“Cyber war is as Cyber war
does.” F. Gump (Or do you believe this is not part of Russia’s
strategic plan?)
Suspected
Russian operatives tried using forged diplomatic documents, social
media to create divisions
A
Russian information operation relied on forged diplomatic emails and
planted articles on a number of social media sites in an attempt to
undermine multiple governments and impersonate U.S. lawmakers,
according to a new analysis of recent social media activity.
Massachusetts-based
Recorded Future on Wednesday published
findings detailing
how Russian-language operatives spent months using popular internet
services to try to interfere in Estonia, the Republic of Georgia and
the U.S. The effort appears to be a continuation of a prior Russian
campaign, dubbed
Operation Secondary Infektion,
that utilized Facebook and dozens of online platforms to sow division
in the West and discredit political efforts.
Blame
the pandemic?
Maropost
takes your privacy and security….
I
confess: some data leaks are not particularly interesting to me in
terms of their sector or type of data leaked, but they become
noteworthy because of the entity’s horrible, terrible, ridiculously
bad incident response to attempted notification.
Today
we give you Maropost
Inc. a
marketing automation platform whose 10,000+ clients include New York
Post, Shopify, Fujifilm, Hard Rock Café, and Mother Jones.
CyberNews
reports today that researchers found that Maropost was exposing a
database containing close to 95 million individual customer records
and email logs with more than 19 million unique email addresses.
Finding
the leak was relatively easy. Getting Maropost to respond to
responsible disclosure notifications? Not so much. They explain:
We
went through multiple channels to get in touch with literally anyone
at Maropost who could escalate this issue, and we failed on every
single channel.
Here’s
a quick recap of their determined efforts to protect data that
Maropost continued to expose:
Attempt
1: email
Attempt 2: live chat
Attempt 3: Twitter
Attempt 4: LinkedIn
Attempt 5: email, part 2
Attempt 6: an actual phone call
Attempt 7: live chat, part 2
Attempt 8: email, part 3
Attempt 2: live chat
Attempt 3: Twitter
Attempt 4: LinkedIn
Attempt 5: email, part 2
Attempt 6: an actual phone call
Attempt 7: live chat, part 2
Attempt 8: email, part 3
Two
months after they began their efforts to get the data locked down,
they finally got a reply from
Maropost CEO Ross Andrew Paquette. According to the firm’s
statement, the email addresses in the database were randomized data
the company uses for internal testing. Ah, the old “it’s just
test data” explanation? Not so fast, Maropost because CyberNews
reports that “our own tests show that not to be the case.”
I
realize that in the midst of a pandemic, priorities get adjusted.
But in my opinion, Maropost’s failure to respond to repeated
notifications is pretty inexcusable. Maropost is Toronto-based, so
they may get away with this, but I would hope the Ontario Privacy
Commissioner would look into this one.
Read
CyberNews’ full report here,
as
they detail what happened with each of the eight channels they tried
to get Maropost to respond.
I
found this article by reading the snippet on Feedly. What would
happen if Google stopped pointing to French media?
Google
Ordered to Pay for News in French Antitrust Crackdown
Google
was ordered by French antitrust regulators to pay publishers to
display snippets of their articles after years of helping itself to
excerpts for its own news service.
The
French antitrust agency gave the Alphabet Inc. unit three months to
thrash out deals with press publishers and agencies demanding talks
on how to remunerate them for displaying their content.
The
search engine giant may have abused its dominant market power,
causing “serious and immediate harm” to the media, the Autorite
de la concurrence warned in its statement on Thursday.
… Search
engines such as Google account for between 26% and 90% of traffic
redirected on news websites, the competition regulator said, based on
data from 32 press publications.
That
traffic is “crucial for publishers and press agencies who can’t
afford to lose any digital readership given their economic
hardships,” the authority said. They had “no other choice than
to comply with Google’s display policy without providing financial
compensation.”
Yoicks!
Gary Alexander reached out from his retirement to point me to an
article I missed. (Not the first time)
Congress
Should Suspend Privacy Laws for 90 Days to Fight the Coronavirus
There
is one more area in which strong national leadership is called for to
curb the pandemic. The President should call on Congress, and it
should act swiftly, to suspend privacy laws for 90 days, for now.
There are some indications that even privacy advocates will find such
a suspension acceptable if it was a short-term measure and safeguards
against abuse were put in place.
(Related)
This would seem to reverse the President’s opinions on the
pandemic, but I suppose that would not be unusual.
Kushner’s
team seeks national coronavirus surveillance system
Critics
worry about a Patriot Act for health care, raising concerns about
patient privacy and civil liberties.
Privacy
concerns from a statistic website.
Big
Data Is Helping Us Fight The Coronavirus — But At What Cost To Our
Privacy?
… To
be clear, the types of data being tracked now are usually anonymized,
aggregated
in
large groups according to, say, geography. They are also collected
with the consent of users. But long before the new coronavirus
emerged, critics of big tech companies were already pointing out that
users
typically give such consent through
labyrinthine terms-of-service agreements, often not knowing what
their data would ultimately be used for. In today’s world, data is
an extremely
valuable commodity that
rewards its collectors in many ways. Even as individual data
profiles that provide search suggestions, traffic directions and
health guidance help improve daily life, that goes hand in hand with
more
nefarious motives companies
might have for recording user activities.
Again,
those were the worries being raised prior
to
the pandemic. Now, COVID-19 has revealed much starker trade-offs
between personal privacy and the collective benefits of technology.
In South Korea, for example, the ability to retrace an infected
person’s steps using credit
card transactions and cellphone tracking data is
part of the country’s (largely
successful )
response to the virus. Other countries are also ramping
up digital surveillance at
an individual level in the name of public health. Although such
measures may seem less likely to be used in the U.S., one recent
Harris poll showed
that a sizable, bipartisan majority of Americans would favor a public
coronavirus registry and be willing to share phone location data to
get alerts about infected people being nearby.1
(Related)
Tested
positive for coronavirus? Health workers may share your address with
police
April
Glaser and Jon Schuppe report:
In a growing number of cities and states, local governments are collecting the addresses of people who test positive for the coronavirus and sharing the lists with police and first responders.
Law enforcement officials say this information sharing — which is underway in Massachusetts, Alabama and Florida, and in select areas of North Carolina — will help keep officers and EMTs safe as they respond to calls at the homes of people who have been infected. The first responders can take additional precautions in those cases to avoid being exposed to the virus, state health departments and local police officials say.
Read
more on NBC.
Perspective.
Our
Government Runs on a 60-Year-Old Coding Language, and Now It’s
Falling Apart
Over the
weekend, New Jersey governor, Phil Murphy, made an unusual public
plea during his daily coronavirus briefing: The state was seeking
volunteer programmers who know COBOL, a 60-year old programming
language that the state’s unemployment benefits system is built on.
Like every state across the nation, New Jersey was being flooded
with unemployment claims in the wake of the coronavirus pandemic.
And New Jersey’s data processing systems were unprepared.
“We
literally have a system that is 40-plus years old,” Murphy said.
No comments:
Post a Comment