Monday, May 28, 2018
Should we consider this a “war warning?”
FBI Attribution of 'VPNFilter' Attack Raises Questions
Information shared by the FBI on the massive VPNFilter attack in which more than half a million devices have been compromised raises some interesting questions about the connection between Russia-linked hacker groups.
… The malware can intercept data passing through the compromised device, it can monitor the network for communications over the Modbus SCADA protocol, and also has destructive capabilities that can be leveraged to make an infected device unusable.
Many of the hijacked devices are located in Ukraine and a separate command and control (C&C) infrastructure has been set up for devices in this country. Researchers also spotted code similarities to the BlackEnergy malware and pointed out that there are only a few weeks until Ukraine celebrates its Constitution Day, which last year coincided with the destructive NotPetya attack. All this has led experts to believe that VPNFilter may mean Russia is preparing for a new attack on Ukraine.
This will be interesting to watch.
Vermont passes first first law to crack down on data brokers
… Data brokers in Vermont will now have to register as such with the state; they must take standard security measures and notify authorities of security breaches (no, they weren’t before); and using their data for criminal purposes like fraud is now its own actionable offense.
If you’re not familiar with data brokers, well, that’s the idea. These companies don’t really have a consumer-facing side, instead opting to collect information on people from as many sources as possible, buying and selling it amongst themselves like the commodity it has become.
… Vermont’s new law, which took effect late last week, is the nation’s first to address the data broker problem directly.
There is bad legislation and then there is really, relly bad legislation.
EU censorship machines and link tax laws are nearing the finish line
… On the topic of copyright, you NOW have the chance to have an influence – a chance that will be long lost in two years, when we’ll all be “suddenly” faced with the challenge of having to implement upload filters and the “link tax” – or running into new limits on what we can do using the web services we rely on.
In stark contrast to the GDPR, experts near-unanimously agree that the copyright reform law, as it stands now, is really bad.
… Their latest proposal would still force internet platforms to implement censorship machines – and makes a total mess out of the planned extra copyright for news sites by allowing each member state to implement it differently.
… The German government is standing in the way of an agreement over which kinds of snippets of news content should fall under the “link tax” and thus become subject to a fee when shared: They insist that whether a snippet constitutes an original intellectual creation by its author or not should not be a criteria.
… You don’t need to filter, but we’ll sue you if you don’t
The Bulgarian Presidency agrees with the Commission’s goal to force internet platforms to monitor all user uploads to try and detect copyright infringement, even though that will necessarily lead to takedowns of totally legal acts of expression. But they realise that putting that in plain writing violates existing EU law and the Charter of Fundamental Rights.
Their “solution”: Make platforms directly liable for all copyright infringements by their users, and then offer that they can avoid that unreasonable liability if they can show they’ve done everything in their power to prevent copyrighted content from appearing online – namely, by deploying upload filters (Article 13, paragraph 4). Which remain totally optional, of course! Wink, wink, nudge, nudge.
Tools to protect (or amuse) my Computer Security students.
How to see everything Amazon Echo has recorded on you
… If you're curious what Amazon Echo smart devices have recorded while in your home — as I was — you can use the Alexa app to find out.
Amazon’s Alexa May Be Listening — But This Trick Can Stop Her
… USA Today reports that a fool-proof way of ensuring your privacy is simply not to set up the feature that allows Echo to make calls. This is an opt-in feature, a similar variation of which is available for Google Home users.
Technology or typo?