Tuesday, February 28, 2017
I guess this is one of those things that “could possibly go wrong.”
Stuffed toys database left personal data exposed, says security expert
… Email addresses of over 820,000 users of the CloudPets were stored in a MongoDB database within a publicly facing network segment, which could be searched without any authentication by using the Shodan IoT search engine, according to the report from cybersecurity researcher Troy Hunt.
Many of the passwords for the CloudPets accounts were easily crackable because no rules for password strength were enforced, meaning they could be just one character long. As Hunt points out, even the company's own 'Getting Started' video features a weak password -- just 'qwe', a three character sequence made up of keys next to each other on a keyboard.
… Hunt said it was possible to access voice recordings from a database of 2.2 million files, exposing the conversations children and their parents had with the toys to strangers online.
"The services sitting on top of the exposed database are able to point to the precise location of the profile pictures and voice recordings of children," said Hunt.
Despite cybersecurity researchers pointing out these flaws, Spiral Toys, which makes the CloudPet toys, denied that security was compromised.
Where my Computer Security students are heading?
The evolving role of the chief security officer
Is it because we don’t know how to spend money preventing terrorism?
Ironically, perhaps, Joe Cadillic wrote on February 24:
Bourborn Street/Mardi Gras will never be the same, as police state America uses our fear of terrorism to turn 20 neighborhoods into a giant surveillance network! As you’ll see, no one is safe from New Orleans spying surveillance cameras.
Police are spending $40 million dollars to install over a hundred new license plate readers, remote sensing technology, roadblocks, high definition thermal cameras equipped with night vision and much more. Police have also spent $12.6 million on a new spying command center.
Of course, it didn’t prevent a drunk driver from injuring 28 people, but hey, it makes for great security theatre, right?
Read more on MassPrivateI.
Why does it continue to astonish journalists that government employees might prefer secure communication? That does not automatically translate to lost records.
Trump inspires encryption boom in leaky D.C.
Poisonous political divisions have spawned an encryption arms race across the Trump administration, as both the president’s advisers and career civil servants scramble to cover their digital tracks in a capital nervous about leaks.
The surge in the use of scrambled-communication technology — enabled by free smartphone apps such as WhatsApp and Signal — could skirt or violate laws that require government records to be preserved and the public’s business to be conducted in official channels, several ethics experts say. It may even cloud future generations’ knowledge of the full history of Donald Trump’s presidency.
… White House press secretary Sean Spicer has pointedly warned his staff that using encrypted apps would violate a law requiring the preservation of presidential records, POLITICO reported Sunday. [Maybe the confusion isn’t all on the journalism side. Bob]
As long as we’re talking about Sean Spicer…
On any other Monday, in any other year, it’s hard to imagine that today’s 19-page ruling by Judge Oetken in Nicholas v. City of New York would merit much attention. Indeed, all the court did today was to deny the defendants’ motion to dismiss a pro se claim arising out of the allegedly retaliatory revocation of a photographer’s media credential. But in the course of doing so, Judge Oetken had a chance to say some interesting things about the government’s ability (and lack thereof) to restrict media access to newsworthy events (with citations omitted), a topic we’ve already been discussing today:
Joseph Cox reports:
Last week, Motherboard demonstrated a piece of Android malware that can remotely turn on a smartphone’s microphone, track the user’s location, and intercept phone calls. When buying similar spyware for iPhones, attackers typically need to jailbreak the device first so they can then install unauthorized apps—a technical barrier that may take some time.
But companies do offer monitoring solutions for iPhones that apparently work on iOS 10 devices and don’t require a jailbreak. Instead, they take advantage of another aspect of Apple products that some users may overlook—iCloud backups. Although the method isn’t sophisticated, and the attacker requires a target’s Apple ID and password, it still highlights the options available to someone trying to monitor their spouse using off-the-shelf tools.
Read more on Motherboard.
Open Data Privacy Playbook
Berkman Klein Center – A data privacy playbook by Ben Green, Gabe Cunningham, Ariel Ekblaw, Paul Kominers, Andrew Linzer, and Susan Crawford.
“Cities today collect and store a wide range of data that may contain sensitive or identifiable information about residents. As cities embrace open data initiatives, more of this information is available to the public. While releasing data has many important benefits, sharing data comes with inherent risks to individual privacy: released data can reveal information about individuals that would otherwise not be public knowledge. In recent years, open data such as taxi trips, voter registration files, and police records have revealed information that many believe should not be released.
Effective data governance is a prerequisite for successful open data programs. The goal of this document is to codify responsible privacy-protective approaches and processes that could be adopted by cities and other government organizations that are publicly releasing data. Our report is organized around four recommendations:
· Conduct risk-benefit analyses to inform the design and implementation of open data programs.
· Consider privacy at each stage of the data lifecycle: collect, maintain, release, delete.
· Develop operational structures and processes that codify privacy management widely throughout the City.
· Emphasize public engagement and public priorities as essential aspects of data management programs.
Each chapter of this report is dedicated to one of these four recommendations, and provides fundamental context along with specific suggestions to carry them out. In particular, we provide case studies of best practices from numerous cities and a set of forms and tactics for cities to implement our recommendations. The Appendix synthesizes key elements of the report into an Open Data Privacy Toolkit that cities can use to manage privacy when releasing data.”
If they are teaching Blockchain at Harvard, it must be considered a viable technology.
Many of the technologies we now take for granted were quiet revolutions in their time. Just think about how much smartphones have changed the way we live and work. It used to be that when people were out of the office, they were gone, because a telephone was tied to a place, not to a person. Now we have global nomads building new businesses straight from their phones. And to think: Smartphones have been around for merely a decade.
We’re now in the midst of another quiet revolution: blockchain, a distributed database that maintains a continuously growing list of ordered records, called “blocks.”
Has the world been waiting for this technology?
Why you may never again have to stand in line for drinks at a bar
Could technology put an end to the annoying wait time for a hot dog in a stadium line, or eliminate the need to hand over a credit card to the bartender to keep an open tab? At least one payment company is hoping it can.
MasterCard announced at this week’s Mobile World Congress conference in Barcelona it’s expanding its offerings on its payment app Qkr! for Masterpass, which is available on iOS and Android devices. MasterCard added a new feature: the ability to create an “open tab” at participating bars that would replace the need to leave a physical payment card or ID with the bartender.
… Mobile in-person payments — defined as consumers paying for products or services on their phones, but picking them up or using them in person — are projected to grow by 6.8 times from 2015 to 2021, a faster growth rate than mobile peer-to-peer payments or mobile remote payments, according to a recent report by research firm Forrester. Overall mobile payments are also expected to grow. In the U.S., mobile payments were estimated to reach $112.2 billion in 2016 and will grow at a compound annual growth rate of 20% to reach $282.9 billion by 2021, Forrester found.
YouTube Could Be About to Overtake TV as America’s Most Watched Platform
Television had a good run, but it may be time to change the channel. With more than one billion hours of viewership every day, YouTube looks set to soon surpass TV as the most watched format in the U.S.
The Wall Street Journal reports that the online video platform has seen a 10-fold increase in viewership over the past five years, due in part to the use of artificial intelligence to predict user preferences and keep people tuned in.
… Some 400 hours of video are uploaded every minute, adding up to about 65 years worth of footage every day.
(Related). Making access to YouTube even easier.
Comcast to Let Customers Access YouTube Through Cable Boxes
Apparently, President Trump is good for the legal business.
Best Apps To Track Trump’s Legal Changes
Above the Law – “Whatever your opinion of Donald Trump, there is no denying that he has promised an ambitious agenda for his first 100 days as president. While people all across the country have personal and political interests in keeping up with Trump’s pronouncements and policies, lawyers also have a professional interest in tracking it all. After all, whether it is financial regulations or immigration policies, we represent the clients who the changes affect. But how can you keep up with it all? Not surprisingly, several websites and applications have sprung up to help keep track of Trump’s changes.”