Pete Recommends – Weekly highlights on cyber security issues December 29 2018

Subject: Is 2019 the year you should finally quit Facebook?
Source: The Guardian via Yahoo

In March, following the Cambridge Analytica scandal, Facebook put out print ads stating: “We have a responsibility to protect your information. If we can’t, we don’t deserve it.” I think they’ve proved by now that they don’t deserve it. Time and time again Facebook has made it abundantly clear that it is a morally bankrupt company that is never going to change unless it is forced to. What’s more, Facebook has made it very clear that it thinks it can get away with anything because its users are idiots. Zuckerberg famously called the first Facebook users “dumb f@#$s” for handing their personal information over to him; his disdain for the people whose data he deals with doesn’t appear to have lessened over time.

Subject: Chrome OS to block USB access while the screen is locked
Source: ZDNet

The way this security feature is meant to work is by preventing the operating system from reading or executing any code when a USB-based device is plugged in, and the screen is locked.

Google took this precaution to prevent Rubber Ducky-type of attacks. A Rubber Ducky is a well-known term used to describe a malicious USB thumb drive that when plugged into a computer mimics a keyboard and runs malicious commands.

Topic: Security

More cybersecurity coverage:

Subject: The GPS wars have begun
Source: TechCrunch

Where are you? That’s not just a metaphysical question, but increasingly a geopolitical challenge that is putting tech giants like Apple and Alphabet in a tough position. From a report: Countries around the world, including China, Japan, India and the United Kingdom plus the European Union are exploring, testing and deploying satellites to build out their own positioning capabilities. That’s a massive change for the United States, which for decades has had a practical monopoly on determining the location of objects through its Global Positioning System (GPS), a military service of the Air Force built during the Cold War that has allowed commercial uses since mid-2000 (for a short history of GPS, check out this article, or for the comprehensive history, here’s the book-length treatment).

Owning GPS has a number of advantages, but the first and most important is that global military and commercial users depend on this service of the U.S. government, putting location targeting ultimately at the mercy of the Pentagon.

RSS feed:

Subject: Alexa Snooping, Robot Takeovers, and FBI Surveillance: Best Gizmodo Stories of the Week
Source: Gizmodo

The holidays are nigh, and this year’s naughty list is long indeed—and from revelations of reckless privacy violations over at Facebook headquarters and continued labor abuses at Amazon to the generally terrible way humanity has treated our homeworld, your erstwhile chroniclers at Gizmodo have been adding names to it until the very last minute.

This week, our friends at the North Pole might wish to take note of Amazon giving out recordings of personal conversations to other users, anyone who purchased a DNA test as a gift, Facebook tracking users even when location data access is turned off, and the FBI. But this being the season of giving, there are some names for them to consider adding to the nice list as well: Everyone supporting New York Representative-elect Alexandria Ocasio Cortez’s New Green Deal, workers rallying against Big Tech’s terrible treatment of workers, and all the good animals.

All this and more, in this week’s best of Gizmodo:

Subject: Batcaves, Bulletproof Shutters, Laser Curtains: High-End Home Security Is Crazier Than You Think
Source: Forbes

Batcaves. Bulletproof shutters. Laser curtains. The world of high-end home security is as advanced as they come.

Today’s luxury home security systems address everything from chemical attacks and seismic events to unwanted intruders and flash photography. And biometric access? Expect it at every access point.

Just take Residence 950 in San Francisco, for example. Listed at $45 million, the home takes the crown as the Bay Area’s single-most expensive property on the market. And the luxe compound’s security measures certainly fit the bill.


Its RSS feed:

Subject: The New Rules of Cybersecurity
Source: Nextgov

Now is the time for companies to take a fresh approach to protect their data in the face of these dangers and in the spirit of readiness. We’re urging organizations to shift beyond standard preparation procedures and monitoring—from a reactive, compliance mindset to a focus on developing a culture that promotes a proactive active defense posture.

Organizations, large and small, can benefit from active defense by implementing five new rules of cybersecurity:


Subject: Teaching Cybersecurity Law and Policy: Revised 62-Page Syllabus/Primer
Source: Lawfare blog via beSpacific

Teaching Cybersecurity Law and Policy: My Revised 62-Page Syllabus/Primer (Bobby Chesney,  Charles I. Francis Professor in Law and Associate Dean for Academic Affairs at the University of Texas School of Law) – “Cybersecurity law and policy is a fun subject to teach. There is vast room for creativity in selecting topics, readings and learning objectives. But that same quality makes it difficult to decide what to cover, what learning objectives to set, and which reading assignments to use. With support from the Hewlett Foundation, I’ve spent a lot of time in recent years wrestling with this challenge, and last spring I posted the initial fruits of that effort in the form of a massive “syllabus” document. Now, I’m back with version 2.0. At 62 pages (including a great deal of original substantive content, links to readings, and endless discussion prompts), it is probably most accurate to describe it as a hybrid between a syllabus and a textbook. Though definitely intended in the first instance to benefit colleagues who teach in this area or might want to do so, I think it also will be handy as a primer for anyone—practitioner, lawyer, engineer, student, etc.—who wants to think deeply about the various substrands of this emergent field and how they relate to one another.”

beSpacific Subjects: Cybercrime, Cybersecurity, Education, Legal Research

Lawfare blog


national security law

RSS feed TAGGED sample:

Subject: Robocalls and Spoofing: The Spam Call Surge Explained
Source: Digital Trends

[this article has some good insights /pmw1 … ]

Not too long ago, I had an experience that is increasingly common. I got a call from a number I didn’t recognize and answered it. The voice on the other end asked for me by name, then dropped my sister’s name and asked if I was her brother. He told me that he was with the police, that there was a warrant out for my sister’s arrest, that she needed to pay them to resolve the situation, and that I needed to have her call them as soon as possible. I told him I’d do that, hung up, and wondered “Since when do the cops let you pay to get rid of an arrest warrant?”

I never followed up on that legal question, assuming that the call must have been a scam. Turns out I was right, and that it’s a common one. The web abounds with stories of people getting similar calls from people pretending to be law enforcement or, even more frighteningly, the IRS, claiming that you owe unpaid taxes and that you need to pay up.

other articles tagged MOBILE:


Subject: Why you should be worried about getting hacked in 2019
Source: VICE News

It was the third-biggest data breach of all time — Yahoo owns the top two spots — and made 2018 yet another landmark year in the history of cybersecurity and identity theft.

Facebook pulled most of the headlines for its incredible ability to outdo itself with one controversy after another. But pretty much every major tech company fell afoul of hackers — or their own incompetence — this year, including Apple, Google, and Amazon.

But that’s only the high-profile ones. Did you hear about ed tech company Chegg losing 40 million records? Or DNA-testing service MyHeritage exposing 92 million records? What about a hacker compromising 27 million accounts at TicketFly?

The situation isn’t likely to improve anytime soon either, cybersecurity experts told VICE News. User data has become one of the more sought-after commodities among criminals, and that means breaches of the scale and magnitude we saw in 2018 will continue well into 2019.

Posted in: Cybercrime, Cyberlaw, Cybersecurity, Education, Legal Research, Privacy, Social Media