Californians take privacy out of legislature’s hands and vote for stricter rules

5 November 2020 by Steve Blum
, , ,

Flashers

Voters in California decisively strengthened an already strong privacy law, and took away the power of elected officials to amend and enforce it. When the dust cleared yesterday, yes votes on proposition 24 had a 12% lead over the noes. Ballot counting in California might drag on until the middle of December, but it is all but mathematically certain that yes will prevail by a wide margin.

Prop 24 tweaks the California Consumer Privacy Act (CCPA), which sets limits on what companies can do with information about you that they’ve collected.… More

Privacy and digital security is a personal responsibility. It can’t be anything else

17 July 2020 by Steve Blum
, , , ,

Gagged by privacy

Three unrelated stories that broke within 24 hours demonstrate why digital security is a personal responsibility, and how blindly trusting third parties – individuals or private companies or governments – to look after your best interests is no solution:

  • The European Court of Justice nixed a data sharing safe harbor deal between the European Union and the U.S., pointing out in its decision that “the requirements of US national security, public interest and law enforcement have primacy”, which makes any promises of privacy meaningless.
More

Telecoms, data center infrastructure infiltrated, Bloomberg stories say, mystery deepens despite denials

13 October 2018 by Steve Blum
, , , ,

Taken at face value, a pair of articles on Bloomberg by Jordan Robertson and Michael Riley details how Chinese government intelligence agencies snuck tiny chips into computer servers used by Amazon and Apple, and by at least one major U.S. telecoms company. The devices – as small as the tip of a pencil – could be used to listen to communications going in and out, or to dive deeper into those systems.

If true, Bloomberg’s reporting means that the Chinese government, and possibly other intelligence agencies and criminal groups, have a backdoor that leads deep into U.S.… More

Quickest way to defeat cyber security is to not engage it

11 November 2017 by Steve Blum
, ,

Newsflash! Bad software development practices cause bad results. That’s the gist of a press release issued by Appthority, an IT security company specialising in the mobile enterprise sector.

What Appthority found isn’t a particular revelation. Developers will often hard code their own login credentials into apps while writing and debugging early versions, just to keep things simple. If they forget to remove that data before moving into beta testing and launch phases, it’s there for the taking.… More

Federal agencies ignore cyber security while breaches continue

7 October 2017 by Steve Blum
, ,

Cyber security at federal agencies continues to be so bad that the Government Accountability Office is throwing up its hands and saying we’ve already told you what needs to be done, so just do it

While federal agencies are working to carry out their [Federal Information Security Modernization Act]-assigned responsibilities, they continue to experience information security program deficiencies and security control weaknesses in all areas including access, configuration management, and segregation of duties. In addition, the inspectors general evaluations of the information security program and practices at their agencies determined that most agencies did not have effective information security program functions.

More

NSA shares blame with criminals for massive ransomware attack

14 May 2017 by Steve Blum
, , , ,

Cybercriminals successfully penetrated more than 200,000 computer systems in 150 countries in a continuing attack that began late last week. The initial assault was unwittingly blocked by a security blogger who triggered an off switch while trying to figure out what was going on. But that didn’t help systems that were already infected – it will can still spread from computer to computer within a network – and a new version, without the kill switch, is reported to be already out and running wild.… More

Trump broadband policy boots up slowly

21 January 2017 by Steve Blum
, ,

The first day of Donald Trump’s presidency wasn’t the blockbuster Day One he promised during the campaign. D-Day is Monday in his reckoning. That’s when he says he’ll start pounding the beach with the heavy guns of executive orders, although the door is open for weekend maneuvers and he took a few ranging shots immediately after taking the oath of office.

Following a custom established by Ronald Reagan, Trump sat down in the President’s Room in the U.S.… More

A known cyber threat is no threat to those who know it

1 January 2017 by Steve Blum
, , ,

Caught.

Vermont municipal electric utility employees read the cyber security alert jointly published by the FBI and the federal homeland security department, and did what it suggested: check their computers for the specific type of malware detailed in the report. According to a press release from the City of Burlington’s Electric Department

U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks.

More

FBI wants network administrators to tighten security, up to a point

31 December 2016 by Steve Blum
, , ,

Crackers working for the Russian government broke into the computer system of “a U.S. political party” during the last election cycle. That’s the unsurprising top line conclusion of a joint report issued by the federal homeland security department and the FBI. Two separate teams working for Russian intelligence agencies phished more than a thousand party functionaries and eventually gained access to administrator level privileges on the target system.

Beneath that top line, though, lurks a fascinating, and ironic, description of how state-sanctioned crackers can penetrate workaday IT networks maintained by corporations and government agencies, and what can be done to stop them.… More

Mobile OS security gains strength as a selling proposition

4 December 2016 by Steve Blum
, , , ,

They mind their own business.

A reason for Sailfish’s existence, and perhaps even for the $12 million investment it received earlier this year is becoming clearer. It’s an alternative mobile operating system – a competitor to Android and iOS – that arose from the ashes of Nokia’s MeeGo operating system, which was scrapped when Microsoft bought the company.

But it didn’t buy everything and the Finnish engineers who stayed behind started a new company, Jolla, and kept working on it.… More