A collection point
...and some of my own.
London Underground passengers told to turn off their Wi-Fi if they don’t want to be tracked
Graham Cluley: Travellers who have signed-up for the Tube’s free Wi-Fi service will have their device’s unique MAC (Media Access Control) address collected, alongside the date and time their smartphone authenticated with the Wi-Fi network and the router they connected to. This depersonalised Wi-Fi connection data will be held for two years. According to an FAQ about the data collection, the information will help TfL “better understand how customers move through and between stations,” by measuring how long it takes for a device to travel between stations, the route taken, and waiting times at busy times. Georgia Supreme Court Rules that State Has No Obligation to Protect Personal Information Kevin Townsend: Almost exactly one year after the stringent European General Data Protection Regulation came into effect (May 25, 2019), the Supreme Court of the state of Georgia has ruled (May 20, 2019) that the state government does not have an inherent obligation to protect citizens' personal information that it stores. The ruling relates to a case that dates back to 2013. A Georgia Department of Labor employee inadvertently emailed a spreadsheet containing the names, Social Security numbers, telephone numbers and email addresses of 4,457 people who had applied for benefit to about 1,000 people. While the Supreme Court has not ruled that there can never be an obligation to protect citizens' data, it has ruled that the obligation is not automatic -- and in the McConnell case, there were no separate requirements to provide the obligation. Global law firm Womble Bond Dickinson LLP issued an alert to its U.S. clients, describing the ruling as a 'landscape-changing privacy decision' in ridding Georgia government entities of the general duty to safeguard personal information given to them. First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records Brian Krebs: The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser. Facebook took action against 2.19B fake accounts in first three months of 2019 Bradley Barth: From January through March 2019, Facebook took action on 2.19 billion fake accounts, meaning the site applied a warning screen, removed content, and/or deleted the account. This sets a new high water mark for this particular metric since Facebook launched its first-ever Community Standards Enforcement report one year ago. And it’s close to double the 1.2 billion actions taken October to December 2018. “We do believe encryption is an incredibly powerful tool for privacy and we are working to detect bad actors through things like identifying patterns of bad activity or building better tools for people to report bad content to us,” said Zuckerberg. “And we recognize that it’s going to be harder to find all of the different types of harmful content. We’ll be fighting that battle without one of the very important tools which is, of course, being able to look at the content itself… But we think that this trade-off of protecting people’s privacy and giving people world-class tools for privacy and security… is the right path forward.” Snapchat Privacy Blunder Piques Concerns About Insider Threats Snap, the company behind the popular Snapchat social media app, has found itself in hot water after a recent report revealed that Snap employees were abusing their access to private user data – which includes location data, saved Snaps and phone numbers. According to a Thursday Motherboard report, Snap touted several internal tools enabling employees to access Snapchat users’ personal data. One such tool, dubbed SnapLion, was originally created to help collect data in response to law enforcement requests via court orders. However, several internal emails obtained by Motherboard showed several employees abused this capability, with one Snap employee looking up an email address for an account outside of a law enforcement situation, for instance. Netanyahu among millions exposed on open travel company data base Doug Olenick: A data base belonging to the Israeli online travel firm Amadeus was spotted open to the public exposing millions of Israeli travelers, including that nation’s prime minister. Amadeus is used as a booking service for several other popular Israeli travel companies including Inbal, which books flights for government workers. According to Calcalist.com, the open database contained the personal information and travel information for 15 million passengers covering 36 million flights, one million hotel bookings, and 700,000 visa applications. The open database issue has since been fixed. Joomla and WordPress Found Harboring Malicious Redirect Code On Thursday, Eugene Wozniak, a security researcher with Sucuri, published a report outlining a rogue hypertext access (.htaccess) injector found on a client website. He reported that the impacted site was directing website traffic to advertising sites that attempted to install malicious software. Both Joomla and WordPress sites use .htaccess files to make configuration changes at the directory level of a web server. The file is used to configure a host of web page options, ranging from website access, URL redirects, URL shortening and access control. Moody's Downgrading of Equifax Is a Message to Boards While affirming Equifax’s senior unsecured rating at Baa1 and short-term rating at Prime-2, Moody’s Investor Services downgraded the company’s outlook from stable to negative due to the 2017 cyber-attack. “The outlook revision to negative reflects weaker operating performance and credit metrics than originally expected following the cybersecurity breach in 2017,” the May 17 rating action notice stated. "Free cash flow may remain around only $150 million per year for a few years, or less than half of annual free cash flow prior to the breach," said Edmond DeForest, Moody's vice president and senior credit officer. "Diminished free cash flow limits Equifax's ability to reduce its financial leverage," he continued. Advanced Persistent Threat (APT) Increasingly Targets Canadian Orgs Not suggesting this is nation-state retribution for what happened to the CEO of the third largest Cell phone manufacturer, but I would not be surprised! Historically Canada is included in threats targeting the entire North American region, though most of these threats are typically focused on the US. Based on prior activity, researchers observed these campaigns believed to be the work of the advanced persistent threat (APT) group TA542, saw customization ranging from French-language lures to brand abuse from a number of actors geo-targeting Canada. AT&T becomes first big mobile carrier to accept Bitcoin payments. Lucas Mearian: AT&T will allow customers to pay their mobile bills using Bitcoin, adding its name to a short list of major businesses and government agencies that allow the blockchain-based cryptocurrency to be used as a form of payment. While not directly accepting cryptocurrency, AT&T is the first major U.S. mobile carrier to let customers pay in Bitcoin through a third-party service provider. Customers using its online bill pay service or the myAT&T app will be able to choose BitPay, a cryptocurrency payment processor for payments. The customer pays in Bitcoin and BitPay verifies the funds and accepts the Bitcoin on behalf of the business. Overstock.com was among the first, if not the first, company to accept cryptocurrency, and its venture capital arm – Medici Ventures – has made significant investments in the technology. Earlier this year, the state of Ohio announced it would allow citizens to pay their taxes in Bitcoin. Taxpayers can go through its OhioCrypto.com website and their Bitcoin payment gets converted into U.S. dollars before being transferred to Ohio's state coffers. Last year, Florida's Seminole County became the first government agency to accept cryptocurrency for payments for various services. Google adds to Baltimore’s ransomware woes Doug Olenick: Baltimore staffers had started to create Google Gmail accounts as a temporary replacement communication system. However, Google’s automatic security apparatus shut down the accounts as it believed the activity may have been fraudulent, WBAL-TV reported. Google’s system became interested in the new and related accounts because they were created as personal, and not business, email accounts. Google on May 23 did restore the accounts. |
Linking the world
Sharing is caring Archives
May 2024
Categories |