Category Archives: Technology

Maths and tech specialists need Hippocratic oath, says academic

Exclusive: Hannah Fry says ethical pledge needed in tech fields that will shape future

Mathematicians, computer engineers and scientists in related fields should take a Hippocratic oath to protect the public from powerful new technologies under development in laboratories and tech firms, a leading researcher has said.

The ethical pledge would commit scientists to think deeply about the possible applications of their work and compel them to pursue only those that, at the least, do no harm to society.

Despite being invisible, maths has a dramatic impact on our lives

Related: Google whistleblower launches project to keep tech ethical

Related: To fix the problem of deepfakes we must treat the cause, not the symptoms | Matt Beard

Continue reading...

Myki data release breached privacy laws and revealed travel histories, including of Victorian MP

Researchers able to identify MP Anthony Carbines’s travel history using tweets and Public Transport Victoria dataset

The three-year travel history of a Victorian politician was able to be identified after the state government released the supposedly “de-identified” data of more than 15m myki public transport users in a breach of privacy laws.

In July 2018, Public Transport Victoria (now the Department of Transport) released a dataset containing 1.8bn travel records for 15.1m myki public transport users for the period between June 2015 and June 2018.

Related: Major breach found in biometrics system used by banks, UK police and defence firms

See you about 05.24AM tomorrow at Rosanna to catch the first train to town. Well done all. Thanks for hanging in there. Massive construction effort. Single track gone. Two level crossings gone. The trains! The trains! The trains are coming! pic.twitter.com/kk2Cj3ey9T

Continue reading...

Major breach found in biometrics system used by banks, UK police and defence firms

Fingerprints, facial recognition and other personal information from Biostar 2 discovered on publicly accessible database

The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.

Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings.

Related: The Great Hack: the film that goes behind the scenes of the Facebook data scandal

Related: Chinese cyberhackers 'blurring line between state power and crime'

Continue reading...

From Watergate to El Paso: should we be relying on unelected bodies to protect us? | John Naughton

Web security firm Cloudflare’s decision to terminate 8chan as a customer is welcome, but risks setting a dangerous precedent

Last Saturday morning, a gunman armed with an assault rifle walked into a Walmart store in El Paso, Texas, and shot 22 people dead and injured 24 more. Shortly before he did so, a post by him appeared on the /pol/ [politically incorrect] message board of the far-right website 8chan. Attached to it was a four-page “manifesto”. The 8chan thread was quickly deleted by a site moderator (it was news to me that 8chan had moderators), but archived copies of it rapidly circulated on the internet.

“There is nothing new in this killer’s ramblings,” wrote one analyst who had read it. “He expresses fears of the same ‘replacement’ of white people that motivated the Christchurch shooter and notes that he was deeply motivated by that shooter’s manifesto.”

Continue reading...

U.S. Election Systems Left Vulnerable Online

Security researchers have announced the discovery of several election systems across the country connected to the internet that are vulnerable to hacking.

As a security policy, voting machines and election systems are supposed to remain disconnected from the internet, or “air-gapped,” unless they are transmitting data. This is to prevent the possibility of hackers connecting to them and subverting the results. Despite assurances to the contrary from Election Systems & Software, the largest voting machine vendor in the country, researchers identified 35 election systems with persistent internet connections.

The systems were identified in ten states, including swing states Wisconsin, Michigan and Florida and in some cases had been connected to the internet for years. 

“Not only should ballot tallying systems not be connected to the internet, they shouldn’t be anywhere near the internet,” said Senator Ron Wyden regarding the findings. Wyden has been a long-term advocate of election security and has proposed legislation banning connections to, and transmissions via the internet in voting machines. 

Adding to the potential dangers of exposure to hackers is the finding that many of the identified voting systems are running out-of-date software, or have yet to implement security patches and upgrades. Many districts require any new software to be vetted and certified by state and-or federal authorities before being applied to voting machines. While this is ostensibly done for security purposes, it effectively means that any internet-connected voting machine is vulnerable to known methods of hacking or cyberattack, sometimes for months at a time. 

“What you are describing is a bad behavior amplified by sloppiness and complete negligence of security,” said election security expert Harri Hursti. 

See the Motherboard article describing the findings here

The post U.S. Election Systems Left Vulnerable Online appeared first on Adam Levin.

Chinese cyberhackers ‘blurring line between state power and crime’

Cybersecurity firm FireEye says ‘aggressive’ APT41 group working for Beijing is also hacking video games to make money

A group of state-sponsored hackers in China ran activities for personal gain at the same time as undertaking spying operations for the Chinese government in 14 different countries, the cybersecurity firm FireEye has said.

In a report released on Thursday, the company said the hacking group APT41 was different to other China-based groups tracked by security firms in that it used non-public malware typically reserved for espionage to make money through attacks on video game companies.

Related: Australia joins condemnation of 'huge, audacious' Chinese hacking plot

Continue reading...

Briton who helped stop 2017 WannaCry virus spared jail over malware charges

  • Marcus Hutchins pleaded guilty to two malware charges
  • 25-year-old ‘incredibly thankful’ to be sentenced to time served

The British computer expert who helped shut down the WannaCry cyberattack on the NHS said he is “incredibly thankful” after being spared jail in the US for creating malware.

Marcus Hutchins was hailed as a hero in May 2017 when he found a “kill switch” that slowed the effects of the WannaCry virus affecting more than 300,000 computers in 150 countries.

Related: FTSE 250 firms exposed to possible cyber-attacks, report finds

Continue reading...

Is buying a ‘smart nappy’ really such a clever idea? | Arwa Mahdawi

Anxious parents may see the appeal of measuring their baby’s vital signs – but sharing your child’s data with a private company may not be wise

This week’s instalment of innovations no one was waiting for is brought to you by Pampers, which has announced a “smart nappy” system. Lumi consists of a sensor that you stick to a specially designed nappy; the gizmo then beams information about how much your little bub is peeing and sleeping to a dedicated app. You can complement this with a video monitor that links to the app and tracks room temperature and humidity. Voilà: your embarrassingly low-tech baby is now a sophisticated analytics machine.

If you can’t wait to start a more data-driven relationship with your newborn, I am afraid to say there is no word on when Lumi will launch in the UK (it arrives in the US this autumn). If you are in South Korea, however, you can grab some Huggies smart nappies; these let you know, via Bluetooth, whether your baby has urinated or defecated. A truly brilliant update to the obsolete technology known as “your nose”.

Related: ‘You can track everything’: the parents who digitise their babies’ lives

Continue reading...

How do I remove malware from my Windows laptop?

Don’s laptop is infected with malware and he’d like a clean machine, what’s the best way?

What’s the cheapest way to get my Windows laptop swept and cleaned out of malware etc? Don

There are two obvious ways to clean a Windows laptop, and both of them are free. The first is to run a number of anti-malware programs to find and remove the bad stuff. The second is to reset it to factory condition.

Continue reading...

Hacked forensic firm pays ransom after malware attack

Largest private provider Eurofins hands over undisclosed fee to regain control of systems

Britain’s largest private forensics provider has paid a ransom to hackers after its IT systems were brought to a standstill by a cyber-attack, it has been reported.

Eurofins, which is thought to carry out about half of all private forensic analysis, was targeted in a ransomware attack on 2 June, which the company described at the time as “highly sophisticated”. Three weeks later the company said its operations were “returning to normal”, but did not disclose whether or not a ransom had been paid.

Continue reading...

How Chinese spy app allows officials to harvest personal data

Intrusive software collects emails and texts and could be used to track movement

The tourists travelling into China were never supposed to know their phones had been compromised.

The surveillance app being installed on their devices should have been removed by the border officers tasked with the job. But their apparent carelessness has provided a rare insight into the techniques used by China to snoop on visitors and the kind of information being harvested from their phones.

Continue reading...

Australian National University hit by huge data breach

Vice-chancellor says hack involved personal and payroll details going back 19 years

The Australian National University is in damage control after discovering a major data breach a fortnight ago in which a “significant” amount of staff and student information was accessed by a “sophisticated operator”.

The university has confirmed an estimated 200,000 people have been affected by the hack, based on student numbers each year and staff turnover.

Related: Australian security services investigate attempted cyber attack on parliament

Continue reading...

The Guardian view on cybercrime: the law must be enforced | Editorial

Governments and police must take crime on the internet seriously. It is where we all live now

About half of all property crime in the developed world now takes place online. When so much of our lives, and almost all of our money, have been digitised, this is not surprising – but it has some surprising consequences. For one thing, the decline in reported property crimes trumpeted by successive British governments between 2005 and 2015 turns out to have been an illusion. Because banks were not required to report fraud to the police after 2005, they often didn’t. It would have made both banks and police look bad to have all that crime known and nothing done about it. The cost of the resulting ignorance was paid by the rest of government, and by the public, too, deprived of accurate and reliable knowledge. Since then, the total number of property crimes reported has risen from about 6m to 11m a year as the figures have taken computerised crime into account.

The indirect costs to society are very much higher than the hundreds of millions that individuals lose. One example is the proliferation of plagiarism software online, which developed an entire industry in poor, English-speaking countries like Kenya, serving idle or ignorant students in England and North America. The effort required by schools and universities to guard against such fraud has been considerable, and its cost entirely disproportionate to the gains made by the perpetrators.

Continue reading...

German police arrest three men as they shut dark web marketplace

Arrests in Germany, Brazil and US relate to sale of drugs, stolen data and malicious software

German police have shut down one of the world’s largest illegal online markets in the so-called dark web and arrested the three men allegedly running it, prosecutors said on Friday.

The “Wall Street Market” (WSM) site enabled trade in cocaine, heroin, cannabis and amphetamines as well as stolen data, fake documents and malicious software.

Related: Dark web blamed for rise in drugs sent by post from Netherlands

Continue reading...

The 5 Steps to Ensure Cloud Security

According to CSO, more than 80% of enterprises have adopted two or more public cloud infrastructure providers, and nearly two-thirds are using three or more. Those in IT and moving to the cloud, are equally concerned by the security threats. Time is of precious. With the rapid migration to the cloud, organizations need to be on the front foot for the potential threats arising from any weaknesses in a cloud environment.

Cloud safety refers to a set of policies, procedures, and technologies working together to protect cloud-based systems. The objective is to protect data, privacy and lay down authentication rules for users and devices.

Software related to cloud security can be configured to the exact needs of the business. It can be managed in a manner to streamline IT operations. It also allows the focus to be directed to other critical tasks.

Till date, nearly 96 percent of organizations are on cloud computing, says CIO. At the same time, threats to security have increased manifold, increasing the cost. As reported in Forbes, data breaches cost globally an average of $3.86 million. That said, as moving to the cloud becomes mandatory, the cloud security must evolve at the same pace.

If organizations do not prioritize security and don’t recognize the value of system integrity monitoring software, it will pay a heavy price. Proactive IT managers, however, know they must give a cloud environment the protection that it needs.

The following points about cloud security are key that everyone — from engineers to CSOs — should embrace:

1. Security Strategies

Cloud providers deliver the front lines with robust, some organizations may need additional security and compliance measures. Another advantage is that such tools can dramatically shorten the time between critical security audits from yearly or quarterly, to monthly, weekly, or even daily, to identify and address any holes before they become vulnerable. Incident reports can detect underlying system weaknesses. It’s up to your discretion how often integrity monitoring is necessary. Scans can be scheduled or performed to find any security gaps.

2. Employ APTs

Contemporary security movies and practices like; antivirus and firewalls may not be enough to stop a breach from occurring in the cloud without additional processes in place. Advanced persistent threats (APTs) are real and are difficult in detecting APTs as the depth of the cloud increases, there are characteristics that can help identify an APT.

3. Detecting and Minimizing Risk

It’s critical to cut down on the risk when on an average the IT downtime estimated at $100,000 an hour, One of the best ways to protect to keep your cloud secure is a plan for the worst-case scenario. Like, how quick a data can be made available, how quickly data can be. Finally, is there a way to prevent the disaster from occurring in the first place.

A cloud disaster recovery plan can save the day, especially when system files are of concern. Truly protecting your endpoints and data assets requires the ability to remediate incidents when being detected.

4. Cloud Vulnerabilities

Data whether on the cloud, or local system the security solutions still need to be managed and configured. With the rising budget on security, it looks like the attack is growing. Vulnerabilities should not be ignored.

Vulnerabilities can be data back-up issues, application security, excessive access, User tracking, and everlasting password credential concerns. As additional devices and applications are included within an organization’s enterprise, CISOs may need additional tools to help assess these vulnerabilities and threats.

A skilled IT team should be tasked to detect and identify any indicators of compromise regarding security.

5. Practicing Good Security Hygiene

Auditing and cleaning your accounts and striking off the access to the cloud to those who should not have in the first line of defense in intrusion detection. Start with an audit of your cloud privileges and user accounts. No user account should be immune from scrutiny. Users should be given that many permissions that is required to do their job. Cutting down access can help you avoid unnecessary vulnerabilities and risks.

Related Sources:

Cloud Storage Security Strategy And Risks

How Enterprises Can Combat Cybersecurity Challenges On The Cloud

Cloud-Delivered Cybersecurity

Why You Should Move to Cloud Computing?

The post The 5 Steps to Ensure Cloud Security appeared first on .

Adam Levin Discusses Mobile Banking and Security with TicToc

Adam Levin was featured on a short video on TicToc by Bloomberg, where he discussed the trade-offs between security and convenience for mobile banking and payment apps.

“As business tries in its technological innovation to make things more convenient, you end up with the conundrum between convenience and security.” Levin said.

See the video below, or on Bloomberg.com:

The post Adam Levin Discusses Mobile Banking and Security with TicToc appeared first on Adam Levin.

Fallout from Gavin Williamson sacking | Letters

Readers respond to the sacking of the defence secretary Gavin Williamson over accusations of leaking

While I am delighted that Gavin Williamson (May tells defence secretary: ‘You leaked, you are fired’, 2 May) has been removed from the government – remember he said that all British jihadists should be hunted down and killed in the Middle East rather than returned for trial here – I am sorry that as a result Rory Stewart no longer has responsibility for prisons. His is a deserved promotion, but as prisons minister he was the first member of the government to make any attempt to get to grips with the problems of our criminal justice system and offered to resign if things did not improve. How sad that there are not more of that ilk in public life these days.
Maureen Panton
Malvern, Worcestershire

• Is the Gavin Williamson who has just been sacked as defence secretary for allegedly leaking plans discussed in the National Security Council to allow Huawei to be involved in building the UK’s 5G network the same Gavin Williamson who told us last year that it’s Jeremy Corbyn that “cannot be trusted”?
Sasha Simic
London

Continue reading...

What This Report on Cyber Risk Gets Wrong

The Marsh brokerage unit of Marsh and McLennan recently announced a new evaluation process called Cyber Catalyst designed to determine the usefulness of enterprise cyber risk tools.

The goal of the new offering is to identify and implement industry-wide standards to help cyber insurance policyholders make more informed decisions about cyber-related products and services; basically, what works and what doesn’t. Other major insurers participating in Cyber Catalyst include Allianz, AXA XL, AXIS, Beazley, CFC, and Sompo International.

While this collaboration between insurance companies is unusual, it’s not entirely surprising. Cyber insurance is a $4 billion market globally. While it’s difficult to accurately gauge how many hacking attempts were successfully foiled by the products targeted here, data breaches and cyber attacks on businesses continue to increase in frequency and severity. The 2019 World Economic Forum’s Global Risks Report ranks “massive data fraud and theft” as the fourth greatest global risk, followed by “cyber-attacks” in the five slot.

Meanwhile, cybersecurity products and vendors have been, to be charitable, a mixed bag.

Good in Theory

From this standpoint, Cyber Catalyst seems like not just a good idea, but an obvious one. A standardized metric to determine which cybersecurity solutions are no better than a fig leaf and which ones provide real armor to defend against cyberattacks is sorely lacking in the cybersecurity space. By Marsh’s own estimates, there are more than three thousand cybersecurity vendors amounting to a $114 billion marketplace. Many of them don’t inspire confidence on the part of businesses.

Insurers have a vested interest in determining the effectiveness of cybersecurity products, weeding out buggy software and promoting effective solutions that can help address risk aggregation issues. Businesses and their data are in turn better protected, and at least in theory, they would pay less for coverage. Everyone wins.

Insurance companies did something similar in the 1950s with the creation of the Insurance Institute for Highway Safety. In the face of rising traffic collisions and fatalities, the insurance industry collaborated to establish a set of tests and ratings for vehicles, and the result has been a gold standard for automotive safety for decades. Using a similar strategy for cybersecurity would at least in theory help mitigate the ever-increasing costs and risks to companies and their data.

Or Maybe Not

Where the analogy to the Insurance Institute for Highway Safety breaks down is here: The threats to car drivers and passengers have ultimately stayed the same since its inception. Everything we’ve learned over the years about making cars has progressively led to safer vehicles. Information technology is vastly different in that iterative improvements in one specific area doesn’t necessarily make an organization as a whole safer or better protected against cyber threats–in fact sometimes it can have the opposite effect when a new feature added turns out to be a bug.

Cyber defenses are meaningless in the presence of an unintended, yet gaping, hole in an organization’s defenses. Then there is the march of sound innovation. Products that provided first-in-class protection for a business’s network a few years ago may no longer be so great where cloud computing and virtual servers, or BYOD are concerned. The attackable surface of every business continues to increase with each newly introduced technology, and it seems overly optimistic to assume the standard evaluation process (currently twice a year) would be able to keep pace with new threats.

There’s also the risk of putting too many eggs into one basket. While the diffuse nature of the cybersecurity market causes headaches for everyone involved, establishing a recommended solution or set of solutions effectively makes them an ideal target for hackers. While it’s important to keep consumers and businesses informed of potential risk to their information, cybersecurity issues require a certain amount of secrecy until they have been properly addressed. Compromising, or even identifying and reporting on a vulnerability before it’s been patched in an industry standard security product, process or vendor practice could cause a potentially catastrophic chain reaction for cyber insurers and their clients.

Culture Eats Strategy for Breakfast

Where the Cyber Catalyst program seems to potentially miss the mark is by overlooking the weakest link in any company’s security (i.e., its users). An advanced cybersecurity system or set of tools capable of blocking the most insidious and sophisticated attack can readily be circumvented by a spear phishing campaign, a compromised smartphone, or a disgruntled employee. Social engineering cannot be systematically addressed. Combatting the lures of compromise requires organizations to foster and maintain a culture of privacy and security.

The risk of employee over-reliance on tools and systems at the expense of training, awareness, and a company culture where cybersecurity is front and center must not be underestimated. While it is easier to opt for the quick and easy approach of purchasing a recommended solution, companies still need a comprehensive and evolving playbook to meet the ever-changing tactics of persistent, sophisticated and creative hackers.

While industry-wide cooperation may be a good thing, it’s vital for companies and insurers alike to recognize that any security program or service is fallible. Without an equal investment in functional cybersecurity, which places as much store in training employees and keeping aware of new threats, the rise in breaches and compromises will continue.

This article originally appeared on Inc.com.

The post What This Report on Cyber Risk Gets Wrong appeared first on Adam Levin.

How do I buy a laptop with an encrypted hard drive?

Derek needs to find a laptop with Windows 10 Home’s device encryption to keep his data safe

I want to buy a new Windows 10 laptop for home use, and I want one with device encryption capability, so that the boot drive is encrypted. Until recently, this has only been possible with Windows Professional editions using BitLocker. I now see that if a laptop has the right specification, all versions of Windows 10 can have device encryption turned on.

The problem is that it’s difficult, if not impossible, to get information from mainstream laptop vendors as to whether a specific model supports device encryption. Recent MacBooks are capable of using FileVault and Apple spells out which models support it, so why is this information so hard to find for Windows laptops? Derek

I’m glad you asked because you’re right: there’s a shocking lack of information about device encryption on laptops, and this applies to Microsoft, to PC manufacturers, and to retailers. It’s also something that laptop PC reviewers rarely seem to mention, which makes it hard, if not impossible, to tell how many laptops are compatible with Windows 10’s device encryption.

Continue reading...

Marcus Hutchins: UK ransomware ‘hero’ pleads guilty to US hacking charges

Hutchins says he regrets his actions and will continue ‘keeping people safe from malware attacks’

A British computer security researcher once hailed as a “hero” for helping stem a ransomware outbreak and later accused of creating malware to attack the banking system said on Friday he had pleaded guilty to US criminal charges.

Marcus Hutchins, whose arrest in 2017 stunned the computer security community, acknowledged in a statement pleading guilty to criminal charges linked to his activity in 2014 and 2015.

Related: UK hacker jailed for six years for blackmailing pornography site users

Continue reading...

How do I stop old USB drives from infecting my new Windows PC?

Jason wants to protect his new high-end laptop from viruses but needs data on old SD cards

I’ve just bought a high-end Windows laptop for video editing while travelling around Europe. What steps can I take to prevent any possible infections from being passed on from previous machines on SD cards and external hard drives? Some of the external hard drives go back to machines from 2004 but I have never plugged any of them into any computers other than my own previous Macs and PCs. I work professionally with video, photography and coding, so all of this data is vital.

I have a five-machine Bitdefender licence but I’d be prepared to use another protection system, and I’ve looked at Sophos Intercept X. Jason

There are at least three things to think about. First, there’s the threat level: how at risk are you? Second, there’s provenance: how much do you know about your devices? Third, how can you mitigate any risks revealed by the answers to the first two questions?

Continue reading...

Parenting club Bounty fined £400,000 for selling users’ data

Company illegally shared 34.4m records with 39 companies, information commissioner finds

The parenting club Bounty has been fined £400,000 – one of the largest penalties possible – for sharing its data with marketing agencies without users’ permission.

Bounty offers support and advice to new parents who sign up through its website and mobile app, or are directly recruited on maternity wards. Without securing consent from those parents, the company sold their information to data brokers including Acxiom, Equifax and Sky, the Information Commissioner’s Office (ICO) said.

Continue reading...

Malware Infected Medical Equipment Shows Fake Tumors

Israeli cybersecurity researchers have created malware capable of showing fake cancerous growths on CT and MRI scans.

The malware, called CT-GAN, served as a proof of concept to show the potential for hacking medical devices with fake medical news that was convincing enough to fool medical technicians. In a video demonstrating the exploit, researchers at Ben Gurion University described how such an attack might be deployed.

“Attacker[s] can alter 3D medical scans to remove existing, or inject non-existing, medical conditions. An attacker may do this to remove a political candidate / leader, sabotage / falsify research, perform murder / terrorism, or hold data ransom for money.”

In a blind study, CT-GAN had a 99% success rate in deceiving radiologists with fake cancer nodules, and a 94% success rate in hiding actual cancer nodules.

Medical facilities are frequently targeted by hackers, due in part to their reliance on networking technologies and their archives of sensitive personal information. A recent study showed that 1 in 4 healthcare facilities were hit by ransomware in 2018 alone.

Click here to see the original report describing the malware findings.   

The post Malware Infected Medical Equipment Shows Fake Tumors appeared first on Adam Levin.

UK hacker jailed for six years for blackmailing pornography site users

Zain Qaiser targeted millions of computers with ransomware demanding large sums

A hacker who blackmailed users of pornography websites in what investigators say is the UK’s most serious cybercrime case has been jailed for six years and five months.

Zain Qaiser targeted millions of computers with malicious browser-locking software that demanded payment of up to $1,000 (£765) to unfreeze screens, Kingston crown court heard.

Continue reading...

Secret Service Arrests Chinese Woman Carrying Malware at Mar-A-Lago

A woman carrying two Chinese passports and a thumb drive containing malware was arrested by Secret Service agents after gaining entry to President Trump’s Mar-A-Lago resort.

The woman, Yujing Zhang, initially claimed to be on the premises to use a swimming pool, but later said she had arrived early for a United Nations Chinese American Association Event when questioned by a receptionist. There was no such event scheduled.

Zhang was then detained by Secret Service Special Agent Samuel Ivanovich with whom she became “verbally aggressive,” claiming she was onsite to speak with President Trump, who was golfing nearby.

She was arrested and charged with making false statements to a federal law enforcement officer and entering a restricted area. Zhang faces a maximum of six years in prison and $350,000 in fines. A search of her belongings revealed four cell phones, a laptop, a hard drive, and a thumb drive containing “malicious malware,” the nature of which has yet to be announced.

Zhang’s attorney has declined to comment.

Read more about the story here.

 

The post Secret Service Arrests Chinese Woman Carrying Malware at Mar-A-Lago appeared first on Adam Levin.

British Government Report Confirms Huawei Cybersecurity Concerns

A report issued by the British government has concluded that products developed and manufactured by the Chinese telecommunications company Huawei present significant security risks.

Assembled by the Huawei Cyber Security Evaluation Centre (HCSEC) and presented to the UK National Security Adviser, the report found that on a wide range of security issues related to both its software and engineering, Huawei has failed to maintain adequate protections.

“Poor software engineering and cybersecurity processes lead to security and quality issues, including vulnerabilities. The number and severity of vulnerabilities discovered, along with architectural and build issues, by the relatively small team in HCSEC is a particular concern. If an attacker has knowledge of these vulnerabilities and sufficient access to exploit them, they may be able to affect the operation of the network, in some cases causing it to cease operating correctly,” stated the report, going on to add:

“These findings are about basic engineering competence and cybersecurity hygiene that give rise to vulnerabilities that are capable of being exploited by a range of actors.”

Huawei has been the subject of ongoing controversy in the West. Its bids to build the infrastructure for 5G wireless networks have been blocked in the United States, Australia, and New Zealand for security reasons and allegations that their equipment has backdoors that the Chinese government can exploit. U.S. Secretary of State Mike Pompeo has warned European nations that using Huawei equipment make it “more difficult” for the U.S. to partner with them.

Huawei is currently suing the United States over the ban, and the company’s chairman Guo Ping accused the U.S. government of having a “loser’s attitude,” and that “The U.S. has abandoned all table manners.”

The post British Government Report Confirms Huawei Cybersecurity Concerns appeared first on Adam Levin.

Facebook stored hundreds of millions of passwords unprotected

Company admits to mistake and says it has no evidence of abuse – but the risk was huge

Facebook mistakenly stored “hundreds of millions” of passwords in plaintext, unprotected by any encryption, the company has admitted.

The mistake, which led to user passwords being kept in Facebook’s internal servers in an insecure way, affects “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users”, according to the social networking site. Facebook Lite is a version of Facebook created for use in nations where mobile data is unaffordable or unavailable.

Related: Facebook's security is so bad it's surprising Zuckerberg hasn't deleted his account

Continue reading...

Why it’s too easy to manipulate voters – and steal the EU elections | Eleonora Nestola

It’s time to act, as personal data is being used to target voters – and the EU commission isn’t doing enough to stop this

On 11 July last year the UK Information Commissioner’s Office (ICO) published its first report on the Cambridge Analytica scandal. This is a date I will never forget, a date that substantially changed my vision of the current threats to our democratic society. It is a day that became a call to arms for me – and, for once, I had the understanding, the knowledge and the expertise to support the fight. I felt it was time to put all of this to good use for civil society, and so I set out to discover how online electoral campaigning works. And let me tell you, the system is not in good health and we Europeans should all be made more aware of that.

Related: This is Europe: stay close with the Guardian’s email updates

Voters become unaware they are receiving political messages based on bias. The risks are enormous

Related: Data protection laws are shining a needed light on a secretive industry | Bruce Schneier

Continue reading...

Optus privacy breach: names, addresses and details revealed in sim card glitch

Some mobile users were able to see records of others when logging on to the phone service

Optus has scrambled to contact customers whose personal details were revealed in a system glitch, affecting pre-paid mobile sim card activation and the company’s account website.

Some customers have reported being able to see what looked like other customers’ personal details, including names, addresses and phone numbers while trying to activate a mobile phone sim card.

Related: My Health Record 'minor glitch' still generating thousands of pages of internal files

Related: 'The goal is to automate us': welcome to the age of surveillance capitalism

Hey @Optus I just got an email saying my latest bill is ready. Its $300. It should be less than $100 as my usual plan. I logged into my account and it said "Hi Vladamir". I have a screenshot. What's the go??!

Continue reading...

Mumsnet reports itself to regulator over data breach

Company apologises after bug meant users were able to log into accounts of strangers

Mumsnet has reported itself to the information commissioner after a data breach resulted in users accidentally logging into the accounts of strangers.

Related: Mumsnet forums are a guilty pleasure, but there are truths, too

Related: Mumsnet brings in tougher forum rules after transgender row

Continue reading...

EU recalls children’s smartwatch over data fears

European commission says Enox Safe-Kid-One can easily be hacked and poses risk to children

A children’s wristwatch that allows the wearer to be easily contacted and located has been recalled by Brussels over safety fears.

The European commission said the Enox Safe-Kid-One, which comes fitted with a global positioning system (GPS), a microphone and speaker, posed a serious risk to children.

Related: Democracy is under threat from the malicious use of technology. The EU is fighting back | Julian King

Children and tech

Continue reading...