Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

Alexa and Google Home abused to eavesdrop and phish passwords

ars technica – Amazon- and Google-approved apps turned both voice-controlled devices into “smart spies”. – “By now, the privacy threats posed by Amazon Alexa and Google Home are common knowledge. Workers for both companies routinely listen to audio of users—recordings of which can be kept forever—and the sounds the devices capture can be used in criminal trials. Now, there’s a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn’t just theoretical. Whitehat hackers at Germany’s Security Research Labs developed eight apps—four Alexa “skills” and four Google Home “actions”—that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. Behind the scenes, these “smart spies,” as the researchers call them, surreptitiously eavesdropped on users and phished for their passwords…”

Equifax used ‘admin’ as username and password for sensitive data: lawsuit

Yahoo Finance: “Equifax used the word “admin” as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia. The ongoing lawsuit, filed after the breach, went viral on Twitter Friday after Buzzfeed reporter Jane Lytvynenko came across the detail. “Equifax… Continue Reading

How Amazon.com moved into the business of U.S. elections

Reuters: “The expansion by Amazon Web Services into state and local elections has quietly gathered pace since the 2016 U.S. presidential vote. More than 40 states now use one or more of Amazon’s election offerings, according to a presentation given by an Amazon executive this year and seen by Reuters. So do America’s two main… Continue Reading

Germany’s cyber-security agency recommends Firefox as most secure browser

ZDNet – “Firefox is the only browser that received top marks in a recent audit carried out by Germany’s cyber-security agency — the German Federal Office for Information Security (or the Bundesamt für Sicherheit in der Informationstechnik — BSI). The BSI tested Mozilla Firefox 68 (ESR), Google Chrome 76, Microsoft Internet Explorer 11, and Microsoft Edge… Continue Reading

The Law & Politics of Cyberattack Attribution

Eichensehr, Kristen, The Law & Politics of Cyberattack Attribution (September 15, 2019). UCLA Law Review, Vol. 67, (2020, Forthcoming); UCLA School of Law, Public Law Research Paper No. 19-36. Available at SSRN: https://ssrn.com/abstract=3453804 “Attribution of cyberattacks requires identifying those responsible for bad acts, prominently including states, and accurate attribution is a crucial predicate in contexts… Continue Reading

What Your Personal Information is Worth to Cybercriminals

Bleeping Computer -“Cybercriminals have multiple markets to get illicit goods and prices on these underground forums are likely driven by supply and demand, just like in the legal economy. Offerings found on deep and dark web (DDW) markets include anything that can be monetized in one way or another. Common goods cover any financial information that… Continue Reading

Google new delete history feature is almost useless for privacy, experts warn

Follow up to October 15, 2019 posting – Google introducing auto-delete controls for your Location History and activity data – please note: Reclaim the Net: “It’s no secret for anyone that Google benefits from collecting and selling user data – this is a major part of their business whether we like it or not.  Whenever… Continue Reading

Oxford – A Report of Disinformation Initiatives

“This is the first report of the Oxford Technology and Elections Commission (OxTEC).  Written and researched by BBC Monitoring’s specialist Disinformation Team, the report investigates fake news landscapes around the world and analyses a range of measures adopted by governments to combat disinformation. The analysis provides geopolitical context with timely, relevant examples from 19 countries… Continue Reading

Americans and Digital Knowledge

“A majority of U.S. adults can answer fewer than half the questions correctly on a digital knowledge quiz, and many struggle with certain cybersecurity and privacy questions. A new Pew Research Center survey finds that Americans’ understanding of technology-related issues varies greatly depending on the topic, term or concept. While a majority of U.S. adults… Continue Reading

New Cybersecurity and Privacy Law in NY Affects Employers in NY and Beyond

JDSupra – Pillsbury – “The SHIELD Act will impose substantial new obligations on any employer with an employee residing in New York State, as well as on many employers across the country that conduct online hiring. TAKEAWAYS Regardless of their location or size, employers that receive, collect or otherwise possess private information about New York… Continue Reading

Senate Intel Cmte Releases Bipartisan Report on Russia’s Use of Social Media

“Today, Senate Select Committee on Intelligence Chairman Richard Burr (R-NC) and Vice Chairman Mark Warner (D-VA) released a new report titled, “Russia’s Use of Social Media.” It is the second volume released in the Committee’s bipartisan investigation into Russia’s attempts to interfere with the 2016 U.S. election. The new report examines Russia’s efforts to use… Continue Reading