CVs
containing sensitive info of over 202 million Chinese users left
exposed online
A security researcher has stumbled over an
unsecured MongoDB database server that contained highly detailed CVs
for over 202 million Chinese users.
… The MongoDB instance contained 854GB of
data, with 202,730,434 records in total, most of which were CVs for
Chinese users.
… Tracking down its owner has been near
impossible.
One of the researcher's followers came to the
rescue last year, when he pointed Diachenko to a now-deleted GitHub
repository that contained the source code of a web app.
The app, most likely created to scrape CVs from
legitimate job-finding portals, contained identical data structures
to the ones found in the leaky database, a clear sign it was the one
that scraped and collected the CVs.
… This is not the first time that Diachenko
finds a leaky server containing data from resume site scrappers.
Last month, he also found a similar server exposing over
66 million records that appeared to have been scraped from
LinkedIn, and later leaked via another MongoDB database.
How do Actuaries calculate the risk?
Zurich Insurance
has cited a "nation-state action" exclusion
A US food distributor that was hit by the NotPetya
cyber attack is taking legal action against its insurance company for
refusing to pay out on a $100m claim for damages caused by the hack.
Mondelez, which owns popular brands Oreo and
Cadbury, was hit by NotPetya
twice in 2017, suffering significant damage to its IT infrastructure
including hardware.
According to court papers filed in Illinois, seen
by the Financial
Times, 1,700 of Mondelez servers and 24,000 of its laptops
were rendered "permanently dysfunctional".
… Both the US and UK governments have
attributed NotPetya to Russian hackers attacking the Ukrainian
government – claims that have been denied by the Kremlin.
… Igor Baikalov, chief scientist at Securonix,
believes that there's another reason to not pay out.
"Instead of a war exclusion clause, Zurich
should have invoked a gross negligence clause, which is much easier
to prove in this case than attribution to a nation-state,
particularly considering Mondelez was hit twice by the same
ransomware," he said.
I may never leave the US again because I couldn’t
get back in! When they demand I hand over the password to my phone,
will they believe I don’t own one? I don’t use social media
either… I have such a low e-profile I must be a
Russian/Chinese/North Korean agent!
Joe Cadillic writes:
The U.S. Border Patrol (CBP) and the TSA claim they need to secretly spy on everyone’s social media accounts so they can understand a person’s relationship with their friends, family and the government.
According to a DHS report published last month, nothing can stop the Border Patrol or the TSA from secretly spying on everyone’s social media accounts.
“In order to conduct a complete investigation, it is necessary for DHS/CBP to collect and review large amounts of data in order to identify and understand relationships between individuals, entities, threats and events, and to monitor patterns of activity over extended periods of time that may be indicative of criminal, terrorist, or other threat.”
Read more on MassPrivate
I.
We don’t have global laws, yet. No matter what
the French want.
EU Advocate
General: right to be forgotten is limited to EU
On January 10, 2019, Advocate General Szpunar of
the Court of Justice of the European Union (CJEU) released his
opinion
regarding a 2016 enforcement action carried out by the French
Supervisory Authority (CNIL) against Google. In that case, the CNIL
ordered Google to de-reference links to webpages containing personal
data. According to the CNIL, the de-referencing had to be effective
worldwide. Google challenged the CNIL’s decision before the French
administrative court, which then referred this matter to the CJEU.
In his opinion, Advocate General Szpunar disagrees
with the CNIL’s view on a worldwide application of the “right to
be forgotten.”
For the lawyers who read my blog?
GDPR: A
Year On – IEEE calls for articles
Do you have an interesting perspective on Europe’s
General Data Protection Regulation or insightful information about
GDPR to share? IEEE Security and Privacy seeks articles
from scholars and practitioners from various disciplines and
countries to examine GDPR:
A Year On. Successful submissions will address (among
other topics) the GDPR’s:
• position at the intersection of law and technology;
• global impact;
• implications for global multinationals and for small and medium size enterprises;
• implementation by engineers, economists, and lawyers;
• potential macroeconomic and competitive impact; and
• effect on debates about ethics beyond the law.
• global impact;
• implications for global multinationals and for small and medium size enterprises;
• implementation by engineers, economists, and lawyers;
• potential macroeconomic and competitive impact; and
• effect on debates about ethics beyond the law.
Submissions are due by March 1, 2019,
with publication in November/December, 2019.
AI Ethics from Dubai.
AI
PRINCIPLES AND ETHICS
AI’s rapid advancement and innovation potential
across a range of fields is incredibly exciting. Yet a thorough and
open discussion around AI ethics, and the principles organisations
using this technology must consider, is urgently needed.
(Related)
Americans
want to regulate AI but don’t trust anyone to do it
… Americans have mixed support for the
continued development of AI and overwhelmingly agree that it should
be regulated, according to a new
study from the Center for the Governance of AI and Oxford
University’s Future of Humanity Institute.
Americans place the
most trust in the US military and universities to build AI
Americans trust tech
companies and non-government organizations more than the government
to manage AI
(Related)
The Quiet
Ways Automation Is Remaking Service Work
Workers may not be
replaced by robots anytime soon, but they’ll likely face shorter
hours, lower pay, and stolen time.
When blue-collar workers go on strike, demands
such as wage increases and better hours are usually the objective.
But when nearly
8,000 Marriott International employees marched outside hotels for
two months in late 2018, one request stood out among the rest:
protection against the automated technology that’s remaking the
hotel industry.
Resources for my students.
Free is good!
IMDB has launched a free streaming service called
Freedive
that features dozens of movies and TV shows. And while it doesn’t
have new releases, the selection isn’t half bad, with movies like
Drive, Adaptation, Gattaca, True
Romance, Last Action Hero, Legends of the Fall,
and Panic Room as well as TV shows like Fringe, Quantum
Leap, Gilligan’s Island, Heroes, and The Bachelor.
… The service also seems to be a vehicle for
providing more exposure to IMDB’s a number of original video series
that you’ve probably never heard of. Thankfully the service
doesn’t require a
subscription.
One cool thing about the service that sets it
apart from others is that it each category displays the top-rated
movies first.
Something I did on Tuesday or Wednesday caught
Canada’s attention. I have no idea what that might be, but I hope
they’re not angry!
No comments:
Post a Comment