Proprietary Software and Security Failures
-
A software CEO was arrested on suspicion of storing poll worker data in China
The Los Angeles County District Attorney announced on Tuesday the arrest of Eugene Yu, the CEO of a small company that makes software for scheduling poll workers and had a contract with L.A. County. District Attorney George Gascón said at a news conference that the contract with the county required the company, Konnech, to securely maintain election worker information on servers in the United States.
-
Canadian sentenced in NetWalker ransomware attacks
The Department of Justice (DOJ) on Tuesday sentenced a Canadian national to 20 years in prison and ordered him to forfeit more than $21 million for his role in NetWalker ransomware attacks.
The DOJ said the defendant, Sebastian Vachon-Desjardins, participated in a sophisticated form of ransomware known as NetWalker, which has targeted dozens of victims across the world, including companies, hospitals, law enforcement, emergency services and schools.
-
Stadia Developers Blindsided By Shutdown
Last week we noted how Google’s streaming game service, Stadia, is finally being shut down. Google had initially tried deny the obvious last July when rumors began circulating that the company was preparing its exit strategy. This denial apparently resulted in many of the service’s own developers being left in the dark, given they were extremely surprised when the shutdown was actually announced.
-
At Google, product launches the only way to get promoted: claim
The reason why Google launches so many products and then abandons them is because only those who launch new products are in a position to chase promotions, an unnamed ex-employee and a current employee claim.
Peter Yang, the product lead at Reddit, posted two accounts from people on Twitter; one was said to be a current employee of Google and the other an ex-employee. He added a rider that the comments were old and things could have changed at the company by now.
The abandonment of products by Google was thrown into focus last week with the announcement that the company would be shutting down its consumer gaming service Stadia which was launched in March 2019.
[...]
There are so many abandoned services, apps and hardware that one developer, Cody Ogden, has set up a site called Google Graveyard where he lists 274 orphaned entities.
-
Linux Client Device Management Coming to Microsoft Intune [Ed: Microsoft propagandists like Kurt Mackie keep pushing this narrative about Linux while Microsoft is working to prevent Linux from even booting and it works with the NSA towards universal back doors]
-
Dynamically update TLS certificates in a Golang server without downtime
Transport Layer Security (TLS) is a cryptographic protocol based on SSLv3 designed to encrypt and decrypt traffic between two sites. In other words, TLS ensures that you're visiting the site you meant to visit and prevents anyone between you and the website from seeing the data being passed back and forth. This is achieved through the mutual exchange of digital certificates: a private one that exists on the web server, and a public one typically distributed with web browsers.
In production environments, all servers run securely, but server certificates may expire after some period. It is then the server's responsibility to validate, regenerate, and reuse newly generated certificates without any downtime. In this article, I demonstrate how TLS certificates are updated dynamically using an HTTPS server in Go.
These are the prerequisites for following this tutorial...
-
Glut of Fake LinkedIn Profiles Pits HR Against the Bots
A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.
-
iTWire - Optus breach: govt to allow data-sharing to prevent ID fraud
The Federal Government says it will amend the Telecommunications Regulations 2021 to allow telcos to temporarily share data that will help prevent ID fraud.
In a statement, Treasurer Jim Chalmers and Communications Minister Michelle Rowland said the changes would allow better co-ordination between Optus and other telecommunications providers and government agencies to prevent frauds, scams and other malicious cyber activities.
Telcos will be able to share drivers' licence details, Medicare and passport numbers of affected customers with regulated financial services entities for better monitoring and safeguards for customers affected by the data breach.
Optus announced the breach on 22 September, and there were fears that the data of as many as 9.8 million Australians could have been exposed.
-
Teen held for using Optus breach data in alleged SMS scam
A 19-year-old Sydney man who used data from the breach of telco Singtel Optus to allegedly try and and extort people has been arrested by the Australian Federal Police.
In a statement, the AFP said the teenager from Rockdale had used the data from 10,200 Optus customers, left on the clear web by the actual attacker, and sought to extract $2000 at a time through text messages.
Optus announced the breach on 22 September, and there were fears that the data of as many as 9.8 million Australians could have been exposed.
Eleven days after this announcement, Optus finally made it clear that 2.1 million of its customers had some form of ID exposed.
{loadposition sam08}The attacker initially exposed the data of some 200 customers, presumably as some kind of lure.
Later, he/she said that the data of 10,000 people would be made public for five days, and released the first lot.
-
I am a SQL Injection Attack
Are there meatspace models for things besides concurrency? Turns out I’ve already used a meatspace model to explain SQL injection attacks to layfriends (say if it’s on the news). At a very high level, an injection attack is the conflation of syntax and data, which isn’t a difference most people have encountered before. So here’s how I explain it.1
-
Ex-CSO of Uber found guilty of blocking FTC investigation
Former Uber Technologies chief security office Joseph Sullivan, who was sacked by the company in November 2017 along with one of his deputies over a October 2016 data breach, has been found guilty of criminal obstruction charges for not reporting the breach to government authorities.
The verdict was announced on Wednesday in US federal court after a trial that lasted three weeks, the Wall Street Journal reported, adding that Sullivan faced five years in jail and a possible additional three for not reporting a felony.
The October 2016 breach included names, email addresses and phone numbers, according to a Bloomberg report in November 2017 which cited a company spokesperson.
Apart from this, personal information about seven million Uber drivers was accessed as well. The stolen data included 600,000 US drivers' licence numbers, but no social security numbers, trip locations or other data.