Pete Recommends – Weekly highlights on cyber security issues January 12 2019

Subject: Protecting Consumers and Businesses from Fraudulent Robocalls

The Telephone Consumer Protection Act of 1991 (TCPA) regulates robocalls. A robocall, also known as “voice broadcasting,” is any telephone call that delivers a prerecorded message using an automatic (computerized) telephone dialing system, more commonly referred to as an automatic dialer or “autodialer.” Robocalls are popular with many industry groups, such as real estate, telemarketing, and direct sales companies. The majority of companies who use robocalling are legitimate businesses, but some are not. Those illegitimate businesses may not just be annoying consumers—they may also be trying to defraud them.

The Federal Trade Commission (FTC) and Federal Communications Commission (FCC) regularly cite “unwanted and illegal robocalls” as their number-one complaint category. The FTC received more than 1.9 million complaints filed in the first five months of 2017 and about 5.3 million in 2016. The FCC has stated that it gets more than 200,000 complaints about unwanted telemarketing calls each year. These statistics, as well as complaints to congressional offices, have spurred Congress to hold hearings and introduce legislation on the issue in an effort to protect consumers. Congressional policymakers have proposed a number of changes to existing law and regulations to address the problem of illegal robocalls under the TCA, many of which are intended to defraud. These changes would, for example, expand the definition of what a robocall is, increase penalties for illegal spoofing, and improve protection of seniors from robocall scams. As yet, none of these proposals has become law.

Protecting Consumers and Businesses from Fraudulent Robocalls

Updated December 21, 2018 (R45070)
Jump to Main Text of Report

Subject: Lowe’s emergency command center plans hurricane, disaster relief
Source: Business Insider

  • Lowe’s emergency command center is the hub from which the home-improvement retailer coordinates its disaster relief efforts.
  • Business Insider spoke with Rick Neudorff, who leads the command center.
  • He discussed what sort of strategies Lowe’s uses to track and respond to natural and man-made emergencies.

Neudorff and the Lowe’s employees at the emergency command center, located just down the road from the company’s Wilkesboro, North Carolina, headquarters, were on hand to respond to each of those emergencies.

To supplement its command center, Lowe’s maintains disaster relief storage facilities around the country. When a weather event is underway, these auxiliary facilities allow the company to quickly ship crucial supplies like gas cans, chain saws, and generators to affected areas.

His team monitors forecasts around the country using short-term and long-term weather services.

Subject: NSA to release a free reverse engineering tool
Source: ZDNet

[I wonder if anyone has analyzed GHIDRA to see if the NSA is looking at its usage? /pmw1]

The software’s name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans.

The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it’s been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software.

Topic: Security

More security news

More cybersecurity news:

Subject: Western companies send old servers full of sensitive info to foreign countries
Source: Business Insider

  • Western companies routinely sell their old tech hardware to private companies in foreign countries, without wiping the sensitive data on them first.
  • A Business Insider source found a large database of the Dutch public health insurance system on old equipment abandoned after a hardware upgrade.
  • He also found the codes for controlling the traffic lights in multiple Spanish cities.
  • It’s pointless worrying about hackers breaking into our systems if we’re giving away data to anyone with a credit card in the hardware refurbishing business, the source says.

[don’t forget wiping FAX machines /pmw1]

Subject: [Updated] Google Drive Has a Seious Spam Problem, But Google Says a Fix is Coming
Source: How-To Geek

Google Drive has a pretty bad spam problem, and it seems Google doesn’t care. Spammers can share files that automatically appear in your Drive, and there’s no way to stop it.

Update 1/4/19 10:10 AM CTS: Google got back to us with a statement saying that changes are coming to Drive’s sharing features and they’re “making it a priority.” Here’s the statement in full:

“For the vast majority of users, the default sharing permissions in Drive work as intended. Unfortunately, this was not the case for this user and we sincerely apologize for her experience. In light of this issue, we are evaluating changes to our spam, abuse, and blocking features that will prevent this kind of activity from taking place on Drive. In the interim, users who are experiencing similar issues can remove themselves from the folder, and the folder should not reappear in either “My Drive” or “Shared with Me” unless they revisit it.” — Google Spokesperson

Here’s What’s Happening

Google Drive’s sharing system is the problem. Since it doesn’t offer any sharing acceptance, all files and folders shared with your account are automatically available to you in Drive—they just show up. To make matters worse, if you only have “View” permission, you can’t remove yourself from the share. It’s a mess. And to make matters even worse, this is far from a new problem, but Google still hasn’t done anything to fix it.

Site RSS feed:

Subject: Please Forget Where I Was Last Summer: The Privacy Risks of Public Location (Meta)Data
Source: arXiv via beSpacific

arXiv (17-page PDF w/ 82 footnotes)

“The exposure of location data constitutes a significant privacy risk to users as it can lead to de-anonymization, the inference of sensitive information, and even physical threats. In this paper we present LPAuditor, a tool that conducts a comprehensive evaluation of the privacy loss caused by publicly available location metadata. First, we demonstrate how our system can pinpoint users’ key locations at an unprecedented granularity by identifying their actual postal addresses. Our experimental evaluation on Twitter data highlights the effectiveness of our techniques which outperform prior approaches by 18.9%-91.6% for homes and 8.7%-21.8% for workplaces….

beSpacific Subjects: Civil Liberties, Internet, Privacy, Social Media

Subject: Website Accessibility & the Law: Why Your Website Must Be Compliant
Source: Search Engine Journal via beSpacific

Search Engine Journal – “In the U.S., apart from federal, state, and local government websites which must meet Section 508 regulations, there are no enforceable ADA legal standards to follow for website accessibility. However, just because there is no straightforward set of legal requirements for website accessibility does not mean that your business will not be presented with a lawsuit. This has understandably raised alarm. Most countries provide laws protecting the civil rights of disabled persons for homes, parks, businesses, and educational facilities. What is not universal is website accessibility. The internet provides global access to information, stores, education, financial institutions, audio, and video, but often remains restricted or dependent on assistive devices for millions of people to gain unhindered access. Fortunately, there are standards in place that unifies development and allows the world to use web-based solutions with universally accepted protocols. We know these standards as the World Wide Web Consortium, or W3C…”

beSpacific Subjects: Civil Liberties, Education, Internet, Legislation

Posted in: Civil Liberties, Cybersecurity, Privacy, Social Media