If you gather data, you become
a target for hackers.
Hackers
Grabbed Security-Camera Images Taken At Border Crossing, CBP Says
Photos
of travelers and their vehicle plates snapped at a U.S. border
control point have been hacked, according to the Customs and Border
Protection agency.
Customs
officials said in a statement on Monday that the hack involves fewer
than 100,000 people photographed inside vehicles — as well as
images of the vehicle license plates — that were taken as travelers
left the U.S. through specific lanes at a single, unspecified
land-border crossing. The images were captured by CBP over a
six-week period.
The
images found their way into the database of a government
subcontractor that hackers were able to penetrate, the agency said.
"Initial
information indicates that the
subcontractor violated mandatory security and privacy protocols
outlined in their contract," CBP said in a statement.
Yes,
I paranoid and yes, I think this is practice for the inevitable
cyberwar.
China
Telecom Routes European Traffic to Its Network for Two Hours
For
two hours last week, a BGP route leak resulted in large portions of
European Internet traffic being routed through China Telecom’s
network.
According
to a report from Oracle, the incident started at 09:43, on June 6,
2019, and consisted of Swiss data center colocation company Safe Host
leaking over 70,000 routes to China Telecom in Frankfurt, Germany.
…
This
is not the first route leak incident involving China Telecom and is
likely not the last. A report published in December last year
revealed that the carrier has been constantly
misdirecting Internet traffic through
its network in China for several years.
The
new incident shows that the Chinese carrier has yet to take the
necessary precautions to avoid similar re-routes from happening, and
also proves that the problem of BGP
route leaks continues
to persist.
Change
in thinking? Not really.
Microsoft
says mandatory password changing is “ancient and obsolete”
ars
technica – Bucking
a major trend, company speaks out against the age-old practice.
Microsoft is finally catching on to a maxim that security experts
have almost universally accepted for years: periodic password changes
are likely to do more harm than good. In a largely
overlooked post published late last month,
Microsoft said it was removing periodic password changes from the
security baseline settings it recommends for customers and auditors.
After decades of Microsoft recommending passwords be changed
regularly, Microsoft employee Aaron Margosis said the requirement is
an “ancient and obsolete mitigation of very low value.”
The
change of heart is largely the result of research
that shows passwords are most prone to cracking when
they’re easy for end users to remember,
such as when they use a name or phrase from a favorite movie or book.
Over the past decade, hackers have mined real-world password
breaches to assemble dictionaries of millions of words. Combined
with super-fast graphics cards, the hackers can make huge numbers of
guesses in off-line attacks, which occur when they steal the
cryptographically scrambled hashes that represent the plaintext user
passwords…”
Would
you like to buy HIBP? Imagine what you could do if HIBP had more
resources than a part-time genius can provide…
Project
Svalbard: The Future of Have I Been Pwned
An
interesting question for Computer Security and Architecture. This
goes back at least to accountants bringing VisiCalc
(and Apple computers) in without talking to IT.
When
Employees Are Using Software That IT Hasn’t Approved
Perspective.
Note: “Took in reports” is not the same as “investigated.”
One percent success means 26,000 people became victims.
UK
Tax Department Investigated over 2.6 Million Phishing Attacks in
Three Years
… According
to a report from UK think tank Parliament Street, the country’s
taxpayers are still among the most targeted groups. In the past
three financial years, HRMC took
in more than 2.6 million phishing reports, including tax
rebate emails, phone calls and texts, Parliament Street says, based
on information received from a Freedom of Information request.
… According
to the report, the success rate is under 1 percent.
Another
version of a privacy law.
Nevada’s
New Consumer Privacy Law Departs Significantly From The California
CCPA
On
May 29, 2019, the Governor of Nevada signed into law Senate
Bill 220 (“SB
220”), an act relating to Internet privacy and amending Nevada’s
existing law requiring websites and online services to post a privacy
notice. In short, Nevada’s law will require operators of Internet
websites and online services to follow a consumer’s direction not
to sell his or her personal data. The Nevada law differs from the
California Consumer Privacy Act (“CCPA”) enacted last year in
notable ways, and could signal the coming of a patchwork of
fifty-plus different data privacy standards across the country, much
like the state data breach notification laws.
Oh,
the poor publishers!
News
Publishers Go To War With the Internet — and We All Lose
… As
I was sitting in the airport leaving Newsgeist Europe, a convening
for journalists and publishers [disclosure: Google pays for the
venue, food, and considerable drink; participants pay their own
travel], my Twitter feed lit up like the Macy’s fireworks as The
New York Times
reported — or
rather, all but photocopied — a press
release from
the News Media Alliance (née Newspaper Association of America)
contending that Google makes $4.7 billion a year from news, at the
expense of news publishers.
We
haven’t heard from Kim in a while.
Kim Dotcom
fights US extradition in New Zealand’s top court
Internet entrepreneur Kim Dotcom and three of his
former colleagues on Monday took their fight against being extradited
to the U.S. to New Zealand’s top court.
The Supreme Court began hearing arguments in the
seven-year-old case after Dotcom and the others lost several previous
court rulings.
But even if the men lose their latest appeal, they
have legal options which could keep their case alive in the New
Zealand court system and delay any extradition for several more
years.
… Megaupload was once one of the internet’s
most popular sites. U.S. prosecutors say it raked in at least $175
million, mainly from people using it to illegally download songs,
television shows and movies.
Ira Rothken, one of Dotcom’s lawyers, said in an
interview that if anyone did something illegal in relation to
Megaupload, it was the users.
“This case is all about trying to hold
Megaupload and Kim Dotcom and the others responsible for the acts of
users,” Rothken said. “And we’re saying you can’t do that.
You can’t do that in the United States and you can’t do that in
New Zealand.”
No comments:
Post a Comment