Zack Whittaker reports:
A unsecured backup drive has
exposed thousands of US Air Force documents, including highly sensitive
personnel files on senior and high-ranking officers.
Security researchers found that
the gigabytes of files were accessible to anyone because the internet-connected
backup drive was not password protected.
The files, reviewed by ZDNet,
contained a range of personal information, such as names and addresses, ranks,
and Social Security numbers of more than 4,000 officers.
Read more on ZDNet.
The leak was discovered by the MacKeeper
Security Research team, who provide their own report on the incident, here.
The team reports:
The most shocking document was a
spread sheet of open investigations that included the name, rank, location, and
a detailed description of the accusations. The investigations range from discrimination
and sexual harassment to more serious claims.
So will the Air Force contact MacKeeper or Zack and ask
them who the apparent owner of the misconfigured Rsync backup is? Will they send folks to MacKeeper and Zack’s
to obtain the files?
What will the Air Force do in terms of any discipline of
the unnamed officer who appears to own the backup? And what will the Air Force do to prevent
another breach like this?
Hey,
when you’re good, you’re good. Who is
buying besides governments? Why not
software manufacturers?
A new report from Rand Corp. may help shed light on the
government’s arsenal of malicious software, including the size of its stockpile
of so-called “zero days” — hacks that hit undisclosed vulnerabilities in
computers, smartphones, and other digital devices.
The report also
provides evidence that such vulnerabilities are long lasting. The findings are of particular interest
because not much is known about the U.S. government’s controversial use of zero
days. Officials have long refused to say
how many such attacks are in the government’s arsenal or how long it uses them
before disclosing information about the vulnerabilities they exploit so
software vendors can patch the holes.
Rand’s report is based on unprecedented access to a
database of zero days from a company that sells them
to governments and other
customers on the “gray market.” The collection contains about 200 entries —
about the same number of zero days some experts believe the government to have.
Rand found that the exploits had an average lifespan of 6.9 years before the
vulnerability each targeted was disclosed to the software maker to be fixed, or
before the vendor made upgrades to the code that unwittingly eliminated the
security hole.
Some of the exploits survived even longer than this. About 25 percent had a lifespan of a decade or
longer. But another 25 percent survived
less than 18 months before they were patched or rendered obsolete through
software upgrades.
Oh,
joy!
Financial Attackers as Sophisticated as Nation-State Groups:
FireEye
Financially
motivated attackers have become just as sophisticated as threat actors
sponsored by nation states, according to the 2017 M-Trends report published on
Tuesday by FireEye-owned Mandiant.
… Until 2013, cybercriminals mostly launched
what experts described as “smash and grab” attacks – little effort was put into
hiding their actions and maintaining access to the breached system. In the following years, the line between the
level of sophistication exhibited by financial attackers and nation-state
actors became increasingly blurry, and now researchers say that line no longer
exists.
… The full M-Trends 2017 report is available online in PDF format.
So
now their data will be limited to that obtained by a warrant?
Facebook bars developers from using data to create
surveillance tools
Facebook Inc barred software developers on Monday from
using the massive social network’s data to create surveillance tools, closing
off a process that had been exploited by U.S. police departments to track
protesters
Facebook, its Instagram unit and rival Twitter Inc came
under fire last year from privacy advocates after the American Civil Liberties
Union (ACLU) said in a report that police were using location data and other
user information to spy on protesters in places such as Ferguson, Missouri.
In response to the ACLU report, the companies shut off the
data access of Geofeedia, a Chicago-based data vendor that said it works with
organizations to “leverage social media,” but Facebook policy had not
explicitly barred such use of data in the future.
“Our goal is to make our policy explicit,” Rob Sherman,
Facebook’s deputy chief privacy officer, said in a post on the social network
on Monday.
… Ozer praised the companies’ action
but said they should have stopped such use of data earlier. “It
shouldn’t take a public records request from the ACLU for these companies to
know what their developers are doing,” she said.
It was also unclear how the companies would enforce their
policies, said Malkia Cyril, executive director of the Center for Media
Justice, a nonprofit that opposes government use of social media for
surveillance.
Again, I think that cities should do this themselves and
sell access to anyone who wants it.
New York City Sues Verizon Over Fiber-Optic Cable Coverage
New York City filed a lawsuit Monday against Verizon
Communications Inc., alleging t he company failed to deliver a 2008 promise to
offer fiber-optic cable connections to every home in the city.
The breach-of-contract suit is the latest step in what has
been a year of tension between the city and the company.
Last summer, the city's Department of
Information Technology & Telecommunications released an audit examining a
franchise agreement that Verizon signed with the city in 2008. The agreement permitted Verizon to deploy its
fiber-optic network, Fios, as long as it ran its fiber network past all city
dwellings by 2014.
The deal technically only covers cable
TV, but Verizon also offers high-speed internet over the same fiber-optic
cables.
I’ve been telling my lawyer friends that my students are
already programming their replacements.
https://www.theatlantic.com/magazine/archive/2017/04/rise-of-the-robolawyers/517794/?utm_source=feed
Rise of the Robolawyers
How legal
representation could come to resemble TurboTax
Something
to discuss with my Data Management students.
Intel's $15 billion purchase of Mobileye shakes up driverless
car sector
Intel Corp agreed to buy Israeli autonomous vehicle
technology firm Mobileye for $15.3 billion on Monday in a deal that could
thrust the U.S. chipmaker into direct competition with rivals Nvidia Corp and
Qualcomm Inc to develop driverless systems for global automakers.
… The stakes are enormous. Last year, Goldman Sachs projected the market
for advanced driver assistance systems and autonomous vehicles would grow from
about $3 billion in 2015 to $96 billion in 2025 and $290 billion in 2035.
[From a Letter to Intel employees:
Many of you have asked why we think autonomous cars and
vehicles are so important to Intel’s future. The answer is DATA. Our strategy is to make Intel the driving
force of the data revolution across every technology and every industry. We are a
DATA company. The businesses
we focus on, and deliver solutions to, create, use and analyze massive amounts
of data.
I recently had a chance to speak at the LA Auto show and
the title of my presentation was “Data is the New Oil.” My message was simple: automobiles and the
automotive industry are increasingly driven by data and computing. The saying “What’s under the hood” will
increasingly refer to computing, not horsepower.
At four
terabytes of data per day, the average autonomous car will put out
the data equivalent of approximately 3,000 people.
How
much is a CEO worth?
Verizon originally wanted $925 million discount for
Yahoo’s online services
Verizon initially thought the biggest data breaches in
Internet history merited a $925 million discount on its acquisition of
Yahoo’s online services, nearly three times what the two companies finally
agreed upon.
Yahoo disclosed new details about its negotiations with
Verizon in a regulatory filing Monday. The
filing doesn’t say why Verizon relented on its original demand, issued Feb. 1. Verizon ultimately accepted Yahoo’s offer to
trim the sale price by $350 million instead.
… Although she hasn’t divulged her
plans, Mayer isn’t expected to work for Verizon. If she leaves, Mayer will receive a $23 million
severance package, according to Monday’s filing. The amount is lower than a $44 million
valuation disclosed in September because $21 million in stock options and other
awards have vested in Mayer’s account since then.
Besides her severance package, Mayer will
gain control of stock options valued at $56.8 million, according to the filing.
Something
to play with on my old but still functional PCs.
No comments:
Post a Comment