Security news for the Week Ending September 20, 2019
A New Trend? Insurers Offering Consumers Ransomware Coverage
In what may be a new trend, Mercury Insurance is now offering individuals $50,000 of ransomware insurance in case your cat videos get encrypted. The good news is that the insurance may help you get your data back in case of an attack. The bad news is that it will likely encourage hackers to go back to hacking consumers. Source: The Register.
Security or Convenience Even Applies to Espionage
A story is coming out now that as far back as 2010 the Russians were trying to compromise US law enforcement (AKA the FBI) by spying on the spies.
The FBI was tracking what Russian agents were doing but because the FBI opted for small, light but not very secure communications gear, the Russians were able crack the encryption and listed in to us listening in to them. We did finally expel some Russian spy/diplomats during Obama’s presidency, but not before they did damage. Source: Yahoo
And Continuing the Spy Game – China Vs. Australia
Continuing the story of the spy game, Australia is now blaming China for hacking their Parliament and their three largest political parties just before the elections earlier this year (sound familiar? Replace China with Russia and Australia with United States).
Australia wants to keep the results of the investigation secret because it is more important to them not to offend a trade partner than to have honest elections (sound familiar?). Source: ITNews .
The US Government is Suing Edward Snowden
If you think it is because he released all those secret documents, you’d be wrong.
It is because he published a book and part of the agreement that you sign if you go to work for the NSA or CIA is an agreement that you can’t publish a book without first letting them redact whatever they might want to hide. He didn’t do that.
Note that they are not suing to stop the publication of the book – first because that has interesting First Amendment issues that the government might lose and they certainly do not want to set that precedent and secondly, because he could self publish on the net in a country – like say Russia – that would likely flip off the US if we told Putin to shut him down. No, they just want any money he would get. Source: The Hacker News.
HP Printers Phone Home – Oh My!
An IT guy who was setting up an HP printer for a family member actually read all those agreements that everyone clicks on and here is what they said.
by agreeing to HP’s “automatic data collection” settings, you allow the company to acquire:
… product usage data such as pages printed, print mode, media used, ink or toner brand, file type printed (.pdf, .jpg, etc.), application used for printing (Word, Excel, Adobe Photoshop, etc.), file size, time stamp, and usage and status of other printer supplies…
… information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product…
That seems like a lot of information that I don’t particularly want to share with a third party that is going to do who knows what with it. Source: The Register.
Private Database of 9 Billion License Plate Events Available at a Click
Repo men – err, people – are always looking for cars that they need to repo. So the created a tool. Once they had that, they figured they might as well make some money off it.
As they tool around town, they record all the license plates that they can and upload the plate, photo, date, time and location to a database that currently has 9 billion records.
Then they sell that data to anyone who’s check will clear. Want to know where your spouse is? That will cost $20. Want to get an alert any time they see the plate? That costs $70. Source: Vice.
Election Commission Says That It Won’t Decertify Voting Machines Running Windows 7
Come January 2020, for voting machines running Windows 7 (which is a whole lot of them) will no longer get security patches unless the city or county pays extra ($50 per computer in the first year and then $100 per computer in the second year) for each old computer. Likely this means a whole lot of voting machines won’t get any more patches next year.
The nice folks in Washington would not certify a voting machine running an operating system that is not supported, but they won’t decertify one. That, they say, would be inconvenient for manufacturers and cities. I guess it is not so inconvenient for foreign nations to corrupt our elections. Source: Cyberscoop