Yes, this is a big deal. No, I doubt the
terrorists would lose this USB device.
From the holy-shit-this-is-bad
dept.
Dan Warburton reports that a man found a USB stick
in the street and plugged it in to a library computer (well, ok, we
can discuss that later), but what he found was breath-taking, and not
in a good way: 174 documents with 2.5 GB of data that included:
-
The exact route the Queen takes when using the airport and security measures used to protect her.
-
Files disclosing every type of ID needed – even those used by covert cops – to access restricted areas.
-
A timetable of patrols that was used to guard the site against suicide bombers and terror attacks.
-
Maps pinpointing CCTV cameras and a network of tunnels and escape shafts linked to the Heathrow Express.
-
Routes and safeguards for Cabinet ministers and foreign dignitaries.
-
Details of the ultrasound radar system used to scan runways and the perimeter fence.
Read more on The
Mirror.
So… who done it? Why? Is this the only copy of
these files in the wild?
This is a very worrying situation for the U.K.
So far, I’m not finding any statement in media
coverage as to metadata – when were these files copied on to the
USB stick – and would all these files have been on the same system?
There are lots of
questions needing answers. [Amen!
Bob]
For my Computer Security students. Identical to
keeping the default password.
DUHK attack
puts random number generators at risk
… The vulnerability has been dubbed DUHK,
which stands for Don't Use Hard-coded Keys, and affects devices that
use the ANSI X9.31 Random Number Generator (RNG)
and a hardcoded seed key. Researchers Nadia Heninger and Shaanan
Cohney from the University of Pennsylvania, along with cryptographer
Matthew Green at Johns Hopkins University, studied the Federal
Information Processing Standards (FIPS) certified products that
use the ANSI X9.31 RNG algorithm and found 12 that are vulnerable to
DUHK.
Privacy is already being redefined under GDPR.
Kevin Murphy writes:
Two Dutch geo-gTLDs are refusing to provide public access to Whois records in what could be a sign of things to come for the whole industry under new European privacy law.
Both .amsterdam and .frl appear to be automatically applying privacy to registrant data and say they will only provide full Whois access to vetted individuals such as law enforcement officials.
ICANN has evidently slapped a breach notice on both registries, which are now complaining that the Whois provisions in their Registry Agreements are “null and void” under Dutch and European Union law.
Read more on DomainIncite.
A more cynical blogger might call this the
“auto-stalking feature.”
Google
auto-detects your whereabouts to get local search results
… The tech titan has moved
away from relying on country-specific domains to serve up
localized
results on mobile web, the Google app for iOS, as well as Search
and Maps for desktop. Now, your location dictates the kind of
results you'll get -- you could go to google.com.au, for instance,
but if you're in New Zealand, you'll still get search results
tailored for your current whereabouts. You'll know the location
Google recognizes by looking at the lower left-hand corner of the
page
This will never be easy.
Facebook
struggles to contain Russia narrative
… Some lawmakers are already pressing for more
details about so-called organic content, including unpaid posts from
thousands of fake, automated and hijacked user accounts. Those
questions could require Facebook to divulge more details about the
priceless proprietary algorithms it uses to decide what messages its
users see.
Top Senate Judiciary Committee Democrat Dianne
Feinstein asked
Facebook CEO Mark Zuckerberg on Friday for a wealth of additional
data about Russian activity on its networks, including all organic
content and ads "targeted to any part of the United States"
by any users who "may be connected in some way to Russia."
The California senator also sent an extensive
data request to Twitter CEO Jack Dorsey.
Perspective. Remember when a billion dollars was
a lot of money?
The big
five tech giants added $181 billion in market value on Friday
… Those five companies have gained almost $900
billion in market capitalization over the past year.
Probable that lawyers believe all clients act like
this…
No comments:
Post a Comment