via EFF writers Jeremy Gillula & Seth Schoen, comes an outstanding piece on Apple Inc.'s (Nasdaq: AAPL) recent decision to restrict ('limits' was the exact term utilized) device tracking. Today's Interesting Read.
News, via the astonishingly prolific security writer Dan Goodin, editing, and reporting at Ars Technica, tells the tale of oil and gas network attacks in the United States, by a group monikered Xenotime. Think we're protected? Think again. Read the Dragos security researcher's post for truly concerning national security relevance.
"The group, now dubbed Xenotime by Dragos, quickly gained international attention in 2017 when researchers from Dragos and the Mandiant division of security firm FireEye independently reported Xenotime had recently triggered a dangerous operational outage at a critical-infrastructure site in the Middle East." via Dan Goodin, Security Editor reporting at Ars Technica
"Ultimately, XENOTIME’s expansion to an additional ICS vertical is deeply concerning given this entity’s willingness to undermine fundamental process safety in ICS environments placing lives and environments at great risk. - via Dragos
Bad Behaviors should not be tolerated... Behold, and examine, if you will, the data exfiltrated (in this case, the inventory of extensions installed in your broweser, and data contained therein) by Linkedin (Nasdaq: LNKD) when the user authenticates at the company's primary public-facing site. Utilizing tools authored by the inimitable Corey Prophitt it's a revelation of the worst kind. Simply Astounding (and certainly bad behavior by a Microsoft Corporation (Nasdaq MSFT) owned company). Hat Tip.
"How would you feel if you opened a program and the program started to check your file system to see what other programs you had installed? You would probably feel the software was overstepping. This is essentially what LInkedIn does when you visit their website. LinkedIn will scan your local browser files in an attempt to identify a number of different browser extensions you may have installed. The data collected by LinkedIn is then exfiltrated from the browser." - via Corey Prophitt, writing at Prophitt.me