Saturday, November 18, 2017

I’m telling my Computer Security students that keeping the default settings is never a good idea.
Pentagon Accidentally Exposes Web-Monitoring Operation
The Department of Defense accidentally exposed an intelligence-gathering operation, thanks to an online storage misconfiguration.
DOD was reportedly collecting billions of public internet posts from social media, news sites, and web forums and storing them on Amazon S3 repositories. But it neglected to make those storage servers private. So anyone with a free Amazon AWS account could browse and download the data, according to Chris Vickery, a security researcher at UpGuard.
Vickery noticed the problem in September. "The data exposed in one of the three buckets is estimated to contain at least 1.8 billion posts of scraped internet content over the past 8 years," UpGuard said in a Friday report.
Much of the data was scraped from news sites, web forums, and social media services such as Facebook and Twitter. The information includes content relating to Iraqi and Pakistani politics and ISIS, but also social media posts made by Americans.
… The Defense Department isn't the only one to commit the security slip-up with AWS cloud storage. Earlier this year, UpGuard found that Verizon and Dow Jones made the same mistake, effectively exposing their private customer data to the public.




How to victimize victims. (And another federal agency that’s clueless when it comes to security breaches.)
Rachel Polansky reports:
Dozens of Southwest Floridians are sick and tired of waiting for answers from FEMA after being hit by Hurricane Irma and then, identity thieves.
A month after the NBC2 Investigators exposed a major scheme involving criminals stealing local identities to defraud the federal government, the NBC2 Investigators are finally getting answers from FEMA.
Read more on NBC-2.
[From the article:
… the agency couldn't confirm this earlier because they wanted to protect the integrity of the investigation.




This probably happens here and goes unreported. (undetected?)
Reuters reports:
Italian police are investigating a hack into the email accounts of government employees by activist group Anonymous, which then published documents it had extracted.
On its Italian blog Anonymous uploaded a screenshot of an email purportedly sent from a government email address to an employee of the prime minister’s office containing the names of a security detail that would accompany an official inspection at a site Prime Minister Paolo Gentiloni is due to visit this week.
Read more on Reuters. See also ItalianInsider.it. DataBreaches.net is not linking to Anonymous’s blog post so as not to facilitate leaking of the allegedly hacked data.




Oh they’re getting serious. They wrote a letter!
House panel hits Equifax with long list of investigation demands
The House Energy and Commerce Committee has sent Equifax a long list of questions related to the breach that compromised more than 100 million people's personal information.
The letter, dated Friday, contains seven pages of document requests and questions as part of the panel's investigation, nearly a full page of which is devoted to documents.
Click here to read the full letter.




Good intent? Bad outcome. Of course it could never happen here…
Germany: Please Destroy Your Child's Smartwatch
A German regulator is banning the sale of certain smartwatches designed for children because they can be used for spying. Parents who own such products should destroy them, the country's Federal Network Agency said in a Friday notice.
These watches include a listening function that lets parents monitor their child over a mobile app on a smartphone. However, that same feature can let them secretly eavesdrop on any surrounding conversation close to the watch—like listening to a teacher in a classroom. German law prohibits this kind of function, the Federal Network Agency said.




For my Computer Security students.
Why the Entire C-Suite Needs to Use the Same Metrics for Cyber Risk
When it comes to cybersecurity, the chains of communication that exist within an organization, if they exist at all, are often a mess. Multiple conversations about cyber risks are happening across a multitude of divisions in isolation. At the same time, members of the C-suite are measuring their potential impact using different metrics — financial, regulatory, technical, operational — leading to conflicting assessments. CEOs must address these disconnects by creating a culture that promotes open communication and transparency about vulnerabilities and collaboration to address the exposures.




Tips for your business plan?
Surviving in an Increasingly Digital Ecosystem
Every large and ambitious company today should be trying to figure out how to become a destination for its customers.




Worth getting my students thinking about their searches.




Something for the Movie club?
MoviePass Launches Annual Subscription Plan For Under $8 A Month: That’s Lower Than The Average Movie Ticket Price
For a limited time, MoviePass is offering a one-year subscription plan for a flat fee of $89.95, which translates to $7.50 a month (that price already includes a $6.55 processing fee). That price is under this year’s 3Q average movie ticket, which the National Association of Theater Owners pegged at $8.93.


No comments: