AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/26/2020

1 – Google denies claims that free school Chromebooks are illegally collecting student data

Google has branded claims made in a new lawsuit that free school Chromebooks are harvesting student information in violation of COPPA as “factually wrong.” The lawsuit, filed against the tech giant on Thursday by New Mexico Attorney General Hector Balderas, alleges that Google is illegally collecting data belonging to minors. According to the complaint (.PDF), Chromebooks offered to schools in the area for free — including G Suite for Education products and services including Gmail, Drive, Docs, and Sheets — are collecting personal information from children under 13 years of age.


2 – A weed dealer’s $59M lesson: Don’t hide Bitcoin keys with a fishing rod

This week, the Irish Times reported the sad tale of Clifton Collins, a 49-year-old cannabis grower from Dublin. Collins quietly grew and sold his product for 12 years, and he amassed a small fortune by using some of that revenue to buy bitcoins around 2011 and 2012 before the price of the cryptocurrency soared. But in 2017, state authorities on a routine overnight patrol spotted and then arrested Collins with an estimated $2,171 of cannabis in his car. The man quickly earned himself a five-year jail sentence. According to the Times: as part of authorities’ investigation, Ireland’s Criminal Assets Bureau discovered and confiscated 12 Bitcoin wallets belonging to Collins totaling nearly $59 million (reportedly the biggest financial case in CAB’s 25-year history). There was only one problem—CAB couldn’t access the accounts because Collins had lost the keys.


3 – FBI recommends passphrases over password complexity

For more than a decade now, security experts have had discussions about what’s the best way of choosing passwords for online accounts. There’s one camp that argues for password complexity by adding numbers, uppercase letters, and special characters, and then there’s the other camp, arguing for password length by making passwords longer. This week, in its weekly tech advice column known as Tech Tuesday, the FBI Portland office positioned itself on the side of longer passwords. “Instead of using a short, complex password that is hard to remember, consider using a longer passphrase,” the FBI said. “This involves combining multiple words into a long string of at least 15 characters,” it added. “The extra length of a passphrase makes it harder to crack while also making it easier for you to remember.”


4 – Firefox turns controversial new encryption on by default in the US

Starting today, Mozilla will turn on by default DNS over HTTPS (DoH) for Firefox users in the US, the company has announced. DoH is a new standard that encrypts a part of your internet traffic that’s typically sent over an unencrypted plain text connection, and which could allow others to see what websites you’re visiting, even when your communication with the website itself is encrypted using HTTPS. Mozilla says it is the first browser to support the new standard by default, and will be rolling it out gradually over the coming weeks in order to address any unforeseen issues. Whenever you type a website into your address bar, your browser needs to go through a process to convert it into an IP address using a DNS lookup. However, this traffic is normally not encrypted, meaning that it’s possible for others to see what websites you’re visiting. DoH is an attempt to encrypt this information to protect your privacy. Here’s a more in-depth explanation from Mozilla that explains it in detail.


5 – A security mishap left Remine wide open to hackers

Security is all too often focused on keeping hackers out and breaches at bay. But in the case of Remine,  a real estate intelligence startup, it left its doors wide open for anyone to run rampant. Remine is a little-known but major player in the real estate analytics and intelligence market. It works by collecting and mining vast amounts of real estate data — from public listings to privately obtained data from brokers and real estate agents from across the United States. The company, which last year raised $30 million in its Series A to help expand its real estate data and intelligence platform, claims it has data “on 150 million properties across all 50 states.”


6 – Samsung clarifies info on its data breach and the Find My Mobile notification

Samsung reached out to Android Authority regarding the Samsung data breach as described in the article below. It turns out that the data breach and the Find My Mobile notification are two separate problems. The Find My Mobile notification — in which users randomly saw a strange notification on their phone — was not the result of a data breach. According to the company, this was the result of a mistake during some internal testing. Samsung still hasn’t explained how users with the Find My Mobile app disabled saw the notification, though. Meanwhile, the UK version of Samsung.com did see a data breach.


7 – New Mozart Malware Gets Commands, Hides Traffic Using DNS

A new backdoor malware called Mozart is using the DNS protocol to communicate with remote attackers to evade detection by security software and intrusion detection systems. Typically when a malware phones home to receive commands that should be executed, it will do so over the HTTP/S protocols for ease of use and communication. Using HTTP/S communication to communicate, though, has its drawbacks as security software normally monitors this traffic for malicious activity. If detected, the security software will block the connection and the malware that performed the HTTP/S request.

Related Posts