Thursday, April 09, 2020


Cyber war is as Cyber war does.” F. Gump (Or do you believe this is not part of Russia’s strategic plan?)
Suspected Russian operatives tried using forged diplomatic documents, social media to create divisions
A Russian information operation relied on forged diplomatic emails and planted articles on a number of social media sites in an attempt to undermine multiple governments and impersonate U.S. lawmakers, according to a new analysis of recent social media activity.
Massachusetts-based Recorded Future on Wednesday published findings detailing how Russian-language operatives spent months using popular internet services to try to interfere in Estonia, the Republic of Georgia and the U.S. The effort appears to be a continuation of a prior Russian campaign, dubbed Operation Secondary Infektion, that utilized Facebook and dozens of online platforms to sow division in the West and discredit political efforts.




Blame the pandemic?
Maropost takes your privacy and security….
I confess: some data leaks are not particularly interesting to me in terms of their sector or type of data leaked, but they become noteworthy because of the entity’s horrible, terrible, ridiculously bad incident response to attempted notification.
Today we give you Maropost Inc. a marketing automation platform whose 10,000+ clients include New York Post, Shopify, Fujifilm, Hard Rock Café, and Mother Jones.
CyberNews reports today that researchers found that Maropost was exposing a database containing close to 95 million individual customer records and email logs with more than 19 million unique email addresses.
Finding the leak was relatively easy. Getting Maropost to respond to responsible disclosure notifications? Not so much. They explain:
We went through multiple channels to get in touch with literally anyone at Maropost who could escalate this issue, and we failed on every single channel.
Here’s a quick recap of their determined efforts to protect data that Maropost continued to expose:
Attempt 1: email
Attempt 2: live chat
Attempt 3: Twitter
Attempt 4: LinkedIn
Attempt 5: email, part 2
Attempt 6: an actual phone call
Attempt 7: live chat, part 2
Attempt 8: email, part 3
Two months after they began their efforts to get the data locked down, they finally got a reply from Maropost CEO Ross Andrew Paquette. According to the firm’s statement, the email addresses in the database were randomized data the company uses for internal testing. Ah, the old “it’s just test data” explanation? Not so fast, Maropost because CyberNews reports that “our own tests show that not to be the case.”
I realize that in the midst of a pandemic, priorities get adjusted. But in my opinion, Maropost’s failure to respond to repeated notifications is pretty inexcusable. Maropost is Toronto-based, so they may get away with this, but I would hope the Ontario Privacy Commissioner would look into this one.
Read CyberNews’ full report here, as they detail what happened with each of the eight channels they tried to get Maropost to respond.




I found this article by reading the snippet on Feedly. What would happen if Google stopped pointing to French media?
Google Ordered to Pay for News in French Antitrust Crackdown
Google was ordered by French antitrust regulators to pay publishers to display snippets of their articles after years of helping itself to excerpts for its own news service.
The French antitrust agency gave the Alphabet Inc. unit three months to thrash out deals with press publishers and agencies demanding talks on how to remunerate them for displaying their content.
The search engine giant may have abused its dominant market power, causing “serious and immediate harm” to the media, the Autorite de la concurrence warned in its statement on Thursday.
Search engines such as Google account for between 26% and 90% of traffic redirected on news websites, the competition regulator said, based on data from 32 press publications.
That traffic is “crucial for publishers and press agencies who can’t afford to lose any digital readership given their economic hardships,” the authority said. They had “no other choice than to comply with Google’s display policy without providing financial compensation.”




Yoicks! Gary Alexander reached out from his retirement to point me to an article I missed. (Not the first time)
Congress Should Suspend Privacy Laws for 90 Days to Fight the Coronavirus
There is one more area in which strong national leadership is called for to curb the pandemic. The President should call on Congress, and it should act swiftly, to suspend privacy laws for 90 days, for now. There are some indications that even privacy advocates will find such a suspension acceptable if it was a short-term measure and safeguards against abuse were put in place.


(Related) This would seem to reverse the President’s opinions on the pandemic, but I suppose that would not be unusual.
Kushner’s team seeks national coronavirus surveillance system
Critics worry about a Patriot Act for health care, raising concerns about patient privacy and civil liberties.




Privacy concerns from a statistic website.
Big Data Is Helping Us Fight The Coronavirus — But At What Cost To Our Privacy?
To be clear, the types of data being tracked now are usually anonymized, aggregated in large groups according to, say, geography. They are also collected with the consent of users. But long before the new coronavirus emerged, critics of big tech companies were already pointing out that users typically give such consent through labyrinthine terms-of-service agreements, often not knowing what their data would ultimately be used for. In today’s world, data is an extremely valuable commodity that rewards its collectors in many ways. Even as individual data profiles that provide search suggestions, traffic directions and health guidance help improve daily life, that goes hand in hand with more nefarious motives companies might have for recording user activities.
Again, those were the worries being raised prior to the pandemic. Now, COVID-19 has revealed much starker trade-offs between personal privacy and the collective benefits of technology. In South Korea, for example, the ability to retrace an infected person’s steps using credit card transactions and cellphone tracking data is part of the country’s (largely successful ) response to the virus. Other countries are also ramping up digital surveillance at an individual level in the name of public health. Although such measures may seem less likely to be used in the U.S., one recent Harris poll showed that a sizable, bipartisan majority of Americans would favor a public coronavirus registry and be willing to share phone location data to get alerts about infected people being nearby.1


(Related)
Tested positive for coronavirus? Health workers may share your address with police
April Glaser and Jon Schuppe report:
In a growing number of cities and states, local governments are collecting the addresses of people who test positive for the coronavirus and sharing the lists with police and first responders.
Law enforcement officials say this information sharing — which is underway in Massachusetts, Alabama and Florida, and in select areas of North Carolina — will help keep officers and EMTs safe as they respond to calls at the homes of people who have been infected. The first responders can take additional precautions in those cases to avoid being exposed to the virus, state health departments and local police officials say.
Read more on NBC.




Perspective.
Our Government Runs on a 60-Year-Old Coding Language, and Now It’s Falling Apart
Over the weekend, New Jersey governor, Phil Murphy, made an unusual public plea during his daily coronavirus briefing: The state was seeking volunteer programmers who know COBOL, a 60-year old programming language that the state’s unemployment benefits system is built on. Like every state across the nation, New Jersey was being flooded with unemployment claims in the wake of the coronavirus pandemic. And New Jersey’s data processing systems were unprepared.
We literally have a system that is 40-plus years old,” Murphy said.



No comments: