Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Great Seal of the State of Texas House of Representatives

Cough Up The Bandwidth

February 15, 2019 by Marc Handelman in Telecom, Radio Telephony, Accountability, Legislation

via Kieren McCarthy, writing at El Reg, reports of a contemplated bill (H.B. 1426) before the State of Texas' House of Representatives ostensibly making data throttling on mobile networks during a declared emergency illegal.

My two-bits is to include incarceration as a penalty, and you'll see some fast action and/or nationalization of the offending company's circuits for (at least) the duration of the emergency plus 45 days... (this would parallel the federalization of our nation's railroads during wartime - last used in the 20th century, during World War II) What'll it be there, Pard? At any rate, this is all speculation...)

February 15, 2019 /Marc Handelman
Telecom, Radio Telephony, Accountability, Legislation

The Foreshadow Attack: Intel On The Ropes →

August 15, 2018 by Marc Handelman in Accountability, Hardware Flaws, Hardware Security, Information Security, Speculative Execution, Security Research

Is Intel Corporation (Nasdaq:INTC) Down and Out, or Just Down? As always you be the judge...

August 15, 2018 /Marc Handelman
Accountability, Hardware Flaws, Hardware Security, Information Security, Speculative Execution, Security Research

Becca Rick's 'How Paypal Shares Your Data' →

January 22, 2018 by Marc Handelman in Accountability, Bulk Data Collection, Complexity, Corporate Evil, Data Mining, Data Leakage, Data Discovery, Information Security

Rebecca (Becca) Rick's has published a highly informative interactive graphic (along with the data source) detailing the Paypal data sharing efforts, in which, your data is published to a multitude of said entities. Astonishing.

Folks, the easiest method to explore this super-graphic is to click this post's title, or the "published" link above, and magically visit the interactive graphic on Ms. Rick's site. Rated Highly Entertaining by Infosecurity.US!

Thanks for the H/T!

January 22, 2018 /Marc Handelman
Accountability, Bulk Data Collection, Complexity, Corporate Evil, Data Mining, Data Leakage, Data Discovery, Information Security

US Congress Sells Out

March 31, 2017 by Marc Handelman in Accountability, All is Information, Governmental Corruption, Feet of Clay, Demise of Privacy, Privacy, Blatant Stupidity

Ladies and Gentlemen, Girls and Boys: Behold the list of both United States Senators and United States House of Representatives that voted to sell out your personal information while online (i.e., your precious online privacy) for monetary gain.

Each surname noted below, possesses a link to that Senator or Representative's contact page, to make it super-easy to let them know what you think. Oh, and for you parents/grandparents, gaurdians this includes all data requests coming from your home, i.e., your children's' data will also be swept up in this nightmare maelstrom example of the surveillance state. Enjoy

Senate of the UNITED STATES of AMERICA

YEA -- 50

U.S. Senate Roll Call Votes 115th Congress - 1st Session

Question: On the Joint Resolution (S.J. Res. 34 )

Alexander (R-TN)
Barrasso (R-WY)
Blunt (R-MO)
Boozman (R-AR)
Burr (R-NC)
Capito (R-WV)
Cassidy (R-LA)
Cochran (R-MS)
Collins (R-ME)
Corker (R-TN)
Cornyn (R-TX)
Cotton (R-AR)
Crapo (R-ID)
Cruz (R-TX)
Daines (R-MT)
Enzi (R-WY)
Ernst (R-IA)
Fischer (R-NE)
Flake (R-AZ)
Gardner (R-CO)
Graham (R-SC)
Grassley (R-IA)
Hatch (R-UT)
Heller (R-NV)
Hoeven (R-ND)
Inhofe (R-OK)
Johnson (R-WI)
Kennedy (R-LA)
Lankford (R-OK)
Lee (R-UT)
McCain (R-AZ)
McConnell (R-KY)
Moran (R-KS)
Murkowski (R-AK)
Perdue (R-GA)
Portman (R-OH)
Risch (R-ID)
Roberts (R-KS)
Rounds (R-SD)
Rubio (R-FL)
Sasse (R-NE)
Scott (R-SC)
Shelby (R-AL)
Strange (R-AL)
Sullivan (R-AK)
Thune (R-SD)
Tillis (R-NC)
Toomey (R-PA)
Wicker (R-MS)
Young (R-IN)

HOUSE OF REPRESENTATIVES of the UNITED STATES OF AMERICA

YEA -- 215

Abraham (R-LA)
Aderholt (R-AL)
Allen (R-GA)
Amodei (R-NV)
Arrington (R-TX)
Babin (R-TX)
Bacon (R-NE)
Banks (R-IN)
Barletta (R-PA)
Barr (R-KY)
Barton (R-TX)
Bergman (R-MI)
Biggs (R-AZ)
Bilirakis (R-FL)
Bishop (R-MI)
Bishop (R-UT)
Black (R-TN)
Blackburn (R-KY)
Blum (R-IA)
Bost (R-IL)
Brady (R-TX)
Brat (R-VA)
Bridenstine (R-OK)
Brooks (R-IN)
Buchanan (R-FL)
Buck (R-CO)
Bucshon (R-IN)
Budd (R-NC)
Burgess (R-TX)
Byrne (R-AL)
Calvert (R-CA)
Carter (R-GA)
Carter (R-TX)
Chabot (R-OH)
Chaffetz (R-UT)
Cheney (R-WY)
Cole (R-OK)
Collins (R-GA)
Collins (R-NY)
Comer (R-KY)
Comstock (R-VA)
Conaway (R-TX)
Cook (R-CA)
Costello (R-PA)
Cramer (R-ND)
Crawford (R-AR)
Culberson (R-TX)
Curbelo (R-FL)
Davis (R-IL)
Denham (R-CA)
Dent (R-PA)
DeSantis (R-FL)
DesJarlais (R-TN)
Diaz-Balart (R-FL)
Donovan (R-NY)
Duncan (R-SC)
Dunn (R-FL)
Emmer (R-MN)
Farenthold (R-TX)
Ferguson (R-GA)
Fitzpatrick (R-PA)
Fleischmann (R-TN)
Flores (R-TX)
Fortenberry (R-NE)
Foxx (R-NC)
Franks (R-AZ)
Frelinghuysen (R-NJ)
Gaetz (R-FL)
Gallagher (R-WI)
Garrett (R-VA)
Gibbs (R-OH)
Gohmert (R-TX)
Goodlatte (R-VA)
Gosar (R-AZ)
Gowdy (R-SC)
Granger (R-TX)
Graves (R-GA)
Graves (R-LA)
Graves (R-MO)
Griffith (R-VA)
Grothman (R-WI)
Guthrie (R-KY)
Harper (R-MS)
Harris (R-MD)
Hartzler (R-MO)
Hensarling (R-TX)
Hice (R-GA)
Higgins (R-LA)
Holding (R-NC)
Hollingsworth (R-IN)
Hudson (R-NC)
Huizenga (R-MI)
Hultgren (R-IL)
Hunter (R-CA)
Hurd (R-TX)
Issa (R-CA)
Jenkins (R-KS)
Jenkins (R-WV)
Johnson (R-LA)
Johnson (R-OH)
Johnson (R-TX)
Jordan (R-OH)
Joyce (R-OH)
Katko (R-NY)
Kelly (R-MS)
Kelly (R-PA)
King (R-IA)
King (R-NY)
Kinzinger (R-IL)
Knight (R-CA)
Kustoff (R-TN)
Labrador (R-ID)
LaHood (R-IL)
LaMalfa (R-CA)
Lamborn (R-CO)
Lance (R-NJ)
Latta (R-OH)
Lewis (R-MN)
LoBiondo (R-NJ)
Long (R-MO)
Loudermilk (R-GA)
Love (R-UT)
Lucas (R-OK)
Luetkemeyer (R-MO)
MacArthur (R-NJ)
Marchant (R-TX)
Marshall (R-KA)
Massie (R-KY)
Mast (R-FL)
McCarthy (R-CA)
McCaul (R-TX)
McHenry (R-NC)
McKinley (R-WV)
McMorris Rodgers (R-WA)
McSally (R-AZ)
Meadows (R-NC)
Meehan (R-PA)
Messer (R-IN)
Mitchell (R-MI)
Moolenaar (R-MI)
Mooney (R-WV)
Mullin (R-OK)
Murphy (R-PA)
Newhouse (R-WA)
Noem (R-SD)
Nunes (R-CA)
Olson (R-TX)
Palazzo (R-MS)
Palmer (R-AL)
Paulsen (R-MN)
Pearce (R-NM)
Perry (R-PA)
Poe (R-TX)
Poliquin (R-ME)
Posey (R-FL)
Ratcliffe (R-TX)
Reed (R-NY)
Renacci (R-OH)
Rice (R-SC)
Roby (R-AL)
Roe (R-TN)
Rogers (R-AL)
Rogers (R-KY)
Rohrabacher (R-CA)
Rokita (R-IN)
Rooney (R-FL)
Roskam (R-IL)
Ross (R-FL)
Rothfus (R-PA)
Rouzer (R-NC)
Royce (R-CA)
Russell (R-OK)
Rutherford (R-FL)
Scalise (R-LA)
Schweikert (R-AZ)
Scott (R-GA)
Sensenbrenner (R-WI)
Sessions (R-TX)
Shimkus (R-IL)
Shuster (PA-IL)
Smith (R-MO)
Smith (R-NE)
Smith (R-NJ)
Smith (R-TX)
Smucker (R-PA)
Stewart (R-UT)
Stivers (R-OH)
Taylor (R-VA)
Tenney (R-NY)
Thompson (R-PA)
Thornberry (R-TX)
Tiberi (R-OH)
Tipton (R-CO)
Trott (R-MI)
Turner (R-OH)
Upton (R-MI)
Valadao (R-CA)
Wagner (R-MO)
Walberg (R-MI)
Walden (R-OR)
Walker (R-NC)
Walorski (R-IN)
Walters (R-CA)
Weber (R-TX)
Webster (R-FL)
Wenstrup (R-OH)
Westerman (R-AR)
Williams (R-TX)
Wilson (R-SC)
Wittman (R-VA)
Womack (R-AR)
Woodall (R-GA)
Yoho (R-FL)
Young (R-AK)
Young (R-IA)

March 31, 2017 /Marc Handelman
Accountability, All is Information, Governmental Corruption, Feet of Clay, Demise of Privacy, Privacy, Blatant Stupidity

That Ole Pesky PII - Microsoft Drops Docs.com Search →

March 27, 2017 by Marc Handelman in Accountability, All is Information, Blatant Stupidity

Incroyable, mais vrai. Microsoft Corporation (NasdaqGS: MSFT) owned server platform's at Docs.com's search functionality exposes Personal Identifiable Information of hundreds - perhaps, thousands - of users... Does Microsoft Corporation believe that dropping search functionality will relieve the Corporation of risk?

Why weren't prudent safegaurds put in place to protect the Corporation's users (and the Corporation as well)? At the very least, a check for PII to assist in mitigating the exposure (risk-wise) to the Corporation? Do they check for malware or evil embedded macros in these documents? Who forgot to check for PII? Was the Corporation's well-seasoned Legal Department part of the sign off process to this debacle?

Perhaps the Corporation might want to take a gander at Identity and Access Management to help secure the product. Oracle's (NYSE: ORCL) got a great product...Just sayin'.

March 27, 2017 /Marc Handelman
Accountability, All is Information, Blatant Stupidity

Fingered →

January 16, 2017 by Marc Handelman in Accountability, All is Information, Analytics, Application Security, Attribution, Cybersecurity, Fingerprinting, Forensication, Information Security, Web Security

Relatively new fingerprinting techniques were brought to my attention last week (H/T), that (reportedly) focus on the identification of browser users and utilization across multiple application deployments. Enjoy.

January 16, 2017 /Marc Handelman
Accountability, All is Information, Analytics, Application Security, Attribution, Cybersecurity, Fingerprinting, Forensication, Information Security, Web Security

33c3, James Bridle's 'A New Dark Age' →

January 15, 2017 by Marc Handelman in Conferences, Information Security, Accountability, Big Data, Data That Is Big
January 15, 2017 /Marc Handelman
Conferences, Information Security, Accountability, Big Data, Data That Is Big

Linux Security, The Litany of Failure →

December 16, 2016 by Marc Handelman in Accountability, All is Information, Information Security, Operating System Security, Linux Security, Linux

Well-wrought thought piece on the failure of Red Hat and Ubuntu to secure their respective distros utilizing standardization in the form of reproducible builds (and other means).

Damn kids apparently have forgotten their lessons whilst in kindergarten regarding safe and fair play. In this case, however, we have the added component of organizations, companies and individuals suffering due to the ineptitude of the big names in Linux... Astounding.

h/t

December 16, 2016 /Marc Handelman
Accountability, All is Information, Information Security, Operating System Security, Linux Security, Linux

ISOC 2016 Global Internet Report →

November 25, 2016 by Marc Handelman in Accountability, All is Information, Information Security, Database Security, Data Security, Web Security, WebTrust, Online Trust, ISOC

Behold, the Internet Society's 2016 Global Internet Report: 'The Economics of Building Trust Online: Preventing Data Breaches. Fascinating reading.

November 25, 2016 /Marc Handelman
Accountability, All is Information, Information Security, Database Security, Data Security, Web Security, WebTrust, Online Trust, ISOC

Motivation, Defined →

November 23, 2016 by Marc Handelman in Accountability, Physical Security, Nippon

Simply astounding sinkhole repair completed in a single week, near the center of Fukuoka, Nippon. The physical security ramifications for failure on this project must have been immense, considering the buildings immediately adjacent to the hole.

November 23, 2016 /Marc Handelman
Accountability, Physical Security, Nippon

Information Warfare - Entertainment Industry Targeted →

November 16, 2016 by Marc Handelman in Accountability, All is Information, Information Security, Information Warfare

Apparently, The Peoples Republic of China's wealthiest individual is attempting to crack the 'Hollywood Code' via acquisition... Read Judicial Watch's take.

'A one-time commander in China’s Communist Red Army has launched information warfare with an aggressive plan to invest billions in all six major Hollywood studios, a show business trade publication reports, describing the foreign deal as an unprecedented push into the U.S. entertainment sector. The former People’s Liberation Army (PLA) regimental commander, Wang Jianlin, is China’s richest man and he’s aggressively pursuing a big chunk of one of the world’s most influential industries.' - via Judicial Watch's post 'Information Warfare: Communist Takeover of U.S. Entertainment Industry'.
November 16, 2016 /Marc Handelman
Accountability, All is Information, Information Security, Information Warfare

Web of Trust, Not So Trustworthy After All →

November 08, 2016 by Marc Handelman in Accountability, All is Information, Blatant Stupidity, Demise of Privacy, Information Security

Apparently, WOT is now a three letter acronym for Feet of Clay...

November 08, 2016 /Marc Handelman
Accountability, All is Information, Blatant Stupidity, Demise of Privacy, Information Security

Julian's Grounded

October 21, 2016 by Marc Handelman in Accountability, All is Information, Espionage, Information Security, United States of America, National Security

Ecuador's moves imply an effort to protect relations with the United States of America, in their termination of Assanges' internet access, citing attempts to influence elections. Certainly a prudent choice.

 

October 21, 2016 /Marc Handelman
Accountability, All is Information, Espionage, Information Security, United States of America, National Security

Gap, Gendered →

October 07, 2016 by Marc Handelman in Accountability, All is Information, Women In Infosec, Good Advice, Gender Gap

via ISACA on LinkedIn.

October 07, 2016 /Marc Handelman
Accountability, All is Information, Women In Infosec, Good Advice, Gender Gap

Credit: Johnson & Johnson

Johnson & Johnson, The Warning

October 05, 2016 by Marc Handelman in Accountability, All is Information, Information Security, Medical Device Security

Jim Finkle, writing at Reuters, shares a warning - via Johnson & Johnson (NasdaqGS: JNJ) - of an insulin pump security flaw that permits exploitation thereof. Kudos are in order for the diligent efforts brought to bear on this flaw by the researcher - Jay Radcliffe, of Rapid7 (see the 2016/09/28 notification at the Rapid7 Community blog). Outstanding work.

" Using industry standard encryption with a unique key pair would mitigate these issues. Affected users can avoid these issues entirely by disabling the radio (RF) functionality of the device. On the OneTouch Ping Insulin Pump, this is done through the Setup -> Advanced -> Meter/10 screen, and selecting "RF = OFF". In addition, the vendor has provided other mitigations for these issues, described on their website and in letters being sent to all patients using the pump and health care professionals. Patients should consult with their own endocrinologist about any aspect of their ongoing medical care.' via Rapid7

 

 

October 05, 2016 /Marc Handelman /Source
Accountability, All is Information, Information Security, Medical Device Security

Sorry, I'm just too gosh darn busy...

YAHOO! Could Have Reset All Passwords →

September 29, 2016 by Marc Handelman in Accountability, All is Information, Blatant Stupidity, Information Security

Apparently, Marissa was too busy with her resume to direct customer protection.

September 29, 2016 /Marc Handelman
Accountability, All is Information, Blatant Stupidity, Information Security

Come Clean →

August 29, 2016 by Marc Handelman in Accountability, Corporate Evil, Operating System Security, Operating Systems

Meanwhile, in Microsoft Corporation (NASDAQGS: MSFT) news, comes this piece from BGR;  focusing on the EFF's targeting of the Redmond, WA leviathan's allegedly egregious use of Windows Update to push Windows 10 onto user's desktops... Visit the Electronic Frontier Foundation's blog for more info.

August 29, 2016 /Marc Handelman
Accountability, Corporate Evil, Operating System Security, Operating Systems

Sunday Security Maxim →

June 05, 2016 by Marc Handelman in All is Information, Accountability, Attribution

“Accountability Maxim: Organizations that talk a lot about holding people accountable for security will never have good security. Security needs to be motivated, not threatened.”

Excerpt From: Roger Johnston. “Security Sound Bites: Important Ideas About Security From Smart-Ass, Dumb-Ass, and Kick-Ass Quotations.”

June 05, 2016 /Marc Handelman
All is Information, Accountability, Attribution