Saturday, October 19, 2019


It could (and probably will) happen to anyone.
The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History
How digital detectives unraveled the mystery of Olympic Destroyer—and why the next big attack will be even harder to crack.




Stupid is as stupid does.” F. Gump
Equifax used 'admin' as username and password for sensitive data: lawsuit
Equifax used the word “admin” as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia.
The lawsuit, filed in January, went viral on Twitter Friday after Buzzfeed reporter Jane Lytvynenko came across the detail.
The lawsuit also notes that Equifax admitted using unencrypted servers to store the sensitive personal information and had it as a public-facing website.
When Equifax, one of the three largest consumer credit reporting agencies, did encrypt data, the lawsuit alleges, “it left the keys to unlocking the encryption on the same public-facing servers, making it easy to remove the encryption from the data.”




Salvation is at hand! Or at least a general improvement in the level of security.
Girl Scouts of USA Launch First National Cybersecurity Challenge
Girls across the United States of America will take part in the country's first ever National Girl Scouts Cyber Challenge tomorrow.
Over 3,000 girls have signed up to practice their cybersecurity skills by solving a hypothetical ransomware attack on a moon base. Participants will form an incident response team that must find out who hacked the system and how they did it.




Keep up!
New Calculation Model for Data Protection Fines in Germany
On October 16, 2019, the body of German Supervisory Authorities known as the Datenschutzkonferenz (“DSK”) released a document proposing a model for calculating fines under the GDPR. The DSK indicated that this model is subject to change and will be superseded by any method put forward in guidance issued by the European Data Protection Board.




Safety over sanity?
Michael S. Lockett reports:
The Juneau School District is attempting to provide parents, students and school board members more information about a new computer monitoring program that was installed this school year without prior notification.
JSD informed parents via email about Bark — software which monitors for “harmful” content including school shooters, self-harm, pornography and cyber bullying — after it was installed on JSD computers earlier this school year. The program was tested for a few weeks, then went live on Sept. 13. An email was sent out Sept. 15 jointly from Bark and JSD’s IT department after the program was fully brought online.
Read more on Juneau Empire.
Related to the school monitoring issue, Lori Bezahler has an OpEd in The Guardian. Here’s a snippet:
The security technology market is capitalizing on fears about school safety to sell unproven, costly surveillance systems that put students, particularly students of color, at risk. The implications of using an unregulated system of data collection combined with biased and inaccurate surveillance tech on schoolchildren is not only alarming, but frankly dystopian.
Read more on The Guardian.



No comments: