Security News for the Week Ending September 13, 2019
Facebook/Cambridge Analytica Suit Moves Forward
Facebook tried to convince a judge that when users share information privately on Facebook they have no expectation of privacy. The judge didn’t buy it and the suit against Facebook moves forward. Source: Law.com (registration required)
Equifax Quietly Added More Hoops for you to get your $0.21
Yes, if everyone who was compromised in the Equifax breach asks for the $125, the total pot, which is only $31 million, will be divided up and everyone will get 21 cents. Not sure how the courts will handle that when the cost of issuing 150 million checks for 21 cents is tens of millions. Often times the courts say donate the money to charity in which case, you get nothing.
The alternative is to take their credit monitoring service, which is really worthless if you were hit by one the many other breaches and already have credit monitoring services.
So what are they doing? Playing a shell game – since the FTC is really a bunch of Bozos. Equifax is adding new requirements after the fact and likely requirements that you will miss.
End result, it is likely that this so called $575 million fine is purely a lie. Publicity is not Equifax’s friend, but it will require Congress to change the law if we want a better outcome. Source: The Register.
End of Life for Some iPhones Comes Next Week
On September 19th Apple will release the next version of it’s phone operating system, iOS 13. At that moment three popular iPhones will instantly become antiques.
On that date, the iPhone 5s, iPhone 6 and iPhone 6s Plus will no longer be supported. Users will not be able to run the then current version of iOS and will no longer get security patches.
This doesn’t mean that hackers will stop looking for bugs; on the contrary, they will look harder because they know that any bugs they find will work for a very long time.
As an iPhone user, you have to decide whether it is time to get a new phone or run the risk of getting hacked and having your identity stolen.
What Upcoming End of Life for One Operating Systems Means to Election Security
While we are on the subject of operating system end of life, lets talk about another one that is going to happen in about four months and that is Windows 7.
After the January 2020 patch release there will be no more security bug fixes for Windows 7.
The good news is that, according to statcounter, the percentage of machines running Windows 7 is down to about 30%.
That means that after January, one third of the computers running Windows will no longer get security fixes.
Where are those computers? Well, they are all over the world but the two most common places?
- Countries that pirate software like China, Russia and North Korea
- Most election computers, both those inside the voting machines and those managing those machines.
That means that Russia will have almost a year of no patches to voting systems to try and find bugs which will compromise them.
Microsoft WILL provide extended support to businesses and governments for a “nomimal” fee – actually a not so nominal fee. ($50 per machine for the first year and $100 per machine for the next year with carrots for certain users – see here), but will cash strapped cities cough up the money? If it is my city, I would ask what their plan is. Source: Government Computer News