I
can’t help thinking how much less difficult approval of my security
budgets would have been if the FTC had adopted this approach earlier…
https://www.databreaches.net/ftc-takes-action-against-cafepress-for-data-breach-cover-up-and-poor-security/
FTC
Takes Action Against CafePress for Data Breach Cover Up and Poor
Security
The
FTC has taken enforcement action against CafePress stemming, in part
from a 2019 data breach previously
reported
on
this site. In December, 2020, seven states settled
charges
with CafePress.
The
Federal Trade Commission today took action against online customized
merchandise platform CafePress over allegations that it failed to
secure consumers’ sensitive personal data and covered up a major
breach. The FTC alleges that CafePress failed
to implement reasonable security measures to protect
sensitive information stored on its network, including plain text
Social Security numbers, inadequately encrypted passwords, and
answers to password reset questions. The Commission’s proposed
order requires the company to bolster its data security and requires
its former owner to pay a half million dollars to compensate small
businesses.
“CafePress
employed careless
security practices
and concealed
multiple breaches
from consumers,” said Samuel Levine, Director of the FTC’s Bureau
of Consumer Protection. “These orders dial up accountability for
lax security practices, requiring
redress for small businesses that were harmed, and specific
controls, like multi-factor authentication, to better safeguard
personal information.”
In
a complaint
filed
against Residual Pumpkin Entity, LLC, the former owner of CafePress,
and PlanetArt, LLC, which bought CafePress in 2020, the FTC alleged
that CafePress failed to implement reasonable security measures to
protect the sensitive information of buyers and sellers stored on its
network. In addition to storing Social Security numbers and password
reset answers in clear, readable text, CafePress retained
the data longer than was necessary.
The company also failed to apply readily available protections
against well-known threats and adequately respond to security
incidents, the complaint alleged. As a result of its shoddy security
practices, CafePress’ network was breached multiple times.
…
As
part of the proposed settlement, Residual
Pumpkin and
PlanetArt
will
be required to implement comprehensive information security programs
that will address the problems that led to the data breaches at
CafePress. This includes replacing inadequate authentication
measures such as security questions with multi-factor authentication
methods; minimizing the amount of data they collect and retain; and
encrypting Social Security numbers.
…
Source:
Federal
Trade Commission
Sounds
pretty serious to me.
https://knowledge.wharton.upenn.edu/article/economic-sanctions-affecting-russia/
How
Economic Sanctions Are Affecting Russia
LISTEN
TO THE PODCAST: Wharton’s Nikolai Roussanov speaks with Wharton
Business Daily on SiriusXM about the impact of Western sanctions on
the Russian economy.
… The
ruble is now worth less than a penny and the economy is teetering,
with Russia expected
to default on
billions of dollars in foreign debt. Multinational
companies across
all sectors are pulling out of the country, taking their products,
services, and jobs with them.
“Pretty
much anybody who has participation in the banking system, which is a
vast majority of the population, feels it one way or another,”
Wharton finance professor Nikolai
Roussanov said.
“This is felt by all strata of society, maybe in different ways.”
It
occurred to me that this has some potential to combat Russian
propaganda. Once identified, Ukraine could send images to the social
media account(s) that matched. Imagine mothers getting a post (and
photo) that says, ‘You were told Russian troops are not here in the
Ukraine. You were told
there is no war. Yet here is your son, dead/a POW/driving his tank.
What other lies are you being told?’
https://www.dailymail.co.uk/sciencetech/article-10614561/Ukraine-using-facial-recognition-technology-uncover-Russian-assailants-identify-dead.html
Ukraine
is using AI facial recognition technology to uncover Russian
assailants and identify the dead, report reveals
(Related)
https://www.nytimes.com/2022/03/12/technology/ukraine-minister-war-digital.html
Shaming
Apple and Texting Musk, a Ukraine Minister Uses Novel War Tactics
… To
achieve Russia’s isolation, Mr. Fedorov, a former tech
entrepreneur, used a mix of social media, cryptocurrencies and other
digital tools. On Twitter and other social media, he pressured
Apple, Google, Netflix, Intel, PayPal and others to stop doing
business in Russia. He helped form
a group of volunteer hackers to
wreak havoc on Russian websites and online services. His ministry
also set up a
cryptocurrency fund that
has raised more than $60 million for the Ukrainian military.
The
work has made Mr. Fedorov one of Mr. Zelensky’s most visible
lieutenants, deploying technology and finance as modern weapons of
war. In effect, Mr. Fedorov is creating a
new playbook for military conflicts
that shows how an outgunned country can use the internet, crypto,
digital activism and frequent
posts on Twitter to
help undercut a foreign aggressor.
In
his first in-depth interview since the invasion began on Feb. 24, Mr.
Fedorov said his goal was to create a “digital blockade” and to
make life so unpleasant and inconvenient for Russian citizens that
they would question the war. He praised companies that
had pulled out of Russia, but said Apple, Google and others could go
further with steps such as completely cutting off their app stores in
the country.
(Related)
https://www.theregister.com/2022/03/15/russian_demand_for_vpns/
Russian
demand for VPNs skyrockets by 2,692%
Virtual
iron curtains are a lot harder to keep free of holes
… VPNs, of course, create private tunnels that
obscure what someone does online and allows a connected machine to
appear as though it's located in a different country. This explains
the massive surge, especially in Russia, where access to popular
social media sites and news services have been cut off.