DataBreaches.net is not alone in being outraged that in
response to a massive data
leak that put the information of 87 million Mexican voters at risk, Movimiento
Ciudadano appears to be falsely claiming that the voter data list they
stored on Amazon cloud was “hacked.” The political party has been repeating that
false claim on Twitter and in the media, and has claimed to have filed a
criminal complaint against Chris Vickery for allegedly hacking them.
Instead of being grateful that Vickery noticed
that they had not secured their database and then spent a lot of time trying to
identify them and alert them so that they could secure it, Movimiento Ciudadano
is blaming Vickery and telling the public that Amazon told them that
the database had been “hacked” or the victim of a “cyberattack.”
Movimiento Ciudadano is either incredibly ignorant or
liars. Amazon told them no such thing.
Chris Vickery contacted Amazon last night to ask what they
had actually said to Movimiento Ciudadano or its vendor, Indatcom. He
received the following statement from Amazon.
All AWS security features and
networks did, and continue to, operate as designed. Once AWS was notified that
an unsecured database containing sensitive information was being hosted on the
AWS Cloud and was publicly accessible via the Internet, we followed our
standard security protocols and have since confirmed that this database is no
longer publicly accessible. Customers who have questions about security best
practices can find information at our Security Resources page (http://aws.amazon.com/security/security-resources/).
… DataBreaches.net
understands that in 2013, Movimiento Ciudadano was fined over another data leak
involving voter information that was found up for sale. It would be understandable that they do not
want to be responsible for this newest incident, but they are responsible
for this incident, and the Mexican public needs to understand that.
While we were busy watching Apple v. FBI, the FBI won a
bigger argument.
U.S. high court approves rule change to expand FBI hacking
power
The Supreme Court on Thursday approved a rule change that
would let U.S. judges issue search warrants for access to computers located in
any jurisdiction despite opposition from civil liberties groups who say it will
greatly expand the FBI's hacking authority.
U.S. Chief Justice John
Roberts transmitted the rules to Congress, which will have until Dec. 1 to
reject or modify the changes to the federal rules of criminal procedure. If
Congress does not act, the rules would take effect automatically.
Magistrate judges normally
can order searches only within the jurisdiction of their court, which is
typically limited to a few counties.
(Related) For now…
Cory Bennett report:
A key senator is trying to block
the Justice Department’s request to expand its remote hacking powers, after the
Supreme Court signed off on the proposal Thursday.
“These amendments will have
significant consequences for Americans’ privacy and the scope of the
government’s powers to conduct remote surveillance and searches of electronic
devices,” warned Sen. Ron Wyden.
Read more on The
Hill.
Perhaps the director was exaggerating a bit. (Or was making it up as he talked.) What are the legal implications of using a
tool you don’t understand?
FBI paid under $1 million to unlock San Bernardino iPhone:
sources
The FBI paid under $1 million for the technique used to
unlock the iPhone used by one of the San Bernardino shooters - a figure smaller
than the $1.3 million the agency's chief initially indicated the hack cost,
several U.S. government sources said on Thursday.
… The FBI,
not the contractor, has physical possession of the mechanism used to open the
phone but does not know details of how it works,
one of the sources said.
The identity of the
contractor is so closely-held inside the FBI that not even Comey knows who it
is, one of the sources said.
Definitely something my Computer Security students should
read.
Breach concealment is not a security strategy
… I saw a security
"strategy" this week in the wake of a major data breach which was
alarming, to say the least. I want to
capture the details of it here and frankly, tear it to shreds because we should
never see an organisation playing fast and loose with people's data in
this way. Hopefully if this strategy is
ever considered by others in future they'll stumble across this post and think
better of it.
This relates to the
Lifeboat data breach from earlier this week. Well actually, the breach itself was many
months ago but the disclosure was only this week and therein lies the
problem.
Facebook’s government requests report.
Government Requests Report
Perspective.
Snapchat Users View 10 Billion Videos A Day: Report
Snapchat reaches a new high with reports of 10 billion
video views per day as the users have
started using videos as an important means of communication,
alongside messaging and photo-sharing.
No comments:
Post a Comment