countries and territories, resulting in more than 243,000 deaths. More than 1.09 million people have recovered.

Get downloads to coronavirus dataset here:

https://ourworldindata.org/coronavirus-source-data https://www.kaggle.com/sudalairajkumar/novel-corona-virus-2019-dataset https://data.humdata.org/dataset/novel-coronavirus-2019-ncov-cases

Luscious.net loses 1million user details. According to the team at vpnMentor, an exposed database allowed access to Luscious account holders’ personal details. 

The accessible data included usernames, email addresses, activity logs, and location data for all 1.195 million users.

“Our team was able to access this database because it was completely unsecured and unencrypted,” writes the vpnMentor team. 

If Luscious users happened to use email addresses associated with their real names to register accounts, that information — tied to location data — could be more than enough to associate specific Luscious accounts with their owners. Users’ video uploads to the site were also accessible.

The breach was discovered on Aug. 15, and, after being notified by vpnMentor, Luscious fixed the issue on Aug. 19. That doesn’t mean, however, that no harm was done. 

“While the data breach is now closed,” write the researchers, “it’s still possible that other hackers could have accessed it earlier and extracted the same data we viewed.” 

“A greater issue of concern is the fact that many users joined Luscious on official government emails,” notes vpnMentor. “We found examples of this from users in Brazil, Australia, Italy, Malaysia, and Australia.”

The 2015 Ashley Madison hack demonstrated how this type of information is practically designed for blackmail. In that case, a dating site purportedly offering to put married men in touch with women was breached, and its database consisting of usernames and emails fell into the hands of hackers.

Organisation have had it easy for some time. Data breaches are increasingly being addressed with penalties backed by GDPR legislation. Some noted fines are:

British Airways was fined $328M. Facebook fined $5B for Cambridge Analytica data theft. $99M for Marriott Hotel

In Australia, the OAIC reports that it received 812 privacy complaints in 2018.

Entity Records Organization type Method 2019 Bulgarian revenue agency hack over 5,000,000 government hacked Canva 140,000,000 web hacked Capital One 106,000,000 financial hacked Desjardins 2,900,000 financial inside job Facebook 540,000,000 social network poor security Facebook 1,500,000 social network accidentally uploaded First American Corporation 885,000,000 financial service company poor security Health Sciences Authority (Singapore) 808,000 healthcare poor security Justdial 100,000,000 local search unprotected api Ministry of Health (Singapore) 14,200 healthcare poor security/inside job Quest Diagnostics 11,900,000 Clinical Laboratory poor security StockX 6,800,000 retail hacked Truecaller 299,055,819 Telephone directory unknown Woodruff Arts Center unknown arts group poor security Westpac 98,000 financial hacked Australian National University 19 years of data academic hacked

Here are a few links to fines noted.

https://www.abc.net.au/news/2019-07-08/british-airways-cybercrime-credit-card-hack-fine/11289738

#10 — Panera

Number of victims: 37 millionWho was targeted: All PaneraBread.com customer accountsWhat data was exposed: Names, email and physical addresses, birthdays, and the last four digits of the customers’ credit card numbersTimeframe: Disclosed April 2018What happened: Despite being warned by a cybersecurity expert in August 2017 that their website was leaking data, the Panera IT team failed to act until 8 months later when it announced the leak and took the site down for security maintenance.

#9 — Newegg

Number of victims: 50 millionWho was targeted: Newegg online shoppersWhat data was exposed: Credit card infoTimeframe: August 14, 2018 – September 18, 2018What happened: The online retailer was hacked by cybergang Magecart, who injected a credit card skimming code into the Newegg website. Whenever a customer bought something online, that payment info went straight to Magecart’s C&C (command and control server).

#8 — Elasticsearch

Number of victims: 82 million (57M consumers, 26M businesses)Who was targeted: Users and online businesses across the internetWhat data was exposed: From individual users — names, email and physical addresses, phone numbers, IP addresses, employers, and job titles. From businesses — names, company details, zip codes, carrier routes, latitudes/longitudes, census tracts, phone numbers, web addresses, email addresses, employee count, revenue numbers, NAICS codes, SIC codes, and more.Timeframe: Discovered November 14, 2018What happened: This is one of those cases we mentioned above where a regular security audit led to a researcher stumbling upon over 80 million records of sensitive, aggregated data. It is unknown how long the databases were sitting unguarded and who, if anyone, has had the opportunity to copy and steal all the data. Cybersecurity experts believe they have tracked down the source of the unguarded databases to a data management company that has since closed its doors, but it is still officially unknown.

#7 —  Facebook

Number of victims: 87 millionWho was targeted: Facebook usersWhat data was exposed: Profile info, political beliefs, friend networks, private messagesTimeframe: Disclosed September 2018What happened: This is the notorious Cambridge Analytica scandal where the data-collecting firm illegally harvested users’ info without their permission. The secret operation was politically motivated—namely, to influence the 2016 US presidential campaign. And though the breach occurred a couple years ago, it’s only this year that investigatory conclusions have come out, giving us a clearer picture of what happened.

#6 — MyHeritage

Number of victims: 92 millionWho was targeted: MyHeritage usersWhat data was exposed: email addresses and hashed passwordsTimeframe: Alerted June 2018What happened: Cybersecurity researchers alerted the genealogy site in June 2018 that an outside server had been discovered with sensitive MyHeritage info. The company confirmed the info was legitimate and alerted its users that any account holders who signed up earlier than October 26, 2017 were at risk and should change their passwords.

#5 — Quora

Number of victims: 100 millionWho was targeted: Quora usersWhat data was exposed: Names, email addresses, hashed passwords, profile data, public and non-public actionsTimeframe: Discovered December 3, 2018What happened: Many questions still surround the details of this breach, but the question-and-answer site reported to its users that a third party had gained unauthorized access to one of their systems, expounding no further.  

#4 — Under Armour

Number of victims: 150 millionWho was targeted: MyFitnessPal usersWhat data was exposed: User names, email addresses, hashed passwordsTimeframe: Late February 2018What happened: The company’s food and nutrition app was hacked, opening up the above info to the attackers, but not, thankfully, any payment info, which the company processes through a separate channel.

#3 — Exactis

Number of victims: 340 million (230M consumers, 110M businesses)Who was targeted: Users and businesses across the internetWhat data was exposed: Over 400 categories of detail, such as phone numbers, email and physical addresses, interests, ages, religions, pet ownership, etc.Timeframe: June 2018What happened: Data collection firm Exactis somehow had 2 terabytes of data relocated to a public site for all to see. It’s unknown who or how many people accessed the info before it was discovered.

#2 — Starwood

Number of victims: 500 millionWho was targeted: Starwood guestsWhat data was exposed: Names, email and physical addresses, phone numbers, passport numbers, account info, birth dates, gender, travel info, and accommodation info. Some of the breached info also included hashed credit card info.Timeframe: Discovered September 10, 2018, but could have stretched as far back as 2014What happened: Like many of the other official breach statements, the Marriott-owned hotel chain issued a statement that its servers had suffered “unauthorized access,” but recent discoveries from the investigation indicate the breach may have been caused by the Chinese government for political purposes.

#1 — Aadhaar

Number of victims: 1.1 billionWho was targeted: Indian citizensWhat data was exposed: Aadhaar numbers, names, email and physical addresses, phone numbers, and photosTimeframe: August 2017 – January 2018What happened: Anonymous sellers over WhatsApp charged Rs 500 and lower for a portal into India’s Unique Identification Authority where the records of virtually every citizen was at the payer’s fingertips.

Agile has been around some 15 years now. Organisations have tried to leverage agile thinking. Some have failed. Yet agile thinking remains relevant to the enterprise. Agile thinking itself has evolved beyond a technical audience, and now encompasses the broader business community and leverages a smorgasbord of techniques. These include:

Kanban Extreme Programming (XP) Holacracy Scrum Rapid Application Development (RAD) Shu-Ha-Ri / Retrospectives Lean Startup Beyond Budgeting Motivation 3.0 Stoos Network Radical Management Management 3.0 Cynefin Framework WikiSpeed Social Contracts Agile Chartering Agile Testing NoEstimates Showcases

Agile effectively manages people, processes, resources, project time. It is important for teams to evolve soft skills like:

Communication Discipline Social Respect Responsibility

The tools for agile has also evolved. These provide:

Agile Metrics Impact Mapping, Story Mapping Feature, Epics, Stories Planning Poker Release Planning

 

Obviously, the elites haven’t learnt from the Panama Papers. Setting up these offshore structures take a long time, and to de-construct them take significant effort too. So what are the Paradise Papers?

They are 13.4M records acquired from the law firm and corporate services company called “Appleby”. It involves people and organisations.

Interestingly, Singapore has largely kept itself out of this leak.

Anyway, here’s a copy of the paradise papers dataset.

Bitcoin is a crypto-currency which leverages the Blockchain. Similar to a real currency, Bitcoin is hailed as a revolutionary technology for storing value. It’s popularity stems from distrust in real world currencies, the un-regulated printing of currencies like the US Dollar.

Bitcoin is governed by “developers” and infrastructure. Crypto Miners who facilitate the transactions within the Bitcoin ecosystem have a shared consensus to regulate and evolve the Bitcoin economy. Bitcoin has governed parameters which include a limit on quantity, blocksize and others.

Today, the Bitcoin community seeks to evolve Bitcoin with agreed changes. Segwit2x, also known as the New York Agreement, is an industry-wide compromise that CEO and founder of Digital Currency Group Barry Silbert spearheaded in May to activate the Segregated Witness (Segwit) scaling upgrade for Bitcoin. Key mining pools and exchanges that agreed to the aforementioned plan include Bitmain’s Antpool, Btc.top, Bixin, Btcc Pool, F2pool, Huobi, Okcoin, Viabtc, BW, 1Hash, Canoe, Batpool, and Bitkan.

The event and announcement closely follow Bitmain’s release of its hard fork protection plan against UASF BIP148, which CEO Jihan Wu has described as an attack on Bitcoin. He spoke at the Summit on June 14 about how to prevent BIP148 from activating, outlining its weaknesses.

China owns ~80% of Bitcoin mining infrastructure and typically plays a dominant role in the future of Bitcoin.

Read more here.

In 2005, a research team led by the Electronic Frontier Foundation (EFF) broke the code behind tiny tracking dots that some color laser printers secretly hide in every document.

The U.S. Secret Service admitted that the tracking information is part of a deal struck with selected color laser printer manufacturers, ostensibly to identify counterfeiters. However, the nature of the private information encoded in each document was not previously known.

“We’ve found that the dots from at least one line of printers encode the date and time your document was printed, as well as the serial number of the printer,” said EFF Staff Technologist Seth David Schoen.

You can see the dots on color prints from machines made by Xerox, Canon, and other manufacturers (for a list of the printers we investigated so far, see: http://www.eff.org/Privacy/printers/list.php). The dots are yellow, less than one millimeter in diameter, and are typically repeated over each page of a document. In order to see the pattern, you need a blue light, a magnifying glass, or a microscope (for instructions on how to see the dots, see: http://www.eff.org/Privacy/printers/docucolor/).

EFF and its partners began its project to break the printer code with the Xerox DocuColor line. Researchers Schoen, EFF intern Robert Lee, and volunteers Patrick Murphy and Joel Alwen compared dots from test pages sent in by EFF supporters, noting similarities and differences in their arrangement, and then found a simple way to read the pattern.

“So far, we’ve only broken the code for Xerox DocuColor printers,” said Schoen. “But we believe that other models from other manufacturers include the same personally identifiable information in their tracking dots.”

You can decode your own Xerox DocuColor prints using EFF’s automated program at http://www.eff.org/Privacy/printers/docucolor/index.php#program.

Xerox previously admitted that it provided these tracking dots to the government, but indicated that only the Secret Service had the ability to read the code. The Secret Service maintains that it only uses the information for criminal counterfeit investigations. However, there are no laws to prevent the government from abusing this information.

“Underground democracy movements that produce political or religious pamphlets and flyers, like the Russian samizdat of the 1980s, will always need the anonymity of simple paper documents, but this technology makes it easier for governments to find dissenters,” said EFF Senior Staff Attorney Lee Tien. “Even worse, it shows how the government and private industry make backroom deals to weaken our privacy by compromising everyday equipment like printers. The logical next question is: what other deals have been or are being made to ensure that our technology rats on us?”

EFF is still working on cracking the codes from other printers and we need the public’s help. Find out how you can make your own test pages to be included in our research at http://www.eff.org/Privacy/printers/wp.php#testsheets.

 

 

In 2007, a team of Google engineers needed more accurate time for servers. Time is especially useful for synchronising data, and especially transactional data. Technologies like Cassandra depend on accurate time between database servers to be able to reconstruct the order-of-events on a database. The end goal is to be sure about the “State-of-Data”.

NTP (network time protocol) is what unix servers and internet machines use to synchronise time. Due to network delays or processing delays, a computer’s time can easily get out of sync with its peers. The margin of error has been minor, and the demand for high accuracy has been crucial. But for a large computing company like Google, keeping thousands of system accurate was important for them to create “Spanner“.

Spanner is the new time keeping platform that Google has constructed using GPS and an atomic clock. Fortunately the distances we have to cover is at most the span of the earth. I am sure the folks in NASA and other space faring agencies will have to consider time differences spanning larger quantums of space.

This is all in the effort to maintain the “State-of-Data”.