Friday, Jan. 31, 1:40PM Eastern: FBI spokesman James Marshall tells reporters FBI is aware of an incident at Mar-A-Lago and have agents responding to the scene. A car chase near the resort ended with shots being fired near President Donald Trump's Mar-a-Lago resort Friday in Florida, police said. — Read the rest
Many large-scale data-breaches involve attackers gaining access to administrators' database logins; from there, they can clone the whole database and plunder it at will; but leading nosql database vendor Mongodb proposes to add another layer of security it's calling "Field Level Encryption" which encrypts the data in database fields with its own key — possibly a different key for every user or every field. — Read the rest
A new bill from Senator Elizabeth Warren proposes personal, criminal liability for top executives of companies turning over more than $1B/year when those companies experience data breaches and scams due to negligence (many of the recent high-profile breaches would qualify, including the Equifax giga-breach, as well as many of Wells Fargo's string of scams and scandals).
Writing on Techcrunch, Zack Whittaker (previously) calls out the timeworn phrase "we take your privacy and security seriously," pointing out that this phrase appears routinely in company responses to horrific data-breaches, and it generally accompanied by conduct that directly contradicts it, such as stonewalling and minimizing responsibility for breaches and denying their seriousness. — Read the rest
Equifax doxed 145 million Americans, dumping their most sensitive financial data into the world forever, with repercussions that will be felt for decades to come.
Long before Quora admitted to being breached and losing 100,000,000 million users' account data, it had disqualified itself from being used, by dint of its impulse to hoard knowledge and the likelihood that its limping business model would cause it to imminently implode.
Equifax's world-beating breach of 143 million Americans' sensitive personal and financial information was the result of the company's failure to patch a two-month-old bug in Apache Struts, despite multiple reports of the bug being exploited in the wild.
Information security is a race between peak indifference to surveillance and the point of no return for data-collection and retention.
Troy Hunt, proprietor of the essential Have I Been Pwned (previously) sets out the hard lessons learned through years of cataloging the human costs of breaches from companies that overcollected their customers' data; undersecured it; and then failed to warn their customers that they were at risk.
800,000 usernames and passwords from Brazzers, a giant porn site; 98 million passwords from Rambler.ru ("Russia's Yahoo") and, coming soon, the entire user database for VKontakte/VK.com, Russia's answer to Facebook.
Microsoft's deceptive hard-sell to gets users to "upgrade" to Windows 10 (the most control-freaky OS to ever come out of Redmond) is made all the more awful by just how much personal, sensitive, compromising data Microsoft exfiltrates from its users' PCs once they make the switch.
My latest Guardian column, "Why is it so hard to convince people to care about privacy," argues that the hard part of the privacy wars (getting people to care about privacy) is behind us, because bad privacy regulation and practices are producing wave after wave of people who really want to protect their privacy.
The Treaty on the Right to Privacy, Protection Against
Improper Surveillance and Protection of Whistleblowers [PDF] (AKA "The Snowden Treaty") was created by David Miranda, Glenn Greenwald's partner, who was detained by UK police under terrorism legislation while transiting through London's Heathrow airport with a encrypted thumbdrive containing some of the Snowden leaks.
U.S. Securities and Exchange Commission employees did not encrypt some computers that contained "highly sensitive information from stock exchanges, leaving the data vulnerable to cyber attacks, according to people familiar with the matter." Reuters has the full story. The SEC spent $200K to confirm that "no hacking or spying on the SEC's computers took place," however, and there is no evidence that any data was actually breached.
On Monday, the Burger King burst into a McDonald's restaurant in Rome, Georgia, handed out free hamburgers to customers, danced, and posted for photos with children. Managers called the police, but the Burger King escaped in a white Acura before the fuzz arrived. — Read the rest
The mangled body of a 16-year-old boy from North Carolina mysteriously dropped from the sky down to a Boston suburb last month. Authorities now believe the teen breached airport security, and managed to hide himself inside the wheel well of a US Airways Boeing 737. — Read the rest
Nathan Yau of FlowingData created posted a graphic showing the 10 largest data breaches in the last 8 years. "Notice the higher frequency as we get closer to the present?" writes Nathan. Follow the link to see the whole thing. Link (Thanks, Mike Love!)
Bill Scannell sez,
— Read the rest
A group of Alaskans filed suit against the Transportation Security Administration in Federal District Court in Anchorage today.
At issue is TSA's refusal to comply with the Privacy Act while testing the Secure Flight air passenger profiling system.
Worrying about data breaches isn't just for the Amazons and Facebooks of the world. Oh sure, you should be concerned if you're one of the 533 million who had info exposed in the latest Facebook breach. But a bigger worry is what happens if customer information, details that you're responsible for, somehow get exposed to the world? — Read the rest
Facts? Who needs them when they get in the way of a good story?
That's the lesson from this week's tawdry tabloids, which use a smattering of facts like seasoning in a recipe: employed sparingly they add flavoring, but there's no nutritional value there. — Read the rest