Some speculation on the impact of the Marriott breach.
Espionage,
ID Theft? Myriad Risks From Stolen Marriott Data
The
data stolen from
the Marriott hotel empire in a massive breach is so rich and
specific it could be used for espionage, identity theft, reputational
attacks and even home burglaries, security experts say.
… The
affected reservation system could be extremely enticing to
nation-state spies interested in the travels of military and senior
government officials, said Jesse Varsalone, a University of Maryland
cybersecurity expert.
… And
because the data included reservations for future stays, along with
home addresses, burglars could learn when someone wouldn't be home,
said Scott Grissom of LegalShield, a provider of legal services.
… Security
analysts were especially alarmed to learn of the breach's undetected
longevity. Marriott said it first detected until Sept. 8 but was
unable to determine until last week what data had possibly been
exposed — because the thieves used encryption to remove it in order
to avoid detection.
… Marriott
said the stolen credit card information was encrypted but the hackers
may have obtained the "two components needed to decrypt the
payment card numbers." It said it cannot "rule out the
possibility that both were taken." [So,
they kept the decryption key online? Bob]
… The
FBI would not say whether it is investigating, [Strange.
They usually love the publicity. Bob]
(Related) Inevitable.
Lawsuits
Filed Against Marriott Over Massive Data Breach
… Several
lawsuits have been filed against Marriott as a result of the data
breach. One class action was filed
by Murphy, Falcon & Murphy and co-counsel Morgan & Morgan in
Maryland. It alleges that Marriott failed to ensure the integrity of
its servers and to properly protect sensitive information.
… Another
class action was filed by two individuals in Oregon. The lawsuit
seeks $25 for each impacted customer, which brings the total to $12.5
billion.
Separate
legal action was announced by global investor rights law firm Rosen
Law Firm, which filed a class action on
behalf of purchasers of Marriott shares.
… On
Sunday, Sen. Chuck Schumer said Marriott should purchase new
passports for customers who had their passport numbers stolen as a
result of this security incident.
Tiny
in comparison to Marriott.
Elasticsearch
Instances Expose Data of 82 Million U.S. Users
… A
total of 73 gigabytes of data were found during a “regular security
audit of publicly available servers with the Shodan search engine,”
HackenProof explains. At least three IPs with the identical
Elasticsearch clusters misconfigured for public access were
discovered.
I
love a good laugh. Can’t wait to see their arguments.
DOJ made
secret arguments to break crypto, now ACLU wants to make them public
Earlier
this year, a federal judge in Fresno, California, denied
prosecutors' efforts to compel Facebook to help it wiretap Messenger
voice calls.
But the precise legal arguments that the
government made, and that the judge ultimately rejected, are still
sealed.
On Wednesday, the American Civil Liberties Union
formally asked
the judge to unseal court dockets and related rulings associated with
this ongoing case involving alleged MS-13 gang members. ACLU lawyers
argue that such a little-charted area of the law must be made public
so that tech companies and the public can fully know what's going on.
… In their new filing, ACLU lawyers pointed
out that "neither the government’s legal arguments nor the
judge’s legal basis for rejecting the government motion has ever
been made public."
The attorneys continued, citing a "strong
public interest in knowing which law has been interpreted" and
referencing an op-ed published
on Ars on October 2 as an example.
No comments:
Post a Comment