Allie Coyne reports:
More than one million personal
and medical records of Australian citizens donating blood to the Red Cross
Blood Service have been exposed online in the country’s biggest and most
damaging data breach to date.
A 1.74 GB file containing 1.28
million donor records going back to 2010, published to a publicly-facing
website, was discovered by an anonymous source and sent to security expert and
operator of haveibeenpwned.com Troy
Hunt early on Tuesday morning.
The database was
uncovered through a scan of IP address ranges configured to search for publicly
exposed web servers that returned directory listings containing .sql files.
Read more on ITNews.com.au.
See the Red Cross’s statement and FAQ here.
It works. Is it
because we have a poor education system?
Because people fear the IRS?
Because they trust anyone on the phone?
Justice Department charges dozens in massive Indian call
center scheme
The callers in India, claiming to be officials with the
Internal Revenue Service or immigration services, would present those who
answered the phone with an ultimatum. Pay
us, or we’ll fine you, deport you or arrest you.
Their network was expansive, and their work lucrative. Justice Department officials announced charges
against 61 people and entities Thursday and said the call center scheme had
scammed at least 15,000 victims out of more than $250 million.
Be careful what you hack.
Teen Arrested for Cyberattack on 911 Emergency System
An 18-year-old teen from
Arizona was arrested this week after one of his iOS exploits caused serious
disruption to 911 emergency systems.
According to the Maricopa
County Sheriff’s Office, Meetkumar Hiteshbhai Desai was booked on
three counts of Computer Tampering, which in this case is a Class 2 felony, considered
an extremely serious crime in Arizona and other states, due to the fact that it
involved critical infrastructure.
The Maricopa County Sheriff’s Office Cyber Crimes Unit
launched an investigation after being notified of disruption to the 911 service
in the Phoenix metro area and possibly in other states.
Desai apparently learned of an iOS bug that can be
exploited to manipulate devices, including trigger pop-ups, open email, and
abuse phone features. The teen created
several exploits and published one of them on a website, linking to it from his
Twitter account in an effort to prank his
followers.
While Desai claimed he wanted to publish a link to an
exploit that only displayed pop-ups and caused devices to reboot, he mistakenly tweeted a link to an exploit that
caused iPhones and iPads to continually dial 911 and hang up.
For the Computer Security SIG.
How Hackers Play Capture the Flag
Because your face is an open book?
Bloomberg reports:
Facebook Inc.’s software knows
your face almost as well as your mother does. And like mom, it isn’t asking your permission
to do what it wants with old photos.
While millions of internet users
embrace the tagging of family and friends in photos, others worried there’s
something devious afoot are trying to block Facebook as well as Google from
amassing such data.
As advances in facial recognition
technology give companies the potential to profit from biometric data, privacy
advocates see a pattern in how the world’s largest social network and search
engine have sold users’ viewing histories for advertising. The companies insist that gathering data on
what you look like isn’t against the law, even without your permission.
Read more on Crain’s.
(Related)
Laura Sydell reports:
Nearly half of all American
adults have been entered into law enforcement facial recognition databases,
according to a recent report from Georgetown University’s law school. But there are many problems with the accuracy
of the technology that could have an impact on a lot of innocent people.
Read more on NPR.
How does one enforce this law? Police drones?
How does one fly a drone if you can’t see where you are going?
Lisa Vaas reports:
Sweden last week banned the use
of camera drones without a special permit, infuriating hobby flyers and an
industry group but likely pleasing privacy campaigners.
Drone pilots will now have to
show that there’s a legitimate benefit that outweighs the public’s right to
privacy – and there are no exemptions for journalists, nor any guarantee that a
license will be granted.
Read more on Naked
Security.
An interesting question.
… As the
jobs-based economy gives way to the gig economy, winners and losers are
determined by the type of worker you are — or can become.
Workers with specialized skills, deep expertise, or
in-demand experience win in the gig economy. They can command attractive compensation,
garner challenging and interesting work, and secure the ability to structure
their own working lives. Workers who
possess strong technical, management, leadership, or creative abilities are
best positioned to take advantage of the opportunity to create a working life
that incorporates flexibility, autonomy, and meaning.
Entrepreneurial workers also win. The gig economy rewards hustle. Workers entrenched in a passive, complacent
employee mindset that relies on their employer to provide a sense of stability,
career progression, and financial security will struggle.
This could be interesting.
FCC Derails ISP Customer Data Gravy Train, Requires Explicit
Consent For Sharing Sensitive Information
The FCC rule
was passed this morning with a 3-2 vote. It requires ISPs, or internet providers, to
obtain a customer’s explicit consent before sharing certain information with
third parties. FCC Chairman Tom Wheeler
remarked, “It's the consumers' information. How it is used should be the consumers'
choice. Not the choice of some corporate
algorithm.”
Perspective.
Kiss your cash goodbye? This year is set to be a turning
point for credit
Is this the beginning of the end for cash?
As consumers have increasingly used credit and debit cards
and made purchases online and on apps, they’ve used less and less cash; in
2016, consumers will spend a greater amount on cards than they do with cash for
the first time, according to the market-research firm Euromonitor
International, which has been tracking consumer payments over the last several
decades.
… South Korea’s
government, for example, started to promote credit cards around 1997 in an effort to
boost consumption in the country and cut down on cash payments, which are
harder to track for tax purposes, according to The Economist.
… Although a
switch to a digital payment system would
potentially save countries a lot of money, since cash is expensive to make
and keep in circulation, many citizens have concerns about banks and
governments having access to information on what they’re spending, regardless
of whether they’re actually involved in any improper or illegal activities.
Perspective. I
never would have guessed a number this high.
68 Percent of Millennial Small Business Owners Rely on Social
Media for Brand Promotion
… New data (PDF) from Magisto shows that 68 percent of Millennial
small business owners and entrepreneurs depend on social media channels for
developing awareness of their own brands.
…and Jeff Bezos doesn’t care!
Amazon spending ahead of holidays hurts profits
Amazon.com Inc. disappointed investors with a lower-than-expected
third-quarter profit, as the company beefed up its spending on fulfillment
centers, shipping costs, video content and product development ahead of the
all-important holiday season.
Without Amazon Web Services (AWS), its cloud-based
computing service business, Amazon would have lost money. AWS on its own reported revenue of $3.2
billion and operating income of $861 million. Amazon’s total operating income in the quarter
was $575 million, with net income of $252 million, or 52 cents a share, while
analysts were looking for about 78 cents a share.
History stuff.
Search thousands of historical documents from the Nuremberg
trials
by Sabrina
I. Pacifici on Oct 26, 2016
“The Harvard Law School Library uniquely owns and manages approximately
one million pages of documents relating to the trial of military and political
leaders of Nazi Germany before the International Military Tribunal (IMT) and
the subsequent twelve trials of other accused Nazi war criminals before the
United States Nuremberg Military Tribunals (NMT) during the period 1945-49. Considered by many to be the most significant
series of trials in history, these trials were established to prosecute those
in authority in the Nazi regime for war crimes and crimes against humanity, to
document those atrocities so that a permanent historical record would be
created, and to establish a standard of conduct acceptable in time of war. The documents — which include trial
transcripts and full trial exhibits and related materials — have been studied
by lawyers, scholars and other researchers in the areas of history, ethics,
genocide, and war crimes, and are of particular interest to officials and
students of current international tribunals involving war crimes and crimes
against humanity. To preserve the
contents of these documents — which are now too fragile to be handled — and to
provide expanded access to this material, the Library has undertaken a
multi-stage digitization project, originally conceived in the late 1990s and
implemented in stages since then. The Nuremberg Trials Project is an open-access
initiative to create, present and make accessible digitized images of the
Library’s Nuremberg documents, document descriptions, associated transcripts in
both full-text and image formats and general information about the trials.”
(Related) Maybe.
Secrecy News reports portions of CIA Records Search Tool will
be posted for public access
by Sabrina
I. Pacifici on Oct 27, 2016
FAS – Secrecy News – Steven Aftergood: “The Central
Intelligence Agency said this week that it will post its database of
declassified CIA documents online, making them broadly accessible to all
interested users. The database, known as
CREST (for CIA Records Search Tool), contains more than 11 million
pages of historical Agency records that have already been declassified and
approved for public release. Currently,
however, CREST can only be accessed through computer terminals at the National
Archives in College Park, MD. This
geographic restriction on availability has been a source of frustration and
bafflement to researchers ever since the digital collection was established in
2000. (See CIA’s CREST Leaves Cavity in Public Domain, Secrecy
News, April 6, 2009; Inside the CIA’s (Sort of) Secret
Document Stash, Mother Jones, April 3, 2009). But that is finally going to change. The entire contents of the CREST system will be transferred to
the CIA website, said CIA spokesperson Ryan Trapani …”
No comments:
Post a Comment