Security News Bites for the Week Ending July 21, 2023
Well That is a Bit of an Oops
A Google employee uploaded a list of 5,600 Virus Total customer administrators to Virus Total itself, making it visible to anyone. Among the users were admins from the NSA, Pentagon, FBI. UK Ministry of Defense and ministries in Germany, Japan, Qatar, Turkey, Frances and a dozen other countries. Google took down the posting within an hour, but the damage is irreversible. Credit: The Record
Bill to Stop Feds From Buying Data Passes One Hurdle
Under current law, if law enforcement wants to get a vendor to give them data, they need a warrant or at least a subpoena. But if they have a government credit card they can just go shopping on the open market like any other business. While their reasons might be different, neither the left nor the right like this and key House committee just passed The Fourth Amendment is Not for Sale Act. While this is far from a done deal, it is a step in the right direction. Credit: Vice
Famed Social Engineer/Hacker Kevin Mitnick Dead at 59
Famed social engineer (and hacker) Kevin Mitnick, who spent 5 years in prison for hacking, died of pancreatic cancer at 59. His wife, Kimberly, is pregnant with a son and she says he will be a mini-Kevin (hopefully without the prison part). Recently he has been the chief hacking officer and co-founder of security training firm KnowBe4. Mitnick, once he got on the right side of the law, made tremendous contributions to cybersecurity education. Credit: The Register
How to Tell Whether “Your Security is Our Top Priority”
Google says “protecting your data is our top priority”. Most letters that you get after a company gets hacked and loses the data of thousands or millions of people have similar wording. Yet here are some stats from Brian Krebs after a review of the executive pages from the 2022 Fortune 100. Four listed a chief security officer or chief information security officer. A third listed a chief technical officer. 40 percent listed a chief information officer and a fifth listed a chief risk officer. 88 percent listed a Director of HR. So, if security is so important, how come only four percent publicize a CSO or CISO? Probably an indication of what they really think about the security of your data. Credit: Brian Krebs
Apple Threatens to Remove FaceTime and iMessage from UK iDevices if the UK Bans End to End Encryption
The UK has 67 million people in it. Half of the UK phones are iPhones. Assuming every single person, including babies have a phone, that market represents 30 million customers. Of course it is much less. Less than the population of some US states. Apple has joined other tech companies threatening the UK if they ban encryption that Apple will disable iMessage and Facetime. Like Russia and China, the proposed law requires Apple and others to inform the government before implementing security features, comply with changes that would affect their product globally and take action immediately to block or disable a feature without review or appeals. Apple says they are not going to make the rest of the world unsafe to make UK cops happy. Who knows what is going to happen, but I bet there are a number of members of the UK Parliament and government who use iPhones and will not be happy if they do that. I am sure that if they do that, they will get sued, but their defense is likely to be that the UK government made those services, as the function, illegal and we are just complying with the law. Stay tuned. Credit: MacRumors