Updates from August, 2017 Toggle Comment Threads | Keyboard Shortcuts

  • jkabtech 4:17 am on August 26, 2017 Permalink | Reply
    Tags: Happier, , , Spending,   

    Spending Money On Things That Save You Time Makes You Happier 

    Photo by Tim Boyle/Getty Images

    Cooking for yourself after a long day at work can be annoying, but it saves you lots of money. On the other hand, going to a restaurant or getting takeout takes away the stress of having to figure out what to make (and then make it). So which will it be? Well, consider this: As reported by the New York Times, a study in the Proceedings of the National Academy of Sciences found that spending money on time-saving services makes you happier. Takeout it is!

    This rule applies to people from all socioeconomic backgrounds, except for

    View the Original article

    Advertisements
     
  • jkabtech 8:17 pm on August 25, 2017 Permalink | Reply
    Tags: “Clinical, , , , , Unproven   

    Beware Scam “Clinical Trials” That Ask You to Pay Money for Unproven Therapies 

    Beth SkwareckiToday 11:00amFiled to: scamsclinical trialsstem cell therapymedicinehealth3EditPromoteShare to KinjaToggle Conversation toolsGo to permalink

    View the Original article

     
  • jkabtech 12:17 pm on August 25, 2017 Permalink | Reply
    Tags: , , , Trans-Friendly   

    Call These Trans-Friendly Crisis Lines If You Need Help 

    Beth Skwarecki28 minutes ago02EditPromoteShare to KinjaToggle Conversation toolsGo to permalink

    It’s a tough week to be a trans person in America. Just a friendly reminder that if you or a friend are having trouble, the Trans Lifeline can be reached at 877-565-8860 (or 877-330-6366 in Canada). They support people who are questioning whether they might be trans, too. And the Trevor Project, for all young LGBTQ people, has a hotline at 866-488-7386. Both are nonprofits and can accept donations through their websites if you’d like to support their work.

    Beth Skwareckielizabeth.skwarecki

    View the Original article

     
  • jkabtech 4:17 am on August 25, 2017 Permalink | Reply
    Tags: , , ,   

    I Need Something Cheap That I Can Work On With Friends! What Car Should I Buy? 

    Tom McParlandToday 10:47amFiled to: What Car Should You Buy?WCSYBCar BuyingProject Car HellProject CarsWrenching3928EditPromoteShare to KinjaToggle Conversation toolsGo to permalink

    View the Original article

     
  • jkabtech 8:17 pm on August 24, 2017 Permalink | Reply
    Tags: , , , , , misconfigured, ,   

    Millions of Verizon customer details exposed on misconfigured Amazon S3 server 

    Threat to two-factor authentication.

    A third-party vendor working with American telco giant Verizon left the data of as many as 14 million United States customers exposed on a misconfigured server, a security researcher has discovered.

    Security vendor UpGuard researcher Chris Vickery on 28 June spotted exposed names, addresses, account details, account personal identification numbers (PINs) and information fields indicating customer satisfaction tracking for as many as 14 million US customers.

    The data was contained on a misconfigured Amazon S3 data repository owned and operated by telephonic software and data firm NICE Systems, a third-party vendor for Verizon, Vickery wrote.

    If an attacker had accessed the information, it would have allowed them to pose as Verizon and contact the telco to gain access to users’ accounts.

    The scenario is an especially threatening prospect, given the increasing reliance upon mobile communications for purposes of two-factor authentication.

    The data repository appears to have been created to log customer call data for unknown purposes.

    It was fully downloadable and configured to allow public access. All one would need to access the data was the S3 bucket’s URL.

    Verizon said it was able to confirm there was no loss or theft of the information.

    “An employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access,” a spokesperson said. 

    “We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention.”

    Despite Verizon’s claims researchers criticised the insecure practice highlighting the frequency of information left exposed on Amazon S3. 

    The recent WWE, US voter records, and Scottrade leaks also exposed sensitive information through mismanaged AWS S3 servers, co-founder and chief executive of cloud security vendor Dome9 Zohar Alon said.

    “Storing sensitive data in the cloud without putting in place appropriate systems and practices to manage the security posture is irresponsible and dangerous,” Alon said.

    “A simple misconfiguration or lapse in process can potentially expose private data to the world and put an organisation’s reputation at risk.”

    He said these examples highlighted how a single vulnerability, security or process lapse in the public cloud is all it takes to expose highly sensitive private data to the world.

    Copyright © SC Magazine, US edition Tags:amazon aws privacy security upguard verizon By Robert Abel
    Jul 13 2017
    7:16AM Security is
    powered by

    View the Original article

     
  • jkabtech 12:17 pm on August 24, 2017 Permalink | Reply
    Tags: , , Immigration's   

    Immigration’s 2014 data breach has cost it almost $1m so far 

    But costs could rise.

    A damaging 2014 data breach at the Department of Immigration that saw the personal details of 9250 asylum seekers exposed online has cost the agency almost $1 million in legal fees so far, but those costs are expected to rise.

    In its reponse to questions on notice from the May budget estimates hearings, the department revealed $955,330 had been spent on external legal services to manage matters resulting from its 2014 breach.

    In February of that year the department accidentally published a database of sensitive information including full names, nationalities, dates of birth, gender, and boat arrival dates of all individuals held on Christmas Island and in a mainland detention facility.

    The data was accessible on the Immigration website for nine days, and cached on an archived search engine for around two weeks.

    The bungle occurred because Immigration staff copied charts and tables directly from a Microsoft Excel spreadsheet used to generate statistics for the report, resulting in the underlying data being embedded in the final Word version.

    Privacy commissioner Timothy Pilgrim subsequently found Immigration had breached its obligations under the nation’s Privacy Act.

    The breach contributed to a significant rise in the number of individual privacy complaints received by the OAIC in that year, as well as a slew of lawsuits from asylum seekers who claimed to be more vulnerable to persecution in their home countries because of the breach.

    Immigration told the budget estimates committee current and potential future legal action from these individuals could push its costs from the breach higher.

    “Given the varying scope and nature of the legal matters that remain on foot, including any appeal right the parties involved will have available to them at the conclusion of those matters, the department is unable to provide an estimate of the costs that may be incurred in finalising all matters related to the 2014 data breach,” it said.

    The agency reported seven data breaches to the Privacy Commissioner in 2015-16 – its highest number in the last five years – and has reported three breaches so far in 2017.

    View the Original article

     
  • jkabtech 4:17 am on August 24, 2017 Permalink | Reply
    Tags: , , decades-old, Kerberos, makers   

    OS makers plug decades-old critical Kerberos crypto bug 

    Windows, OS X, Linux distributions and BSDs affected.

    A bug in the implementations of a cryptographic protocol left popular operating systems vulnerable to authentication bypass for 21 years, researchers have discovered.

    The protocol, Kerberos, is used in Microsoft Windows, Apple OS X/macOS, Linux distributions and the UNIX-like BSD operating systems, as well as the open source Samba file sharing application.

    Attackers who have a man in the middle network position can exploit the vulnerability in several ways, including remote credential theft and privilege escalation.

    Researchers Jeffrey Altman, Nicolas Williams, and Viktor Dukhovni discovered the vulnerability while investigating another bug in the Heimdal open source implementation of Kerberos.

    They named it Orpheus Lyre, the bard in Greek mythology who made the three-headed watchdog to Hades, Cerberus or Kerberos, fall asleep with his music in order to bypass the creature.

    Kerberos has been around since the middle of the 1980s, and is widely used in applications such as Microsoft’s Active Directory. 

    In Windows, Kerberos replaced the Microsoft and IBM-developed NT LAN Manager (NTLM) protocol as the default for authentication.

    The protocol uses key distribution centres that issue short-lived tickets for authentication. The bug caused unauthenticated plaintext metadata to be used, which in turn could be exploited for service impersonation attacks, the researchers found.

    While the vulnerability is not in the original Kerberos protocol, it was introduced by later implementations and has existed for 21 years, they found.

    The researchers speculated it stemmed from a premature optimisation effort that wasn’t discovered until now, as it didn’t cause the Kerberos implementations to fail.

    Microsoft patched the vulnerability in this week’s set of monthly security updates. FreeBSD, Samba, Debian and Fedora Linux have also issued patches for the vulnerability.

    View the Original article

     
  • jkabtech 8:17 pm on August 23, 2017 Permalink | Reply
    Tags: , 108, , , , steals   

    Bupa employee steals data for 108,000 global customers 

    Personal details exposed.

    An employee “copied and removed” the personal information of more than 100,000 international health insurance plan customers from the systems of health insurer Bupa.

    The data included names, dates of birth, nationalities, some contact and administrative information. No medical or financial data is at risk.

    The now ex-staffer is believed to have made the information they have available to “other parties” too, according to a letter sent to the 108,000 international health insurance policy holders from Sheldon Kenton, managing director of Bupa Global, the firm’s international health insurance division.

    “We know that this will be concerning and I would like to personally apologise,” Kenton said in the letter.

    She said the company had introduced additional security measures and increased customer identity checks as a result of the breach.

    “A thorough investigation is underway and we have informed the FCA and Bupa’s other UK regulators. The employee responsible has been dismissed and we are taking appropriate legal action.”

    She said the firm has been in touch with UK data watchdog the Information Commissioner’s Office (ICO) and the police.

    The firm has not provided detail on which “other parties” may have access to the data, nor when the incident took place.

    Security expert Graham Cluley said the data would allow criminals to phone customers posing as Bupa Global staff, sharing enough information about customers to persuade their victims to part with more valuable data.

    “It’s easy to imagine how someone vulnerable could get a phone call out of the blue, believe it’s Bupa, and give the criminals valuable information,” he said.

    This article originally appeared at itpro.co.uk

    Copyright © ITPro, Dennis Publishing Tags:bupa data breach financeit healthit security By Staff Writer
    Jul 14 2017
    6:56AM Security is
    powered by

    View the Original article

     
  • jkabtech 12:17 pm on August 23, 2017 Permalink | Reply
    Tags: , , decryption, introduce   

    Australian govt will introduce decryption laws before end of year 

    Legal powers to force assistance where necessary.

    The federal government will introduce proposed laws to force providers of end-to-end encrypted communications services to decrypt messages for law enforcement before the end of this year.

    Prime Minister Malcolm Turnbull today said the laws were intended to “illuminate” the “dark places online” that “terrorists and child molestors” and drug traffickers inhabit.

    He said it would extend powers the government already had to compel telcos to hand over information to the likes of Apple, Facebook, and Google.

    The government said the legislation would also apply to device manufacturers, requiring them to help police access encrypted information.

    But both Turnbull and Attorney-General George Brandis denied this equated to a backdoor.

    “I’m not a cryptographer, but what we’re seeking to do is to secure their assistance. They have to face up to their responsibility,” Turnbull said.

    “They can’t just wash their hands of it and say it’s got nothing to do with them. So we need to secure their co-operation.”

    Turnbull said how technology companies ensure they complied with the law was “a matter for them”.

    He also declined to answer questions about how the government would respond should encrypted comms providers – the majority of which are located outside Australia – simply declined to co-operate.

    Just two weeks ago the government had said it would pursue a voluntary agreement with encrypted communications providers that would lay out a set of agreed protocols for the circumstances in which assistance is to be provided to law enforcement.

    Turnbull today said while it was still his “very strong first preference” that companies volunteer their help, the proposed laws would enable the government to force assistance where it needed to.

    The government claimed nine out of 10 priority investigations carried out by ASIO are being hampered by encryption.

    “The internet is not an ungoverned space,” Brandis told Sky News. 

    “The rule of law has to apply as much online as in everyday life. This is not mass surveillance and will not make people’s every day dealings online insecure.” 

    Australia’s proposed legislation is expected to closely mirror the UK’s Investigatory Powers Bill, which obliges encrypted communications providers to ensure they are technically able to hand over decrypted data to law enforcement in “near real time”.

    Brandis today said the government wanted to “impose upon the companies an obligation conditioned by reasonableness and proportionality”.

    The UK’s ‘technical capability notices’ work as a first step to “prepare the ground” in case an operator receives an interception warrant, ensuring they have the technical ability to comply.

    But the UK law has been fiercly criticised as vague and leaving no option but for communications providers to build backdoors into their systems, given the companies don’t hold the keys to decrypt encrypted information.

    A UK public bills parliamentary committee said the law should include a specific threshold that recognises it is unreasonable to hand over decrypted content from end-to-end encrypted channels.

    “The damage to security may be done as soon as a company finds itself having to comply with such a notice and install a backdoor, whether or not it subsequently has to provide data under warrant,” the committee said.

    New Zealand introduced similar legislation four years ago. 

    Brandis said the Australian laws would require a warrant be obtained before a request can be made by law enforcement.

    The government has cited cases like the terrorist attack in San Bernardino, where Apple refused to help the FBI break into an attacker’s iPhone to access data, as justification for its plan.

    The FBI later managed to unlock the iPhone with the help of Israeli digital forensics company Cellebrite.

    It is also claimed that Telegram was used by terrorists to co-ordinate the November 2015 Paris attacks.

    The Labor party has previously indicated plans to support the proposed legislation.

    View the Original article

     
  • jkabtech 4:17 am on August 23, 2017 Permalink | Reply
    Tags: , bankrupted, Securitas, Theft   

    Securitas boss bankrupted after ID theft 

    Booted from job and board appointments.

    The chief executive officer of global security services provider Securitas has been declared bankrupt after falling victim to identity theft.

    Alf Göransson, who is also the president of Securitas, discovered in April that a falsified loan application had been made in his name the month before, and reported the matter to the police.

    The loan application led to the Securitas chief executive being declared bankrupt by a district court in Stockholm, Sweden. 

    But Göransson said he had had no contact with the court and wasn’t aware of the bankruptcy application, even though it was allegedly filed by himself. He was similarly unaware of the details of the loan, like the dollar amount.

    As a result of the district court accepting the bankruptcy application, Göransson was officially de-registered as the chief executive of Securitas and removed from two board positions he held at other companies.

    He has successfully appealed the district court’s bankruptcy declaration, given it was based on a falsified application, and applied with Sweden’s Companies Registration Office to be restored as the Securitas chief executive and to his board appointments.

    View the Original article

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel
%d bloggers like this: