Wednesday, May 01, 2019


Is DHS in charge of computer security or just patches?
DHS Orders Agencies to Patch Critical Vulnerabilities Within 15 Days
The U.S. Department of Homeland Security (DHS) this week issued a new Binding Operational Directive (BOD) instructing federal agencies and departments to act more quickly when it comes to patching serious vulnerabilities in internet-exposed systems.
Specifically, BOD 19-02 gives government organizations 15 days to address critical vulnerabilities and 30 days for high-severity flaws. The countdown starts when a vulnerability was initially detected, rather than when it was first reported to agencies. [Catch 22? Bob]
Internet-exposed government systems undergo Cyber Hygiene scanning to help agencies identify vulnerabilities. The recently created Cybersecurity and Infrastructure Security Agency (CISA) provides regular reports to agencies, informing them of the detected flaws, classified based on their CVSSv2 score.




Worth a try...
Plan to secure internet of things with new law
Security vulnerabilities that could be targeted by hackers have been found in everything from toy dolls to internet-connected ovens in recent years.
The new laws would mean such devices would have to come with unique passwords, for example.
The proposed legislation, launched by Digital Minister Margot James, would also introduce a new labelling system to tell customers how secure an IOT product is.
Ms James said it was part of the UK's bid to be a "global leader in online safety".
Retailers would eventually be barred from selling products without the labels although initially the scheme would be voluntary.
To gain a label and enter the market, IOT devices would have to:
    • come with unique passwords by default
    • state clearly for how long security updates would be made available
    • offer a public point of contact to whom any cyber-security vulnerabilities may be disclosed




With familiarity (of computer security best practices) comes contempt?
Local Credit Union Sues Fiserv Over 'Amateurish Security Lapses'
Fiserv, the leading bank core processor with 37% of the U.S. marketshare in 2018, is being sued by one of its own customers, the Bessemer System Federal Credit Union.
Court documents filed in a Mercer County, Pennsylvania court on April 26, 2019 show Bessemer claiming that, "Despite Fiserv's claimed expertise, Fiserv has misreported Bessemer's account records and information, while being plagued with security vulnerabilities that affect the privacy of thousands of Bessemer's members." It adds, "Bessemer's member information has been subject to several instances of critical security vulnerabilities while in Fiserv's custody – each based on baffling and amateurish security lapses."




For those of us who watch such things…
Which CCPA Amendments Made the Cut?


(Related)
California Assembly’s Privacy Committee Advances CCPA Employee Carve-Out




We missed you at the seminar, Yasmin.
Utah and Virginia are making moves on the privacy front.
We’ve been hearing non-stop about California, and the CCPA but California isn’t the only state advocating for privacy. If you haven’t heard, Utah just banned digital searches without a warrant.
A Virginia Court recently held that Automated License Plate Reader (ALPR) systems violated Virginia’s Government Data Collection and Dissemination Practices Act (Data Act).




Suspicions confirmed, under oath.
We Got U.S. Border Officials to Testify Under Oath. Here’s What We Found Out.
In September 2017, we, along with the Electronic Frontier Foundation, sued the federal government for its warrantless and suspicionless searches of phones and laptops at airports and other U.S. ports of entry.
The government immediately tried to dismiss our case, arguing that the First and Fourth Amendments do not protect against such searches. But the court ruled that our clients — 10 U.S. citizens and one lawful permanent resident whose phones and laptops were searched while returning to the United States — could move forward with their claims.
Since then, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement have had to turn over documents and evidence about why and how they conduct warrantless and suspicionless searches of electronic devices at the border. And their officials have had to sit down with us to explain — under oath — their policies and practices governing such warrantless searches.
What we learned is alarming, and we’re now back in court with this new evidence asking the judge to skip trial altogether and rule for our clients.
The information we uncovered through our lawsuit shows that CBP and ICE are asserting near-unfettered authority to search and seize travelers’ devices at the border, for purposes far afield from the enforcement of immigration and customs laws.




It’s hard to keep tabs...
NSA says warrantless searches of Americans’ data rose in 2018
The data, published Tuesday by the Office of the Director of National Intelligence (ODNI), revealed a 28% rise in the number of targeted search terms used to query massive databases of collected Americans’ communications.
Some 9,637 warrantless search queries of the contents of Americans’ calls, text messages, emails and other communications were conducted by the NSA during 2018, up from 7,512 searches on the year prior, the report said.
The figures also don’t take into account queries made by the FBI or the Drug Enforcement Administration, which also has access to the database, nor do they say exactly how many Americans had their information collected.




Something to cheer their lawyers?
Facebook could have 4.9bn dead users by 2100, study finds
Deceased may outnumber the living if current growth rates continue, raising questions about what happens to our data




The next level: “Pizza in 30 minutes, or it’s free!”
It's Not Just Amazon: Free One-Day Delivery Is The New Normal
Amazon may have scored points on Wall Street last week with plans to invest $800 million so its Prime member subscribers can receive merchandise in one day. But analysts aren’t concerned the e-commerce giant’s brick-and-mortar competitors like Walmart and Target, with hefty online businesses themselves, have been caught off guard.
Delivery is part of today’s heated skirmish for retail turf, and Amazon simply just made its latest move.
In response, Walmart, with its stock dipping 3% Friday, issued its own news in a tweet, while taking a jab at Amazon.
One-day free shipping…without a membership fee. Now THAT would be groundbreaking,” the company said, teasing plans to cut its free two-day shipping (for purchases $35 and up) down to one, while making a reference to Amazon’s annual $119 Prime membership.
Target … already offers free one-day shipping to its no-fee loyalty REDcard holders. The benefit is for orders of at least $35, which are placed by 7 p.m. on a weekday.




Interesting perspective.
Mueller Report Illustrates Trump’s Authoritarian Rhetorical Tactics



No comments: