Not a bad summary.
EquiFIX -
Lessons Learned From the Most Impactful Breach in U.S. History
Another useful article for my Computer Security
students. Don’t forget your own security while you learn to
protect your organization’s security.
Your postal service is out to get you!
USPS
‘Informed Delivery’ Is Stalker’s Dream
A free new service from the U.S. Postal
Service that provides scanned images of incoming mail before
it is slated to arrive at its destination address is raising eyebrows
among security experts who worry about the service’s potential for
misuse by private investigators, identity thieves, stalkers or
abusive ex-partners. The USPS says it hopes to have changes in place
by early next year that could help blunt some of those concerns.
… Signing up requires an eligible resident to
create a free user account at USPS.com, which asks for the
resident’s name, address and an email address. The final step in
validating residents involves answering four so-called
“knowledge-based authentication” or KBA questions.
KrebsOnSecurity has relentlessly
assailed KBA as an unreliable authentication method because so
many answers to the multiple-guess questions are available on sites
like Spokeo and Zillow, or via
social networking profiles.
Once signed up, a resident can view scanned images
of the front of each piece of incoming mail in advance of its
arrival. Unfortunately, because of the weak KBA questions (provided
by recently-breached
big-three credit bureau Equifax, no less) stalkers,
jilted ex-partners, and private investigators also can see who you’re
communicating with via the Postal mail.
Perhaps this wouldn’t be such a big deal if the
USPS notified residents by snail mail when someone signs up for the
service at their address, but it doesn’t.
This is the flip side of “We can, therefore we
must!” Can’t wait to see how this plays out.
How many posts have I posted by now about
government over-reach on surveillance and the need to vigorously
defend our right to privacy? A lot, right?
And I realize that I am really only
pseudoanonymous, but I think I’ve made it perfectly clear to most
parties that I do not cheerfully tolerate people invading my privacy
or trying to.
So imagine my reaction the other evening when I
received an email from Twitter Legal telling me that they had been
hit with a grand jury subpoena for details of my @PogoWasRight
Twitter account.
To their great credit, Twitter had fought the
subpoena for my account details as well as the account details of
four other accounts, but now there was apparently nothing more they
could do, so they notified me so that I could file a motion to quash
the subpoena.
Yes, grand juries have a lot of power. And yes,
journalists do not have a real shield law and even journalists can be
subpoenaed.
Right now, I’m going to withhold details of what
the subpoena is about, although I know. And I know enough to be
infuriated that a grand jury would so cavalierly and casually demand
my personal information.
Should it really surprise anyone that they are
lawyering-up?
Facebook, Twitter and Google all announced on
Thursday that they will send their general counsels to testify at
House and Senate Intelligence Committee hearings on Russian election
interference — a move that has drawn fire from critics who want
more transparency from the tech giants.
The companies’ decision to send their top
attorneys marks a step forward from when they had not publicly stated
if they would attend the hearings, causing the Senate Intelligence
Committee’s top Democrat Sen. Mark
Warner (D-Va.) to
threaten that he would subpoena the tech giants into testifying.
But some observers say that sending the lawyers,
instead of top executives or technical experts, could limit how many
questions the companies can answer.
(Related).
How People
Inside Facebook Are Reacting To The Company’s Election Crisis
… To truly understand how Facebook is
responding to its role in the election and the ensuing morass,
numerous sources inside and close to the company pointed to its
unemotional engineering-driven culture, which they argue is largely
guided by a quantitative approach to problems. It’s one that views
nearly all content as agnostic, and everything else as a math
problem. As that viewpoint has run headfirst into the wall of
political reality, complete with congressional inquiries and multiple
public mea culpas from its boy king CEO, a crisis of perception now
brews.
Should FEMA contract with Loon for future
disasters or try to construct its own balloon army? Or should this
be a requirement for any telecommunication company’s disaster
recovery plan?
Project
Loon's LTE balloons are floating over Puerto Rico
About a month after Hurricane Maria's devastating
landfall on Puerto Rico and a couple of weeks after the FCC gave
clearance, Project
Loon is bringing
wireless internet to people on remote parts of the island.
No comments:
Post a Comment