Wednesday, March 16, 2022

I can’t help thinking how much less difficult approval of my security budgets would have been if the FTC had adopted this approach earlier…

https://www.databreaches.net/ftc-takes-action-against-cafepress-for-data-breach-cover-up-and-poor-security/

FTC Takes Action Against CafePress for Data Breach Cover Up and Poor Security

The FTC has taken enforcement action against CafePress stemming, in part from a 2019 data breach previously reported on this site. In December, 2020, seven states settled charges with CafePress.

The Federal Trade Commission today took action against online customized merchandise platform CafePress over allegations that it failed to secure consumers’ sensitive personal data and covered up a major breach. The FTC alleges that CafePress failed to implement reasonable security measures to protect sensitive information stored on its network, including plain text Social Security numbers, inadequately encrypted passwords, and answers to password reset questions. The Commission’s proposed order requires the company to bolster its data security and requires its former owner to pay a half million dollars to compensate small businesses.

CafePress employed careless security practices and concealed multiple breaches from consumers,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “These orders dial up accountability for lax security practices, requiring redress for small businesses that were harmed, and specific controls, like multi-factor authentication, to better safeguard personal information.”

In a complaint filed against Residual Pumpkin Entity, LLC, the former owner of CafePress, and PlanetArt, LLC, which bought CafePress in 2020, the FTC alleged that CafePress failed to implement reasonable security measures to protect the sensitive information of buyers and sellers stored on its network. In addition to storing Social Security numbers and password reset answers in clear, readable text, CafePress retained the data longer than was necessary. The company also failed to apply readily available protections against well-known threats and adequately respond to security incidents, the complaint alleged. As a result of its shoddy security practices, CafePress’ network was breached multiple times.

As part of the proposed settlement, Residual Pumpkin and PlanetArt will be required to implement comprehensive information security programs that will address the problems that led to the data breaches at CafePress. This includes replacing inadequate authentication measures such as security questions with multi-factor authentication methods; minimizing the amount of data they collect and retain; and encrypting Social Security numbers.

Source: Federal Trade Commission





Sounds pretty serious to me.

https://knowledge.wharton.upenn.edu/article/economic-sanctions-affecting-russia/

How Economic Sanctions Are Affecting Russia

LISTEN TO THE PODCAST: Wharton’s Nikolai Roussanov speaks with Wharton Business Daily on SiriusXM about the impact of Western sanctions on the Russian economy.

The ruble is now worth less than a penny and the economy is teetering, with Russia expected to default on billions of dollars in foreign debt. Multinational companies across all sectors are pulling out of the country, taking their products, services, and jobs with them.

Pretty much anybody who has participation in the banking system, which is a vast majority of the population, feels it one way or another,” Wharton finance professor Nikolai Roussanov said. “This is felt by all strata of society, maybe in different ways.”




It occurred to me that this has some potential to combat Russian propaganda. Once identified, Ukraine could send images to the social media account(s) that matched. Imagine mothers getting a post (and photo) that says, ‘You were told Russian troops are not here in the Ukraine. You were told there is no war. Yet here is your son, dead/a POW/driving his tank. What other lies are you being told?’

https://www.dailymail.co.uk/sciencetech/article-10614561/Ukraine-using-facial-recognition-technology-uncover-Russian-assailants-identify-dead.html

Ukraine is using AI facial recognition technology to uncover Russian assailants and identify the dead, report reveals



(Related)

https://www.nytimes.com/2022/03/12/technology/ukraine-minister-war-digital.html

Shaming Apple and Texting Musk, a Ukraine Minister Uses Novel War Tactics

To achieve Russia’s isolation, Mr. Fedorov, a former tech entrepreneur, used a mix of social media, cryptocurrencies and other digital tools. On Twitter and other social media, he pressured Apple, Google, Netflix, Intel, PayPal and others to stop doing business in Russia. He helped form a group of volunteer hackers to wreak havoc on Russian websites and online services. His ministry also set up a cryptocurrency fund that has raised more than $60 million for the Ukrainian military.

The work has made Mr. Fedorov one of Mr. Zelensky’s most visible lieutenants, deploying technology and finance as modern weapons of war. In effect, Mr. Fedorov is creating a new playbook for military conflicts that shows how an outgunned country can use the internet, crypto, digital activism and frequent posts on Twitter to help undercut a foreign aggressor.

In his first in-depth interview since the invasion began on Feb. 24, Mr. Fedorov said his goal was to create a “digital blockade” and to make life so unpleasant and inconvenient for Russian citizens that they would question the war. He praised companies that had pulled out of Russia, but said Apple, Google and others could go further with steps such as completely cutting off their app stores in the country.



(Related)

https://www.theregister.com/2022/03/15/russian_demand_for_vpns/

Russian demand for VPNs skyrockets by 2,692%

Virtual iron curtains are a lot harder to keep free of holes

… VPNs, of course, create private tunnels that obscure what someone does online and allows a connected machine to appear as though it's located in a different country. This explains the massive surge, especially in Russia, where access to popular social media sites and news services have been cut off.



No comments: