Security Breaches and Proprietary Software/Clown Computing (Outsourcing)

posted by Roy Schestowitz on Dec 01, 2022

• LastPass says it was breached — again

• Let Data Breach Victims Sue Marriott

  We say “no way.” Along with our friends at EPIC, and with assistance from Morgan & Morgan, EFF recently filed an amicus brief arguing that negligent data breaches inflict grievous privacy harms in and of themselves, and so the victims have “standing” to sue in federal court – without the need to prove more. The case, In re Marriott Customer Data Breach, arises from the 2018 breach of more than 130 million records from the hotel company’s reservation system. This included guests’ names, phone numbers, payment card information, travel destinations, and more. We filed our brief in the federal appeals court for the Fourth Circuit, which will decide whether the plaintiff class certified by the lower court shares a class-wide injury.

  Our brief explains that once personal data is stolen, it can be used against the breach victims for identity theft, ransomware attacks, and to send unwanted spam. The risk of these attacks causes psychological injury, including anxiety, depression, and PTSD. To avoid these attacks, breach victims must spend time and money to freeze and unfreeze their credit reports, to monitor their credit reports, and to obtain identity theft prevention services.

  Courts have long granted standing to sue over harms like these. Intrusion upon seclusion and other privacy torts are more than a century old. As the U.S. Supreme Court has recognized: “both the common law and literal understanding of privacy encompass the individual’s control of information concerning [their] person.”

• What is the war in Ukraine teaching Western armies?

  Contrary to popular wisdom, Javelin and NLAW anti-tank missiles supplied by America and Britain did not save the day, despite featuring heavily in video footage from the first week of the conflict. Nor did Turkey’s TB2 drones, which struggled to survive after day three. “The propaganda value of Western equipment…was extremely high at the beginning of the war,” noted Jack Watling of RUSI, one of the report’s authors, recently on “The Russia Contingency”, a podcast on Russian military issues. “It didn’t really have a substantial material effect on the course of the fighting...until…April.” The decisive factor was more prosaic, he added. “What blunted the Russians north of Kyiv was two brigades of artillery firing all their barrels every day.

• AWS and Atos announce deal to accelerate cloud adoption

  The agreement will provide Atos' customers with large infrastructure outsourcing contracts to quicken their workload migrations towards the cloud, the firms said, adding that Atos will consult with over 800 customers to offer a new hybrid cloud service with the option to move selected workloads to AWS.

• Why your cloud computing costs are so high – and what you can do about them

  John Purcell, chief product officer at custom developer DoiT International Ltd., tells of one customer who made a keystroke error that caused the company to spin up an Amazon Web Services Inc. instance much larger than what was needed. A job that was supposed to finish on Friday was never turned off and ran all weekend, resulting in $300,000 in unnecessary charges. “There is a small single-digit percentage of companies that manage cloud costs well,” he said.

• Forget Rip and Replace. Innovate in Place.

  Moving to the cloud for cloud’s sake can become a recipe for disappointment. The reason? Many organizations are simply attempting a “lift and shift“ moving their code to the cloud but not modernizing it in any meaningful way. As a result, they don’t get any of the benefits in terms of improved performance, reliability, or new capability. The return on the effort just isn’t there and can create a recipe for other headaches.