Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Polly Mosendz, Bloomberg, 8 Sep 2017 Class action seeking to represent 143 million consumers alleges company didn't spend enough on protecting data. https://www.bloomberg.com/news/articles/2017-09-08/equifax-sued-over-massive-hack-in-multibillion-dollar-lawsuit A proposed class-action lawsuit was filed against Equifax Inc. late Thursday evening, shortly after the company reported that an unprecedented hack had compromised the private information of about 143 million people. In the complaint filed in Portland, Ore., federal court, users alleged Equifax was negligent in failing to protect consumer data, choosing to save money instead of spending on technical safeguards that could have stopped the attack. Data revealed included Social Security numbers, addresses, driver's license data, and birth dates. Some credit card information was also put at risk. Equifax first discovered the vulnerability in late July, though it chose not to announce it publicly until more than a month later. The company was widely criticized for its customer service approach in the aftermath of the hack, as users struggled to understand whether their information had been affected. Others expressed frustration that three senior executives sold about $1.7 million in stock in the days following the discovery of the hack. A spokeswoman for Equifax said the men “had no knowledge that an intrusion had occurred at the time.†The plaintiffs in the lawsuit are Mary McHill and Brook Reinhard. Both reside in Oregon and had their personal information stored by Equifax. “In an attempt to increase profits, Equifax negligently failed to maintain adequate technological safeguards to protect Ms. McHill and Mr. Reinhard's information from unauthorized access by hackers,†the complaint stated. “Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach. Equifax could have and should have substantially increased the amount of money it spent to protect against cyberattacks but chose not to.†The case was filed by the firm Olsen Daines PC along with Geragos & Geragos, a celebrity law firm known for blockbuster class actions. Ben Meiselas, an attorney for Geragos, said the class will seek as much as $70 billion in damages nationally. [See also:] http://www.businessinsider.com/equifax-hackers-may-have-accessed-personal-details-143-million-us-customers-2017-9 https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html?smprod=nytcore-ipad&smid=nytcore-ipad-share DF: by using the service, you may be giving up legal rights: https://www.washingtonpost.com/news/the-switch/wp/2017/09/08/what-to-know-before-you-check-equifaxs-data-breach-website/
There is increasing evidence to suggest that primary impacts of the Equifax breach involve consumers who interacted directly with (and provided personal information to) their public facing website. The breach does not appear at this time to involve their core credit reporting databases.
via NNSquad https://techcrunch.com/2017/09/08/psa-no-matter-what-you-write-equifax-may-tell-you-youve-been-impacted-by-the-hack/?ncid=rss What this means is not only are none of the last names tied to your Social Security number, but there's no way to tell if you were really impacted. It's clear Equifax's goal isn't to protect the consumer or bring them vital information. It's to get you to sign up for its revenue-generating product TrustID.
via NNSquad http://fortune.com/2017/08/30/hurricane-harvey-cell-backup-power/ The wireless industry has for years successfully fought regulations that would force mobile phone networks to be hardened so they work during storms, but it may face renewed demands after Hurricane Harvey knocked out seven of 10 cell towers in the hardest-hit counties of Texas. Depending on cell service during a disaster is a disaster in and of itself. That's why so many telecom experts hang onto their landlines as lifelines! I sure as hell do!
Vindu Goel and Scott Shane, The New York Times, 6 Sep 2017 Providing new evidence of Russian interference in the 2016 election, Facebook disclosed on Wednesday that it had identified more than $100,000 worth of divisive ads on hot-button issues purchased by a shadowy Russian company linked to the Kremlin. The fake accounts were created by a Russian company called the Internet Research Agency" (which is known for using troll accounts to post on social media and comment on news websites).
via NNSquad, USA Today https://www.usatoday.com/story/tech/news/2017/09/07/facebook-fake-likes-scammers-collusion-networks/642446001/ A thriving ecosystem of websites that allow users to automatically generate millions of fake "likes" and comments on Facebook has been documented by researchers at the University of Iowa.
Siva Vaidhyanathan, The New York Times, 8 Sep 2017 [via Dave Farber] Wait! Facebook, unlike Twitter, does not allow puppets, i.e. accounts controlled by other accounts. I recall Egyptian Spring activists complaining about this. Does Facebook allow ads, i.e. something paid for, to masquerade as unpaid posts? It shouldn't; Google doesn't. Finally, any ad should allow its reader to learn about who paid for it. None of these rules would prevent Russian robot trolls from posting evil ideas, but it would make detecting them easier. A skeptical reader could ask "Who posted this, and who are their friends?" > Healthy democracies have transparency in political advertising. That > doesn't matter to Facebook. <https://www.nytimes.com/2017/09/08/opinion/facebook-wins-democracy-loses.html>
Morgan Chalfant, *The Hill*, 9 Sep 2017, via Dave Farber http://thehill.com/business-a-lobbying/349896-virginia-scraps-touchscreen-voting-machines The Virginia State Board of Elections moved Friday to do away with touchscreen voting machines in the state by November's election, a move aimed at boosting security. The board decided to phase out the machines this year after the Virginia Department of Elections recommended that the touchscreen voting machines be decertified. The recommendation came after security experts breached numerous types of voting machines with ease at the DEF CON cybersecurity conference in Las Vegas in July, according to The Richmond Times-Dispatch. The move comes amid heightened concerns over foreign interference in future elections, in light of the U.S. intelligence community's conclusion that Russia used cyberattacks and disinformation to interfere in the 2016 presidential election. Virginia's gubernatorial election will take place in November, meaning that the move to get rid of the machines would result in 22 localities having to replace their equipment less than two months before the vote. The state has already passed a law mandating that the machines be phased out by 2020. According to the Times-Dispatch, 10 localities have already started purchasing new equipment. The remaining 12 would need to work quickly to phase out the old equipment by Nov. 7. “The security of the election process is always of paramount importance. The Department is continually vigilant on matters related to security of voting equipment used in Virginia,'' Edgardo Cortes, the state's election commissioner, said in a news release Friday. “The ability to meaningfully participate in our democracy is one of the most important rights that we have as citizens, and the Department of Elections is dedicated to maintaining voters' confidence in the democratic process.'' Cyber-experts have raised alarm over the touchscreen devices, called direct-recording electronic, or DRE, voting machines, because they yield no paper records that can be checked with the electronic records to make sure votes are tallied accurately. More than 100 cyber- and voting experts penned a letter to Congress in June urging them to take steps to secure future elections, including a recommendation to phase out DRE voting machines and others that do not produce a voter-verified paper ballot. “While there has been encouraging progress to improve election security in recent years, too many polling stations across the nation are still equipped with electronic machines that do not produce voter-verified paper ballots, Many jurisdictions are also inadequately prepared to deal with rising cybersecurity risks.'' The letter was sent the day that Department of Homeland Security officials testified of evidence that Russia targeted election-related systems in 21 states ahead of the 2016 presidential election. While officials maintain that the systems targeted were not involved in vote tallying, Moscow's interference campaign has nevertheless stoked fears about the possibility that foreign actors could attempt to use hacking to affect vote counts in the future. See also Today's Washington Post: DefCon 2017 contributed to Virginia dumping DREs https://www.washingtonpost.com/local/virginia-politics/virginia-scraps-touch-screen-voting-machines-as-election-for-governor-looms/2017/09/08/e266ead6-94fe-11e7-89fa-bb822a46da5b_story.html?utm_term=3D.6fb49dcd9b08#comments
The sun did its biggest burp in 12 years. On the morning of 6 September the sun let out two pretty sizable burps of radiation. Both were considered X-class—the strongest type of solar flare—with one of them proving to be the most powerful since 2005. If a solar flare is directed at Earth, which these ones were, it can generate a radiation storm that interferes with radio and GPS signals. The biggest flare ever recorded, in 2003, was so strong it even knocked out NASA's solar measurement equipment. These recent belches weren't quite on par with that, but they were enough to jam high frequency radios and interfere with GPS systems for about an hour on the side of the Earth facing the sun. Put your hand over your mouth, sun! Rude! https://www.engadget.com/2017/09/07/a-huge-solar-flare-temporarily-knocked-out-gps-communications/ Sextant, chronometer, compass, maps, oh my...
via NNSquad https://www.bleepingcomputer.com/news/security/apple-and-google-fix-browser-bug-microsoft-does-not-/ Microsoft has declined to patch a security bug Cisco Talos researchers discovered in the Edge browser, claiming the reported issue is by design. Apple and Google patched a similar flaw in Safari (CVE-2017-2419) and Chrome (CVE-2017-5033), respectively.
Dolphin attack uses high-frequency sound against voice-based assistants such as Siri. https://www.theverge.com/2017/9/7/16265906/ultrasound-hack-siri-alexa-google https://techcrunch.com/2017/09/06/hackers-send-silent-commands-to-speech-recognition-systems-with-ultrasound/
https://www.nytimes.com/2017/09/10/opinion/indias-supreme-court-expands-freedom.html
https://www.washingtonpost.com/news/morning-mix/wp/2017/09/08/game-of-thrones-was-pirated-more-than-a-billion-times-far-more-than-it-was-watched-legally/
"A a a a Very Good Song" is A a a a simple workaround. http://www.theregister.co.uk/2017/08/16/silent_track_bug_fix_itunes/
Please report problems with the web pages to the maintainer