Pete Recommends – Weekly highlights on cyber security issues, November 9, 2019

Subject: Apple Warns Older iPhones May Stop Working Sunday Without Software Upgrade
Source: Newser

(Newser) – If your old reliable iPhone or iPad has been chugging along just fine, allowing you to avoid ponying up money for a new one, you might want to check just how old it is before Sunday. Apple is now warning that versions of both devices that came out in 2012 or earlier may stop working correctly at 2pm ET on Nov. 3 if their iOS software isn’t updated, CNBC reports. The iPhone 5 will be particularly affected by what the company calls a “GPS time rollover issue” that, if the device doesn’t have iOS 10.3.4 installed, will result in the iPhone not being able to surf the web, download apps from the App Store, or access email or the iCloud. That’s because those functions all require the correct date and time, which are affected by this GPS-reset issue, which CNN notes happens every 19 years or so….

Subject: List: 20 countries that ask Google to ban most content
Source: Business Insider

  • Google received more than 115,000 requests for the removal of content from governments around the world between July 2009 and July 2018.
  • Using data from the search engine, UK internet-research site Comparitech analyzed all government content-removal requests received during that period, and ranked the countries by the number of requests made.
  • Scroll down to see the 20 countries that made the most content-removal requests, and the reasons they cited.

Subject: For Better or Worse, Blockchain Birth Certificates Are Officially Here
Source: Digital Trends

“The birth certificate is a foundational identity document of which trust is established for downstream derived identity documents such as a [driver’s license],” Dan Gisolfi, chief technology officer for Trusted Identity at IBM, told Digital Trends. “This first of its kind [demonstration means] the establishment of an immutable audit trail of transactions from approvers that leads to a government attestation about an individual’s identity and reputation. Just like in the physical card domain, the issuance of a digital birth record is a stepping stone to bootstrapping a broader digital credential marketplace.”Got that? Amid the marketing speak, this means that blockchain is increasingly being looked as a technology that will be used to record all kinds of official records. Buying a house? Record it on the blockchain. Getting married? What could be more of a demonstration of you and your partner’s unending love for one another than immortalizing it on a distributed, decentralized, public ledger?


Subject: Ralph Nader, Color of Change Endorse US Data Protection Agency

In a New York Times article, consumer advocate Ralph Nader endorsed the creation of a data protection agency. Nader told the Times that the U.S. needs a “new agency when the abuse pattern is so expansive that the authority in the existing agencies is obsolete and inadequate.” Rashid Robinson, President of Color of Change, said “We need to have a new data protection agency, an agency that examines the social, ethical impact of high-risk data practices.” EPIC and consumer groups have urged Congress to establish a data protection agency. EPIC has long advocated for a U.S. Data Protection Agency, noting that the United States is one of the few democracies in the world that does not have a federal data protection agency.Filed under

data protection

Subject: NCR Barred Mint, QuickBooks from Banking Platform During Account Takeover Storm
Source: Krebs on Security

Banking industry giant NCR Corp. [NYSE: NCR] late last month took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuicBooks Online from accessing Digital Insight, an online banking platform used by hundreds of financial institutions. That ban, which came in response to a series of bank account takeovers in which cybercriminals used aggregation sites to surveil and drain consumer accounts, has since been rescinded. But the incident raises fresh questions about the proper role of digital banking platforms in fighting password abuse….

Tags: credential replay attacks, Digital Insight, Intuit, Mint, NCR Corp, Quickbooks Online
filed under A Little Sunshine, The Coming Storm, Web Fraud 2.0.
Sample RSS:

Subject: Resources for Measuring Cybersecurity
Source: R Street via beSpacific

R Street – Kathryn Waldron, Resident Fellow, National Security & Cybersecurity – Resources for Measuring Cybersecurity – A Partial Annotated Bibliography – PDF

  1. In the field of cybersecurity, there is no well-defined system that is capable of measuring cybersecurity in an objective, quantifiable, and comparative manner.
  2. In light of this, the R Street Institute National Security and Cybersecurity Program has launched an initiative intended to fill this gap and create a system that is widely-accepted and easily accessible to decision-makers with limited resources.
  3. This partial bibliography compiles a baseline of existing disparate measurement efforts. The document both summarizes the existing field and characterizes it.
  4. This bibliography is neither comprehensive nor overtly technical in nature. Rather, it’s goal is to provide a systematic overview of the field that is both technically literate and of use to decision-makers in the public and private sectors.
  5. Without accurate, standardized methods to measure cybersecurity, detecting and deterring cyber threats will continue to be more art than science. This partial attempt will shed light on some of the most pervasive and exciting work that has been and is currently being done.
Subject: What Would Happen If the Internet Went Down … Forever?
Source: Popular Mechanics via beSpacific

Popular Mechanics – “…So how long could society carry on without the internet? However implausible, it’s nonetheless a scenario that futurists, economists, and IT workers spend considerable time contemplating. “Eliminating all internet communications, even if only for a few days, would inflict huge economic costs,” says Thomas Hazlett, who served as chief economist of the Federal Communications Commission in the early 1990s….

beSpacific Subjects: Cybercrime, Cybersecurity, E-Mail, Economy, Intellectual Property, Internet, Knowledge Management, Legal Research, Libraries, Social Media

P.M. category:

Subject: Salad bars and water systems are easy targets for bioterrorists — and America’s monitoring system is woefully inadequate
Source: The Conversation

In October 2019, a House Homeland Security Committee subcommittee held a hearing entitled “Defending the Homeland from Bioterrorism: Are We Prepared?” The answer was a resounding no.The experts testified that our biodefense system has been vulnerable and outdated for well over a decade. This might provoke worries about weaponizing disease-causing microorganisms, or pathogens, like Ebola or anthrax. But you should probably also take a moment to consider your lunch: The next threat might come not from a hard-to-come-by virus but from something as simple as food that has been deliberately contaminated.

Bioterrorism preparedness

Since 2003, the United States has relied on BioWatch, a monitoring and early warning program for major urban areas. The program, considered outdated for more than a decade, is now being phased out. Its replacement, BioDetection21, was announced in early 2019, but the new sensor technology it uses to detect pathogens was deemed inadequate at an October congressional hearing.



Posted in: Communications, Computer Security, Cybercrime, Cybersecurity, Economy, Financial System, Government Resources, Health, Privacy, RSS Newsfeeds