report-card-ferpa-edtech

For a passing grade, EdTech needs a privacy solution

Last week, New York state lawmakers passed legislation to prevent identifiable student data from being uploaded to a centralized national database. The database belongs to a non-profit in the growing education technology or EdTech sector. Their goal was to collect PII, student scores, attendance, and other information and then disseminate it to teachers and administrators…

800px-Anonymous_at_Scientology_in_Los_Angeles

Malevolent Marketplaces

When considering security, it’s typical to think of systems in terms of technology: bugs, errors, and broken or exploited code. However, underlying the technical issues we face every day as technology professionals, there are economic forces attempting to exploit those cracks in the security facade for their own gain. While that fact is fairly self-evident and an intrinsic…

5 Privacy Concerns about Wearable Technology

5 Privacy Concerns about Wearable Technology

With over 55 different fitness wearable devices to choose from, the wearables market has breathed new life into our personal health, providing us with more insight into our sleep patterns, calories burned, blood pressure, heart rate and so much more. In the near future, we may even ingest sensors to gauge how our body reacts…

Automate Exchange Distribution List Management

From a business perspective, distribution lists (DLs) for email communications are a powerful and well-understood concept in IT. And they are popular: Exchange admins have voted with their right-clicks, creating lots of these Active Directory objects in their corporate domains. DLs speed up overall collaboration and leverage the power of groups to answer questions, share…

bruce

Cryptography May Not Be Dead, But It Is on Life Support

Cindy and I had the good fortune of attending part of the Real World Cryptography Workshop held last week in New York City. We went primarily to listen to Bruce Schneier discuss the implications of the Snowden documents. But we quickly learned from others sessions that there was an underlying context to this conference.  Over…

we own4

Lessons from the Government’s Cyber Crime Cases: Don’t Let Hackers ‘Own the Site’

As part of another project I’m working on, I’ve been reviewing real-world investigations of hackers—at least the ones who were caught and  facing trials in the Federal criminal court system. You can learn much about the hacker mindset and also by extension what organizations are missing in their data security by reading the indictments filed…

FBI Investigates Punxsutawney Phil

One of the items on my blog check-list was to review the presentations from the Blackhat 2013 conference held earlier this summer. While browsing their archives I came across former FBI Chief Security Officer Patrick Reidy’s talk on insider threats. He hooked me on the blurb for his PowerPoint, which, to paraphrase, went something like,…

New PII Discovered: License Plate Pictures

After finishing up some research on personally identifiable information I thought, mistakenly, that I was familiar with the most exotic forms of PII uncovered in recent years, including zip code-birth date, movie ratings and other consumer preference information, social network relationships, and facial images. And then I came across an article in Forbes that forced…