Quite likely the defining opinion piece, well-crafted by the inimitable Kara Swisher, writing at The New York Times, targeting the the entity known as Facebook, Inc. (NASDAQ: FB) (of which, in our opinion, is a classically structured and well organized criminal enterprise). Today's Must Read.
"With $23 billion in cash on hand, Facebook will see a $5 billion fine as simply the cost of doing business. Needless to say, this is not how fines are supposed to work." - via Kara Swisher's superb opinion piece at The New York Times
"In an email to the ICAO, the Lockheed Martin cyberintelligence analyst described the attack as "a significant threat to the aviation industry." It had the characteristics of a "watering hole attack" that targets visitors to a website. The UN agency, working with 192 member states and industry groups, is responsible for setting international civil aviation standards, including for safety and security." - via PhysOrg
Catalin Cimpanu reporting at Zero Day, provides us with the Litany of Telephony Flaws: 2019 Edition (also known as just another day in Security Dreamland)... In which, the claim is proffered: 'fixes should be deployed by the end of 2019'; whilst I pontificate - definitavely - 'Dream On' Me Bucko! In an effort to be clear, this is not a condemnation of either the messenger or researchers, et al., but rather, when examining security prohylaxis or full remediation at the carrier level of this tripartite game, the carriers are rather recalcitrant conglomeration, don't you know...
via Catalin Cimpanu, writing at ZDNet News, comes the sorry tale of fundamental security incompetence (compounded by utter stupidity, I'll wager) as displayed by Abine, the publishers of password manager Blur'. Reportedly, the comnpany exposed their estimated 2.4 million customer records in a discrete file exposed to public retreival via our beloved interwebs... Astounding.
"The breach came to light last year, on December 13, when a security researcher contacted the company about a server that exposed a file containing sensitive information about Blur users, an Abine spokesperson told ZDNet via email." - via Catalin Cimpanu, writing at ZDNet News
via Heather Kuldell, reporting for DefenseOne, comes the sorry tale of the fundamental failure of information security capability, this time at the Department of Defense, and revolving around the lack of control of what bits are installed on the Department's networks worldwide. All this, via the latest Department of Defense Office of the Inspector General's Report, DoD Management of Software Applications DODIG-2019-037. Astounding.
While it may be a foregone conclusion - as most conclusions are, simply by a calculus of time - Slate's Will Oremus has published food-for-thought on the true utility (or Lack Thereof) of logging into a useful site utilizing a Single Sign-On tokenized function foisted on unwary and the great unwashed by the Social-Media-Site-That-Has-Deeply-Flawed-Ideas-About-User-And-Data-Security. Just Saying...
Via Sean Gallagher, writing at our beloved ArsTechica, comes the astonishing (well, not so astonishing give the source company...) news of Adobe Product Security Incident Response Team (PSIRT) blog publishing capers. This time, they managed to blogify their PGP private key for all the world to see. Crypto-Darwin Award canditate you say? Maybe, if there was one.
'The accusation has nothing to do with “GPS coordinates”. The accusation is that their iOS app is collecting Wi-Fi router names and MAC addresses and sending them to servers that belong to Reveal Mobile, which in turn can easily be used to locate the user. Claiming this is about GPS coordinates is like if they were caught stealing debit cards and they issued a denial that they never stole anyone’s cash.'
via John Gruber on Daring Fireball