Feds Monitoring Social Media Does More Harm Than Good

Dick Eastman Legal Affairs

Border screening and surveillance has become an increasing area of critical concern over the last year. Around the world, invasive governments have particularly threatened people’s digital privacy. That extends to the US, where Customs and Border Protection has expanded its demands and searches as well. And a fraught situation for travelers is even more so for US immigrants who are having more and more of their digital and social media footprint monitored by the Department of Homeland Security.

The agency’s recent initiatives came into focus last week, when DHS posted updated language in the Federal Register about collecting “social media handles, aliases, associated identifiable information, and search results” on immigrants, including naturalized citizens and permanent residents.

Continue reading

Alabama County Succumbs to Bitcoin Ransomware Demands

Dick Eastman Viruses & Malware

A lack of preparedness cost one county in Alabama $37,000. Ransomware attacks are easily neutralized if a data center’s staff is properly prepared in advance.

One of the largest counties in Alabama was the victim this time, and the security breach and subsequent encrypting of sensitive information cost the local government a not-inconsequential $37,000.

Hannah Hawk, a spokesperson for Montgomery County said that the attack “locked up” the county’s data using encryption methods. This prevented the necessary departments from accessing various pieces of sensitive information. Data ranged from vehicle tags to business and marriage licenses.

Continue reading

Equifax CEO Quits Following Massive Data Breach

Dick Eastman Uncategorized

Not much of a surprise here. Almost three weeks after Equifax said that hackers had gained access to the sensitive information of 143 million Americans, the credit-reporting company’s CEO has quit.

Equifax said on Tuesday morning that Richard Smith, who had been leading the Atlanta-based company since 2005, was stepping down.

Details may be found at: https://thepointsguy.com/2017/09/equifax-ceo-quits-after-breach.

Court rules Stingray use Without a Warrant Violates Fourth Amendment

Dick Eastman Legal Affairs, Telephone Security

The Washington DC Court of Appeals overturned a Superior Court conviction of a man who was located by police using a cell-site simulator, or Stingray. The court ruled that the defendant’s Fourth Amendment rights were violated when law enforcement tracked down the suspect using his own cell phone without a warrant.

Stingrays work by pretending to be a cell tower and once they’re brought close enough to a particular phone, that phone pings a signal off of them. The Stingray then grabs onto that signal and allows whoever’s using it to locate the phone in question. These sorts of devices are used by a number of different agencies including the FBI, ICE, the IRS as well as police officers. However, those agencies will no longer be able to (legally) use the devices.

Continue reading

Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs

Dick Eastman Uncategorized

Bleeping Computer reports that Google engineer Ivan Fratric ran security tests on the 5 most popular web browsers. The test found 17 security bugs in Safari’s DOM engine, the worst of any of the 5 web browsers tested.

NOTE: “DOM” stands for Document Object Model, a platform and language-neutral interface that will allow programs and scripts to dynamically access and update the content, structure and style of documents. A “DOM engine” is that piece of software which takes a parsed XML or HTML document into something that is readable on your computer’s screen.

Fratric took today’s top five browsers — Chrome, Firefox, Internet Explorer, Edge, and Safari — and subjected them to 100 million fuzz tests with Domato.

Continue reading

Google Chrome Most Resilient Against Attacks, Researchers Find

Dick Eastman Online Security, Web Browsers

Researchers have analyzed Google Chrome, Microsoft Edge, and Internet Explorer, and found Chrome to be the most resilient against attacks.

The researchers assessed these barriers, and concluded that:

  • Chrome is the most resilient against attacks due to a tight lockdown of components, separation of duties, and greater identifiable vendor efforts for automated vulnerability discovery.
  • The security level of Internet Explorer is decreased due to a weakened sandbox (Protected Mode).
    Microsoft Edge is more hardened against exploitation than Internet Explorer due to the stronger sandboxing and the absence of dangerous legacy technologies.
  • Chrome supports more modern web technologies that might increase attack surface such as WebAssembly and HTML5 features.
  • Reaching dangerous legacy functionality from Microsoft Edge is easier than in Chrome. For example a fallback to Internet Explorer is suggested by the Edge UI on certain websites by default.

Continue reading