Manage episode 169995011 series 12320
St. Jude, MedSec and the FDA
- FDA, St. Jude go through disclosure/fix cycle
- No mention of MedSec - interesting for discussion; did they have an impact?
- St. Jude does a fairly great job of notification, updating
- “Benefits outweigh the risks”... that’s a big statement
New York financial regulator to delay cyber security rules
- Originally supposed to go into effect Jan 1.. New Date is March 1
- We discussed in passing in a previous episode
- There are final adjustments being made, of course
Massachusetts makes data breach reports available online
- Seems less like a report and more of just the quick details of the notification
- How much value does this provide?
- Finding a company on the list doesn’t indicate its current security posture.
- Identifying that you did business with a company on the list.. Not much you can do anyway.
- Still no indications of what happened, or who was actually affected
- Wouldn’t you get an email or snail mail during the original notification procedures?
- New Hampshire has done this for a while, except they provide the submitted letters, not just statistics (http://doj.nh.gov/consumer/security-breaches/)
- Another article talking about a few other states that do this as well https://www.wired.com/2017/01/states-now-actually-help-figure-youve-hacked/
- Washington, Indiana, California
California passes law making ransomware illegal
- Wasn’t it already illegal under the CFAA?
- The purpose is to make it easier to prosecute rather than being forced to prosecute under other extortion or laundering laws
- How does this affect the enterprise? More apt to follow up or file with FBI or other law enforcement?
- Will we see more laws like this, where they target specific acts?
Online databases dropping like flies, with >10K falling to ransomware groups
- This was reported earlier in the week (last monday or Tuesday) and has grown to more than 10K infected in less than a week.
- Mongo Blog post outlining steps to protect your installation - https://www.mongodb.com/blog/post/how-to-avoid-a-malicious-attack-that-ransoms-your-data
- The security checklist for mongoDB - https://docs.mongodb.com/manual/administration/security-checklist/
TV anchor says live on-air ‘Alexa, order me a dollhouse’ - guess what happens next
- Secure Defaults? Apparently Voice ordering is on by default.. https://www.amazon.com/gp/help/customer/display.html?nodeId=201952610
- You can turn voice ordering on or off
- You can optionally set a confirmation code
- The issue here is it is vocal. Couldn’t your kids or someone else close by hear the code?
- Manage your 1-click settings
- Are people bringing these sorts of technologies into your enterprise? How are you handling it?
- How does this impact your security?
- How are you handling it?
- Appropriate for coverage or do you think just providing a quick mention and the link in the show notes?
302 episodes available. A new episode about every 6 days averaging 47 mins duration .