Blog :: Security Operations

Selling your genetic information, a Kansas farm turned digital nightmare, and more: Q4 ’19 cybersecurity roundup

cybersecurity roundup Q

We’ve reached our last roundup post of the year (and the decade!). This quarter’s interesting articles included yet another example of tech meant to protect children endangering them instead; how we’ve all trained AI for years without realizing it; a truly bizarre solution for poor user-chosen passwords, and more.

1. Kashmir Hill—How an internet mapping glitch turned a random Kansas farm into a digital hell

Intro: “An hour’s drive from Wichita, Kansas, in a little town called Potwin, there is a 360-acre piece of land with a very big problem. The plot has been owned by the Vogelman family for more than a hundred years, though the current owner, Joyce Taylor née Vogelman, 82, now rents it out… The people who live on Joyce Taylor’s land find themselves in a technological horror story.”

2. Joseph Cox & Samantha Cole—How Hackers Are Breaking Into Ring Cameras

Intro: “Hackers have created dedicated software for breaking into Ring security cameras, according to posts on hacking forums reviewed by Motherboard… Recently, a hacker broke into a Ring camera installed in the bedroom of three young girls in DeSoto County, Mississippi, and spoke through the device’s speakers with one of the children.”

3. Brian Krebs—It’s Way Too Easy to Get a .gov Domain Name

Intro: “Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain.”

4. Lisa Forte—Cyber Awareness Month: If you could give one piece of advice…

Intro: “A month ago [Forte] asked the infosec [Twitter] community what ONE piece of advice they would pick to give to non-infosec people during cyber security awareness month. The challenge was it could only be one piece of advice and they only had 8 words to use! Over 500 responses later here are some of the best ones!”

5. Susan Crawford—Facial Recognition Laws Are (Literally) All Over the Map

Intro: “The current state of rules for use of facial recognition technology is literally all over the map… In other words, we’re headed for a major clash. The potential benefits of facial recognition, and biometric data generally, are just too great for governments and corporations to pass up. Existing bans of public-sector use that are based on its present, inaccurate, and discriminatory implementations likely won’t be sustainable long-term as the technology improves. At the same time, completely unfettered use of private biometric systems seems incompatible with American values.”

6. Ravie Lakshmanan—Antivirus giants form new coalition to put an end to stalkerware

Intro: A bunch of antivirus software vendors and non-profits including Avira, Kaspersky, and the Electronic Frontier Foundation (EFF) have banded together to take on [secretly installed] snooping apps plaguing your devices. Dubbed the Coalition Against Stalkerware (CAS), the collaborative effort aims to fight domestic violence, stalking, and harassment by addressing the use of stalkerware and raising public awareness about the issue.

7. Siobhan Climer—A Heart of Gold: The Hidden Value Behind Your DNA

Intro: “Who knew something as simple as some spit would change the technological landscape in 2018. Yet that is precisely what companies like 23andMe, which launched its DNA testing service in 2006, have been banking on… But DNA testing companies aren’t making their profits off the kits they sell to consumers. Instead, they are collecting millions of DNA samples that include personal health information (PHI) and turning around to sell it to research and pharmaceutical companies.”

8. Lois Beckett—Why parents in a school district near the CIA are forcing tech companies to erase kids’ data

Intro: “Parents at a public school district in Maryland have won a major victory for student privacy: tech companies that work with the school district now have to purge the data they have collected on students once a year. Experts say the district’s “Data Deletion Week” may be the first of its kind in the country.”

9. James O’Malley—Captcha if you can: how you’ve been training AI for years without realising it

Intro: “Congratulations are in order. You, yes you, dear reader, have been part of something incredible. Thanks to your hard work, millions of books containing pretty much the sum-total of human knowledge have been successfully digitised, saving their texts for future generations. All because of you.”

10. Straun Robertson—Drop the jargon from privacy policies, says privacy chief

Intro: “The UK’s Information Commissioner this week told companies to remove the long words and legal jargon from their data protection notices, because customers get confused and ignore this small-print. But the Commissioner’s own messages are muddled.”

11. Lily Hay Newman—1.2 Billion Records Found Exposed Online in a Single Server

Intro: “For well over a decade, identity thieves, phishers, and other online scammers have created a black market of stolen and aggregated consumer data that they used to break into people’s accounts, steal their money, or impersonate them. In October, dark web researcher Vinny Troia found one such trove sitting exposed and easily accessible on an unsecured server, comprising 4 terabytes of personal information—about 1.2 billion records in all.”

12. Bruce Schneier—Scaring People into Supporting Backdoors

Intro: “This week, the Senate Judiciary Committee held a hearing on backdoors: ‘Encryption and Lawful Access: Evaluating Benefits and Risks to Public Safety and Privacy.’… Eric Neuenschwander from Apple was there to support strong encryption, but the other witnesses were all against it. It was a disturbing hearing.”

13. Darren Linvill & Patrick Warren—That Uplifting Tweet You Just Shared? A Russian Troll Sent It

Intro: “Internet trolls don’t troll. Not the professionals at least. Professional trolls don’t go on social media to antagonize liberals or belittle conservatives… Your stereotypical trolls do exist on social media, but the amateurs aren’t a threat to Western democracy. Professional trolls, on the other hand, are the tip of the spear in the new digital, ideological battleground. To combat the threat they pose, we must first understand them — and take them seriously.”

14. Troy Hunt—Generated Passwords, UX and Security Absolutism

Intro: “Last month, Disney launched their new streaming service Disney+; ‘The best stories in the world, all in one place,’ apparently. The service was obviously rather popular because within days the tech (and mainstream) headlines were proclaiming that thousands of hacked Disney+ accounts were already for sale on hacking forums. This is becoming an alarmingly regular pattern with online services.”

Read the previous roundup articles of 2019

Want to read up on the other big news and ideas for cybersecurity in 2019? Here are our previous roundup posts: