Tuesday, June 16, 2020


What is often worse than no encryption? Reliance on weak encryption.
South African bank to replace 12m cards after employees stole master key
Postbank, the banking division of South Africa's Post Office, has lost more than $3.2 million from fraudulent transactions and will now have to replace more than 12 million cards for its customers after employees printed and then stole its master key.
The Sunday Times of South Africa, the local news outlet that broke the story, said the incident took place in December 2018 when someone printed the bank's master key on a piece of paper at its old data center in the city of Pretoria.
The bank suspects that employees are behind the breach, the news publication said, citing an internal security audit they obtained from a source in the bank.
The master key is a 36-digit code (encryption key) that allows its holder to decrypt the bank's operations and even access and modify banking systems. It is also used to generate keys for customer cards.
The internal report said that between March and December 2019, the rogue employees used the master key to access accounts and make more than 25,000 fraudulent transactions, stealing more than $3.2 million (56 million rand) from customer balances.
Following the discovery of the breach, Postbank will now have to replace all customer cards that have been generated with the master key, an operation the bank suspects it would cost it more than one billion rands (~$58 million).




A significant opportunity for cost cutting. (Of course, this may be a lie.) Besides, all this truthiness stuff is hard.
Facebook now says it won’t even try to block 2020 election disinformation
PCWorld – “Can you trust what you read on Facebook? No. And why not? Because Facebook has now explicitly said that it will obey an executive order from President Trump and will refuse to fact-check misinformation and disinformation as American heads into the 2020 election. In April 2017, Facebook published a white paper that acknowledged the spread of “information operations” trying to divide and deceive Americans, in response to accusations that misinformation helped influence the 2016 U.S. elections. In September 2017, Facebook chief security officer Alex Stamos acknowledged that some of the accounts and Pages disseminating that information came from within Russia. Common Cause, a watchdog group, filed suit. Then Facebook joined Twitter and Google, telling Congress that they would do better. On Thursday, in response to a request by the presidential campaign of Senator Joe Biden to stop the spread of misinformation, Facebook threw in the towel. The company claimed that a recent executive order by President Trump tied its hands. Facebook’s announcement came a day before Twitter eliminated thousands of accounts which it claimed were tied to state disinformation campaigns…”


(Related)
The Russian Disinfo Operation You Never Heard About
THE INTERNET RESEARCH Agency is infamous for flooding mainstream social media platforms with compelling disinformation campaigns. The GRU, Russia's military intelligence agency, deploys strategic data leaks and destabilizing cyberattacks, But in the recent history of Russia's online meddling, a third, distinct entity may have been at work on many of the same objectives—indicating that Russia's disinformation operations went deeper than was publicly known until now.




Wait, we’ll have it figured out any day now!
The CCPA “Moving Target” One Month Before Privacy Enforcement Begins
First, the final regulations issued by the California Office of the Attorney General were just released to the public on June 2, with a request for expedited 30-business-day review by the California State Office of Administrative Law (OAL). As the California Attorney General’s Final Statement of Reasons acknowledges, the regulations contain several requirements that go beyond the text of the law (see below).[1]
Second, the California Privacy Rights Act (CPRA) initiative[2], which would significantly change the CCPA and make it very difficult to make adjustments to the legislation in the future, has been submitted to the California Secretary of State with more than 900,000 signatures.


(Related) Just trying to figure out what all those words actually mean...
All the Time and Money on California's New Privacy Law Wasted?
So suggests IBM, fighting a lawsuit over the way that the Weather Channel app collects and disseminates user location data.
As owner of the Weather Channel app, IBM is fighting the contention made by the L.A. City Attorney's Office that it has violated California's unfair competition law by deceptively collecting private geolocation data from users and selling it for profit. On June 11, IBM submitted a motion for summary judgment that pointed to California's recent enactment of the nation's most stringent data privacy statute.
According to defendants' summary judgment motion, users were informed that geolocation data was being collected for transmission to third parties. But those disclosures happened on an online privacy page.
"Plaintiff’s case boils down to a claim that the UCL requires additional disclosures in additional locations," IBM's lawyers at Quinn Emanuel write. "Specifically, Plaintiff contends that the UCL requires mobile app operators like Defendants to disclose 'all of [their] material practices regarding their users’ location [or other personal] data' in a 'mandatory screen or pop-up within the App, to which users are required to consent prior to the collection of any location [or other personal] data.'”
IBM says that's not the law — that such requirements significantly exceed the disclosures mandated by both the California Online Privacy Protection Act and the California Consumer Privacy Act. As such, the defendant says that what the L.A. City Attorney's Office is doing is attempting to legislate through litigation.




Is Kim Jung Un getting tougher or is this his sister’s idea?
North Korea Blows Up Liaison Office Shared With South Korea
North Korea on Tuesday blew up a building where its officials and their South Korean counterparts had recently worked side by side, dramatically signaling its displeasure with the South after weeks of threats to end the countries’ recent détente.
South Korean border guards heard an explosion and then saw smoke rising from Kaesong, the North Korean town where the building was located. The building appeared to be blown completely apart in a blast so powerful that windows in nearby buildings were also shattered, according to video footage from a South Korean surveillance camera on the border.
The South’s Unification Ministry confirmed that North Korea had demolished the four-story glass-and-steel building that housed what had been known as the joint liaison office. Hours later, the North’s official news agency said “the liaison office was tragically ruined with a terrific explosion,” adding that the action reflected “the mind-set of the enraged people” of North Korea.



No comments: