The second attack is being blamed on Chinese state actors, and it netted the archives of Standard Form 86, which records applicants' mental illnesses, drug and alcohol use, past arrests and bankruptcies and lists of contacts and relatives.
Everyone with security clearance has to fill in one of these forms, meaning that the attackers now have the personal details, identities, and blackmail info on everyone who works in sensitive areas for the US government.
Elements of the US government are agitating furiously for backdoor in cryptography, meaning that the next breach could result in every piece of sensitive information held by individuals, governments and corporations being an open book to the attackers.
"This tells the Chinese the identities of almost everybody who has got a United States security clearance," said Joel Brenner, a former top U.S. counterintelligence official. "That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That's a gold mine. It helps you approach and recruit spies."
Second OPM Hack Revealed: Even Worse Than The First [Mike Masnick/Techdirt]
Biblioteca de la Facultad de Derecho y Ciencias del Trabajo Universidad de Sevilla, CC-BY)
The video conferencing app Zoom has become suddenly ubiquitous over the past few weeks, as the coronavirus shutdown closes schools, businesses, and keeps us all indoors. Shares of Zoom dropped 9% on Monday, adding to their sharp declines in recent days, as security and privacy vulnerabilities are reported. There is also new competition from other […]
“Researchers conclude that Zoom uses non-industry-standard cryptographic techniques with identifiable weaknesses and is not suitable for sensitive communications.”
The suddenly popular videoconferencing app Zoom has issued a patch for a vulnerability in its Windows client that allowed attackers to steal the user’s Windows login credentials from malicious chat links. Hi @zoom_us & @NCSC – here is an example of exploiting the Zoom Windows client using UNC path injection to expose credentials for use […]
Yoga studios are closed nationwide. The irony is that between the anxieties of the outside world and those popping up inside your very own home with everyone trapped indoors, there’s probably never been a time where yoga’s calming zen was more vital and needed. Rather than just throwing in the yoga mat and subjecting family […]
The workers aren’t inside their physical business space anymore. So why should business technology still be under that roof either? In fact, more and more businesses have been making this migration for a while now, moving all their digital infrastructure to the world’s two largest cloud services platforms, Amazon Web Services (AWS) and Microsoft’s Azure. […]
Gather round, young and old — and hear tales of bygone days. Back in olden times, citizens would mass at a house of coffee, wherein skilled java alchemists would concoct special blends and apply artisanal wizardry to make each steaming chalice an appointment for the taste buds. Granted, said wizards, once known as baristas, were […]