Secret Service laptop, pins, radio stolen
A Secret Service computer containing sensitive security
information about Trump Tower was stolen from an agent’s vehicle in New York on
Thursday, along with a set of security perimeter pins, a personal laptop, and
other items, federal and New York City law enforcement sources told POLITICO.
… Two of the
sources said that some items stolen from the vehicle — including a set of lapel
pins that allow agents entry into security perimeters around dignitaries
protected by the Secret Service — had been recovered in the vicinity soon after
the break-in.
… The statement
stressed that agency-issued laptops “contain multiple layers of security
including full disk encryption” that prevent unauthorized individuals from
accessing their contents.
… The
closed-circuit agency radios are encrypted, said the person who is in contact
with the Secret Service. Nonetheless,
the incident provoked alarm among law enforcement officials. [Probably
no login required. Bob]
Probably not well considered. Who failed to see this and stop it? Why do we never ask that question?
Did no one really understand what “enhanced data
sharing” would permit until now?
Laura Donnelly reports:
The
medical records of 26 million patients are embroiled in a major security
breach amid warnings that the IT system used by thousands of GPs is not secure.
The Information Commissioner is
investigating concerns that records held by 2,700 practices – one in three of
those in England – can be accessed by hundreds of thousands of strangers.
Privacy campaigners last night
said the breach was “truly devastating” with millions of patients having no
idea if their records had been compromised.
Read more on The
Telegraph.
[From the
article:
Unbeknown to doctors, switching on “enhanced data sharing”
- so records could be seen by the local hospital - meant they can also be
accessed by hundreds of thousands of workers across the country.
It means receptionists, clerical staff, healthcare
assistants and medics working in pharmacies, hospitals, GP surgeries, care
homes and prisons can look up sensitive information about individuals - even if
there is no medical reason to do so.
An old problem.
User account numbers are part of the URL. Change the number, see another user’s data.
Hackernoon writes:
This is published under our
responsible disclosure policy
The McDonald’s India app,
McDelivery is leaking personal data for more than 2.2 million of its users
which includes name, email address, phone number, home address, accurate home
co-ordinates and social profile links. We
contacted McDelivery on 7th Feb and received an acknowledgement from a Senior
IT Manager on 13th Feb (33 days ago). The
issue has not been fixed yet and our continued effort to get an update for the
fix after the initial acknowledgement has failed.
An unprotected publicly
accessible API endpoint for getting user details coupled with serially
enumerable integers as customer IDs can be used to obtain access to all users
personal information.
Read more on Hackernoon.
[From
Hackernoon:
UPDATE: McDonald’s India has replied to us that
they have fixed the issue and would be releasing an official statement urging
their users to upgrade the app.
Not surprising.
WikiLeaks Won’t Tell Tech Companies How to Patch CIA Zero-Days
Until Its Demands Are Met
… This week,
Assange sent an email to Apple, Google, Microsoft and all the companies
mentioned in the documents. But instead
of reporting the bugs or exploits found in the leaked CIA documents it has in
its possession, WikiLeaks made demands, according to multiple sources familiar
with the matter who spoke on condition of anonymity.
WikiLeaks included a document in the email, requesting the
companies to sign off on a series of conditions before being able to receive
the actual technical details to deploy patches, according to sources. It's unclear what the conditions are, but a
source mentioned a 90-day disclosure deadline, which would compel companies to
commit to issuing a patch within three months.
The companies, however, are not sure what to do next
because the vulnerabilities come from highly-classified documents (which may
have been illegally obtained), as well as the suspicion that, perhaps, these
documents and hacking tools were leaked to WikiLeaks by the Russian government.
(Related). Hardly
news, but it’s good to know they have already eliminated Russia.
U.S. prosecutors reportedly probing leak of CIA materials
to WikiLeaks
… U.S. agencies
have made only vague public comments on the latest WikiLeaks disclosures, but
security and law enforcement officials familiar with the investigation said in
the wake of the leaks that it is focused on whether an intelligence contractor
was responsible. At this point, they
said, investigators do not think Russia or another foreign government was
involved.
Have Samsung’s trust issues been resolved?
Samsung's New S8 to Adopt Facial Recognition for Payments
Samsung Electronics Co.’s new Galaxy S8 will employ
facial-recognition technology for mobile payments within months of release,
adding cutting-edge security to help the marquee device stand out from rivals
such as Apple Inc.’s
iPhone, people familiar with the matter said.
The Galaxy S8 to be unveiled later this month will blend
fingerprint, iris and facial detection to verify users accessing mobile
services including Samsung Pay, the people said. It’s already working with banks to help them
embrace facial recognition systems in coming months, they said, asking not to
be identified talking about a private matter. Samsung declined to comment.
Sounds good, does not match the facts. (Sounds Trump-like?)
Bill Gates wants to tax robots, but one robot maker says
that's 'as intelligent' as taxing software
… "If you
look at economies with the lowest unemployment rates in the world and correlate
it with robotics: Germany, Japan, South Korea have the highest robotics rates
with more than 300 robots per 10,000 workers, and they have the lowest
unemployment rates," Spiesshofer said. "So robotization and automation, wealth
and prosperity go hand-in-hand."
Walmart going after Amazon in areas where Amazon is not
(yet) strong?
Walmart Acquires Online Women’s Clothing Retailer ModCloth
The deal, which closed Friday and included both assets and
operations, was part of an effort to increase Walmart's e-commerce footprint,
the company said in a statement. The good will be sold on Jet.com, an
e-commerce site owned by Walmart.
… Due to the
acquisition, designers selling on ModCloth will now have an opportunity to
expand their client base through Walmart's e-commerce sites, the company said.
ModCloth was
founded in 2002 in a college dorm room by Susan Gregg Koger and
Eric Koger, according to the company's website.
(Related). Will
they tell you that you should not wear that bikini to church?
Amazon will now tell Prime members what to wear via a new
“Outfit Compare” feature
Amazon has been steadily pushing its way into fashion over
the past several years, with investments in its own private labels – from workwear to activewear – plus increased fashion ad spending and even its own trend-obsessed TV
show, Style Code Live. Now the online
retailer is looking to dole out its fashion advice to the masses, too, through
a new feature called “Outfit Compare,” which is currently available to Prime
members.
… Outfit Compare
works as you’d think. It prompts shoppers to share two photos
of themselves wearing two different outfits they’re deciding between.
A minute later, you’ll get a response from an Amazon
stylist who will tell you which outfit looks better on you. This determination will be made based on a
number of factors, Amazon explains, including how the clothes fit, what colors
look best on you, how they’re styled, and what’s on trend.