Read The Telegraph's Robin Pagnamenta's superbly-written piece on TikTok - how the company poses an ostensibly larger and insidious vectored privacy threat as compared to the measly annoyance propagated by Facebook Inc. (NASDAQ: FB); only with a People's Republic of China veneer (and counting amongst it's investors United States based KKR (retired United State Army General David H. Petraeus is a member of the management team at KKR) and Japan - based Softbank Technology Corporation (NASDAQ SFBTF) ). Today's MustRead.
'The Telegraph’s Robin Pagnamenta argues TikTok and its parent company pose a far greater global security concern for Western economies than Chinese telecommunications equipment giant Huawei Technologies. ByteDance’s suite of apps, Pagnamenta warns, “are hoovering up oodles of data on hundreds of millions of foreigners – British, American, Brazilian and Indian – many of them children.' -via Fortune Magazine's Clay Chandler and Eamon Barrett
"Admins, in particular, have had a tough month. April brought widespread breakdowns – bluescreens, hangs, very sluggish behavior – to hundreds of thousands of Win7 and 8.1 machines. This wasn’t a “small percentage” kind of event. For some companies, rebooting overnight on Tuesday brought seas of blue screens on Wednesday morning." Woody Leonhard, reporting at Compterworld, details patch failures in the latest Patch Tuesday event
Quite likely the defining opinion piece, well-crafted by the inimitable Kara Swisher, writing at The New York Times, targeting the the entity known as Facebook, Inc. (NASDAQ: FB) (of which, in our opinion, is a classically structured and well organized criminal enterprise). Today's Must Read.
"With $23 billion in cash on hand, Facebook will see a $5 billion fine as simply the cost of doing business. Needless to say, this is not how fines are supposed to work." - via Kara Swisher's superb opinion piece at The New York Times
Visit Brian Krebs' always well-researched and fact checked information security blog, and Graham Cluley's Twitter Feed for a superb recording of the WIPRO Earnings Call (the recent victims of a pernicous cyberattack), in which, bizarre answers to questions raised by Mr. Krebs were proffered by WIPRO 'Executives'. Todays' Must Read and Hear.
via Chris Morris' well-crafted reportage at Fortune, comes the story of illegal data sharing engaged in by Motel 6, and the $12,000,000 price tag the company coughed up in settlement fines to the State of Washington. I guess they might not be 'leaving the light on for you' - for a while... Today's Must Read.
"Motel 6 will take a $12 million hit for allegedly sharing the personal information of about 80,000 guests with immigration officials without the knowledge or permission of those customers. The chain has settled a lawsuit brought by the state of Washington over the controversial policy of seven of its hotels in that state between 2015 and 2017. The company has also said it will stop the practice of handing over guest information without a subpoena or warrant, unless it believes someone is in imminent danger." - via Chris Morris', at Fortune
Jason Rivera (a Director at CrowdStrike) and Wanda Archy (a Supervisor in RSM's security practice, targeting the Dark Web), writing at Small Wars Journal, in a remarkable tour de force of darkness - in this case, the darkness relates to the so-called Dark Web, and it's apparent suitability for nation-based and non-nation-actor warfare. I can assurte you, Mr. Rivera's and Ms. Archy's paper (in the form of a post) should be considered as today's Must Read.
"Warfare has always and will always continue to evolve – it is therefore prudent for national security professionals to be aware of this evolution and familiarize themselves with the various technological intricacies that will continue to shape the evolution of warfare. The Dark Web, like other emerging technologies, is one of those technological intricacies. " - Jason Rivera and Wanda Archy writing at Small Wars Journal
via the inimitable Rich Mogull, writing at TidBits, comes this interesting take on newly implemented user-land security operability problems in Apple Inc.'s. (Nasdaq: AAPL) desktop operating variant of Darwin (aka macOS X (10.14 Mojave). Typically, strict utilization of user-land intervention implementing security controls leads to insecure configurations. Today's Must Read (especially considering the mew macOS version is due for general release today!).
Quite likely one of the more entertaining CyberLaw Blog Podcast yet... In this case, the inimitable Bruce Schneier talks with Cyberlaw Blog podcast's eponymous Stewart Baker on the occasion of Bruce's latest publishing tour de force: 'Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World'. Today's Must Listen and certainly Must Read. Enjoy!
Incroyable! Massachusetts Institute of Technology researchers have developed what could very well be the 'holy grail' of submarine-to-surface communications. Monikered TARF, the system ostensibly converts SONAR to RADAR with no mid-processing steps required. Absolutely superb work, and today's Must Read.
Behold: A well crafted white paper, targeting security related white papers, that is apparently a blog post, and most importantly, dripping with the sweet, sweet wine of security sarcasm. Today's Must Read!
In which, Jonathan M. Gitlin, writing at Ars Technica, describes actions sinister, by electioneers in the State of Georgia... I contend this is further evidence of both a fast spiral of free and fair elections at the Stae and below levels, yet a slower spiral on the national scale. Today's Must Read.
"We've looked at poor voting security in the state previously. In 2017, a report by a Georgian security researcher revealed a shocking lack of security throughout the state's voting system. Later that year, we discovered that servers that were thought to be key evidence for the same federal lawsuit that has led to this week's news were wiped, then repeatedly degaussed." - via Jonathan M. Gitlin emendate scribere at Ars Technica
Superlative security research is still coming out of the IOActive game-changing environment (this has been going on for years now - how do they do it...).
Case in Point: The work of Alejandro Hernandez and his current project targeting the apparent insecurity of some (but not all, mind you) stock trading applications so popular amongst the budding young (and old - don't forget the greybeards) kings and queens of capitalism.
In the case under scrutiny, a highly detailed - most importantly: thoroughly accurate - examination of a large number of commercially available applications executing their binary bits on a variety of platforms. Read all about it on Mr. Hernandez's blog post at Iocactive, and white paper. You'll be glad you did.
Whom amongst our readers (including your's truly) would have thought that the Abdication of the Emperor of Japan (slated for mid-Spring, 2019) would have anything to do with time keeping issues - inclusive of calendaring problems, leading the island nation into it's own Y2K-like debacle? As a matter of course, the change in Epoch's also affects information security related processes and systems, including for example both role based access control and discreationary access control systems, identity management, incident logging and investigatory activities amongst others.
Now, via The Gaurdian's Alex Hern, comes word of what some might say as the coming crisis in Nipponese society due to the calendaring issues brought on by the Abdication of Emporer Akihito (the announced abdication to make way for Emperor Akihito’s son, Crown Prince Naruhito). For a country that bases it's time and date keeping functions on the Epoch which begins on the date a Crown Prince ascends the Chrysanthemum Throne as Emperor of Japan. This is not some mere disfunction of the calendar - it resonates in the very soul of the Emperor's subjects - the citizens of Japan, and their traditional method of marking the passing days, months and yeears. In regards to the Unicode debacle with the new Epoch, please read the post at The Guardian for additional details, as space is at a premium for this post. Certainly Today's MustRead!
“The magnitude of this event on computing systems using the Japanese Calendar may be similar to the Y2K event with the Gregorian Calendar,” said Microsoft Corporation Shawn Steele. “For the Y2K event, there was world-wide recognition of the upcoming change, resulting in governments and software vendors beginning to work on solutions for that problem several years before 1 Jan 2000. Even with that preparation many organisations encountered problems due to the millennial transition. - via Microsoft Corporation and MSDN's
In a well targeted and executed blog post by Dave Lewis, writing over at Forbes, Dave distills the essence of protective measures to be implement when valiantly serving as a defender of the Realm - in this case, the Information Security Principality. A highly recommended addition for your Summertime Reading Pleasure, and Today's Must Read.
'It was a cool morning as King Arthur and his party galloped through the forest on their way towards the castle. His trusty squire kept the beat with a two halves of a coconut in lieu of actual steeds to whisk them on their way. They approached the castle walls where they were met by an impertinent French soldier who hurled insults at them. An amusing analogy for the traditional perimeter IT security defense.' - via Dave Lewis, writing at Forbes.