security

ProPublica
Harris said he pleaded with the company for several years to address the flaw in the product, a ProPublica investigation has found. But at every turn, Microsoft dismissed his warnings, telling him they would work on a long-term alternative — leaving cloud services around the globe vulnerable to attack in the meantime.
Public corporations that value shareholders more than customers were a mistake and definitely shouldn’t be handling national security. This whole series of events is frustrating because it was preventable.
Wired
Hagenah⁩ says that in cases of employers with “bring your own devices” policies, there’s a risk of someone leaving with huge volumes of company data saved on their laptops. That’s a particular risk if they’re disgruntled or leave on bad terms, he says.
Or how about when a company is sued and must turn over all related employee Recall data? Seems like much more information than texts and emails contain. Companies might want to run this feature by their general counsel before deploying.
doublepulsar.com
I think they are probably going to set fire to the entire Copilot brand due to how poorly this has been implemented and rolled out. It’s an act of self harm at Microsoft in the name of AI, and by proxy real customer harm.
AI has really obliterated the idea of getting consent from users. Big companies are just enabling data theft on a grand scale now. It's like people who build houses working for thieves rather than homeowners.
404 Media
As North Carolina and Montana enact new age verification laws effective January 1, residents can’t view sites in Pornhub’s parent company network.
Interesting Republican effort to raise awareness and use of VPNs in red states.
Ars Technica
In a press release, the FTC said that "Ring deceived its customers by failing to restrict employees' and contractors' access to its customers' videos, using customer videos to train algorithms, among other purposes, without consent, and failing to implement security safeguards." In one case, an employee "viewed thousands of video recordings belonging to female users of Ring cameras that surveilled intimate spaces in their homes such as their bathrooms or bedrooms," the FTC said.
This is awful and why I try not to buy surveillance devices. It’s difficult not to send data out of your house but I hope not being connected to the Internet becomes a selling point for electronics eventually.
palant.info
"So the more correct interpretation of events is: we do not have a new breach now, LastPass rather failed to contain the August 2022 breach. And because of that failure people’s data is now gone. Yes, this interpretation is far less favorable of LastPass, which is why they likely try to avoid it."
I believe password managers are critical and also that this password manager is being mismanaged. I guess the time for me to move to a different service was last year.
New York Times
"Armed with secret court orders in the United States and the help of governments around the world, the Justice Department and the F.B.I. disconnected the networks from the G.R.U.’s own controllers. “Fortunately, we were able to disrupt this botnet before it could be used,” Mr. Garland said."
Fantastic work and a great story. Just give me a steady stream of cybersecurity success stories please. Call the new beat Botnet Dragnet. I’ll waive my naming fee.
BuzzFeed
"For years, digital rights groups like the Electronic Frontier Foundation, security researchers, and journalists have warned that Venmo’s public friend lists were a privacy threat. Founded in 2009 on the idea that payments could be another form of social content, Venmo allowed people to pay each other and post about those payments to its public feed and other social media platforms."
It just takes a few seconds to update your Venmo privacy settings.
GCS
"Third party link-shortening tools can add unnecessary steps to your processes, create accessibility issues, threaten user privacy and undermine user trust – with no benefit to you as communicators."
Yes! The risks of using 3rd party URL shorteners outweighs any perceived benefit.
Bloomberg
"The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment."
Facepalm. This should really help stem the tide of infrastructure attacks. We get a gas panic and the criminals get #!?*coin. At least the perpetrators can't buy Teslas with it.
MSNBC News
"That Pence had a military aide and a briefcase was a surprise to many who aren’t familiar with the command and control of strategic nuclear forces. Suddenly the import of what happened acquired a new salience: Did Trump’s inaction place not only his vice president, but the security of the nuclear deterrent in jeopardy?"
The more we learn the worse it gets.
The Mozilla Blog
"Today, Firefox is enabling encrypted DNS over HTTPS by default in the US..."
So strange to see a tech company put energy into consumer privacy but I’ll take it.
« Older posts