Saturday, March 18, 2017

Disappointing.  I bet the guns were locked in the trunk. 
Secret Service laptop, pins, radio stolen
A Secret Service computer containing sensitive security information about Trump Tower was stolen from an agent’s vehicle in New York on Thursday, along with a set of security perimeter pins, a personal laptop, and other items, federal and New York City law enforcement sources told POLITICO.  
   Two of the sources said that some items stolen from the vehicle — including a set of lapel pins that allow agents entry into security perimeters around dignitaries protected by the Secret Service — had been recovered in the vicinity soon after the break-in.
   The statement stressed that agency-issued laptops “contain multiple layers of security including full disk encryption” that prevent unauthorized individuals from accessing their contents.
   The closed-circuit agency radios are encrypted, said the person who is in contact with the Secret Service.  Nonetheless, the incident provoked alarm among law enforcement officials.  [Probably no login required.  Bob] 

Probably not well considered.  Who failed to see this and stop it?  Why do we never ask that question? 
Did no one really understand what “enhanced data sharing” would permit until now?
Laura Donnelly reports:
The medical records of 26 million patients are embroiled in a major security breach amid warnings that the IT system used by thousands of GPs is not secure.
The Information Commissioner is investigating concerns that records held by 2,700 practices – one in three of those in England – can be accessed by hundreds of thousands of strangers.
Privacy campaigners last night said the breach was “truly devastating” with millions of patients having no idea if their records had been compromised.
Read more on The Telegraph.
[From the article:  
Unbeknown to doctors, switching on “enhanced data sharing” - so records could be seen by the local hospital - meant they can also be accessed by hundreds of thousands of workers across the country.
It means receptionists, clerical staff, healthcare assistants and medics working in pharmacies, hospitals, GP surgeries, care homes and prisons can look up sensitive information about individuals - even if there is no medical reason to do so.

An old problem.  User account numbers are part of the URL.  Change the number, see another user’s data.  
Hackernoon writes:
This is published under our responsible disclosure policy
The McDonald’s India app, McDelivery is leaking personal data for more than 2.2 million of its users which includes name, email address, phone number, home address, accurate home co-ordinates and social profile links.  We contacted McDelivery on 7th Feb and received an acknowledgement from a Senior IT Manager on 13th Feb (33 days ago).  The issue has not been fixed yet and our continued effort to get an update for the fix after the initial acknowledgement has failed.
An unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain access to all users personal information.
Read more on Hackernoon.
[From Hackernoon: 
UPDATE: McDonald’s India has replied to us that they have fixed the issue and would be releasing an official statement urging their users to upgrade the app.

Not surprising. 
WikiLeaks Won’t Tell Tech Companies How to Patch CIA Zero-Days Until Its Demands Are Met
   This week, Assange sent an email to Apple, Google, Microsoft and all the companies mentioned in the documents.  But instead of reporting the bugs or exploits found in the leaked CIA documents it has in its possession, WikiLeaks made demands, according to multiple sources familiar with the matter who spoke on condition of anonymity.
WikiLeaks included a document in the email, requesting the companies to sign off on a series of conditions before being able to receive the actual technical details to deploy patches, according to sources.  It's unclear what the conditions are, but a source mentioned a 90-day disclosure deadline, which would compel companies to commit to issuing a patch within three months.
The companies, however, are not sure what to do next because the vulnerabilities come from highly-classified documents (which may have been illegally obtained), as well as the suspicion that, perhaps, these documents and hacking tools were leaked to WikiLeaks by the Russian government.

(Related).  Hardly news, but it’s good to know they have already eliminated Russia. 
U.S. prosecutors reportedly probing leak of CIA materials to WikiLeaks
   U.S. agencies have made only vague public comments on the latest WikiLeaks disclosures, but security and law enforcement officials familiar with the investigation said in the wake of the leaks that it is focused on whether an intelligence contractor was responsible.  At this point, they said, investigators do not think Russia or another foreign government was involved.

Have Samsung’s trust issues been resolved? 
Samsung's New S8 to Adopt Facial Recognition for Payments
Samsung Electronics Co.’s new Galaxy S8 will employ facial-recognition technology for mobile payments within months of release, adding cutting-edge security to help the marquee device stand out from rivals such as Apple Inc.’s iPhone, people familiar with the matter said.
The Galaxy S8 to be unveiled later this month will blend fingerprint, iris and facial detection to verify users accessing mobile services including Samsung Pay, the people said.  It’s already working with banks to help them embrace facial recognition systems in coming months, they said, asking not to be identified talking about a private matter.  Samsung declined to comment.

Sounds good, does not match the facts.  (Sounds Trump-like?) 
Bill Gates wants to tax robots, but one robot maker says that's 'as intelligent' as taxing software
   "If you look at economies with the lowest unemployment rates in the world and correlate it with robotics: Germany, Japan, South Korea have the highest robotics rates with more than 300 robots per 10,000 workers, and they have the lowest unemployment rates," Spiesshofer said.  "So robotization and automation, wealth and prosperity go hand-in-hand."

Walmart going after Amazon in areas where Amazon is not (yet) strong?  
Walmart Acquires Online Women’s Clothing Retailer ModCloth
The deal, which closed Friday and included both assets and operations, was part of an effort to increase Walmart's e-commerce footprint, the company said in a statement.  The good will be sold on, an e-commerce site owned by Walmart.
   Due to the acquisition, designers selling on ModCloth will now have an opportunity to expand their client base through Walmart's e-commerce sites, the company said.
ModCloth was founded in 2002 in a college dorm room by Susan Gregg Koger and Eric Koger, according to the company's website.

(Related).  Will they tell you that you should not wear that bikini to church? 
Amazon will now tell Prime members what to wear via a new “Outfit Compare” feature
Amazon has been steadily pushing its way into fashion over the past several years, with investments in its own private labels – from workwear to activewear – plus increased fashion ad spending and even its own trend-obsessed TV show, Style Code Live.  Now the online retailer is looking to dole out its fashion advice to the masses, too, through a new feature called “Outfit Compare,” which is currently available to Prime members.
   Outfit Compare works as you’d think. It prompts shoppers to share two photos of themselves wearing two different outfits they’re deciding between.
A minute later, you’ll get a response from an Amazon stylist who will tell you which outfit looks better on you.  This determination will be made based on a number of factors, Amazon explains, including how the clothes fit, what colors look best on you, how they’re styled, and what’s on trend.

No comments: