Unfortunately, due to approaching finals lack of time is killing, so instead of full blown post, I’d like to present ‘bits of news’ that in my opinion are worth checking out:
Whistleblower Daniel Ellsber answers questions on reddit – this just came in as I started to write this post, and even though it’s not really an information piece it is a must for anyone interested in privacy / government transparency. For those of you how are unfamiliar wit Mr Ellsber – he was the man who in 1971 released so called ‘Pentagon Papers’ which revealed that US administration knew that Vietnam war is unwinnable yet did not informed public opinion about it and continued with military operations.
Mozilla asks user to audit code of Firefox in order to prevent surveillance – it is well known that open-source software is one of many requirements for users who would like to keep their privacy. Ability to check the code and prevent installation of backdoors is, as cooperations between NSA and various software and hardware producers became known, invaluable. Mozilla is quite known now for their privacy oriented business strategy – let’s just mention project lightbeam.
European Union opens consultation program regarding changes in copyright laws (here interactive online version) – it seems that European legal authorities become aware of massive problems arising from current state of copyright laws which are related to all sort of problems – from instrumental use of public prosecutors in war on piracy to limited access to literary works even if author is already deceased. What will be actual result of this action is yet to be known, however it’s definitely move in good direction.
Target’s data theft affects 70 millions customers – as expected story of massive data breach at American retail network unwinds. Furthermore as it turns out, Target wasn’t the only affected retailer. Neiman Marcus and maybe three others companies were also attacked, timing of the attack correlating with that of Target’s – totaling to over 100 millions possibly affected customers. Also details regarding method of the POS attack are slowly getting to light. Apparently malware used for attacks is modified version of BlackPOS – popular and available for sale designed to be installed on POS devices. As reported by Krebs on Security after installing malware attackers gained persistent access to network by logging to remote server. Analysis by McAfee labs suggests involvement of known among cybercrimes forums user ‘Rescator’. According to Seculert malware downloaded 11 GBs of data in over two weeks of its activity. Stolen data were then uploaded to FTP servers.
President Obama announces curbing NSA spying program – as planned earlier today Barack Obama made a public appearance regarding sweeping data collection programs. Unfortunately, nothing more than expected promises of limiting scope of surveillance resulted form the speech. Whether any changes towards civil liberties will happen, or just programs will be better concealed is yet to be seen (hopefully).
I hope that my timetable will allow to soon come back to ‘normal’ form of the posts. In the meantime wish me luck, and keep following lawsec.net!
As some of you probably know, or perhaps even have been affected, American retail giant suffered massive security breach as much as 40 millions might have suffered form their credit and debit card data stolen. As reported by KrebsOnSecurity, hackers gained access to company’s data infrastructure. What’s worth of interest is that theft did not affect online shopping, but actual in store operations as data from magnetic strips – if attackers managed to also intercept pin numbers they might be able to recreate cards and siphon money straight from ATM’s. Yesterday the official statement has been issued by company’s CEO Gregg Steinhafel.