71 stories
·
1 follower

Senators raise privacy questions about Google's COVID-19 tracker - CNET

1 Share
Being able to track the public health crisis shouldn't come at the price of personal privacy, says a pair of lawmakers.
Read the whole story
LinuxGeek
9 hours ago
reply
Share this story
Delete

Cybersecurity During COVID-19

1 Comment and 2 Shares

Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic.

One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to attack simply because they are less secure.

Two, sensitive organizational data will likely migrate outside of the network. Employees working from home are going to save data on their own computers, where they aren't protected by the organization's security systems. This makes the data more likely to be hacked and stolen.

Three, employees are more likely to access their organizational networks insecurely. If the organization is lucky, they will have already set up a VPN for remote access. If not, they're either trying to get one quickly or not bothering at all. Handing people VPN software to install and use with zero training is a recipe for security mistakes, but not using a VPN is even worse.

Four, employees are being asked to use new and unfamiliar tools like Zoom to replace face-to-face meetings. Again, these hastily set-up systems are likely to be insecure.

Five, the general chaos of "doing things differently" is an opening for attack. Tricks like business email compromise, where an employee gets a fake email from a senior executive asking him to transfer money to some account, will be more successful when the employee can't walk down the hall to confirm the email's validity -- and when everyone is distracted and so many other things are being done differently.

NASA is reporting an increase in cyberattacks. From an agency memo:

A new wave of cyber-attacks is targeting Federal Agency Personnel, required to telework from home, during the Novel Coronavirus (COVID-19) outbreak. During the past few weeks, NASA's Security Operations Center (SOC) mitigation tools have prevented success of these attempts. Here are some examples of what's been observed in the past few days:

  • Doubling of email phishing attempts
  • Exponential increase in malware attacks on NASA systems
  • Double the number of mitigation-blocking of NASA systems trying to access malicious sites (often unknowingly) due to users accessing the Internet

Here's another article that makes basically the same points I did:

But the rapid shift to remote working will inevitably create or exacerbate gaps in security. Employees using unfamiliar software will get settings wrong and leave themselves open to breaches. Staff forced to use their own ageing laptops from home will find their data to be less secure than those using modern equipment.

That's a big problem because the security issues are not going away. For the last couple of months coronavirus-themed malware and phishing scams have been on the rise. Business email compromise scams -- where crooks impersonate a CEO or other senior staff member and then try to trick workers into sending money to their accounts -- could be made easier if staff primarily rely on email to communicate while at home.

Read the whole story
LinuxGeek
13 hours ago
reply
I've definitely seen businesses ignoring security concerns lately.
Share this story
Delete

COVID-19 Will Someday Fade Away. The Wireless Location Data Practices Being Embraced To Track It Probably Won't.

1 Comment

Location data has long proven to be hugely profitable to wireless carriers, given it's used by everyone from city planners to marketing departments. Now it's proving useful to help spread the track of COVID-19, allowing researchers to see not only who an infected person has been in contact with and where they've been, but also helping them predict where hot spots might appear next. Such technology was used during the Ebola outbreak in West Africa to help both track and predict the movement of the disease.

Now the government says it's working in partnership with the advertising industry to use such location data here in the States. The Wall Street Journal (paywall, alternative read at The Verge) indicates the Centers for Disease Control and Prevention and state and local governments have already received cell phone data about people in areas of “geographic interest." In this case, to track movements and determine how well people are adhering to "stay at home" restrictions:

"The goal is to create a government portal with geolocation information from some 500 cities across the country, to help ascertain how well people are complying with stay-at-home orders, according to the WSJ. One example of how the anonymized data was reportedly used: Researchers discovered large numbers of people were gathering in a New York City park, and notified local authorities."

Of course just because we're in a pandemic doesn't mean that privacy concerns magically evaporate, or that we shouldn't make an effort to respect citizen privacy. We've noted repeatedly that anonymized location data isn't really anonymous, and individual identities can usually be ferreted out with little to no effort. The more widely this data circulates, the more likely the chance is it's abused by everybody from industry and government to hackers and con artists.

The other obvious problem is that the fear of a pandemic creates wonderful cover to abuse the collection of this data for other, less noble purposes. The wireless industry was just busted selling access to this data to any nitwit with a nickel, which is likely why government is collaborating with the ad sector and not carriers directly (at least not yet, and as far as we know). The Washington Post also indicates that Google and Facebook, fresh off one of the biggest privacy scandals in U.S. history, are also collaborating with the government in regards to location data.

As anybody tracking this space knows, it's extremely difficult to claw surveillance power back from the government once it's been obtained, and with the U.S. still having no real privacy law for the internet era, it's a virtual certainty that the collection of this data will be abused. There could certainly be ways to mitigate that harm -- such as sunset provisions on collection and strict rules governing how this data can be used -- but we'd already made it abundantly clear as a nation we weren't particularly interested in such options, and with a climate of fear likely overshadowing everything, it's not likely we're about to start now.

While it takes a while, the threat posed by COVID-19 will eventually retreat. The surveillance practices we normalize during this period will very likely be here to stay.



Permalink | Comments | Email This Story
Read the whole story
LinuxGeek
1 day ago
reply
Leave your phone at home.
Share this story
Delete

Geek Trivia: Opera Once Released An Edition Of Their Browser That Made MSN.com Appear Written By?

1 Comment

  1. The Swedish Chef
  2. Arnold Schwarzenegger
  3. Steve Jobs
  4. Oscar the Grouch

Think You Know the Answer?

Read the whole story
LinuxGeek
2 days ago
reply
Read this piece of history, then think about how so many sites and web applications are designed specifically for Google Chrome. Chrome doesn't adhere to web standards, but seems to think they can create their own standards. We don't want a monoculture.
Share this story
Delete

U.S. gig workers seeking coronavirus jobless benefits hit bureaucratic wall

1 Comment
Uber and Lyft drivers are hitting a wall in their efforts to apply for the coronavirus jobless benefits promised by Congress as state agencies say they are not ready to handle a class of workers who are totally new to the U.S. unemployment system.
Read the whole story
LinuxGeek
5 days ago
reply
“That Uber and Lyft are now asking all of us (taxpayers) to pay for what they should have been doing all along is an absolute farce”
Share this story
Delete

Boeing 787s must be turned off and on every 51 days to prevent 'misleading data' being shown to pilots

1 Comment

US air safety bods call it 'potentially catastrophic' if reboot directive not implemented

The US Federal Aviation Administration has ordered Boeing 787 operators to switch their aircraft off and on every 51 days to prevent what it called "several potentially catastrophic failure scenarios" – including the crashing of onboard network switches.…

Read the whole story
LinuxGeek
5 days ago
reply
Putting computer hardware and software into vehicles can bring along common computer problems. The "IT Crowd" had a gag about 'have you turned it off and on again?'
Share this story
Delete
Next Page of Stories