Shuyuan Mary Ho Metcalfe

Hidden in the Twittersphere are nuggets of information that could prove useful to crime fighters — even before a crime has been committed. Researchers at the University of Virginia demonstrated tweets could predict certain kinds of crimes if the correct analysis is applied.

A research paper published in the scientific journal Decision Support Systems last month said the analysis of geo-tagged tweets can be useful in predicting 19 to 25 kinds of crimes, especially for offenses such as stalking, thefts and certain kinds of assault.

The results are surprising, especially when one considers that people rarely tweet about crimes directly, said lead researcher Matthew Gerber of the university’s Predictive Technology Lab.

Gerber said even tweets that have no direct link to crimes may contain information about activities often associated with them.

Researchers use Twitter to predict crime (via AFP)

Hidden in the Twittersphere are nuggets of information that could prove useful to crime fighters — even before a crime has been committed. Researchers at the University of Virginia demonstrated tweets could predict certain kinds of crimes if the correct…

Continue reading →

A recent Washington Post article reported that the D.C. region has more cyber job openings than any other area in the US. The requirement that candidates hold a CISSP certification was likely a factor in such a high percentage of jobs going unfilled, said the story. CISSP stands for Certified Information Systems Security Professional. In other words, organizations are not able to “fast-track anyone to being certification-ready” and thus aren’t able to fill positions.

Although the increased demand for the CISSP  — (ISC)²‘s flagship certification — is great news at one level, it misses a larger point. The shortage of certified security experts reflects, to a certain extent, a lack of understanding about the types of certifications professionals can earn, and the requirements associated with them. I would encourage the US government and every industry building its cyber workforce to take the time to fully understand the career path of cyber professionals — and to do so prior to assessing their personnel needs and publishing job opening requirements.

More available from Information Week by clicking here

An encryption tool used by a large chunk of the Internet is flawed, potentially exposing reams of data meant to be hidden from prying eyes.

The newly discovered security bug nicknamed Heartbleed has exposed millions of usernames, passwords and reportedly credit card numbers — a major problem that hackers could have exploited during the more than two years it went undetected.

It’s unlike most of the breaches reported over the past few years, in which one Web site or another got hacked or let its guard down. The flaw this time is in code designed to keep servers secure — tens of thousands of servers on which data is stored for thousands of sites.

That’s why some experts were calling Heartbleed the worst bug yet, something that should worry everyone who frequents the Internet or does business on it.

More available from The Washington Post by clicking here:

http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/

According to an Enterprise Strategy Group survey of IT professionals, cloud and server virtualization security has the highest shortage of qualified workers. In this video report, we talk to experts on how companies are addressing that skills gap and grooming cybersecurity professionals within their organizations.

Click here to watch.

School president apologies for a “sophisticated” security breach that exposed the sensitive personal information faculty, staff, and students at the school since 1998.

The sensitive personal information for more than 300,000 faculty, staff, and students at the University of Maryland were stolen in a “sophisticated” cyberattack on the school’s recently bolstered security defenses, the school’s president revealed late Wednesday.

The names, Social Security numbers, and birth dates of 309,079 individuals affiliated with school’s College Park and Shady Grove campuses who were issued a university identification card since 1998 were exposed in Tuesday’s attack, according to an apology issued Wednesday by university President Wallace Loh. 

More from Cnet.com here: http://news.cnet.com/8301-1009_3-57619169-83/data-breach-at-university-of-maryland-exposes-300k-records/

SlickLogin, an Israeli startup and developer of smart identification technology through user smartphones has been acquired by Google for several million (the official transaction amount remains undisclosed). SlickLogin was founded under a year ago by Or Zelig, Eran Galili and Ori Kabeli. The company first unveiled its technology at TechCrunch Disrupt held last September. the company has yet to launch their product nor have they any customers to date.

SlickLogin obviates the need for additional hardware by relying on user smartphones, but unlike existing solutions, the company’s system does not require the user to receive a text message or move any given mobile device to their computer. Rather it performs the identification independently by playing an ultrasonic frequency from the mobile device. The system on the computer or any other device analyses the frequency for identification and no other additional identification process is required. If you look at the process side, it appears as if the user just types their username and password, since the rest of the process is carried out automatically and transparently when the two devices are near each other.

Learn more from Geektime.com by clicking here: http://www.geektime.com/2014/02/16/google-acquires-slicklogin/

To Edward Snowden and supporters: “You can’t expect the police to protect you if you won’t let them patrol your neighborhood.”

As the result of an Executive Order last February, the Executive Branch has introduced the Cybersecurity Framework, described to be “a voluntary how-to guide for organizations in the critical infrastructure community to enhance their cybersecurity.”

The best practices and guidelines within the Framework are structured around three primary components: the Framework Core, Profiles, and Tiers — each said to also include advice in balancing these regulations with privacy concerns.

In a statement on Wednesday, President Obama explained further that the National Institute of Standards and Technology “has worked with the private sector to develop a Cybersecurity Framework that highlights best practices and globally recognized standards so that companies across our economy can better manage cyber risk to our critical infrastructure.”

The White House stressed that abiding by the Framework is voluntary, but added that the Department of Homeland Security will be tasked with boosting awareness for the program as well as brainstorming potential incentives.

The Framework gathers existing global standards and practices to help organizations understand, communicate, and manage their cyber risks. For organizations that don’t know where to start, the Framework provides a road map. For organizations with more advanced cybersecurity, the Framework offers a way to better communicate with their CEOs and with suppliers about management of cyber risks. Organizations outside the United States may also wish use the Framework to support their own cybersecurity efforts.

The first version of the Framework for Improving Critical Infrastructure Cybersecurity is available online now.

This is an unpaid volunteer position, but what a great opportunity for one lucky FSU student!

Until 2013, the data breach that affected millions of T.J. Maxx and Marshalls shoppers almost a decade ago reigned supreme in the annals of retail hacking.

The holiday-season attack on Target, the nation’s third-largest retailer, made that episode seem almost trifling by comparison. From Thanksgiving week into December, the year’s busiest buying period, personal information of up to 110 million Target customers was stolen — and the repercussions for the company, for consumers, and for the retailing industry are likely to persist for months, if not years.

“The Target hacking was an earthquake in comparison with previous ones,” said Eugene Fram, professor emeritus of marketing with Rochester Institute of Technology’s Saunders College of Business.

And the worst almost certainly is yet to come, the FBI maintains.

In a recent confidential report to retailers, the agency warned of the spread of malicious software — malware — that can clandestinely penetrate so-called point-of-sale systems, the means by which retailers conduct transactions. Credit-card swiping machines, which connect to a company’s computer network, typically through the Internet, are a common POS device.

More available from ProvidenceJournal.com by clicking here