Stuffed toys database left personal data exposed, says
security expert
… Email addresses
of over 820,000 users of the CloudPets were stored in a MongoDB database within
a publicly facing network segment, which could be searched without any
authentication by using the
Shodan IoT search engine, according to the report from cybersecurity
researcher Troy Hunt.
Many of the passwords for the CloudPets accounts were
easily crackable because no rules for password strength were enforced, meaning
they could be just one character long. As Hunt points out, even the company's own 'Getting
Started' video features a weak password -- just 'qwe', a three character
sequence made up of keys next to each other on a keyboard.
… Hunt said it was
possible to access voice recordings from a database of 2.2 million files,
exposing the conversations children and their parents had with the toys to
strangers online.
"The services sitting on top of the exposed database
are able to point to the precise location of the profile pictures and voice
recordings of children," said Hunt.
Despite cybersecurity researchers pointing out these
flaws, Spiral Toys, which makes the CloudPet toys, denied that security was
compromised.
Where my Computer Security students are heading?
The evolving role of the chief security officer
Is it because we don’t know how to spend money preventing
terrorism?
Ironically, perhaps, Joe Cadillic wrote on February 24:
Bourborn
Street/Mardi Gras will never be the same, as police state
America uses our fear of terrorism to turn 20 neighborhoods into a
giant surveillance network! As you’ll
see, no one is safe from New Orleans spying surveillance cameras.
Police are spending $40
million dollars to install over a hundred new license plate
readers, remote sensing
technology, roadblocks, high definition thermal cameras equipped with
night vision and much more. Police
have also spent $12.6
million on a new spying command center.
Of course, it didn’t prevent a drunk
driver from injuring 28 people, but hey, it makes for great security
theatre, right?
Read more on MassPrivateI.
Why does it continue to astonish journalists that government
employees might prefer secure communication?
That does not automatically translate to lost records.
Trump inspires encryption boom in leaky D.C.
Poisonous political divisions have spawned an encryption
arms race across the Trump administration, as both the president’s advisers and
career civil servants scramble to cover their digital tracks in a capital
nervous about leaks.
The surge in the use of scrambled-communication technology
— enabled by free smartphone apps such as WhatsApp and Signal — could skirt or
violate laws that require government records to be preserved and the public’s
business to be conducted in official channels, several ethics experts say. It may even cloud future generations’
knowledge of the full history of Donald Trump’s presidency.
… White House
press secretary Sean Spicer has pointedly warned his staff that using encrypted
apps would violate a law requiring the preservation of presidential records,
POLITICO reported Sunday. [Maybe the confusion isn’t all on the journalism
side. Bob]
As long as we’re talking about Sean Spicer…
On any other Monday, in any other year, it’s hard to imagine
that today’s 19-page ruling by Judge Oetken in Nicholas v. City of
New York would merit much attention. Indeed, all the court did today was to deny the
defendants’ motion to dismiss a pro se claim arising out of the
allegedly retaliatory revocation of a photographer’s media credential. But in the course of doing so, Judge Oetken had
a chance to say some interesting things about the government’s ability (and
lack thereof) to restrict media access to newsworthy events (with citations
omitted), a topic we’ve
already been discussing today:
Oh goodie.
Joseph Cox reports:
Last week, Motherboard
demonstrated a piece of Android malware that can remotely turn on a smartphone’s
microphone, track the user’s location, and intercept phone calls. When buying similar spyware for iPhones,
attackers typically need to jailbreak the device first so they can then install
unauthorized apps—a technical barrier that may take some time.
But companies do offer monitoring
solutions for iPhones that apparently work on iOS 10 devices and don’t require
a jailbreak. Instead, they take
advantage of another aspect of Apple products that some users may
overlook—iCloud backups. Although the method
isn’t sophisticated, and the attacker requires a target’s Apple ID and
password, it still highlights the options available to someone trying to
monitor their spouse using off-the-shelf tools.
Read more on Motherboard.
Harvard says…
Open Data Privacy Playbook
by on
Berkman Klein Center – A data privacy playbook by Ben Green, Gabe Cunningham, Ariel Ekblaw, Paul Kominers, Andrew Linzer, and Susan Crawford.
“Cities today collect and store a wide range of data that
may contain sensitive or identifiable information about residents. As cities embrace open data initiatives, more
of this information is available to the public. While releasing data has many important
benefits, sharing data comes with inherent risks to individual privacy:
released data can reveal information about individuals that would otherwise not
be public knowledge. In recent years,
open data such as taxi trips, voter registration files, and police records have
revealed information that many believe should not be released.
Effective
data governance is a prerequisite for successful open data programs.
The goal of this document is to codify
responsible privacy-protective approaches and processes that could be adopted
by cities and other government organizations that are publicly releasing data. Our report is organized around four
recommendations:
·
Conduct risk-benefit analyses to inform the
design and implementation of open data programs.
·
Consider privacy at each stage of the data
lifecycle: collect, maintain, release, delete.
·
Develop operational structures and processes
that codify privacy management widely throughout the City.
·
Emphasize public engagement and public
priorities as essential aspects of data management programs.
Each chapter of this report is dedicated to one of these
four recommendations, and provides fundamental context along with specific
suggestions to carry them out. In
particular, we provide case studies of best practices from numerous cities and
a set of forms and tactics for cities to implement our recommendations. The Appendix synthesizes key elements of the
report into an Open Data Privacy Toolkit that cities can use to manage privacy
when releasing data.”
If they are teaching Blockchain at Harvard, it must be
considered a viable technology.
Many of the technologies we now take
for granted were quiet revolutions in their time. Just think about how much smartphones have
changed the way we live and work. It
used to be that when people were out of the office, they were gone, because a
telephone was tied to a place, not to a person. Now we have global nomads building new
businesses straight from their phones. And to think: Smartphones have been around for
merely a decade.
We’re now in the midst of another quiet revolution: blockchain,
a distributed database that maintains a continuously growing list of ordered
records, called “blocks.”
Has the world been waiting for this technology?
Why you may never again have to stand in line for drinks at a
bar
Could technology put an end to the annoying wait time for
a hot dog in a stadium line, or eliminate the need to hand over a credit card
to the bartender to keep an open tab? At
least one payment company is hoping it can.
MasterCard announced at this week’s Mobile World Congress conference in
Barcelona it’s expanding its offerings on its payment app Qkr! for Masterpass,
which is available on iOS and Android devices. MasterCard added a new feature: the ability to
create an “open tab” at participating bars that would replace the need to leave
a physical payment card or ID with the bartender.
… Mobile in-person
payments — defined as consumers paying for products or services on their
phones, but picking them up or using them in person — are projected to grow by
6.8 times from 2015 to 2021, a faster growth rate than mobile peer-to-peer
payments or mobile remote payments, according to a recent report by research
firm Forrester. Overall mobile payments
are also expected to grow. In the U.S.,
mobile payments were estimated to reach $112.2 billion in 2016 and will grow at
a compound annual growth rate of 20% to reach $282.9 billion by 2021, Forrester
found.
Perspective.
YouTube Could Be About to Overtake TV as America’s Most
Watched Platform
Television had a good run, but it may be time to change
the channel. With more than one billion hours of viewership every day, YouTube
looks set to soon surpass TV as the most watched
format in the U.S.
The Wall Street
Journal reports that the online video platform has seen a 10-fold increase
in viewership over the past five years, due in part to the use of artificial intelligence to predict user
preferences and keep people tuned in.
… Some 400 hours
of video are uploaded every minute, adding up to about 65 years worth of
footage every day.
(Related). Making
access to YouTube even easier.
Comcast to Let Customers Access YouTube Through Cable Boxes
Apparently, President Trump is good for the legal
business.
Best Apps To Track Trump’s Legal Changes
by on
Above the Law – “Whatever your opinion of Donald
Trump, there is no denying that he has promised an ambitious agenda for his
first 100 days as president. While
people all across the country have personal and political interests in keeping
up with Trump’s pronouncements and policies, lawyers also have a professional
interest in tracking it all. After all,
whether it is financial regulations or immigration policies, we represent the
clients who the changes affect. But how
can you keep up with it all? Not
surprisingly, several websites and applications have
sprung up to help keep track of Trump’s changes.”
No comments:
Post a Comment