Tuesday, June 11, 2019


If you gather data, you become a target for hackers.
Hackers Grabbed Security-Camera Images Taken At Border Crossing, CBP Says
Photos of travelers and their vehicle plates snapped at a U.S. border control point have been hacked, according to the Customs and Border Protection agency.
Customs officials said in a statement on Monday that the hack involves fewer than 100,000 people photographed inside vehicles — as well as images of the vehicle license plates — that were taken as travelers left the U.S. through specific lanes at a single, unspecified land-border crossing. The images were captured by CBP over a six-week period.
The images found their way into the database of a government subcontractor that hackers were able to penetrate, the agency said.
"Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract," CBP said in a statement.




Yes, I paranoid and yes, I think this is practice for the inevitable cyberwar.
China Telecom Routes European Traffic to Its Network for Two Hours
For two hours last week, a BGP route leak resulted in large portions of European Internet traffic being routed through China Telecom’s network.
According to a report from Oracle, the incident started at 09:43, on June 6, 2019, and consisted of Swiss data center colocation company Safe Host leaking over 70,000 routes to China Telecom in Frankfurt, Germany.
This is not the first route leak incident involving China Telecom and is likely not the last. A report published in December last year revealed that the carrier has been constantly misdirecting Internet traffic through its network in China for several years.
The new incident shows that the Chinese carrier has yet to take the necessary precautions to avoid similar re-routes from happening, and also proves that the problem of BGP route leaks continues to persist.




Change in thinking? Not really.
Microsoft says mandatory password changing is “ancient and obsolete”
ars technica – Bucking a major trend, company speaks out against the age-old practice. Microsoft is finally catching on to a maxim that security experts have almost universally accepted for years: periodic password changes are likely to do more harm than good. In a largely overlooked post published late last month, Microsoft said it was removing periodic password changes from the security baseline settings it recommends for customers and auditors. After decades of Microsoft recommending passwords be changed regularly, Microsoft employee Aaron Margosis said the requirement is an “ancient and obsolete mitigation of very low value.”
The change of heart is largely the result of research that shows passwords are most prone to cracking when they’re easy for end users to remember, such as when they use a name or phrase from a favorite movie or book. Over the past decade, hackers have mined real-world password breaches to assemble dictionaries of millions of words. Combined with super-fast graphics cards, the hackers can make huge numbers of guesses in off-line attacks, which occur when they steal the cryptographically scrambled hashes that represent the plaintext user passwords…”




Would you like to buy HIBP? Imagine what you could do if HIBP had more resources than a part-time genius can provide…
Project Svalbard: The Future of Have I Been Pwned




An interesting question for Computer Security and Architecture. This goes back at least to accountants bringing VisiCalc (and Apple computers) in without talking to IT.
When Employees Are Using Software That IT Hasn’t Approved




Perspective. Note: “Took in reports” is not the same as “investigated.” One percent success means 26,000 people became victims.
UK Tax Department Investigated over 2.6 Million Phishing Attacks in Three Years
According to a report from UK think tank Parliament Street, the country’s taxpayers are still among the most targeted groups. In the past three financial years, HRMC took in more than 2.6 million phishing reports, including tax rebate emails, phone calls and texts, Parliament Street says, based on information received from a Freedom of Information request.
According to the report, the success rate is under 1 percent.




Another version of a privacy law.
Nevada’s New Consumer Privacy Law Departs Significantly From The California CCPA
On May 29, 2019, the Governor of Nevada signed into law Senate Bill 220 (“SB 220”), an act relating to Internet privacy and amending Nevada’s existing law requiring websites and online services to post a privacy notice. In short, Nevada’s law will require operators of Internet websites and online services to follow a consumer’s direction not to sell his or her personal data. The Nevada law differs from the California Consumer Privacy Act (“CCPA”) enacted last year in notable ways, and could signal the coming of a patchwork of fifty-plus different data privacy standards across the country, much like the state data breach notification laws.




Oh, the poor publishers!
News Publishers Go To War With the Internet — and We All Lose
As I was sitting in the airport leaving Newsgeist Europe, a convening for journalists and publishers [disclosure: Google pays for the venue, food, and considerable drink; participants pay their own travel], my Twitter feed lit up like the Macy’s fireworks as The New York Times reported  — or rather, all but photocopied — a press release from the News Media Alliance (née Newspaper Association of America) contending that Google makes $4.7 billion a year from news, at the expense of news publishers.
Bullshit.




We haven’t heard from Kim in a while.
Kim Dotcom fights US extradition in New Zealand’s top court
Internet entrepreneur Kim Dotcom and three of his former colleagues on Monday took their fight against being extradited to the U.S. to New Zealand’s top court.
The Supreme Court began hearing arguments in the seven-year-old case after Dotcom and the others lost several previous court rulings.
But even if the men lose their latest appeal, they have legal options which could keep their case alive in the New Zealand court system and delay any extradition for several more years.
… Megaupload was once one of the internet’s most popular sites. U.S. prosecutors say it raked in at least $175 million, mainly from people using it to illegally download songs, television shows and movies.
Ira Rothken, one of Dotcom’s lawyers, said in an interview that if anyone did something illegal in relation to Megaupload, it was the users.
“This case is all about trying to hold Megaupload and Kim Dotcom and the others responsible for the acts of users,” Rothken said. “And we’re saying you can’t do that. You can’t do that in the United States and you can’t do that in New Zealand.”



No comments: