Security News Bites for the Week Ending Aug 24, 2018
FBI Asks Google for Information on ALL People Near Certain Crimes
Now that we know that Google tracks you even if you ask nicely for it not to, this news from BBC becomes more interesting.
The FBI issued a search warrant to Google for information on all people within a 100 acre block around a couple of crimes they were investigating in Portland.
Not only did they want location, but they also wanted full names and addresses, telephone numbers, records of session times and durations, date on which the account was created, length of service, IP address used to register the account, login IP addresses, email addresses, log files and means and source of payment.
Needless to say, all people within a 100 acre block of land is a lot of people and who are not particularly suspected of any crime.
Google declined the request and after about 6 months, the FBI withdrew the warrant request. Source: BBC .
Maybe Apple’s Security is Not Perfect
A 16 year old Australian kid has been charged with hacking into Apple’s network multiple times over the course of a year successfully, downloading 90 gig of secure files and accessed customer data.
Because the kid is a minor and also because Apple is slightly embarrassed, the police are not saying much. Source: The Age .
Russians Target Senate Races and Conservative Think Tanks
While the President continues to say that the Russians are not targeting our political process, Microsoft has convinced our court system that they are and has seized several domains that were posing as Microsoft domains and were being run by the Russian spy agency GRU and created by the Russian hacker organization known as APT28/Fancy Bear/Strontium (everyone has to create the own name for the same group). Microsoft claimed that the web sites could be used as a launch pad for attacks since they looked like official Microsoft web properties. While the article doesn’t say so, I suspect that Microsoft detected actual attacks, otherwise why would they be so specific as to the targets?
The think tanks in question have been critical of Russia.
Russia, of course, is acting dumb and said what web sites and what do you mean impacting the elections. No surprise there.
One of the think tanks is the Hudson Institute where Trump’s Director of National Intelligence recently said, in a speech, that the lights were “blinking red” like they were just before 9-11. He was specifically referring, in this case, to Russian interference in the elections.
Microsoft is offering special security services to all political candidates. Source: CNN)
Another Nasty Apache Struts Vulnerability
Remember the Equifax breach? The root cause of that was an unpatched computer running Apache Struts software. Now there is another Apache Struts bug and this one is being called critical. The common vulnerability risk score is 10 out of a possible 10. Hard to get more critical than that.
Don’t use Struts?
Do you use Atlassian products? Cisco? Hitachi? IBM? Oracle? VMWare? Well then, you might be using Struts (depends on exactly which product from those companies that you use). (Source: Risk Based Security )