No real chance that customers would win a lawsuit,
so why spend money ensuring security?
Comcast
website bug leaks Xfinity customer data
… The website,
used by customers to set up their home internet and cable service,
can be tricked into displaying the home address where the router is
located, as well as the Wi-Fi name and password.
… The site returned the Wi-Fi name and
password – in plaintext
-- used to connect to the network for one of the customers who uses
an Xfinity router. The other customer was using his own router –
and the site didn't return the Wi-Fi network name or password.
Retaliation is a step to all-out cyberwar.
Inside
'Project Indigo,' the quiet info-sharing program between banks and
U.S. Cyber Command
A confidential information-sharing agreement
between the Financial Services Information Sharing and Analysis
Center (FS-ISAC) and U.S. Cyber Command reveals the blurring line
between the country’s public and private sectors as the U.S.
government becomes increasingly
receptive
to launching offensive hacking operations.
… The broad purpose of Project Indigo is to
help inform U.S. Cyber Command about nation-state hacking aimed at
banks. In practice, this intelligence is independently evaluated
and, if appropriate, Cyber Command responds under its own unique
authorities.
It’s possible that a bank could tip off the
military about a cyberattack against the financial industry,
prompting Cyber Command to react and take action. That could include
providing unique insight back to FSARC or even taking offensive
measures to disrupt the attacker — such as retaliatory hacking —
if it’s appropriate and the Pentagon approves it, according to
current and former U.S. officials.
Isn’t this what Hillary Clinton said about email
servers? Good thing the President doesn’t email…
‘Too
inconvenient’: Trump goes rogue on phone security
President Donald Trump uses a White House
cellphone that isn’t equipped with sophisticated security features
designed to shield his communications, according to two senior
administration officials — a departure from the practice of his
predecessors that potentially exposes him to hacking or surveillance.
The president, who relies on cellphones to reach
his friends and millions of Twitter followers, has rebuffed staff
efforts to strengthen security around his phone use, according to the
administration officials.
… While aides have urged the president to swap
out the Twitter phone on a monthly basis, Trump has resisted their
entreaties, telling them it was “too inconvenient,” the same
administration official said.
The president has gone as long as five months
without having the phone checked by security experts. It is unclear
how often Trump’s call-capable phones, which are essentially used
as burner phones, are swapped out.
Told ya so!
Explaining
Efail and Why It Isn’t the End of Email Privacy
Last week the PGPocalipse was all over the news…
Except that, well, it wasn’t an apocalypse.
A team of researchers published a
paper(PDF) where they describe how to decrypt a PGP encrypted
email via a targeted attack. The research itself is pretty well
documented and, from a security researcher perspective, it’s a good
paper to read, especially the cryptography parts.
But we here at Hackaday
were skeptical about media claims that Efail had broken PGP.
Some media reports went as far as recommending everyone turn off PGP
encryption on all email clients, but they weren’t able to back this
recommendation up with firm reasoning. In fact, Efail isn’t an
immediate threat for the vast majority of people simply because an
attacker must already have access to an encrypted email
to use the exploit. Advising everyone to disable encryption all
together just makes no sense.
Aside from the massive false alarm, Efail is a
very interesting exploit to wrap your head around. Join me after the
break as I walk through how it works, and what you can do to avoid
it.
More that TSA on steroids, this is Big Brothering
at its best. Any country could do this, including the US.
China's
social credit system has blocked people from taking 11 million
flights and 4 million train trips
China's social credit system has blocked people
from taking 11.14 million flights and 4.25 million high-speed train
trips.
The numbers, from the end of April, were included
in a report by China's state-run news outlet Global
Times, but it is unclear what offenses those targeted in the
travel ban have committed.
The social credit system is actually a collection
of blacklists, of which there are more than a dozen at the national
level. Each list is based on similar offenses — such as
misbehavior on planes and trains, or failing to abide by a court
judgment — and determines the punishments
people face, from throttling
internet speeds to blocking loans.
Keeping up with the players in the intelligence
game.
… the Directorate for Signals Intelligence,
Japan’s version of the National Security Agency.
The directorate has a history that dates back to
the 1950s; its role is to eavesdrop on communications. But its
operations remain so highly classified that the Japanese government
has disclosed little about its work – even the location of its
headquarters. Most Japanese officials, except for a select few of
the prime minister’s inner circle, are kept in the dark about the
directorate’s activities, which are regulated by a limited legal
framework and not subject to any independent oversight.
Now, a new
investigation by the Japanese broadcaster NHK — produced in
collaboration with The Intercept — reveals, for the first time,
details about the inner workings of Japan’s opaque spy community.
Based on classified documents and interviews with current and former
officials familiar with the agency’s intelligence work, the
investigation shines light on a previously undisclosed internet
surveillance program and a spy hub in the south of Japan that is used
to monitor phone calls and emails passing across communications
satellites.
Perspective.
… while digital marketers are aware of the
strict new regulatory regime, seemingly few have taken active steps
to address how it will impact their day-to-day operations.
GDPR will force marketers to relinquish much of
their dependence on behavioral data collection. Most critically, it
will directly implicate several business practices that are core to
current digital ad targeting. The stipulation that will perhaps
cause most angst is the new formulation for collecting an
individual’s consent to data gathering and processing; GDPR
requires that consent
be active (as opposed to passive) and represent a
genuine and meaningful choice. Digital marketers know
that users of internet-based services like Snapchat, Facebook, and
Google technically provide consent by agreeing to these companies’
terms of service when they sign up. But does this constitute an
active and genuine choice? Does it indicate that the user is willing
to have her personal data harvested across the digital and physical
worlds, on- and off-platform, and have that data used to create a
behavioral profile for digital marketing purposes? Almost
certifiably
not.
(Related)
Most GDPR
emails unnecessary and some illegal, say experts
… Many companies, acting based on poor legal
advice, a fear of fines of up to €20m (£17.5m) and a lack of good
examples to follow, have taken what they see as the safest option for
hewing to the General
Data Protection Regulation (GDPR): asking customers to renew
their consent for marketing communications and data processing.
… “Businesses are not required to
automatically ‘repaper’ or refresh all existing 1998 Act consents
in preparation for the GDPR,” Vitale said. “The first question
to ask is: which of the six legal grounds under the GDPR
should you rely on to process personal data? Consent is only one
ground. The others are contract, legal obligation, vital interests,
public interest and legitimate interests.
Interesting.
https://sloanreview.mit.edu/article/how-human-computer-superminds-are-redefining-the-future-of-work/
How
Human-Computer ‘Superminds’ Are Redefining the Future of Work
The ongoing, and sometimes loud, debate about how
many and what kinds of jobs smart machines will leave for humans to
do in the future is missing a salient point: Just as the automation
of human work in the past allowed people and machines to do many
things that couldn’t be done before, groups of people and computers
working together will be able to do many things in the future that
neither can do alone now.
No doubt this is their strategy to entice kids to
write rather than Tweet.
U.S. Postal
Service announces first-ever scratch and sniff stamp with popsicle
scent
… The U.S. Postal Service said Monday that it
will issue its first-ever scratch-and-sniff stamps that will aim to
evoke the sweet scent of summer. The 10 different stamp designs each
feature a watercolor illustration of two different ice pops on a
stick.
There will be one scent for all of the stamps and
the secret smell will be unveiled when the Postal Service issues the
stamps on June 20, according to U.S. Postal Service public relations
representative Mark Saunders.
No comments:
Post a Comment