Infosecurity.US

Information Security with Occasional Forays into Other Realms

  • Web Log
via Reddit

via Reddit

UPnP'd: The Litany Of Ports 139 and 445

November 30, 2018 by Marc Handelman in Routerland, Blatant Stupidity

Why in the world is this still a problem. Just say no to UPnP, and move on, dammit.

November 30, 2018 /Marc Handelman
Routerland, Blatant Stupidity
Image Credit: Microsoft Corporation

Image Credit: Microsoft Corporation

Rather Than Focusing On Fixing Lame Windows Update System, Microsoft CEO Targets New Electronic Cricket Bat

October 12, 2018 by Marc Handelman in Blatant Stupidity, Corporate Evil, Cruft, Operating Systems, Operating System Security, Operability

Smart Move - Satya - Smart Move Now, what was it you were going to do about the October Creators Update for Windows 10 nagging problem of deleting user documents and other files en mass? Was this a redirection marketing tactic to deflect attention from the recent rash of Microsft Windows Update failures plaguing Redmond; or is it a Lack of Focus Mr. Nadella? (Update: News from Martin Brinkmann at GHacks that the file deletion issue is reportedly fixed). To be fair, an inability to service operating system updates robustly is not just a Microsoft Corporation (Nasdaq: MSFT) failure, this SNAFU is a hallmark of the so-called Android 'ecosystem' as well. Oh, and I'm a cricket fan as well. Enjoy.

October 12, 2018 /Marc Handelman
Blatant Stupidity, Corporate Evil, Cruft, Operating Systems, Operating System Security, Operability

Wait, What, Why? Google Takes WWW Away... →

September 11, 2018 by Marc Handelman in Blatant Stupidity, Information Security, Confusion

News, via Lawrence Abrams, writing at Bleeping Computer, of the latest hare-brained scheme popping out of the roiling, hot, bubbling diverse-cultural motile known as the Chrome development teaam. Read and Weep my friends, for the Minimlization that apparently never ends.

September 11, 2018 /Marc Handelman
Blatant Stupidity, Information Security, Confusion

Black Hat: The Exposed

August 23, 2018 by Marc Handelman in Blatant Stupidity, Cyber Cyber Cyber Cyber

News, via Ionut Ilascu, writing at Bleeping Computer, of an apparent Black Hat Attendee Data Leakage SNAFU. Who needs so-called Cyberthis or Cyberthat, when information security's premier event can't safeguard the attending information security professional's data? The flaw was discovered by NinjaStyle in a superb blog post: 'How I Hacked BlackHat 2018: Enumerating registered BlackHat attendees with the BCard API'. Security: Heal Thyself. H/T

August 23, 2018 /Marc Handelman
Blatant Stupidity, Cyber Cyber Cyber Cyber

Facebook+CambridgeAnalytica = Facebookery At It's Finest

July 07, 2018 by Marc Handelman in Data Theft, Information Security, Blatant Stupidity, Crime, Criminal Enterprise

via Graham Cluely's timely security blog, comes the story of Carole Cadwalladr whom, in her day job, is famous for her highly competent reportage at The Guardian. The specific reporting series is here. Detailing not-so-secret fundamental security and privacy flaws; all combined into a porridge with both blatant stupudity and greed as spices, in which, the aforementioned porridge turns out to be a not-so-tasty dish for Facebook Inc. (NASDAQ: FB) and Cambridge Analytica (now in receivership)... If you spend any time contemplating the evil that is Facebook, read Carole Cadwalladr's work and you'll experience a Silicon Valley revelation (perhaps some avocado toast will calm you down). Today's Must Read!

July 07, 2018 /Marc Handelman
Data Theft, Information Security, Blatant Stupidity, Crime, Criminal Enterprise
face-mosaic copy.jpg

Facebookery: The Fourteen Million →

June 10, 2018 by Marc Handelman in Blatant Stupidity, Business of Exploitation, Code, Use At Your Own Risk, Detritus

News, via Dan Goodin - writing at ArsTechnica - of an apparent dev team screwup at Facebook Inc. (Nasdaq: FB). In which, the crack-dev-team at the purveyor of user data managed to introduce a pernicious flaw in the Detritus (also known as the Company's 'Code', or 'Intellectual Property') that happily exposed the posts of 14 million of the company's 'Subjects'(also known as 'Users') to one and all. What happended to 'Code Review' (also known as 'Looking for Developer Screwups' or 'Application Testing' also known as 'Testing for Developer Screwups'? Nary a peep from the Facebook Security Team on this one; and in summation: Where's the Apology, Chairman Zuckerberg?

"The bug occurred as Facebook developers were creating a new way to share photos and other featured items in user profiles. In the process, the developers accidentally suggested all new posts be set to public, rather than just the featured items." - via Dan Goodin writing at ArsTechnica

June 10, 2018 /Marc Handelman
Blatant Stupidity, Business of Exploitation, Code, Use At Your Own Risk, Detritus
Buys your location data, doesn't seek permission... Time to call your attorney!

Buys your location data, doesn't seek permission... Time to call your attorney!

AT&T, Verizon, T-Mobile, AT&T, Sprint: We're Selling Your Location Data To Prison Tech Company. Nothing To See Here!

May 17, 2018 by Marc Handelman in Blatant Stupidity, Privacy, Or Lack Thereof, Demise of Privacy, Information Security

via Zack Whittaker, writing at ZDNet's Zero Day, exposes the selling of mobile device location data (for all customers) to a prison technology-focused organization monikered 'Securus. Where's the consent? H/T

May 17, 2018 /Marc Handelman
Blatant Stupidity, Privacy, Or Lack Thereof, Demise of Privacy, Information Security

Microsoft Now Supports Cryptomining In Excel... →

May 15, 2018 by Marc Handelman in Blatant Stupidity, Information Security

via Graham Cluley, comes news of a highly questionable decision made by Microsoft Corporation (Nasdaq: MSFT) developers to begin offering JavaScript support in the company's flagship spreadsheet bits.

'Right now, JavaScript in Excel custom functions is only supported in the Developer Preview edition to Office 365 subscribers enrolled in the Office Insiders program. But it seems inevitable that in the not too distant future it will be available in more widely-used versions of Excel as well.' - via Graham Cluley

May 15, 2018 /Marc Handelman
Blatant Stupidity, Information Security
RSA-Conference-2018-What-You-Can-Expect-at-This-Year’s-Event.png

RSAC 2018, The Leakage →

April 24, 2018 by Marc Handelman in Blatant Stupidity, Application Security, Security Incompetence

Security, Heal Thyself

April 24, 2018 /Marc Handelman
Blatant Stupidity, Application Security, Security Incompetence

Starbucks Moves From Coffee Purveyor to Surveillance Company →

April 19, 2018 by Marc Handelman in Blatant Stupidity, Information Security, PII

via Bob Sullivan, reporting for Geekwire, comes news of Starbucks Corporation (Nasdaq: SBUX) efforts to collect personal data from WiFi users. In reality, you can be certain the company has been collecting personally identifiable data (PII) for years... Soon, your caffiene mantra will be - 'I'll have a Caramel Macchiato, Venti, Skim, Extra Shot, Extra-Hot, Extra-Whip, Sugar-Free, extra PII to go'...

April 19, 2018 /Marc Handelman
Blatant Stupidity, Information Security, PII
united_colitis.jpg

Blatant & Pervasive Incompetencies, Recent History of →

April 17, 2018 by Marc Handelman in Data Security, Blatant Stupidity, Bulk Data Collection, Information Security, Consumer Abuse, Environmental Security, Animals, Animal Abuse

Recalling other crisis management fails - in the wake of Facebook's stunning (and probably feigned) ignorance of data exfiltration on their own platform: Via the obviously talented Michael Grothaus, whilst writing at Fast Company, comes this interesting recent history of crisis management at companies-of-note. You will - I am certain - notice a recurring theme of fathomless lack of intellectual capacity. Today's Must Read and filed under 'Blatant Stupidity'. Enjoy!

April 17, 2018 /Marc Handelman
Data Security, Blatant Stupidity, Bulk Data Collection, Information Security, Consumer Abuse, Environmental Security, Animals, Animal Abuse
Arthur Dent and His Towel

Arthur Dent and His Towel

Eurononsense: Hitchhikers Guide To The End Of Planet WHOIS →

March 19, 2018 by Marc Handelman in Eurononsense, Privacy, Blatant Stupidity, GDPR

Pending Evidence to the Contrary, the end of Planet WHOIS is slated for 2018/05/25 ostensibly due to nonsensical GPDR legislation, crafted by those Braniacs in Brussels. Better find that copy of Doug Adam's mantra to mankind - The Hitchhikers Guide to the Galaxy, your towel, and perhaps some stout as it shall be a bumptious ride when traveling with Arthur Dent, Esq. ICANN attempted with amusing futility to fix things rightup, but failed to acquire consensus on WHOIS usage in the Wacky Age of EU Mandated Privacy. Via the outstanding reportage of Kieren McCarthy writing at El Reg. Discombobulated? You and me both, Pal!

March 19, 2018 /Marc Handelman
Eurononsense, Privacy, Blatant Stupidity, GDPR

MoviePass Screws-the-Pooch →

March 11, 2018 by Marc Handelman in Blatant Stupidity, Information Security, Privacy, Demise of Privacy

Well - dammit - I was wrong... Early last week I made the error in a post on Monday 2018/03/05, in which I managed to scribble this diatribe: To Wit, "Easily the most egregiously moronic idea I've heard this month (and it's only 5 days in(!)" ...

Well, that declaration has been overshadowed in our highly-read Observed-Stupidity-In-Security-And-Privacy-News-Department by a bottom-of-the-sea-deeply-ignorant statement uttered by MoviePass CEO Mitch Lowe regarding his extraordinary pleasure at tracking users within the company's MoviePass iPhone and Android apps (see below).

'The update comes after CEO Mitch Lowe made comments at the Entertainment Finance Forum in Los Angeles last week, claiming that the company was tracking users’ locations. “We watch how you drive from home to the movies. We watch where you go afterwards,” commented Lowe, according to a report from Media Play News. - via Chaim Gartenberg, writing at The Verge

Bravado? Misplaced Confidence? Hairplugs too-tight? Too Much Campari before dinner? I think not, just simple, unmitigated and blatant stupidity...

Perhaps a leadership change is in order, eh MoviePass? At least, the company did manage to (allegedly) remove the tracking-bits from the product and resissue the apps in the apropos app stores. Of course, there is always bad news with this type of mea culpa: In a statement made to Engadget, the company claimed they are still planning to use location data marketing to enhance their revenue stream. Ah, yes, the old Give It To 'Em, Then Take It Away gambit. Oh Joy!

March 11, 2018 /Marc Handelman
Blatant Stupidity, Information Security, Privacy, Demise of Privacy

Stunning Stupidity To Start The Week: Selling Your DNA Via A Blockchain Controlled Marketplace →

March 05, 2018 by Marc Handelman in Cryptocurrency, Bitcoin, Blatant Stupidity, Information Security, Blockchain

Easily the most egregiously moronic idea I've heard this month (and it's only 5 days in(!) - stay tuned - pretty sure there will be others)... Would you sell your DNA data on the Blockchain? Enjoy!

'It is not easy putting a dollar value on the human genome, so only time will tell if these innovative, blockchain approaches to genetic data trading will pay off for individuals.' via James Levenson, writing at Bitcoinist

March 05, 2018 /Marc Handelman
Cryptocurrency, Bitcoin, Blatant Stupidity, Information Security, Blockchain

Intel, The Hider →

February 23, 2018 by Marc Handelman in Blatant Stupidity

via Peter Cao - writing at 925Mac, details a Reuters screed of Intel's efforts to hide the true scope of Meltdown/Spectre from Federal investigators at US-CERT. Good to know.

February 23, 2018 /Marc Handelman
Blatant Stupidity

Sounds Legit, Mullahs On Guard Due To Rogue Lizard(s) Soaking Up Atomicals →

February 16, 2018 by Marc Handelman in Blatant Stupidity, Espionage, Physical Security, Physical Sciences

Sean Gallagher - writing at ArsTechnica, details lizard espionage, targeting the Iranians...

February 16, 2018 /Marc Handelman
Blatant Stupidity, Espionage, Physical Security, Physical Sciences

Service As A Crime →

February 08, 2018 by Marc Handelman in Idiotic Ideas, Physical Security, Blatant Stupidity, Satire, Sarcasm

Seattles' all-a-buzz with a new and exciting Amazon service (no... it's not the new Amazon Spheres), dubbed AmazonCaaS [aka Amazon Crime as a Service]; via MG comes this terrific Medium blog post. Today's MustRead!

February 08, 2018 /Marc Handelman
Idiotic Ideas, Physical Security, Blatant Stupidity, Satire, Sarcasm
idiot inside.jpg

Intel Warns Beijing of Spectre/Meltdown, Forgets to Call Washington... →

January 30, 2018 by Marc Handelman in Blatant Stupidity, Hardware Flaws, Hardware Security, Information Security

The stupidity just won't stop from the executives at Intel; Indeed... H/T

January 30, 2018 /Marc Handelman
Blatant Stupidity, Hardware Flaws, Hardware Security, Information Security
HJuchwA.gif

Quantum? Hardly. →

December 19, 2017 by Marc Handelman in Blatant Stupidity

Mozilla Foundation: Bad marketing decisions at the highest levels of the Foundation, should be a wakeup call for a house cleaning at the non-profit organization, not to mention a reset as to expectations regarding user privacy (regardless of the Foundations' platitudes talking up privacy). Coupled with tremendously flawed architectural decisions targeting application, functionality, browser and network security behaviors adding up to anti-patterns rampant throughout the product. Just shameful, and then, there's this...

Updated: Here's Chris Hoffman's take on the de-evolution of Mozilla, for good measure... In which, the ongoing infamous browser data sharing between Mozilla Foundation and Cliqz in Germany.

December 19, 2017 /Marc Handelman
Blatant Stupidity
Larry and Sergey Gotta Be Ebil.jpg

Want A Maliccous App? →

November 17, 2017 by Marc Handelman in Android, Information Security, Blatant Stupidity

Drive-by the Google Play Store...

November 17, 2017 /Marc Handelman
Android, Information Security, Blatant Stupidity
  • Newer
  • Older