Another day, another data thievery revelation at Facebook, Inc. (Nasdaq: FB). It's time for our national law enforcement agencies to take action and act in the manner they would against any other organized criminal enterprise. Raid the corporate headquarters, arrest, detain, interrogate and incarcerate the C-level personnel (including recently separated personnel) and prosecute. Then there's this well crafted explanaotry post at The Hacker News providing another take on the company's criminal behaviors...
'An anonymous security researcher, who sports the handle e-sushi on Twitter, first noticed that the company was asking some new users to enter their email passwords to verify their identities, a deeply anti-security request even on its own. Business Insider then spotted that if you did this a dialogue box popped up warning you – with no chance to cancel, pause or opt out – that it was importing all your contacts.' - via John Oates reporting for El Reg
In perhaps the singularly snarky (yet fundamentally true) privacy piece posted targeting privacy invading smart devices on El Reg in the past couple of weeks, comes reporter Alistair Dabbs' jaundiced (and highly entertaining) focused, tech-askew-world-view of so-called 'smart speakers', and other detritus emanating out of the 'robber-baron-age-of-tech'. Enjoy.
"Some 14 years after the publication of NASA-linked research on sub-vocal speech recognition, the genre is currently enjoying a bit of a revival. In the near future, you will acquire the valuable skill to accidentally tell Alexa to buy 400 rolls of toilet paper simply by clearing your throat." - via Alistair Dabbs' privacy piece posted at The Register
via Chris Morris' well-crafted reportage at Fortune, comes the story of illegal data sharing engaged in by Motel 6, and the $12,000,000 price tag the company coughed up in settlement fines to the State of Washington. I guess they might not be 'leaving the light on for you' - for a while... Today's Must Read.
"Motel 6 will take a $12 million hit for allegedly sharing the personal information of about 80,000 guests with immigration officials without the knowledge or permission of those customers. The chain has settled a lawsuit brought by the state of Washington over the controversial policy of seven of its hotels in that state between 2015 and 2017. The company has also said it will stop the practice of handing over guest information without a subpoena or warrant, unless it believes someone is in imminent danger." - via Chris Morris', at Fortune
Why of Why Did I Take The Blue Pill... via BleepingComputer writer Sergiu Gatlan comes research output by SafeBreach security research Dor Azouri, that the tests are focused on the ARM based release, and not the x86-64 product. More information is available at the project's Github site. Additionally, Dor's white paper detailing the project is available under the title "SirepRAT: RCE as SYSTEM on Windows IoT Core", a truly outstanding security project; and a H/T to Sergiu Gatlan - for his original superb reporting.
via Timothy B. Lee, writing at Ars Technica, comes this outstanding, on-target examination of the apparent delusional world Mark Zuckerberg works and lives in... Key Point: The conflation of Facebook (NYSE: FB) and the Internet. Read it and weep my friends, it's the show that never ends...
"Zuckerberg employed one of his favorite rhetorical tricks for defending Facebook: conflating Facebook with the Internet as a whole. It's true, as Zuckerberg writes, that the Internet has made the world more connected and that this has had a lot of positive consequences (as well as some negative ones)." - via Timothy B. Lee, writing at Ars Technica, comes this outstanding story of delusional Facebook leadership.
"While cryptomining died down by the second quarter, a new set of threats were eager to take its place: information stealers. These former banking Trojans— especially Emotet and TrickBot—evolved into droppers with multiple modules for spam production, lateral propagation through networks, data skimmers, and even crypto-wallet stealers." - via Malwarebytes' 2019 State of Malware Report
In preparation for the country's 2020 Olympics (and - ostensibly - in order to avoid catastophic numbers of IoT vectored attacks during the Olympic events)... Probably about 5 years too late, though, as the enormity of fixing the problems may be insurmountable even for the Japanese Governmental Security Groups, who are well-known for attention to detail. Regardless there will certainly be an enormous number of surprises and what-not in their targeted bailiwick of connected devices. H/T
via the highly respected Dan Goodin - Security Editor at Ars Technica, comes the story of a fundamental design weakness at GoDaddy, Inc. (NYSE: GDDY), whcih permitted thousands of domains registered at GoDaddy, Inc. to be hijacked, leading to bomb-threat emails to be processed and delivered on December 13, 2018 (email-serving related data is contained in DNS records - which is not the flaw specifically).
Perhaps a modicum of diligence in ferreting out flaws (ideally on a continuous basis), instead of focusing on creating bullshit laden advertising touting your company's misaligned-to-reality information security architecture and engineering capabilities is in order GoDaddy, Inc.... Let's get those prioritties aligned correctly, and you'll end up with a posture that's squared-away.