Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

Apple Launches Portal for U.S. Users to Download Their Data

The Verge: “Starting on Wednesday [October 17, 2018], Apple will allow US users to download all of their data from the company, following a GDPR-mandated feature for EU citizens that launched in May. The download tool is accessible from the company’s Data and Privacy page, and it encompasses device-syncing data like iCloud bookmarks as well as iTunes purchases and retail-level information like your Apple Care support history. Users will have to authenticate with their Apple ID before receiving the data.

The new availability comes as part of the launch of a revamped privacy page, which emphasizes Apple’s data-retention policies and differential privacy efforts. The new page encourages users to turn on two-factor authentication and gives them the option to opt out of targeted ads and notifications from Apple. The company’s use of differential privacy has expanded to many of the new features introduced with iOS 12, including Memoji characteristics like hair length and Screen Time’s classification of specific websites…”

FBI Releases Article on Defending Against Payroll Phishing Scams

US-CERT: “The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own… Continue Reading

From Canada to Argentina, Security Researchers Have Rights—Our New Report

“EFF is introducing a new Coders’ Rights project to connect the work of security research with the fundamental rights of its practitioners throughout the Americas. The project seeks to support the right of free expression that lies at the heart of researchers’ creations and use of computer code to examine computer systems, and relay their… Continue Reading

‘Do Not Track,’ the Privacy Tool Used by Millions of People, Doesn’t Do Anything

Gizmodo: “When you go into the privacy settings on your browser, there’s a little option there to turn on the “Do Not Track” function, which will send an invisible request on your behalf to all the websites you visit telling them not to track you. A reasonable person might think that enabling it will stop… Continue Reading

Slack Doesn’t Have End-to-End Encryption Because Your Boss Doesn’t Want It

Motherboard: A former Slack employee and the company’s current chief information security officer say that Slack’s paying customers aren’t that interested in end-to-end encryption. “End-to-end encryption—where keys are stored on individual devices by users, meaning only the intended recipients can read message content—is continuing to spread across messaging platforms. But work communication service Slack has… Continue Reading

New on LLRX for September and part of October

If you are not checking in on Pete’s weekly column on cyber security issues and privacy on LLRX – please take some time to read about what you are missing! Privacy and security issues impact every aspect of our lives – home, work, travel, education, healthcare and medical issues, to name but a few. On… Continue Reading

Expert attorneys command 4 figure hourly billing fees

The Business Journals [paywall]: “Boston-based Ropes & Gray partner Douglas Meal, one of the most sought-after data privacy and cybersecurity attorneys in the country, typically charges $1,550 an hour for his services, according to a recent court filing. The filing offers a rare public glimpse into what some of the attorneys at Boston’s largest law… Continue Reading

DOD Just Beginning to Grapple with Scale of Cybersecurity Vulnerabilities

FCW.com: GAO hacks DOD weapons systems, calls out weak cyber Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities. GAO-19-128: Published: Oct 9, 2018. Publicly Released: Oct 9, 2018. “DOD’s weapons are more computerized and networked than ever before, so it’s no surprise that there are more opportunities for attacks. Yet until… Continue Reading

Law firms can learn from other industries’ missteps on cybersecurity awareness and prevention

ABA Journal – “Equifax. Yahoo. Anthem. Sony. In the past few years, these companies experienced some of the most significant data breaches to date. And all of these companies found themselves subject to intense worldwide media coverage over their failure to secure their information. The industries affected—from health care to entertainment—know all too well that… Continue Reading

Google+ shutting down after belated news of consumer data breach

Google Blog: “Many third-party apps, services and websites build on top of our various services to improve everyone’s phones, working life, and online experience. We strongly support this active ecosystem. But increasingly, its success depends on users knowing that their data is secure, and on developers having clear rules of the road. Over the years… Continue Reading

Voice Phishing Scams Are Getting More Clever

Krebs on Security: “Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again:… Continue Reading

Voting Machine Used in Half of U.S. Is Vulnerable to Attack, Report Finds

WSJ [paywall]- The flaw in Election Systems & Software’s Model 650 high-speed ballot-counting machine was detailed in 2007 “Election machines used in more than half of U.S. states carry a flaw disclosed more than a decade ago that makes them vulnerable to a cyberattack, according to a report to be delivered Thursday on Capitol Hill.… Continue Reading