Jump to content

Once upon a time, we actually enjoyed privacy

Recommended Posts

Major security flaw found in Intel processors

The Guardian  /   January 3, 2017

A security flaw has been found in virtually all Intel processors that will require fixes within Windows, macOS and Linux.

Developers are currently scrambling behind the scenes to fix the significant security hole within the Intel chips, with patches already available within some versions of Linux and some testing versions of Windows, although the fixes are expected to significantly slow down computers.

The specific details of the flaw, which appears to affect virtually all Intel processors made in the last decade and therefore millions of computers running virtually any operating system, have not been made public.

But details of the fixes being developed point to issues involving the accessing of secure parts of a computer’s memory by regular programs. It is feared that the security flaw within the Intel processors could be used to access passwords, login details and other protected information on the computer.

“Modern operating systems rely upon Intel’s chips to provide some essential security services – but if a flaw has been found then the operating systems themselves will need to be updated to do the job that they believed Intel’s chips were doing properly,” said independent security expert Graham Cluley.

The fixes involve moving the memory used by the core of the computer’s operating system, known as the kernel, away from that used by normal programs. In that way, normal programs, including anything from javascript from a website to computer games, cannot be manipulated to exploit the hole and gain access to the protected kernel memory.

But implementing the fix is expected to significantly affect the performance of the computer, making some actions up to around 30% slower.

While normal computer users could see performance problems, the security flaw also affects cloud servers, with Amazon, Microsoft and Google all expected to have to fix the bug with similar performance-reducing patches.

The exact severity of the flaw has not yet been publicly disclosed, but the lengths being taken by the various operating system developers to fix something indicates that they view it as a serious problem that apparently cannot be patched with a small update.

“The good news is that it sounds as if this flaw has been known about (but kept quiet) for a couple of months. The bad news is that users will once again have to install a security update, and businesses are likely to have to restart thousands of computers to apply the fixes,” said Cluley.

More details are expected to be divulged as soon as the end of this week, along with fixes for operating systems.

Share this post

Link to post
Share on other sites

Tim Cook blasts 'weaponisation' of personal data and praises GDPR

Chris Baraniuk, BBC  /  October 23, 2018

Apple chief executive Tim Cook has demanded a tough new US data protection law, in an unusual speech in Europe.

Referring to the misuse of "deeply personal" data, he said it was being "weaponised against us with military efficiency".

"We shouldn't sugar-coat the consequences," he added. "This is surveillance."

The strongly-worded speech presented a striking defence of user privacy rights from a tech firm's chief executive.

Cook also praised the EU's new data protection regulation, the General Data Protection Regulation (GDPR).

The new law came into force in May.

Cook's speech was made in Brussels, at the International Conference of Data Protection and Privacy Commissioners.

The Apple boss described in some detail what he called the "data industrial complex", noting that billions of dollars were traded on the basis of people's "likes and dislikes", "wishes and fears" or "hopes and dreams" - the kind of data points tracked by tech firms and advertisers.

He warned that the situation "should make us very uncomfortable, it should unsettle us".

And the trade in personal data served only to enrich the companies that collect it, he added.

Cook went on to commend the EU's GDPR, which places stricter rules on how personal data is handled by businesses and organisations.

'Follow EU's lead'

"This year, you've shown the world that good policy and political will can come together to protect the rights of everyone," he said.

"It is time for the rest of the world, including my home country, to follow your lead.

"We at Apple are in full support of a comprehensive federal privacy law in the United States."

The remark was met with applause from the conference audience.

"I think it is striking that he's saying this," said Jim Killock, director of the Open Rights Group.

"It's the kind of thing you normally hear from civil society organisations."

However, Prof Mark Elliot at Manchester University argued Mr Cook did not go far enough.

"The implication of fully functioning privacy in a digital democracy is that individuals would control and manage their own data and organisations would have to request access to that data rather than the other way round," he said.

Apple has long been committed to privacy protection.

Share this post

Link to post
Share on other sites

Hacker gained access to customer data at 130 dealerships

Jackie Charniga, Automotive News  /  June 12, 2019

DealerBuilt, an Iowa dealership software provider, reached a settlement with the Federal Trade Commission Wednesday over a 2016 breach of customer data that allowed a hacker to gain access to the personal information of about 12.5 million consumers stored by 130 dealership clients.

The dealership management system provider agreed to a settlement with the FTC over the attack and will "take steps to better protect the data it collects," the FTC said.

The agency said in a statement that LightYear Dealer Technologies, known commercially as DealerBuilt, failed to properly encrypt sensitive data and conduct necessary vulnerability and penetration testing.

The breach will be resolved with a final consent agreement, which won't be made public unless it is accepted by the FTC. As part of the proposed consent agreement, DealerBuilt is required to implement a security program in accordance with the Safeguards Rule, and is prohibited from handling consumer data until the program is in place.

The settlement also requires the company to obtain third-party assessments of its security program every two years.

The FTC does not have authority to seek monetary penalties for an initial violation, but if the company violates the settlement, the commission could seek civil penalties of up to $42,530 per violation.

According to the complaint, DealerBuilt failed to protect the sensitive customer data, despite those resources being "readily available and relatively low-cost" to the provider. DealerBuilt sells dealership management systems and data processing systems.

Detected by dealer

The breach, which occurred over 10 days, took place in DealerBuilt's backup database beginning in late October 2016.

"The hacker downloaded the personal information of more than 69,000 consumers, including their Social Security numbers, driver's license numbers, and birthdates, as well as wage and financial information," the FTC said in the statement.

In the complaint, the FTC said the hacker attacked DealerBuilt's system "multiple times, downloading the personal information of 69,283 consumers, the entire backup directories of five customers."

The breach was detected by a DealerBuilt auto dealer customer, who had found customers' data online.

"The settlement with DealerBuilt imposes more specific security requirements and requires company executives to take more responsibility for order compliance, while also strengthening the third party assessor's accountability and providing the FTC with additional tools for oversight," FTC Chairman Joe Simons said in the statement.

Safeguards Rule violation

The FTC alleges that the data DealerBuilt collected was stored and transmitted in clear text, in violation of the Gramm-Leach-Bliley Act's Safeguards Rule, which requires encryption of sensitive data. Data also was stored without access controls or authentication protections, also deemed necessary under the rule.

The FTC considers DealerBuilt's activities an example of unfair practices.

DMS systems typically store private and public consumer data, including but not limited to names, addresses, birth dates, credit information and Social Security numbers. The software also contains similarly sensitive information about dealership employees, such as payroll data and bank account information, according to the statement.

The complaint also alleges that a DealerBuilt employee "connected a storage device to the company's backup network without ensuring that it was securely configured, leaving an insecure connection for 18 months."

Additionally, the FTC alleges DealerBuilt never conducted vulnerability or penetration testing; drafting, implementing or maintaining a written security policy; or provided training for employees.

Share this post

Link to post
Share on other sites
Posted (edited)

The one that blows my mind is that they can see a whole 3D image of the inside of your home through your wi-fi.

Luckily I have no shame, so have at 'er. LOL

And another benefit of being a broke-ass trucker......I don't have anything anyone else wants, hahahaha.

Edited by Bullheaded
  • Like 1

Share this post

Link to post
Share on other sites

i have no problem with that either, since i don't have a wi-fi. 

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...