report-card-ferpa-edtech

For a passing grade, EdTech needs a privacy solution

Last week, New York state lawmakers passed legislation to prevent identifiable student data from being uploaded to a centralized national database. The database belongs to a non-profit in the growing education technology or EdTech sector. Their goal was to collect PII, student scores, attendance, and other information and then disseminate it to teachers and administrators…

one-question-wish-breach-notification-letters-address

One Question I Wish all Breach Notification Letters Would Address

Recently, on two separate occasions, I received a new credit card and debit card, along with an ambiguous letter about why a new card was sent. My initial interpretation of the letter was that there had been a security breach.  However, calls to my credit card company and bank inquiring for more detailed information about…

800px-Anonymous_at_Scientology_in_Los_Angeles

Malevolent Marketplaces

When considering security, it’s typical to think of systems in terms of technology: bugs, errors, and broken or exploited code. However, underlying the technical issues we face every day as technology professionals, there are economic forces attempting to exploit those cracks in the security facade for their own gain. While that fact is fairly self-evident and an intrinsic…

5 Privacy Concerns about Wearable Technology

5 Privacy Concerns about Wearable Technology

With over 55 different fitness wearable devices to choose from, the wearables market has breathed new life into our personal health, providing us with more insight into our sleep patterns, calories burned, blood pressure, heart rate and so much more. In the near future, we may even ingest sensors to gauge how our body reacts…

Anabas_testudineus_Day

Anatomy of a Phish: New Varonis eBook Connects Social Attacks and APTs to Human-Generated Data

Security analysts have been telling us that phishing incidents have been on the rise, and the threat will get worse in the coming years. Sure phishing and other social attacks are insanely clever, tricking victims into effectively inviting hackers in through the front door. But when cyber thieves also use advanced persistent threats or APTs—embedding…

800px-Moscone_Center,_San_Francisco_(2013)

The ‘Varonis Track’ at RSA 2014

The tagline for the RSA Conference to be held later this month (2/24 – 2/28) at San Francisco’s Moscone Center is “where the world talks security.”  The Varonis team will also be there (South Expo #2309) to talk security.  At the Metadata Era, we’ve been lately focusing on new threats based on a combination of…

568px-Brumidi,_Constantino_-_Apotheosis_of_Washington,_detail_E_Pluribus_Unum_-_1865_

A National US Breach Notification Law May Be on the Way

Last month when I was prognosticating about the year ahead in data regulations, I held out some vague hope that there might come to pass a law on the national level with minimal standards for PII protection. There have been a few proposals that have been kicking around Congress over the years, any one of…

beenhacked

Secrets to Preventing POS-based Attacks in Retail

There’s still much mystery surrounding the recent cyber heist in which tens of millions of credit card numbers were removed from a major retailer’s POS system, though we learn more almost every day. The always indispensable Krebs is a good starting point for background information and very informed speculation.  There are good reasons—based on FBI…

Random-graph-Erdos_generated_network.svg (1)

Connecting the Dots between Phishing, Human Generated Data, and Data Exposure

Last week, I wrote about some of the implications of Bruce Schneier’s recent talk at a cryptography conference held in New York.  In short: APTs in combination with phishing attacks have upset the data security balance of power, with hackers (and government intelligence) coming out ahead.  If you’ve been following along at the Metadata Era,…

bruce

Cryptography May Not Be Dead, But It Is on Life Support

Cindy and I had the good fortune of attending part of the Real World Cryptography Workshop held last week in New York City. We went primarily to listen to Bruce Schneier discuss the implications of the Snowden documents. But we quickly learned from others sessions that there was an underlying context to this conference.  Over…