Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Boeing - Say It Ain't So...

August 12, 2019 by Marc Handelman in Corporate Accountability, Information Insecurity, Manufacturing Security, National Security

via Andy Greenberg, comes a particularly troubling piece, written for Wired, in which, Mr. Greenberg details the litany of ineptitude by Boeing Company (NYSE: BA) in securing their code running the company's 787 airframe. Deeply troubling is the operative term in use here, don't you agree? H/T

"...security researcher Ruben Santamarta sat in his home office in Madrid and partook in some creative googling, searching for technical documents related to his years-long obsession: the cybersecurity of airplanes. He was surprised to discover a fully unprotected server on Boeing's network, seemingly full of code designed to run on the company's giant 737 and 787 passenger jets, left publicly accessible and open to anyone who found it. So he downloaded everything he could see." - via Andy Greenberg's, outstanding piece, crafted for Wired

August 12, 2019 /Marc Handelman
Corporate Accountability, Information Insecurity, Manufacturing Security, National Security

Google Utilizing Consumer Gmail Accounts to Track Purchases, Financial Transactions

May 21, 2019 by Marc Handelman in Corporate Evil, Corruption, Tracking, Corporate Accountability, Death of Privacy

News of recently revealed and egregious tracking behaviors at Google Inc. (Nasdaq: GOOG); specifically Google is using your Gmails account to track your purchases. Our suggestions is to immediately remove any financial transaction related messaging from your Gmail accounts without delay - unless of course, you trust Google...

"While Google told us that you can delete this information at any time, they did not mention how much of a pain it is to do so. Instead of having a single setting that allows you to control how this data is saved, you need to go into each and every purchase and click on the Remove Purchase button. This will bring you to the original email that the data was pulled from and once this email is trashed, the purchase will be removed from the Purchases page. " - via Lawrence Abrams, reporting at Bleeping COmputer

May 21, 2019 /Marc Handelman
Corporate Evil, Corruption, Tracking, Corporate Accountability, Death of Privacy

The Tracking of America: Why Are You Letting It Happen?

December 11, 2018 by Marc Handelman in Information Security, Corporate Accountability, Corporate Espionage, Corporate Corruption

Why are both Apple Inc. (NASDAQ: AAPL) and Google Inc. (NASDAQ: GOOG) still permitting clearly ill-conceived user tracking via applications marketed and sold on each company's customer-facing app stores? Surely your privacy and freedom means more to you than the false-and-temporary-convenience of finger, voice and script actuated conveyances of information best retreived in another manner.

December 11, 2018 /Marc Handelman
Information Security, Corporate Accountability, Corporate Espionage, Corporate Corruption

November's Feet of Clay Award: Intel Corporation

November 19, 2018 by Marc Handelman in Corporate Accountability, Corporate Bull, Death of Privacy, Information Security

via the eponymous Patently Apple. comes astounding news of the latest disingenuous attempt at flawed privacy policy creation, this time by the clearly amoral Intel Corporation (NASDAQ: INTC). Remember the 1995-and-onwards vulnerabilities monikered "Meltdown" and "Spectre? These are flaws Intel Corporation have never remediated and evidently never will... All said, would you trust your data to a company that cannot remediate it's own engineering foibles? But I digress (in the vernacular).

The primary driving force that feeds rulemaking for writing public policy that will serve the people in a Constitutional Republic such as the United States of America must commence with forthright consideration of the true owners needs and the effects generated by the policy/rule under consideration, and not the derivative custodians of the assets under discussion. In this case, Consumer Data is the asset, the owners are people like you and yours truly, whilst the custodial holders of that data are the Corporations. The true benefactors are the source of the data: The Consumers. Further, any Policy, Rule, Tort, Bill and Act must-needs address the requirements, safety and prosperity of the true owners of those assets - the Consumers, and not necessarily the Custodians of the Assets.

But wait, there's more; 7 more, that is...

November 19, 2018 /Marc Handelman
Corporate Accountability, Corporate Bull, Death of Privacy, Information Security

Amazon, The Rekognition Fail

July 31, 2018 by Marc Handelman in Hubris, Corporate Evil, Corporate Accountability, Or Lack Thereof

This situation - the failure of a highly touted Amazon Corporation (NasdaqGS: AMZN) machine learning/psuedo-artificial-intelligence API/Database construct known as 'Amazon Rekognition' - is a Prime example of large-scale, resilient corporate hubris. Highly disappointing, yet the stock is not suffering... And, then there's this.

July 31, 2018 /Marc Handelman
Hubris, Corporate Evil, Corporate Accountability, Or Lack Thereof

Bye-Bye, DNA - Hello GSK (and others)

July 28, 2018 by Marc Handelman in Demise of Privacy, Privacy Prophylaxis, Privacy, Corporate Accountability, Corporate Corruption, Corporate Evil, Identity Management, Information Security, Information Sharing, Information Technology

via The Outline's author, Paris Martineau, comes this tale of opt-in/opt-out, GlaxoSmithKline 23andMe. and of course, The Goods - , your DNA. Of which, results in a nagging question: Why would I (or you for that matter), agree to hand over my uniquely identifying DNA data to a commercial enterprise (that only answers to it's shareholders, and only has it's best interests in mind) to use as they see fit? Oh, and a couple of other questions: Do you trust a big-pharma corporation with your own personal Map of Life? What about the future use of that data, once it's in the slipstream of artificially intelligent genetic-testing-reliant health insurance companies? Food for Thought or just Paranoia? You be the judge; after all, it's your DNA, right?

"In short, most — if not all — of the information 23andMe has on its users has probably been shared with someone that isn’t 23andMe itself, and money might have even changed hands. Which is all perfectly within the company’s rights to do, since they agreed to it (probably blindly) when they signed up." - via The Outline author Paris Martineau in the well crafted post 'How To Sign Away The Rights To Your DNA'

July 28, 2018 /Marc Handelman
Demise of Privacy, Privacy Prophylaxis, Privacy, Corporate Accountability, Corporate Corruption, Corporate Evil, Identity Management, Information Security, Information Sharing, Information Technology

Facebookery: Playtime in Palo Alto →

June 19, 2018 by Marc Handelman in Facebookery, Corporate Corruption, Corporate Accountability

via Cyrus Farivar, writing at Ars Technica, comes evidence of skullduggery at Zuckerberg's Facebook Inc. (Nasdaq: FB), this time, in the guise of failing to answer Senatorial queries, simply by ignoring such impudence.

"Notably, Facebook declined to promise to share the results of its post-Cambridge Analytica investigation with the public or even Congress. The social media giant also wouldn’t say if it had ever turned off a feature for privacy reasons." - via Cyrus Farivar, writing at Ars Technica

Senators - this is why the use of subpoena is such a powerful tool, especially against this form of stonewalling; further, don't Senate staffers cover the appropos use of subpoena in your freshman year term classes on *How To Behave Senatorialy? - Mxh (ed.)

June 19, 2018 /Marc Handelman
Facebookery, Corporate Corruption, Corporate Accountability

Well, this time its not a RAM issue, it's much worse...

Google's Litany of Chrome Fail: Malicious Extensions Burgeon Out of Control →

May 16, 2018 by Marc Handelman in Corporate Accountability, Application Security

via Martin Brinkmann, writing at Ghacks, tells us of the shameful track record of Google Inc. aka Alphabet Inc. (Nasdaq: GOOG) in policing the company's own browser (Google Chrome) add-on store; based on this report from Radware.. Not too mention the astonishing numbers of malicous apps in the company's Google Play Android shop. Read it an Weep.

May 16, 2018 /Marc Handelman
Corporate Accountability, Application Security