I wonder if the FBI grabbed a copy?
Key iPhone
Source Code Gets Posted Online in 'Biggest Leak in History'
Update, February
8, 08:27 a.m.: Apple filed a copyright takedown request with
GitHub and forced the company to remove the code.
Someone just posted what experts say is the source
code for a core component of the iPhone’s operating system on
GitHub, which could pave the way for hackers and security researchers
to find vulnerabilities in iOS and make iPhone jailbreaks easier to
achieve.
The GitHub code is labeled “iBoot,” which is
the part of iOS that is responsible for ensuring a trusted boot of
the operating system. In other words, it’s the program that loads
iOS, the very first process that runs when you turn on your iPhone.
Poor management! Still no ‘requirement,’ but
we’ll fine you anyway?
Sean Tassi reports:
Until recently, colleges and universities that experienced a data breach had no unique reporting obligations to the U.S. Department of Education. Institutions were expected to analyze security incidents under applicable federal and state laws and, when appropriate, notify affected individuals and appropriate federal and state agencies. Because the Family Educational Rights and Privacy Act (FERPA) does not contain a breach reporting obligation, ED had taken the position that a report directly to ED was optional.
ED, however, has now changed its stance and has started levying Cleryesque fines — up to $56,789 per violation — against institutions that fail to report a data breach directly to ED. The importance of data security and the prevention of cybercrimes are unquestioned, but ED’s new stance on breach reporting raises practical problems.
Read more on Campus
Technology.
[From
the Article:
ED has taken an informal approach to notifying
institutions about its new breach reporting expectations. Instead of
publishing official guidance, ED is notifying institutions about the
new obligations at Federal
Student Aid conferences and via webinars (such as the Nov. 14,
2017 webinar available here.)
Attendees are taking the mandate back to their campuses, but the
change is being met with resistance from administrators and
practitioners — in large part, because the
new expectations contradict ED's previous written guidance
in documents like the Data
Breach Response Checklist published by ED's Privacy Technical
Assistance Center in 2012 (which was still available on the PTAC's
website as of the date that this article was written). ED's informal
approach to notification means that some institutions likely do not
know that ED's reporting expectations have changed and, more
importantly, institutions will continue to be confused in 2018.
A long and detailed post. I’ve pulled some bits
and pieces...
Camille Fischer writes:
This week, Senators Hatch, Graham, Coons, and
Whitehouse introduced a bill that diminishes the data privacy of
people around the world.
The Clarifying Overseas Use
of Data (CLOUD)
Act expands American and foreign law enforcement’s ability to
target and access people’s data across international borders in two
ways. First, the bill creates an explicit provision for U.S. law
enforcement (from a local police department to federal agents in
Immigration and Customs Enforcement) to access “the contents of a
wire or electronic communication and any record or other information”
about a person regardless of where they live or where that
information is located on the globe. In other words, U.S. police
could compel a service provider—like Google, Facebook, or
Snapchat—to hand over a user’s content and metadata, even if it
is stored in a foreign country, without following that foreign
country’s privacy laws.
… This bill would also moot legal proceedings
now before the U.S. Supreme Court. In the spring, the Court will
decide whether or not current U.S. data privacy laws allow U.S. law
enforcement to serve warrants for information stored outside the
United States. The case, United
States v. Microsoft (often called “Microsoft Ireland”),
also calls into question principles of international law, such as
respect for other countries territorial boundaries and their rule of
law.
… The CLOUD Act would give unlimited
jurisdiction to U.S. law enforcement over any data controlled by a
service provider, regardless of where the data is stored and who
created it. This applies to content, metadata, and subscriber
information – meaning private messages and account details could be
up for grabs
No comments:
Post a Comment