Monday, December 03, 2018

Some speculation on the impact of the Marriott breach.
Espionage, ID Theft? Myriad Risks From Stolen Marriott Data
The data stolen from the Marriott hotel empire in a massive breach is so rich and specific it could be used for espionage, identity theft, reputational attacks and even home burglaries, security experts say.
The affected reservation system could be extremely enticing to nation-state spies interested in the travels of military and senior government officials, said Jesse Varsalone, a University of Maryland cybersecurity expert.
And because the data included reservations for future stays, along with home addresses, burglars could learn when someone wouldn't be home, said Scott Grissom of LegalShield, a provider of legal services.
Security analysts were especially alarmed to learn of the breach's undetected longevity. Marriott said it first detected until Sept. 8 but was unable to determine until last week what data had possibly been exposed — because the thieves used encryption to remove it in order to avoid detection.
Marriott said the stolen credit card information was encrypted but the hackers may have obtained the "two components needed to decrypt the payment card numbers." It said it cannot "rule out the possibility that both were taken." [So, they kept the decryption key online? Bob]
The FBI would not say whether it is investigating, [Strange. They usually love the publicity. Bob]


(Related) Inevitable.
Lawsuits Filed Against Marriott Over Massive Data Breach
Several lawsuits have been filed against Marriott as a result of the data breach. One class action was filed by Murphy, Falcon & Murphy and co-counsel Morgan & Morgan in Maryland. It alleges that Marriott failed to ensure the integrity of its servers and to properly protect sensitive information.
Another class action was filed by two individuals in Oregon. The lawsuit seeks $25 for each impacted customer, which brings the total to $12.5 billion.
Separate legal action was announced by global investor rights law firm Rosen Law Firm, which filed a class action on behalf of purchasers of Marriott shares.
On Sunday, Sen. Chuck Schumer said Marriott should purchase new passports for customers who had their passport numbers stolen as a result of this security incident.




Tiny in comparison to Marriott.
Elasticsearch Instances Expose Data of 82 Million U.S. Users
A total of 73 gigabytes of data were found during a “regular security audit of publicly available servers with the Shodan search engine,” HackenProof explains. At least three IPs with the identical Elasticsearch clusters misconfigured for public access were discovered.




I love a good laugh. Can’t wait to see their arguments.
DOJ made secret arguments to break crypto, now ACLU wants to make them public
Earlier this year, a federal judge in Fresno, California, denied prosecutors' efforts to compel Facebook to help it wiretap Messenger voice calls.
But the precise legal arguments that the government made, and that the judge ultimately rejected, are still sealed.
On Wednesday, the American Civil Liberties Union formally asked the judge to unseal court dockets and related rulings associated with this ongoing case involving alleged MS-13 gang members. ACLU lawyers argue that such a little-charted area of the law must be made public so that tech companies and the public can fully know what's going on.
… In their new filing, ACLU lawyers pointed out that "neither the government’s legal arguments nor the judge’s legal basis for rejecting the government motion has ever been made public."
The attorneys continued, citing a "strong public interest in knowing which law has been interpreted" and referencing an op-ed published on Ars on October 2 as an example.


No comments: