When is taking advantage of a Security Failure not
a crime? An old and well (or at least frequently) documented
problem.
Is
Enumerating Resources on a Website "Hacking"?
I saw a story pop up this week which made a bunch
of headlines and upon sharing it, also sparked some vigorous debate.
It all had to do with a 19-year-old bloke in Canada downloading some
publicly accessible documents which, as it later turned out,
shouldn't have been publicly accessible. Let's start with this video
as it pretty succinctly explains the issue in consumer-friendly
terms:
… This was public data. Whether it was
intended to be public or not does not change the fact that it was
published to a location which exposed it to the world without any
requirement for authorisation whatsoever. His "crime" was
simply to use the technology as it was designed to work. There was a
lot of support for this position
For my Ethical Hacking students. Be sure to wear
the electronic equivalent of a bio-hazard suit.
I’m sure my lawyer friends will be able to
explain this one. Sure.
Matt Burgess reports:
“Do
not pretend that I do not exist, do not ignore me or break the
deadlines,” was the message from one unknown hacker to a British
company targeted in February 2018. The person stole a “very large
quantity of data”.
Both
the hacker and the hacked company are the subject of a High
Court injunction. The legal ruling from judge Matthew Nicklin,
has been taken out to stop the company being named and prohibits
hacked data from being stolen.
The
case gives an insight into one hacker’s demands to a company and
how it responded. It is the latest in a number of injunctions being
taken out by companies that are looking to protect information that
has been stolen from their servers.
Read more on Wired
(UK).
OK, I don’t see how this is going to stop the
hackers from dumping data if they don’t get paid. Maybe some web
hosts will honor/comply with an injunction and remove data, but there
are just too many ways/places to dump data for this to really make a
serious dent in the problem. And what would stop a U.S. journalist
from reporting on the breach, naming the company, and discussing any
stolen data???
Good news for the White House? (Where would the
President be without “Fake News” to blame?)
Americans
Favor Protecting Information Freedoms Over Government Steps to
Restrict False News Online
… Nearly six-in-ten Americans (58%) say they
prefer to protect the public’s freedom to access and publish
information online, including on social media, even if it means false
information can also be published. Roughly four-in-ten (39%) fall
the other way, preferring that the U.S. government take steps to
restrict false information even if it limits those freedoms,
according to a survey
I’ll believe it when my students start reading
ToS.
The ‘Terms
and Conditions’ Reckoning Is Coming
Eleanor Margolis had used PayPal for more than a
decade when the online payment provider blocked her account in
January. The reason: She was 16 years old when she signed up, and
PayPal Holdings
Inc. insists she should have known the minimum age is 18, because
the rule is clearly stated in terms and conditions she agreed to.
Clearly stated, that is, in a document longer than The Great
Gatsby—almost 50,000 words spread across 21 separate web
pages. “They didn’t have any checks in place to make sure I was
over 18,” says Margolis, now 28. “Instead, they contact me 12
years later. It’s completely absurd.”
… GDPR, which comes into force in Europe in
May and calls for fines as high as 4 percent of a company’s global
revenue for violations, will make it tougher to get away with
book-length user agreements, says Eduardo Ustaran, co-director of the
cybersecurity practice at law firm Hogan Lovells. He suggests that
companies streamline their rules and make sure they’re written in
plain English. If a
typical user wouldn’t understand the documents, the consent that
companies rely on for their business activities would be legally
invalid. “Your whole basis for using people’s
personal data would disappear,” Ustaran says.
No other comment.
The FBI
Restored Its Missing Crime Data
On Tuesday, the FBI restored 70 data tables that
were missing from the 2016
Crime in the United States report, providing data that
researchers consider crucial to their understanding of crime trends
in the U.S. over time. The yearly report is considered the gold
standard for tracking crime statistics in the United States, gathered
from over 18,000 law-enforcement agencies in cities around the
country. But the 2016 report, the first compiled under the Trump
administration, was missing dozens of data tables that researchers
rely on.
No comments:
Post a Comment