Not as much exposure as you might think. Do you know every computer
a job applicant might have had access to?
DarkVishnya:
Banks attacked through direct connection to local network
… In 2017-2018, Kaspersky Lab specialists were
invited to research a series of cybertheft incidents. Each attack
had a common springboard: an unknown device directly connected to the
company’s local network. In some cases, it was the central office,
in others a regional office, sometimes located in another country.
… Each attack can be divided into several
identical stages. At the first stage, a cybercriminal entered the
organization’s building under the guise of a courier, job seeker,
etc., and connected a device to the local network, for example, in
one of the meeting rooms.
The devices used in the DarkVishnya attacks varied
in accordance with the cybercriminals’ abilities and personal
preferences. In the cases we researched, it was one of three tools:
- netbook or inexpensive laptop
- Raspberry Pi computer
- Bash Bunny, a special tool for carrying out USB attacks
… At the second stage, the attackers remotely
connected to the device and scanned the local network seeking to gain
access to public shared folders, web servers, and any other open
resources. The aim was to harvest information about the network,
above all, servers and workstations used for making payments. At the
same time, the attackers tried to brute-force or sniff login data for
such machines.
… Having succeeded, the cybercriminals
proceeded to stage three. Here they logged into the target system
and used remote access software to retain access
This could be another example of the FBI talking
to lawmakers in another country, hoping to convince them to support
an FBI position. Now they can point to this law and tell US
lawmakers, :We’re behind!”
Australia
Anti-Encryption Law Rushed to Passage
A
newly
enacted law rushed through Australia's parliament will compel
technology companies such as Apple, Facebook and Google to disable
encryption protections so police can better pursue terrorists and
other criminals.
… "I
think it's detrimental to Australian and world security," said
Bruce Schneier, a tech security expert affiliated with Harvard
University and IBM.
… U.S.
law enforcement officials, including Deputy Attorney General Rod
Rosenstein, are again pushing for legislation that would somehow give
authorities access to secure communications.
The
Australian bill is seen by many as a beachhead for those efforts
because the nation belongs to the "Five Eyes" security
alliance with the U.S., Britain, Canada and New Zealand.
"There
is a lot here that doesn't make any sense," Schneier said of the
Australian bill. "This is a technological law written by
non-technologists and it's not just bad policy. In many ways, I
think it's unworkable."
A
leading figure in cryptography, Martin Hellman of Stanford
University, said it appears the bill would "facilitate crime by
weakening the security of the affected devices."
… But
Apple, in comments filed with parliament in October, argued that "it
would be wrong to weaken security for millions of law-abiding
customers in order to investigate the very few who pose a threat."
I’m beginning to think that stories like this
are influencing the push for real penalties (like GDPR). The next
requirement is some significant penalties for the managers who won’t
take action on their own.
Stuff reports on a case in New Zealand
that was cited in a newly-released annual report by the Privacy
Commissioner. Disturbingly, the unnamed government agency not only
did not set a great example for data protection, but they
demonstrated less than admirable response to the incident of
insider-wrongdoing that harmed a member of the public. Stuff
reports:
A government employee in dispute with his neighbour snooped on him 73 times after accessing his employer’s “sensitive” records.
He also changed the man’s file to add allegations of “improper conduct”.
When the government agency found out about the privacy breach it reviewed its processes but was not willing to apologise to the neighbour or pay him compensation.
[…]
The commissioner has called for changes to the Privacy Act to introduce “meaningful consequences” for non-compliance, including for the commissioner to decide which cases should go to the tribunal and for the commissioner to take the claims.
Read more on Stuff.
That the agency didn’t even apologize for the anguish or harm to
the individual is concerning.
It is one thing to argue that you had policies and
procedures in place that you monitored, but despite that, an employee
willfully managed to violate both, but then not to give the affected
individual anything — even a “We agree with you with and have
terminated the employee’s position with us,” well…. there has
to be more redress and/or compensation for those whose complaints are
founded. And government agencies should be setting good examples
instead of needing to be dragged before a tribunal or sued.
More
information on the Privacy Commissioner’s 2018 Report can be found
on the Commission’s web site.
To jump directly to the annual report, go here.
Is political news
based on the number of people who want to read it?
The long,
tortured quest to make Google unbiased
The
Verge – Can a search engine ever be meaningfully neutral:
“[December 11, 2018], Sundar Pichai will try to reassure Congress
that Google’s search engine isn’t rigged. The Google CEO is
testifying before the House Judiciary Committee on
Tuesday [The Hearing is titled – Transparency &
Accountability: Examining Google and its Data Collection, Use and
Filtering Practices] answering questions about “potential
bias and the need for greater transparency” in Google’s
business practices. It’s Republican lawmakers’ latest move in a
series of hearings over Silicon Valley political
bias. “Google has created some of the most powerful and
impressive technology applications,” wrote House Majority Leader
Kevin McCarthy in
the announcement. “Unfortunately, recent reports suggest
Google might not be wielding its vast power impartially. Its
business practices may have been affected by political bias.” We
don’t know exactly what questions will arise during Pichai’s
testimony. But this summer, President Donald Trump caused a brief
uproar by claiming (without evidence) that Google suppressed
positive news about him. Reports indicated Trump might
even direct regulators to investigate Google and other platforms
for bias. But that proposal hadn’t come from one of Silicon
Valley’s many ideological enemies — it was supposedly
promoted by recommendations site Yelp, which has spent years
protesting what it calls unfair demotion of its search results.
That investigation never came to pass. But it highlighted a major underpinning of the current anti-Google backlash: a decade-long fight over how search engines, which have become many people’s primary gateway to the internet, should treat the websites they list.”
No comments:
Post a Comment