Sunday, October 29, 2017

Yes, this is a big deal. No, I doubt the terrorists would lose this USB device.
From the holy-shit-this-is-bad dept.
Dan Warburton reports that a man found a USB stick in the street and plugged it in to a library computer (well, ok, we can discuss that later), but what he found was breath-taking, and not in a good way: 174 documents with 2.5 GB of data that included:
  • The exact route the Queen takes when using the airport and security measures used to protect her.
  • Files disclosing every type of ID needed – even those used by covert cops – to access restricted areas.
  • A timetable of patrols that was used to guard the site against suicide bombers and terror attacks.
  • Maps pinpointing CCTV cameras and a network of tunnels and escape shafts linked to the Heathrow Express.
  • Routes and safeguards for Cabinet ministers and foreign dignitaries.
  • Details of the ultrasound radar system used to scan runways and the perimeter fence.
Read more on The Mirror.
So… who done it? Why? Is this the only copy of these files in the wild?
This is a very worrying situation for the U.K.
So far, I’m not finding any statement in media coverage as to metadata – when were these files copied on to the USB stick – and would all these files have been on the same system? There are lots of questions needing answers. [Amen! Bob]




For my Computer Security students. Identical to keeping the default password.
DUHK attack puts random number generators at risk
… The vulnerability has been dubbed DUHK, which stands for Don't Use Hard-coded Keys, and affects devices that use the ANSI X9.31 Random Number Generator (RNG) and a hardcoded seed key. Researchers Nadia Heninger and Shaanan Cohney from the University of Pennsylvania, along with cryptographer Matthew Green at Johns Hopkins University, studied the Federal Information Processing Standards (FIPS) certified products that use the ANSI X9.31 RNG algorithm and found 12 that are vulnerable to DUHK.




Privacy is already being redefined under GDPR.
Kevin Murphy writes:
Two Dutch geo-gTLDs are refusing to provide public access to Whois records in what could be a sign of things to come for the whole industry under new European privacy law.
Both .amsterdam and .frl appear to be automatically applying privacy to registrant data and say they will only provide full Whois access to vetted individuals such as law enforcement officials.
ICANN has evidently slapped a breach notice on both registries, which are now complaining that the Whois provisions in their Registry Agreements are “null and void” under Dutch and European Union law.
Read more on DomainIncite.




A more cynical blogger might call this the “auto-stalking feature.”
Google auto-detects your whereabouts to get local search results
… The tech titan has moved away from relying on country-specific domains to serve up localized results on mobile web, the Google app for iOS, as well as Search and Maps for desktop. Now, your location dictates the kind of results you'll get -- you could go to google.com.au, for instance, but if you're in New Zealand, you'll still get search results tailored for your current whereabouts. You'll know the location Google recognizes by looking at the lower left-hand corner of the page




This will never be easy.
Facebook struggles to contain Russia narrative
… Some lawmakers are already pressing for more details about so-called organic content, including unpaid posts from thousands of fake, automated and hijacked user accounts. Those questions could require Facebook to divulge more details about the priceless proprietary algorithms it uses to decide what messages its users see.
Top Senate Judiciary Committee Democrat Dianne Feinstein asked Facebook CEO Mark Zuckerberg on Friday for a wealth of additional data about Russian activity on its networks, including all organic content and ads "targeted to any part of the United States" by any users who "may be connected in some way to Russia." The California senator also sent an extensive data request to Twitter CEO Jack Dorsey.




Perspective. Remember when a billion dollars was a lot of money?
The big five tech giants added $181 billion in market value on Friday
… Those five companies have gained almost $900 billion in market capitalization over the past year.




Probable that lawyers believe all clients act like this…


No comments: