Information Security & Occasional Forays Into Adjacent Realms
Further proof that the End-Of-The-World-Is-Near: Microsoft Corporation's (NasdaqGS: MSFT) LinkedIn just released a new update for the Company's already slightly-suspicious mobile app that permits Bluetooth connectivity (for location tracking) to fellow LinkedIn members. Reportedly, the feature does not require the app to be running... What could possibly go wrong?
Ladies and Gentlemen, Girls and Boys: Behold the list of both United States Senators and United States House of Representatives that voted to sell out your personal information while online (i.e., your precious online privacy) for monetary gain.
Each surname noted below, possesses a link to that Senator or Representative's contact page, to make it super-easy to let them know what you think. Oh, and for you parents/grandparents, gaurdians this includes all data requests coming from your home, i.e., your children's' data will also be swept up in this nightmare maelstrom example of the surveillance state. Enjoy
YEA -- 50
U.S. Senate Roll Call Votes 115th Congress - 1st Session
Question: On the Joint Resolution (S.J. Res. 34 )
Alexander (R-TN)
Barrasso (R-WY)
Blunt (R-MO)
Boozman (R-AR)
Burr (R-NC)
Capito (R-WV)
Cassidy (R-LA)
Cochran (R-MS)
Collins (R-ME)
Corker (R-TN)
Cornyn (R-TX)
Cotton (R-AR)
Crapo (R-ID)
Cruz (R-TX)
Daines (R-MT)
Enzi (R-WY)
Ernst (R-IA)
Fischer (R-NE)
Flake (R-AZ)
Gardner (R-CO)
Graham (R-SC)
Grassley (R-IA)
Hatch (R-UT)
Heller (R-NV)
Hoeven (R-ND)
Inhofe (R-OK)
Johnson (R-WI)
Kennedy (R-LA)
Lankford (R-OK)
Lee (R-UT)
McCain (R-AZ)
McConnell (R-KY)
Moran (R-KS)
Murkowski (R-AK)
Perdue (R-GA)
Portman (R-OH)
Risch (R-ID)
Roberts (R-KS)
Rounds (R-SD)
Rubio (R-FL)
Sasse (R-NE)
Scott (R-SC)
Shelby (R-AL)
Strange (R-AL)
Sullivan (R-AK)
Thune (R-SD)
Tillis (R-NC)
Toomey (R-PA)
Wicker (R-MS)
Young (R-IN)
YEA -- 215
Abraham (R-LA)
Aderholt (R-AL)
Allen (R-GA)
Amodei (R-NV)
Arrington (R-TX)
Babin (R-TX)
Bacon (R-NE)
Banks (R-IN)
Barletta (R-PA)
Barr (R-KY)
Barton (R-TX)
Bergman (R-MI)
Biggs (R-AZ)
Bilirakis (R-FL)
Bishop (R-MI)
Bishop (R-UT)
Black (R-TN)
Blackburn (R-KY)
Blum (R-IA)
Bost (R-IL)
Brady (R-TX)
Brat (R-VA)
Bridenstine (R-OK)
Brooks (R-IN)
Buchanan (R-FL)
Buck (R-CO)
Bucshon (R-IN)
Budd (R-NC)
Burgess (R-TX)
Byrne (R-AL)
Calvert (R-CA)
Carter (R-GA)
Carter (R-TX)
Chabot (R-OH)
Chaffetz (R-UT)
Cheney (R-WY)
Cole (R-OK)
Collins (R-GA)
Collins (R-NY)
Comer (R-KY)
Comstock (R-VA)
Conaway (R-TX)
Cook (R-CA)
Costello (R-PA)
Cramer (R-ND)
Crawford (R-AR)
Culberson (R-TX)
Curbelo (R-FL)
Davis (R-IL)
Denham (R-CA)
Dent (R-PA)
DeSantis (R-FL)
DesJarlais (R-TN)
Diaz-Balart (R-FL)
Donovan (R-NY)
Duncan (R-SC)
Dunn (R-FL)
Emmer (R-MN)
Farenthold (R-TX)
Ferguson (R-GA)
Fitzpatrick (R-PA)
Fleischmann (R-TN)
Flores (R-TX)
Fortenberry (R-NE)
Foxx (R-NC)
Franks (R-AZ)
Frelinghuysen (R-NJ)
Gaetz (R-FL)
Gallagher (R-WI)
Garrett (R-VA)
Gibbs (R-OH)
Gohmert (R-TX)
Goodlatte (R-VA)
Gosar (R-AZ)
Gowdy (R-SC)
Granger (R-TX)
Graves (R-GA)
Graves (R-LA)
Graves (R-MO)
Griffith (R-VA)
Grothman (R-WI)
Guthrie (R-KY)
Harper (R-MS)
Harris (R-MD)
Hartzler (R-MO)
Hensarling (R-TX)
Hice (R-GA)
Higgins (R-LA)
Holding (R-NC)
Hollingsworth (R-IN)
Hudson (R-NC)
Huizenga (R-MI)
Hultgren (R-IL)
Hunter (R-CA)
Hurd (R-TX)
Issa (R-CA)
Jenkins (R-KS)
Jenkins (R-WV)
Johnson (R-LA)
Johnson (R-OH)
Johnson (R-TX)
Jordan (R-OH)
Joyce (R-OH)
Katko (R-NY)
Kelly (R-MS)
Kelly (R-PA)
King (R-IA)
King (R-NY)
Kinzinger (R-IL)
Knight (R-CA)
Kustoff (R-TN)
Labrador (R-ID)
LaHood (R-IL)
LaMalfa (R-CA)
Lamborn (R-CO)
Lance (R-NJ)
Latta (R-OH)
Lewis (R-MN)
LoBiondo (R-NJ)
Long (R-MO)
Loudermilk (R-GA)
Love (R-UT)
Lucas (R-OK)
Luetkemeyer (R-MO)
MacArthur (R-NJ)
Marchant (R-TX)
Marshall (R-KA)
Massie (R-KY)
Mast (R-FL)
McCarthy (R-CA)
McCaul (R-TX)
McHenry (R-NC)
McKinley (R-WV)
McMorris Rodgers (R-WA)
McSally (R-AZ)
Meadows (R-NC)
Meehan (R-PA)
Messer (R-IN)
Mitchell (R-MI)
Moolenaar (R-MI)
Mooney (R-WV)
Mullin (R-OK)
Murphy (R-PA)
Newhouse (R-WA)
Noem (R-SD)
Nunes (R-CA)
Olson (R-TX)
Palazzo (R-MS)
Palmer (R-AL)
Paulsen (R-MN)
Pearce (R-NM)
Perry (R-PA)
Poe (R-TX)
Poliquin (R-ME)
Posey (R-FL)
Ratcliffe (R-TX)
Reed (R-NY)
Renacci (R-OH)
Rice (R-SC)
Roby (R-AL)
Roe (R-TN)
Rogers (R-AL)
Rogers (R-KY)
Rohrabacher (R-CA)
Rokita (R-IN)
Rooney (R-FL)
Roskam (R-IL)
Ross (R-FL)
Rothfus (R-PA)
Rouzer (R-NC)
Royce (R-CA)
Russell (R-OK)
Rutherford (R-FL)
Scalise (R-LA)
Schweikert (R-AZ)
Scott (R-GA)
Sensenbrenner (R-WI)
Sessions (R-TX)
Shimkus (R-IL)
Shuster (PA-IL)
Smith (R-MO)
Smith (R-NE)
Smith (R-NJ)
Smith (R-TX)
Smucker (R-PA)
Stewart (R-UT)
Stivers (R-OH)
Taylor (R-VA)
Tenney (R-NY)
Thompson (R-PA)
Thornberry (R-TX)
Tiberi (R-OH)
Tipton (R-CO)
Trott (R-MI)
Turner (R-OH)
Upton (R-MI)
Valadao (R-CA)
Wagner (R-MO)
Walberg (R-MI)
Walden (R-OR)
Walker (R-NC)
Walorski (R-IN)
Walters (R-CA)
Weber (R-TX)
Webster (R-FL)
Wenstrup (R-OH)
Westerman (R-AR)
Williams (R-TX)
Wilson (R-SC)
Wittman (R-VA)
Womack (R-AR)
Woodall (R-GA)
Yoho (R-FL)
Young (R-AK)
Young (R-IA)
Incroyable, mais vrai. Microsoft Corporation (NasdaqGS: MSFT) owned server platform's at Docs.com's search functionality exposes Personal Identifiable Information of hundreds - perhaps, thousands - of users... Does Microsoft Corporation believe that dropping search functionality will relieve the Corporation of risk?
Why weren't prudent safegaurds put in place to protect the Corporation's users (and the Corporation as well)? At the very least, a check for PII to assist in mitigating the exposure (risk-wise) to the Corporation? Do they check for malware or evil embedded macros in these documents? Who forgot to check for PII? Was the Corporation's well-seasoned Legal Department part of the sign off process to this debacle?
Perhaps the Corporation might want to take a gander at Identity and Access Management to help secure the product. Oracle's (NYSE: ORCL) got a great product...Just sayin'.
Apparently, this product is now embedded in a wide range of devices (ranging from Apple Inc. to Dell Computers and more). I do architect & advise end-point security efforts in my work (agnostic that I am - I do not recommend individual products), but certainly not an embedded product in BIOS or EFI. Could it be rightly called 'The Self-Healing Endpoint of Privacy'? Has a meme been created? You be the judge - Me?, I'm going back to paper and pencil, air-gapped (of course - dammit, air-gaps are no guaranty of secure platforms either...). What to do. Tip o' the Hat.
Blatant stupidity displayed by Symantec Corporation (NasdaqGS:SYMC) in the hotly-contested CA space is the topic of todays' how-not-to-do-business-in-the-technical-sector. Evidence published on Friday of last week, by Ars Technica Security Editor Dan Goodin points to illicit CA artifact issuance by the company. The discovery was made by a third party reseller monikered SSLMate. Read it and weep for the encrypted interwebs.
Apparently, WOT is now a three letter acronym for Feet of Clay...
via ZDNet's Charlie Osborne comes a well-wrought report of the continued unremediated and unmitigated flaws in Microsoft Corporation's (NasdaqGS: MSFT) Windows 10.
Hacker News writer Mohit Kumar, regales us with the unfortunate and unsurprising news: A Twelve Year Old SSH Flaw comes back to bite the nascent and deeply flawed IoT industry. Read it and weep my friends, at the show that never ends...
Sorry, I'm just too gosh darn busy...
Apparently, Marissa was too busy with her resume to direct customer protection.
Is the latest Windows 10 Anniversary Edition video camera snafu another serious Microsoft Corporation (NASDAQ: MSFT) blunder or is it intentional... Likely the former, but, you be the judge.
Thomas Fox-Brewster, writing at Forbes, regales us with the latest display of the demise of privacy: The formerly private records of 191,000,000 United States citizen's voting data, apparently yearning to be free, was granted it's wish and published in an on-line database of reportedly unknown origins... Available for consumption on our beloved interwebs. Astounding.
Really has to be read to beleive it... This weeks' evidence that stupidity is most certainly alive and well in the network hardware business points to the geniuses at D-Link and their publishing of the company's code-signing key - publicly.
"The key expired earlier this month, but Klijnsma said that any software that was signed before the expiration date will continue to be accepted as a legitimate D-Link release. He said the key is accepted by Microsoft Windows code-signing requirements and appears to be accepted by Apple's OS X as well. The security analyst said he has reported the leaked key to officials at Symantec, the security firm that oversees the certificate authority that validated the D-Link key, in hopes of getting it revoked. It's unclear if or when that revocation may happen." - via Ars Technica's Dan Goodin
Fundamental issues revolve around Microsoft Corporations' (NasdaqGS: MSFT) Windows 10; not the least of which is the automated downloading of complete copies of the installation packages for the entire operating system, typically to be shared from your system (wait, what?). Simply proof of the disrepect the company has for it's customer-base and their attendant resources - be it network bandwidth throttling, data caps or local storage constraint (not too mention the astounding sheer stupidity of the decision). Here's how to stop this egregious behavior immediately, and save your resources (unless of course, you would want to move to Apple Inc.'s (NasdaqGS: AAPL) MAC OS X, Open Source operating systems or this (one of my favorites, but them I'm régime ancienne....).
In a well researched and written piece, Chris Hoffman, writing at How-To Geek, reveals at least thirty methods of data collection Microsoft Coporation (NasdsaqGS: MSFT) uses within Windows 10, violating any rational persons' sense of privacy. Is it time for the Federal Trade Commission to step in and investigate this travesty? You be the judge (after all, it's your privacy that's being violated).
Lucas Mearian, writing at ComputerWorld, regales us with the astounding truth: The majority of health care providers and health plans/insurers have been compromised.
All of that is compounded by the same companies transfering risk, in the vainglorius hope they are better off for it.
Likely one of the more blatantly misguided stipulations in the corporeal abomination known as the 'Joint Comprehensive Plan of Action', lies a component of the agreement, in Annex III. Within the Civil Nuclear Cooperation area, and in Section D that apparently commits the United States of America to enter unilateral defense training (think cybersecurity folks) of the Islamic Republic of Iran against all others (in this case the all others would be defined as to the State of Israel):
'10. Co-operation in the form of training courses and workshops to strengthen Iran's ability to prevent, protect and respond to nuclear security threats to nuclear facilities and systems as well as to enable effective and sustainable nuclear security and physical protection systems;' - Joint Comprehensive Plan, Annex III, Civil Nuclear Cooperation, Section D, within Nuclear Safety, Safeguards and Security
Simply speechless at the shenanigans in Redmond, what with the monkeying with WiFi key sharing, and all. Let's see what other sources have to say about [WiFi Sense][1].
Brian Krebs, from Krebs on Security, speaks the truth with obious clarity:
"This brilliant new feature, which Microsoft has dubbed Wi-Fi Sense, doesn’t share your WiFi network password per se — it shares an encrypted version of that password. But it does allow anyone in your Skype or Outlook or Hotmail contacts lists to waltz onto your Wi-Fi network — should they ever wander within range of it or visit your home (or hop onto it secretly from hundreds of yards away with a good ‘ole cantenna!)." - via Brian Krebs at Krebs on Security
And this from the El Reg's Simon Rockman:
Wi-Fi Sense doesn’t reveal the plaintext password to your family, friends, acquaintances, and the chap at the takeaway who's an Outlook.com contact, but it does allow them, if they are also running Wi-Fi Sense, to log in to your Wi-Fi. The password must be stored centrally by Microsoft, and is copied to a device for it to work; Microsoft just tries to stop you looking at it. How successful that will be isn't yet known. - via Simon Rockman at El Reg
