Pete Recommends – Weekly highlights on cyber security issues April 20, 2019

Subject: WikiLeaks set 21st century model for cyber-leak journalism
Source: AFP via Yahoo
https://news.yahoo.com/wikileaks-set-21st-century-model-cyber-leak-journalism-041939031.html

Washington (AFP) – Using cryptography and virtual drop boxes, Julian Assange’s WikiLeaks created a revolutionary new model for media to lure massive digitized leaks from whistleblowers, exposing everything from US military secrets to wealthy tax-dodgers’ illicit offshore accounts.

News outlets and journalists everywhere can now offer to potential sources encrypted apps and secure virtual mailboxes to receive secrets that were once divulged by discreet whispers, furtive phone calls and unmarked manila envelopes.

In 2013 the Freedom of the Press Foundation, which had aided WikiLeaks with financing, developed a new anonymous drop box free for anyone to use: SecureDrop.


Subject: Russians hacking the GPS system to send ships bogus GNSS navigation data
Source: Business Insider
https://www.businessinsider.com/gnss-hacking-spoofing-jamming-russians-screwing-with-gps-2019-4

  • The Russians are hacking the global navigation satellite system (GNSS) on a mass scale in order to confuse thousands of ships and airplanes about where they are, according to a study by Centre for Advanced Defense (C4AD).
  • Law enforcement, shipping, airlines, power stations, your phone, and anything else dependent on GPS time and location synchronization, are vulnerable to GNSS hacking.
  • All of Britain’s critical infrastructure is dependent on GNSS and GPS, according to a report commissioned by the UK Space Agency.
  • Russian president Putin’s summer dacha is protected by a GNSS spoofing array that helps create a no-fly zone over his vast Italian-style mansion.
  • GNSS jamming equipment costs $300.

The jamming, blocking, or spoofing of GNSS signals by the Russian government is “more indiscriminate and persistent, larger in scope, and more geographically diverse than previous public reporting suggested,” according to the Weekly Intelligence Summary from Digital Shadows, a cyber security monitoring service.


Subject: What e-books at the library mean for your privacy
Source: C|net via beSpacific
https://www.bespacific.com/what-e-books-at-the-library-mean-for-your-privacy/

cnet: “E-books and audiobooks, now standard at libraries, make protecting privacy harder. Titles are usually provided through private companies, which can access your data. And today’s software can create more comprehensive records about you than a simple list of the books you checked out. (You can also get many e-books and audiobooks online free and legally.),,,Cybersecurity experts have found bugs in library apps. Erin Berman, who chairs a privacy subcommittee at the American Libraries Association, said a test of products she oversaw at the San Jose Public Library in 2018 found six apps with serious cybersecurity flaws…”

beSpacific Subjects: Cybersecurity, E-Records, Libraries, Privacy

C|net tagged https://www.cnet.com/tags/e-books/
RSS: http://feed.cnet.com/feed/tags/e-books


Subject: Facebook, lose my digits: Here’s how to unlist your phone number
Source: USA Today via Yahoo
https://news.yahoo.com/facebook-lose-digits-apos-unlist-091004323.html

A phone number can mean much more when it’s stored on Facebook’s servers – even if you only provided it to help secure your account.

Last February, software engineer Gabriel Lewis tweeted that adding your mobile number to your account as a two-step verification method (in which you confirm a login by entering a one-time code sent to your phone) could result in Facebook sending you text-message notifications about everyday activity on the social network.

At the time, Facebook apologized and said the text spam was an error.

This March, another developer, Jeremy Burge, tweeted that numbers you add for two-step verification still aren’t reserved for that security use. Instead, other Facebook users can search for them – and advertisers who upload contacts lists, called Custom Audiences, can also match you that way. That time, Facebook did not apologize, noting that it hasn’t required you to secure your account with a phone number since May 2018.

After a month of correspondence with USA TODAY, Facebook said it had changed its system to stop numbers newly added for two-step verification from being matched for advertising. The correct response is to take Facebook up on its earlier, implicit invitation to remove your number from your account – but only after switching to a different form of two-step verification.


Subject: Healthcare industry worst at protecting consumer data, government best
Source: USA Today – Money
https://www.usatoday.com/story/money/2019/04/16/data-breach-federal-government-best-at-protecting-healthcare-worst/3450952002/

The federal government is best at protecting consumer data and the health care sector is the worst, according to a new study by the not-for-profit Internet Society’s Online Trust Alliance. The 10th annual Online Trust Audit and Honor Roll analyzed more than 1,200 consumer-facing websites to determine which industry values security and privacy the most. Here’s how the seven industries the Online Trust Alliance examined ranked…


Subject: Your car is watching you. Who owns the data?
Source: Roll Call via beSpacific
https://www.bespacific.com/your-car-is-watching-you-who-owns-the-data/

Roll Call – Computers on wheels raise thorny questions about data privacy: “If you’re driving a late model car or truck, chances are that the vehicle is mostly computers on wheels, collecting and wirelessly transmitting vast quantities of data to the car manufacturer not just on vehicle performance but personal information, too, such as your weight, the restaurants you visit, your music tastes and places you go. A car can generate about 25 gigabytes of data every hour and as much as 4,000 gigabytes a day, according to some estimates. The data trove in the hands of car makers could be worth as much as $750 billion by 2030, the consulting firm McKinsey has estimated. But consumer groups, aftermarket repair shops and privacy advocates say the data belongs to the car’s owners and the information should be subject to data privacy laws…”

beSpacific Subjects: Knowledge Management, Legal Research, Legislation, Privacy, Transportation

sample RSS feed: https://www.bespacific.com/category/transportation/feed/

Roll Call article Topics: technology Business california Executive Branch fintech independents Maryland Massachusetts media Mississippi Republicans Roger Wicker Senate Trade

Site RSS feed: https://www.rollcall.com/rss/tag/rss-feed/all-news

NB in perusing the article, I did not find out when/if/how the vehicle’s data is reset when the vehicle is sold.  [Ditto when you get a new telephone.] /pmw1


Subject: ‘Millions of Instagram users’ passwords were left unencrypted
Source: Business Insider
https://www.businessinsider.com/millions-of-unencrypted-instagram-passwords-2019-4

  • Facebook has stored millions of Instagram users’ passwords in an unencrypted format easily readable by its employees for years.
  • The news came on Thursday by way of an update to an existing company blog post, which in March, announced that unencrypted passwords for hundreds of millions of Facebook and Facebook Lite users had been accessible on its internal servers.
  • At the time, the company also said the same issue affected “tens of thousands” of Instagram users.
  • On Thursday, that number was updated to “millions.”

Facebook has stored millions of Instagram users’ passwords in an unencrypted format easily readable by its employees for years, the latest in a series of high-profile security missteps committed by the Silicon Valley giant.

The news came on Thursday by way of an update to an existing company blog post, which in March, announced that unencrypted passwords for hundreds of millions of Facebook and Facebook Lite users had been accessible on its internal servers. At the time, the company also said the same issue affected “tens of thousands” of Instagram users. On Thursday, that number was updated to “millions.”

Back in March, Facebook said it discovered the vulnerability during a “routine security review” at the beginning of the year. The cybersecurity journalist Brian Krebs said the issue existed as far back as 2012.

Posted in: Cybercrime, Cybersecurity, E-Books, Health, Internet Trends, KM, Libraries & Librarians, Privacy, Social Media
CLOSE
CLOSE