Saturday, October 21, 2017

Not a bad summary.
EquiFIX - Lessons Learned From the Most Impactful Breach in U.S. History




Another useful article for my Computer Security students. Don’t forget your own security while you learn to protect your organization’s security.




Your postal service is out to get you!
USPS ‘Informed Delivery’ Is Stalker’s Dream
A free new service from the U.S. Postal Service that provides scanned images of incoming mail before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service’s potential for misuse by private investigators, identity thieves, stalkers or abusive ex-partners. The USPS says it hopes to have changes in place by early next year that could help blunt some of those concerns.
… Signing up requires an eligible resident to create a free user account at USPS.com, which asks for the resident’s name, address and an email address. The final step in validating residents involves answering four so-called “knowledge-based authentication” or KBA questions. KrebsOnSecurity has relentlessly assailed KBA as an unreliable authentication method because so many answers to the multiple-guess questions are available on sites like Spokeo and Zillow, or via social networking profiles.
Once signed up, a resident can view scanned images of the front of each piece of incoming mail in advance of its arrival. Unfortunately, because of the weak KBA questions (provided by recently-breached big-three credit bureau Equifax, no less) stalkers, jilted ex-partners, and private investigators also can see who you’re communicating with via the Postal mail.
Perhaps this wouldn’t be such a big deal if the USPS notified residents by snail mail when someone signs up for the service at their address, but it doesn’t.




This is the flip side of “We can, therefore we must!” Can’t wait to see how this plays out.
How many posts have I posted by now about government over-reach on surveillance and the need to vigorously defend our right to privacy? A lot, right?
And I realize that I am really only pseudoanonymous, but I think I’ve made it perfectly clear to most parties that I do not cheerfully tolerate people invading my privacy or trying to.
So imagine my reaction the other evening when I received an email from Twitter Legal telling me that they had been hit with a grand jury subpoena for details of my @PogoWasRight Twitter account.
To their great credit, Twitter had fought the subpoena for my account details as well as the account details of four other accounts, but now there was apparently nothing more they could do, so they notified me so that I could file a motion to quash the subpoena.
Yes, grand juries have a lot of power. And yes, journalists do not have a real shield law and even journalists can be subpoenaed.
Right now, I’m going to withhold details of what the subpoena is about, although I know. And I know enough to be infuriated that a grand jury would so cavalierly and casually demand my personal information.




Should it really surprise anyone that they are lawyering-up?
Tech giants' choice of Russia witnesses draws concern
Facebook, Twitter and Google all announced on Thursday that they will send their general counsels to testify at House and Senate Intelligence Committee hearings on Russian election interference — a move that has drawn fire from critics who want more transparency from the tech giants.
The companies’ decision to send their top attorneys marks a step forward from when they had not publicly stated if they would attend the hearings, causing the Senate Intelligence Committee’s top Democrat Sen. Mark Warner (D-Va.) to threaten that he would subpoena the tech giants into testifying.
But some observers say that sending the lawyers, instead of top executives or technical experts, could limit how many questions the companies can answer.


(Related).
How People Inside Facebook Are Reacting To The Company’s Election Crisis
… To truly understand how Facebook is responding to its role in the election and the ensuing morass, numerous sources inside and close to the company pointed to its unemotional engineering-driven culture, which they argue is largely guided by a quantitative approach to problems. It’s one that views nearly all content as agnostic, and everything else as a math problem. As that viewpoint has run headfirst into the wall of political reality, complete with congressional inquiries and multiple public mea culpas from its boy king CEO, a crisis of perception now brews.




Should FEMA contract with Loon for future disasters or try to construct its own balloon army? Or should this be a requirement for any telecommunication company’s disaster recovery plan?
Project Loon's LTE balloons are floating over Puerto Rico
About a month after Hurricane Maria's devastating landfall on Puerto Rico and a couple of weeks after the FCC gave clearance, Project Loon is bringing wireless internet to people on remote parts of the island.


No comments: