"Facebook's $5 billion settlement with the Federal Trade Commission this summer smashed records: the FTC had never before fined any company such a hefty amount. But even though critics immediately lambasted the deal as a comparative slap on the wrist for Facebook, which earned about $56 billion in revenue in 2018, newly released documents show that the company was working hard to avoid any penalty at all—and its arguments then are just a prelude to defenses it may mount now, as dozens of state, federal, and international probes pile up around it." - via Kate Cox, comes this superlative piece at Ars Technica
via Bhaskar Chakravorti, PhD - the Dean of Global Business, The Fletcher School at Tufts University, comes this thought provoking piece targeting Facebook Inc.'s (NASDAQ: FB) new 'Privacy Cop'. Certainly, today's Must Read.
'In my opinion, in order to be effective, there are three main privacy-related concerns the FTC’s newly designated cop would need to look out for: the potential for genuine violations of users’ privacy; the targeted spread of harmful content, especially resulting in election manipulation and ethnic violence; and instances of collecting and harvesting far more data than is warranted to provide services to users.' - via Bhaskar Chakravorti, PhD Dean of Global Business, The Fletcher School at Tufts University
The Department of Justice announced yesterday (20190722) the defendant (Microsoft Corporation (NASDAQ: MSFT) has agreed to pay $25.3 Million USD to settle violations of the United States Bribery Statutes, when the Redmond, Washington software leviathan decided it should bribe government officials in Hungary and other countries in the Eurozone to gain ill-gotten gains.
via Threatpost author Lindsey O'Donnell, come this remarkably lucid, well crafted interview piece dissecting the nature of low-hanging fruits, where the fruits under scrutiny are in fact cities themselves, specifically - Atlanta. Ensconced (if you will) in the Peach State... Most certainly Today's Must Read.
via Jon Brodkin, writing at Ars Technica, comes the story of a total of $35 million dollars paid by two sketchy retail corporations (Office Depot and it's partner in crime - Support.com) in the US, whom have fallen from grace most profoundly. Read it and rejoice for a US Federal Agency living up to it's mandate and doing the Rght Thing.
The FTC yesterday announced that Office Depot and its software supplier, Support.com, have agreed to pay a total of $35 million in settlements with the agency. Office Depot agreed to pay $25 million while Support.com will pay the other $10 million. The FTC said it intends to use the money to provide refunds to wronged consumers. - via Jon Brodkin, writing superb reportage at Ars Technica
via Kate Fazzini, writing at CNBC, comes a tale of sweaty desperation, criminal extortion and the appalling dearth of morality in the so-called 'Cybersecurity Marketplace'. Detailing what she describes as 'aggressive tactics' - in reality, simple, single-source extortion - as exhibited by 'cybersecurity vendor salespeople - and their ilk. Today's Must Read.
"The cybersecurity vendor marketplace is growing so crowded that some companies have been resorting to extreme tactics to get security executives on the phone to pitch their products, including lying about security emergencies and threatening to expose insignificant breaches to the media." - via Kate Fazzini, writing at CNBC
via Sam Schechner, writing at The Wall Street Journal (Warning: Paywall), comes a story of immense Facebookery that serves to reinforce the notion of user distrust from the top to the bottom at the now embattled Social Data Vacuuming firm. I give them (at most) five more years, what's your wager of the company's lifespan?
"Under pressure over its data collection, Facebook Chief Executive Mark Zuckerberg said last year that the company would create a feature called “Clear History” to allow users to see what data Facebook had collected about them from applications and websites, and to delete it from Facebook. The company says it is still building the technology needed to make the feature possible." - via Sam Schechner, writing at The Wall Street Journal, in his piece on tell - all apps
via Graham Cluely's timely security blog, comes the story of Carole Cadwalladr whom, in her day job, is famous for her highly competent reportage at The Guardian. The specific reporting series is here. Detailing not-so-secret fundamental security and privacy flaws; all combined into a porridge with both blatant stupudity and greed as spices, in which, the aforementioned porridge turns out to be a not-so-tasty dish for Facebook Inc. (NASDAQ: FB) and Cambridge Analytica (now in receivership)... If you spend any time contemplating the evil that is Facebook, read Carole Cadwalladr's work and you'll experience a Silicon Valley revelation (perhaps some avocado toast will calm you down). Today's Must Read!
BGP Related Issues, Along With Malicious Redirection Predicated On Fraudulent Routes To Blame
via Dan Goodin's typically superlative prose, at Ars Technica, in which, Dan details the issues, titled 'Suspicious Event Hijacks Amazon Traffic For 2 Hours, Steals Cryptocurrency' comes the root cause of the Amazon Route53 debacle. Additionally, a great tell-all piece entitled 'Another BGP Hijacking Event Highlights the Importance of MANRS and Routing Security' (discussing the same issues as Mr. Goodin), via The Internet Society's Megan Kruse and Aftab Siddiqui is also worthy of note. Fundamentally, the IETF should step up it's efforts to deal with these issues (and perhaps take MANRS into consideration ASAP. It is important to note that the Internet Engineering Task Force (IETF) is an organized activity of The Internet Society's, and has been for more that a decade. Both posts are Today's Must Read.
via Peter Rudegeair and AnnaMaria Andriotis - writing at The Wall Street Journal - comes a good example of crime reportage, regaling us with an exposé of pernicious criminality within the Identity Theft arena: The utilization of Synthetic Identities leveraged to abscond with fungible assets... In this case, to the tune of billions of dollars. While not new - as the article erroneously claims in both it's title and body copy - the use of synthetic identities targeting our children's identities and unused Social Security Numbers has been an ever-increasing fraud modality for a number of years. Today's Must Read.
News of evidence - via a Dartmouth research program team (Julia Dressel and Hany Farid) - of potentially flawed prediction algorithms in a mission critical software product (Correctional Offender Management Profiling for Alternative Sanctions (COMPAS)) utilized by a large number of jurisdiction in the United States and Canada... Read the abstract and full research report in J. Dressel el al., “The accuracy, fairness, and limits of predicting recidivism,” Science Advances 4, No. 1 (17 January 2018) (DOI: 10.1126/sciadv.aao5580) or download the study's PDF. Enjoy.
Citation: J. Dressel, H. Farid, The accuracy, fairness, and limits of predicting recidivism. Sci. Adv. 4, eaao5580 (2018).
via Phys.org, comes a brief news item targeting the trojan exploit dubbed 'Adylkuzz', and it's mining feature. Additionally, read the highly detailed Proofpoint post, of which, contains the true gist of this trojan, as it were..
'Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to "mine" in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.' - via Phys.org
"To exploit the vulnerability, a criminal would need to pose as the control server, which is possible via ARP spoofing, or by simply connecting the ATM to a criminal-controlled network connection," said Georgy Zaytsev, a researcher with Positive Technologies. "During the process of generating the public key for traffic encryption, the rogue server can cause a buffer overflow on the ATM due to failure on the client side to limit the length of response parameters and send a command for remote code execution." - via John Leyden, at El Reg