I’m telling my Computer Security students that
keeping the default settings is never a good idea.
Pentagon
Accidentally Exposes Web-Monitoring Operation
The Department of Defense accidentally exposed an
intelligence-gathering operation, thanks to an online storage
misconfiguration.
DOD was reportedly collecting billions of public
internet posts from social media, news sites, and web forums and
storing them on Amazon
S3 repositories. But it
neglected to make those storage servers private. So
anyone with a free Amazon
AWS account could browse and download the data, according to
Chris Vickery, a security researcher at UpGuard.
Vickery noticed the problem in September. "The
data exposed in one of the three buckets is estimated to contain at
least 1.8 billion posts of scraped internet content over the past 8
years," UpGuard said in a Friday
report.
Much of the data was scraped from news sites, web
forums, and social media services such as Facebook and Twitter. The
information includes content relating to Iraqi and Pakistani politics
and ISIS, but also social media posts made by Americans.
… The Defense Department isn't the only one to
commit the security slip-up with AWS cloud storage. Earlier this
year, UpGuard found that Verizon
and Dow
Jones made the same mistake, effectively exposing their private
customer data to the public.
How to victimize victims. (And another federal
agency that’s clueless when it comes to security breaches.)
Rachel Polansky reports:
Dozens of Southwest Floridians are sick and tired of waiting for answers from FEMA after being hit by Hurricane Irma and then, identity thieves.
A month after the NBC2 Investigators exposed a major scheme involving criminals stealing local identities to defraud the federal government, the NBC2 Investigators are finally getting answers from FEMA.
Read more on NBC-2.
[From
the article:
… the agency couldn't confirm this earlier
because they wanted to protect the integrity of the investigation.
This probably happens here and goes unreported.
(undetected?)
Reuters reports:
Italian police are investigating a hack into the email accounts of government employees by activist group Anonymous, which then published documents it had extracted.
On its Italian blog Anonymous uploaded a screenshot of an email purportedly sent from a government email address to an employee of the prime minister’s office containing the names of a security detail that would accompany an official inspection at a site Prime Minister Paolo Gentiloni is due to visit this week.
Read more on Reuters.
See also
ItalianInsider.it. DataBreaches.net is not linking to
Anonymous’s blog post so as not to facilitate leaking of the
allegedly hacked data.
Oh they’re getting serious. They wrote a
letter!
The House Energy and Commerce Committee has sent
Equifax a long list of questions related to the breach that
compromised more than 100 million people's personal information.
The letter, dated Friday, contains seven pages of
document requests and questions as part of the panel's investigation,
nearly a full page of which is devoted to documents.
Click here
to read the full letter.
Good intent? Bad outcome. Of course it could
never happen here…
Germany:
Please Destroy Your Child's Smartwatch
A German regulator is banning the sale of certain
smartwatches
designed for children because they can be used for spying. Parents
who own such products should destroy them, the country's Federal
Network Agency said in a Friday
notice.
These watches include a listening function that
lets parents monitor their child over a mobile app on a smartphone.
However, that same feature can let them secretly eavesdrop on any
surrounding conversation close to the watch—like listening to a
teacher in a classroom. German law prohibits
this kind of function, the Federal Network Agency said.
For my Computer Security students.
Why the
Entire C-Suite Needs to Use the Same Metrics for Cyber Risk
When it comes to cybersecurity, the chains of
communication that exist within an organization, if they exist at
all, are often a mess. Multiple conversations about cyber risks are
happening across a multitude of divisions in isolation. At the same
time, members of the C-suite are measuring their potential impact
using different metrics — financial, regulatory, technical,
operational — leading to conflicting assessments. CEOs must
address these disconnects by creating a culture that promotes open
communication and transparency about vulnerabilities and
collaboration to address the exposures.
Tips for your business plan?
Surviving
in an Increasingly Digital Ecosystem
Every large and
ambitious company today should be trying to figure out how to become
a destination for its customers.
Worth getting my students thinking about their
searches.
Something for the Movie club?
MoviePass
Launches Annual Subscription Plan For Under $8 A Month: That’s
Lower Than The Average Movie Ticket Price
For a limited
time, MoviePass is
offering a one-year subscription plan for a flat fee of $89.95, which
translates to $7.50 a month (that price already includes a $6.55
processing fee). That
price is under this year’s 3Q average movie ticket, which the
National Association of Theater Owners pegged at $8.93.
No comments:
Post a Comment