"The flaw, dubbed "Log4Shell", may be the worst computer vulnerability discovered in years. It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across the industry and the government. Unless it is fixed, it grants criminals, spies and programming novices alike, easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more."
"Why? Because it has an internal app store that puts its young player base to work making virtual stuff and selling it for scrip or peanuts while the company pockets the profits. It even promotes the far-right personalities and groups using it to recruit. It is a ruthless money machine that embodies the perverse incentives of social media, aimed directly at children and operated by amoral reptiles."
"Nearly 10 million Australians have had their private health data hacked - with sensitive medical records detailing treatments for alcoholism, drug addictions, and pregnancy terminations already posted online - in a cyber-attack believed to have been coordinated from Russia."
"You're nailing the problem: the tech sales people and the politicians are all on the same drug, which is "This tech is perfect", because it's cheaper than more police. There's a lawsuit in the US because a black man was wrongly arrested based on facial recognition. Tech companies need to be held to account. One company we focused on, Clearview AI, scraped social networks - collected images of people's faces and data from publicly available information - to create its software. Facial recognition relies on artificial intelligence. It needs to study faces. And only the government - the DVLA etc - and social networking companies have access to a lot of faces."
"Local organisers say that their artificial intelligence [AI] programmes are so advanced that they can tell whether a spectator is angry from analysing facial expressions. The cameras are sufficiently powerful that they can zoom in and identify each spectator in every single stadium seat."
"The Italian supreme court ordered prosecutors last month to disclose how the Sky ECC data had been retrieved, arguing that it was impossible to have a fair trial if the accused is unable to access the evidence or assess its reliability and legality, a position supposed by the NGO Fair Trials. Whether prosecutors choose to do so could determine whether the arrests made this week lead to convictions or not.
Prosecutors in the UK face a similar dilemma in relation to the hacking of EncroChat, another secret messaging platform that had the added facility of a "panic" button that when pressed would immediately erase the phone's contents."
"And some provinces are using some creepy Big Brother technology to do it.
In Surat Thani, the province that contains the tourism hotspot islands of Koh Samui, Koh Phangan, and Koh Tao, the immigration office is employing new technology. Officers have equipped Smart Patrol Cars that is using advanced facial recognition to check foreigners quickly. Immigration officers are patrolling in WiFi-enabled cars, usually a BMW, to crack down on foreigners who have overstayed."
"A duo of researchers at the University of Waterloo and the University of Illinois Urbana-Champaign have turned this old assumption of impracticality on its head with their description of a Wi-Fi localization exploit they call Wi-Peep. They have outlined how an inconspicuous and inexpensive device can locate hidden Wi-Fi devices without their cooperation."
"Amazon is to pay $25m (£20m) to settle allegations that it violated children's privacy rights with its Alexa voice assistant.
The company agreed to pay the US Federal Trade Commission (FTC) after it was accused of failing to delete Alexa recordings at the request of parents.
It was found to have kept hold of sensitive data for years.
Amazon's doorbell camera unit Ring will also pay out after giving employees unrestricted access to customers' data."
"Sam Smith, of the health data privacy group MedConfidential, said: "This is an utterly appalling case. It's an individual problem that the doctor did this. But it's a systemic problem that they could do it, and that flaws in the way the NHS's data management systems work meant that any doctor can do something like this to any patient."
"What distinguishes Fog Reveal from other cellphone location technologies used by police is that it follows the devices through their advertising IDs, unique numbers assigned to each device. These numbers do not contain the name of the phone's user, but can be traced to homes and workplaces to help police establish pattern-of-life analyses."
"The folks at Signal are taking one of the four post-quantum cryptography algorithms that have been chosen by the US National Institute of Standards and Technology to withstand attacks by quantum computers, but instead of using it to replace their existing public-key encryption system, they are layering the new algorithm on top of what they already have. "We are augmenting our existing cryptosystems," they say, "such that an attacker must break both systems in order to compute the keys protecting people's communications." And they will be rolling out this augmented system to all users in the next few months."
"After "social engineering" efforts using personal details to target staff were uncovered, badges no longer carry last names, clean-desk policies are far more strictly enforced and the processing and communication of sensitive information is now subject to higher bars of regular mandatory training."
"While the name behind the attack might be relatively new, the criminal technique is not. Ransomware gangs render an organisation's computers inaccessible by infecting them with malicious software - malware - and then demanding a payment, typically in cryptocurrency, to unlock the files.
In recent years, however, in a process dubbed "double extortion", the majority of gangs steal data at the same time and threaten to release it online, which they hope will strengthen their negotiating hand."
dr tech on 12 Dec 21"The flaw, dubbed "Log4Shell", may be the worst computer vulnerability discovered in years. It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across the industry and the government. Unless it is fixed, it grants criminals, spies and programming novices alike, easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more."
Cached
