Pete Recommends – Weekly highlights on cyber security issues March 16, 2019

Subject: Inside Facebook’s physical security that protects Zuckerberg, employees
Source: Business Insider

  • Facebook has a 6,000-person security army quietly protecting its tens of thousands of employees worldwide.
  • The challenges they face are immense — from stalkers to stolen prototypes, car-bomb fears, gang violence, and concerns about state-sponsored espionage.
  • Business Insider spoke with current and former Facebook employees about the wild hidden world of Silicon Valley corporate security.
  • Thousands of people turn up at Facebook’s offices every week to complain about their accounts, attempt to sneak in, ask for tours, or try to meet CEO Mark Zuckerberg.
  • Defenses include plain-clothes officers with firearms to location tracking of blacklisted people, and there are rumors of a secret escape passageway.

Now if they would only protect your data as well 😉

Subject: Americans and Cybersecurity
Source: Pew Report via beSpacific

Pew Report – Many Americans do not trust modern institutions to protect their personal data – even as they frequently neglect cybersecurity best practices in their own personal lives. “Cyberattacks and data breaches are facts of life for government agencies, businesses and individuals alike in today’s digitized and networked world. Just a few of the most high-profile breaches in 2016 alone include the hacking and subsequent release of emails from members of the Democratic National Committee; the release of testing records of dozens of athletes conducted by the World Anti-Doping Agency; and the announcement by Yahoo that hackers had accessed the private information associated with roughly 1 billion email accounts. Finally, in late 2016 and early 2017 U.S. intelligence agencies (the FBI, CIA and Department of Homeland Security) both issued statements and testified before Congress that the Russian government was involved in the hack of the DNC with the aim of influencing the 2016 presidential election.

beSpacific Subjects: Congress, Cybercrime, Cybersecurity, E-Records, Internet, Knowledge Management, Privacy, Social Media

sample RSS feed:

a Pew Internet tech feed:

Subject: Congress is gearing up for a fight with Big Tech over privacy
Source: VICE News — Your Data

WASHINGTON — Last week Facebook CEO Mark Zuckerberg announced that the future of Facebook is not harvesting user data on a massive scale, a model that has made it one of the most valuable companies in the world. Rather, he said, the company would focus on building tools to keep communication — and data — private.

”I believe a privacy-focused communications platform will become even more important than today’s open platforms,” he wrote.

But there’s another reason for Facebook to focus on privacy: Congress and state legislators are moving forward with privacy legislation that will largely end the laissez-faire regime that currently governs the American internet, and has enabled the company to become a $40 billion advertising juggernaut.

A bipartisan group of four senators are now ramping up their work behind the scenes, capitalizing on simmering congressional rage over multiple data breaches, the Cambridge Analytica scandal, and Zuckerberg’s own performance in front of Congress last spring when he said users have “complete control” over their data. Some have even accused him of lying to Congress.

Subject: Companies are leaking sensitive files via Box accounts
Source: ZDNet – Zero Day

Companies that use as a cloud-based file hosting and sharing system might be accidentally exposing internal files, sensitive documents, or proprietary technology. The exposure occurs due to human error, said Adversis, the cyber-security firm which investigated this issue and worked with Box and affected companies to correct it.

The problem lies with account owners who don’t set a default access level of “People in your company” for file/folder sharing links, leaving all newly created links accessible to the public. If the organization also allows users to customize the link with vanity URLs instead of using random characters, then the links of these files can be guessed using dictionary attacks.

This is what Adversis did last year. The company says it scanned for accounts belonging to large companies and attempted to guess vanity URLs of files or folders that employees shared in the past. Its efforts weren’t in vain. In a report published today, Adversis said it found a trove of highly sensitive data…

More data breach coverage:

Other ZDNet Security articles:

and its RSS feed:

Subject: Firefox Send – Free File Transfers while Keeping your Personal Information Private
Source: Mozilla via beSpacific

Firefox Send, “Send is a free encrypted file transfer service that allows users to safely and simply share files from any browser. Additionally, Send will also be available as an Android app in beta later this week. Now that it’s a keeper, we’ve made it even better, offering higher upload limits and greater control over the files you share…” Send offers end-to-end encryption and a link that automatically expires.

Subjects: Cybersecurity, E-Records, Internet, Privacy, Search Engines

Subject: Googling Strangers: One Professor’s Lesson On Privacy In Public Spaces
Source: NPR via beSpacific

NPR: “Charlotte Lehman could hear the man reading his credit card number out loud from across the Starbucks.He was speaking to a companion, but his voice carried over the music to where Lehman sat. Surrounded by a dozen or so people, the speaker also divulged his phone number a­­nd home address. After that, all it took for Lehman to identify him was a quick Google search. She was able to find the man’s full name, what he does for a living and his professional website. She even heard him sharing a password. Lehman, a third year law student, wasn’t Googling the stranger for fun. She was on a homework assignment from her professor — to “de-anonymize” someone in a public place. Kate Klonick, assistant professor of law at St. John’s University, where Lehman studies, says she gave her students the task as an optional assignment for spring break. The goal: Try to identify a person based solely on what they reveal in public, including anything displayed on their clothing or bags, like a monogram or a school logo…”

Subjects: Education, Legal Research, Privacy, Search Engines, Social Media

sample RSS category feed:

Subject: How Kids Are Using Google Docs to Bully Each Other (Offspring)
Source: RISKS Forum via Gabe Goldberg <[email protected]>
Sat, 9 Mar 2019 20:38:12 -0500

As a parent, you might walk past your child’s room and see her happily typing away on a Google Docs page.  “Lovely!”, you think.  “She’s probably working on her science report or finishing up her essay on the rise of RBG.”

Or, she could be in a secret chat room. In today’s edition of Let’s Try to Stay One Step Ahead of Our Kids on the Internet (spoiler: we can’t!), we’re offering this heads-up: Some are using Google Docs, the seemingly wholesome web-based word processor, to skirt their parents’ tech rules. It’s impressive, really. All they need to do is open up a document, invite their friends to become collaborators, and boom — they have a private space to chat, draw, share links, upload photos and post memes. Google Docs is hardly a program parents think to block (in fact, on tech message boards, I’ve seen several parents asking how to ban everything except for the software) and many kids already have accounts for school. After the chat session, they can simply delete the document and empty their Trash folder without leaving any record.

Subject: Hackers have US Navy admirals in their crosshairs
Source: Business Insider

  • The US Navy is no longer publicizing promotions of admirals, a policy that promotes reduced transparency in the service.
  • Chief of Naval Operations Adm. John Richardson argued Wednesday that one of the reasons the service is doing this is to protect flag officers from cyberattacks.
  • The US Navy is “under cyber siege,” an internal cybersecurity review recently concluded.
  • A significant amount of information about top Navy officers can still be found online, undermining Richardson’s rationale of the service’s new policy.

While the Army, Air Force, and Marine Corps all continue to publish lists of newly promoted officers, the Navy abruptly stopped in October, USNI News first reported last month.

Chief of Naval Operations Adm. John Richardson defended the policy decision Wednesday, arguing that publishing this information — which the US Senate continues to publish— leaves high-ranking Navy officers vulnerable to cyberattacks.

Subject: Most Android antivirus apps barely offer any protection at all
Source: BGR News via Yahoo

This won’t exactly be a big reveal to some of you, but a new study of Android antivirus apps in the Google Play store is out with some predictably disheartening results. According to AV-Comparatives, an Austrian antivirus testing organization, most of the antivirus apps in the store don’t really protect you from much of anything, and aren’t worth the space they’ll take up on your phone.

Less than 1 in 10 apps defended against all 2,000 malware samples the testing lab threw at them, according to a press release from the lab. Moreover, more than two-thirds of the apps didn’t even hit a block rate of 30%.

It seems that most of the apps they tested are antivirus apps pretty much in name only, created basically for purposes like serving as a vehicle for display ads. On the other hand, some 23 apps out of 250 did actually detect all the malware samples AV-Comparatives gave them, including apps from big names like Norton and Avast.

Subject: Some beSpacific (and LLRX) Subjects (topics) in which you may have an interest
Source: Peter Weiss

Longtime readers of beSpacific and LLRX will notice that each article has a list of Subjects: that the Editor has categorized (curated) the posting.  These Subjects are also known as Topics and form a constantly updated reverse chronological listing.  Each Topic has its own RSS feed which then can be subscribed to by an RSS news aggregator or simply browsed and possibly formatted by your web browser (Chrome, Firefox, IE, etc) — might require a plugin for easy viewing e.g., here’s one for Firefox

Here a sampling of some recent beSpacific Subjects:

Subjects: Civil Liberties, Internet, Legal Research, Privacy, Social Media
Subjects: EU Data Protection, Government Documents, Legal Research, Legislation, Privacy
Subjects: Congress, Freedom of Information, Government Documents, Legal Research
Subjects: Civil Liberties, Internet, Legal Research, Privacy, Social Media
Subjects: E-Commerce, E-Mail, E-Records, Internet, Privacy, Search Engines
Subjects: Congress, Economy, Environmental Law, Financial System, Government Documents
Subjects: Internet, Knowledge Management, Privacy, Search Engines
Subjects: Libraries
Subjects: Internet, Knowledge Management
Subjects: Internet, Knowledge Management, Legal Research, Libraries, Privacy
Subjects: Economy, Financial System, Government Documents, Legal Research
Subjects: Health Care, Knowledge Management, Legal Research, Medicine
Subjects: EU Data Protection, Freedom of Information, Internet, Knowledge Management, Legal Research, Libraries, Privacy, Search Engines

So if you had an ongoing interest in say, Legal Research, you might bookmark:

and check (click) on it from time to time to see what has been posted (categorized) by the Editor under that Topic.

Additionally, if you were using a RSS news aggregator, you might subscribe to:

[Most news aggregators will accumulate the entries, so even if the most current subset is only displayed using the above URL, over time your aggregator will hold dozens of postings under that Topic.]

Posted in: Big Data, Congress, Cybercrime, Cybersecurity, KM, Legal Research, Privacy, RSS Newsfeeds, Social Media, Viruses & Hoaxes