Pete Recommends – Weekly highlights on cyber security issues June 29, 2019

Subject: Mass Surveillance Is Coming to a City Near You
Source: KMOX via Nextgov

A tech entrepreneur wants to track the residents of a high-crime American community. Tech entrepreneur Ross McNutt wants to spend three years recording human outdoor movements in a major U.S. city, KMOX news radio reports. If that sounds too dystopian to be real, you’re behind the times. McNutt, who runs Persistent Surveillance Systems, was inspired by his stint in the Air Force tracking Iraqi insurgents. He tested mass surveillance technology over Compton, California, in 2012. In 2016, the company flew over Baltimore, feeding information to police for months (without telling city leaders or residents) while demonstrating how the technology works to the FBI and Secret Service. The goal is noble: to reduce violent crime.


Subject: Another Vulnerability in Dell’s Security Bloatware, Must Update ASAP
Source: Digital Trends

SupportAssist comes pre-installed on many Dell laptops, making it typical bloatware which most users simply ignore when they get a new machine. And other OEMs use the same software under the name PC-Doctor Toolbox as well. When a security vulnerability is discovered, users might not think they need to update software they never use, but merely having it on a machine can make it vulnerable.

ALL D.T. RSS feeds:

e.g., WEB

Subject: Presidential alerts can be easily spoofed, thanks to LTE security vulnerabilities
Source: ACM via TechCrunch via Android Police

Last year, the United States performed the first public test of the national Wireless Emergency Alert (WEA), an alert system designed to send messages to smartphones, TVs, and other systems simultaneously. The test was specifically for the ‘Presidential Alert,’ a new category that can’t be opted out of (like AMBER alerts). It turns out these types of alerts can be easily spoofed, thanks to various security vulnerabilities with LTE towers.

A group of researchers at the University of Colorado Boulder released a paper that details how Presidential Alerts can be faked. An attack using a commercially-available radio and various open-source software tools can create an alert with a custom message. Researchers were able to use just four malicious portable stations to cover a 50,000 seat stadium with a 90% success rate:

filed under SECURITY:



Example tag Presidential Alert RSS feed:

Subject: Google is the biggest snoop of all on your computer or cell phone
Source: The Washington Post via The Philadelphia Inquirer via beSpacific

The Philadelphia Inquirer – “You open your browser to look at the Web. Do you know who is looking back at you? Over a recent week of Web surfing, I peered under the hood of Google Chrome and found it brought along a few thousand friends. Shopping, news and even government sites quietly tagged my browser to let ad and data companies ride shotgun while I clicked around the Web. This was made possible by the Web’s biggest snoop of all: Google. Seen from the inside, its Chrome browser looks a lot like surveillance software. [emphasis added] Lately I’ve been investigating the secret life of my data, running experiments to see what technology really gets up to under the cover of privacy policies that nobody reads. It turns out, having the world’s biggest advertising company make the most popular Web browser was about as smart as letting kids run a candy shop.

beSpacific Subjects: Cybercrime, Cybersecurity, E-Commerce, Internet, Knowledge Management, Privacy, Search Engines

WP Consumer Tech:

Subject: Introducing The Fact Checker’s guide to manipulated video
Source: The Washington Post

If a picture says a thousand words, video can be even more powerful. But the Internet is increasingly populated with false and misleading videos — spread by politicians, advocacy groups and others — viewed by millions. That poses a challenge not only to fact checkers but to anyone relying on social media or web searches to get information or find the latest news.

Advancements in technology make it easier for just about anyone to create convincingly falsified video. Moreover, people in today’s polarized political climate seem increasingly willing to believe what they want to believe — especially when it aligns with their political values and is shown in video. This potent combination of advancements in technology, the spread of social media and an impressionable population allows video misinformation to spread rapidly.

We want to help people navigate this perilous information landscape.

Send us facts to check by filling out this form

Sign up for The Fact Checker weekly newsletter

The Fact Checker is a verified signatory to the International Fact-Checking Network code of principles

NB this article filed under:

and its RSS feed:

Subject: US government announces nationwide crackdown on robocallers
Source: CNNwire via WPMT FOX43

The US government announced a nationwide crackdown on illegal robocalls Tuesday, targeting companies and individuals who have collectively placed over 1 billion unwanted calls for financial schemes and other services, according to the Federal Trade Commission.

The crackdown involves nearly 100 cases, five of which are criminal enforcement actions. They were brought by the FTC, Justice Department, 15 states and a slew of local authorities.

It marks the latest effort by regulators to battle back the tide of unwanted and illegal calls from telemarketers and scammers.

Some of those targeted by the action were a major source of robocalls. Derek Jason Bartoli, a Florida man who allegedly developed, sold and used a form of software that allows millions of calls to be placed in quick succession, was responsible for 57 million calls to US phone numbers over six months in 2017, according to a federal complaint.

Filed in: News

Topics: robocallers


Subject: A hacker assault left mobile carriers open to network shutdown
Source: c|net via beSpacific

CNET: “Hackers have quietly infiltrated more than a dozen mobile carriers around the world, gaining complete control of networks behind the companies’ backs. The attackers have been using that access over the last seven years to steal sensitive data, but have so much control they could shut down communications at a moment’s notice, according to Cybereason, a security company based in Boston.  On Tuesday, Cybereason said it’s been investigating the campaign, dubbed Operation Soft Cell, through which hackers targeted phone providers in Europe, Asia, Africa and the Middle East. The hackers infected multiple mobile carriers since 2012, gaining control and siphoning off hundreds of gigabytes of data on people.

beSpacific Subjects: Cybercrime, Cybersecurity, Privacy

c|net Tags
Mobile Security

RSS feed e.g.,

Subject: Twitter clamps down on abusive speech, in seeming nod to Trump

Twitter said on Thursday it will begin labeling and demoting tweets from world leaders that violate its rules — an action that appears aimed at President Donald Trump’s often incendiary attacks.

Twitter has long said that it leaves up offensive tweets from government officials because removing them would limit the public’s ability to understand their leaders. But the company has frequently been criticized for allowing tweets posted by Trump that arguably violate the site’s rules against, among other things, dehumanization, degradation and the glorification of violence.

Twitter said that rule-breaking public interest tweets will not be “elevated” on the service, such as appearing in some search results — a move likely to fuel charges of “shadowbanning,” or the idea that social media companies discriminate against conservatives by subtly making their tweets and accounts more difficult to find.

This article tagged under:

File under:

Subject: NIST Releases Report on Managing IoT Risks
Source: CISA via NIST

The National Institute of Standards and Technology (NIST) has released the Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks report. The publication—the first in a planned series on IoT—aims to help federal agencies and other organizations manage the cybersecurity and privacy risks associated with individual IoT devices.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages information security and privacy practitioners to review NISTIR 8228 for more information and CISA’s Tip on Securing IoT for best practices.

CA Category
Security Alert

and its RSS feed:

Security Tip:

NIST Interagency/Internal Report (NISTIR):

NIST Pubs:

NIST CyberSecurity:

Cybersecurity Topics


Subject: DC Court of Appeals rules OPM responsible for hacking of 22 million personnel records
Source:  The Washington Post via beSpacific

Make sure you click thru to the WP article…

Washington Post: “A federal appeals court has revived the chances of monetary awards being paid to federal employees and others whose personal information was exposed in hacks of two government databases that were revealed in 2015. The ruling criticized the Office of Personnel Management for failing to safeguard that information despite having been the target of prior hacking attempts and despite repeated warnings from its inspector general’s office that the databases were vulnerable. “OPM effectively left the door to its records unlocked by repeatedly failing to take basic, known, and available steps to secure the trove of sensitive information in its hands,” said the decision Friday by the U.S. Court of Appeals for the District of Columbia Circuit. The OPM deferred a request for comment to the Justice Department, which declined to comment.

Btw, I wonder if there have been any studies done on the utility of credit monitoring services?


Posted in: AI, Big Data, Civil Liberties, Cybercrime, Cybersecurity, E-Commerce, Privacy, Search Engines, Technology Trends