Police in Alberta don’t need a court order to get an external IP address from a service provider in trying to identify an internet user, according to a recent Calgary judicial ruling. The decision is a first in Canadian privacy law. The precedent applies for now only in Alberta but it will be cited in other courts across the country and could be persuasive if the facts in other cases are similar. If upheld in other provinces or by the Supreme Court, organizations across the country — including social media platforms, content providers and websites — may have to turn over IP addresses without court orders. The pre-trial hearing involved the way Calgary police tracked down and charged a man with 33 counts of possessing and using other people’s credit cards and personal identification to fraudulently buy goods with virtual gift cards.
Dasha Metropolitansky and Kian Attari, two students at the Harvard John A. Paulson School of Engineering and Applied Sciences, recently built a tool that combs through vast troves of consumer datasets exposed from breaches for a class paper they’ve yet to publish. “The program takes in a list of personally identifiable information, such as a list of emails or usernames, and searches across the leaks for all the credential data it can find for each person,” Attari said in a press release. They told Motherboard their tool analyzed thousands of datasets from data scandals ranging from the 2015 hack of Experian, to the hacks and breaches that have plagued services from MyHeritage to porn websites. Despite many of these datasets containing “anonymized” data, the students say that identifying actual users wasn’t all that difficult.
A security researcher hunting for bug bounties discovered last month that a cryptocurrency-mining botnet had found a home and burrowed inside a web server operated by the US Department of Defense (DOD). The issue was discovered and reported via the DOD’s official bug bounty program by Indian security researcher Nitesh Surana. Initially, the bug report was filed in relation to a misconfigured Jenkins automation server running on an Amazon Web Services (AWS) server associated with a DOD domain. Surana discovered that anyone could access the Jenkins server without login credentials.
ZeroHedge has been permanently suspended from Twitter following a complaint stemming from an article that suggested a Chinese scientist was linked to the creation of the new coronavirus strain as a bioweapon. The financial markets news website was the subject of a recent Buzzfeed report which examined the article — still online at the time of writing — which connected a Wuhan-based scientist to the virus. ZeroHedge claimed, without evidence, that the scientist was involved in the development of the “weaponized” coronavirus strain.
Last month, a brigade of U.S. soldiers deployed to the Middle East received instructions from their superiors to use two commercial encrypted messaging applications, Signal and Wickr, on their government issued cell phones. These leadership cues trickled down from the Department of Defense’s (DoD) position that strong encryption is critical to national security. While U.S. Attorney General William Barr continues to push for a broad mandate for backdoors for law enforcement, those on the front lines of protecting America have notably decided on a different approach. Simply put, weakening encryption means putting our military service members at risk.
Painful hypodermic needles may not be needed in the future to give shots, inject drugs and get blood samples. With 4D printing, Rutgers engineers have created tiny needles that mimic parasites that attach to skin and could replace hypodermic needles, according to a study in the journal Advanced Functional Materials. While 3D printing builds objects layer by layer, 4D goes further with smart materials that are programmed to change shape after printing. Time is the fourth dimension that allows materials to morph into new shapes.
Cybereason, a provider of endpoint protection software, today disclosed that it discovered a malware campaign that has been leveraging Bitbucket repositories from Atlassian to launch cyberattacks. Assaf Dahan, senior director for threat research at Cyberseason, said the repositories have been taken offline since first being discovered last month by Atlassian. However, Dahan noted this is only the latest example of public software repositories such as Google Drive or GitHub that are trusted by many individuals being employed to distribute malware. Cybercriminals are employing these repositories because it’s unlikely they will get blacklisted, he said.
While the number of traffic accident fatalities in the US is thankfully decreasing, there were more cyclist and pedestrian deaths on the roads in 2018, the most recent year for which NHTSA data is available. There were 51 more cyclist deaths that year than in 2017, a rise of 6.3 percent. A recent European Transport Safety Council report, meanwhile, determined that 19,450 cyclists died on EU roads between 2010 and 2018. To bolster road safety, Ford came up with a way to help cyclists communicate: a jacket that displays emoji. The prototype has an LED display on the rear that’s linked to a wireless remote attached to the handlebars. A cyclist might use it to display turn signals or a hazard symbol. They could also indicate their general mood: happy, sad or somewhere in between.
Tens of thousands of Brazilian soccer fans have been exposed as a publicly-accessible cloud storage bucket leaked several gigabytes of data with sensitive information stretching back several years. The leaky S3 bucket, investigated exclusively by ZDNet in partnership with Brazilian cybersecurity news website The Hack, was owned by Futebol Card, an online ticketing company that also provides member and loyalty program management systems to a number of major soccer clubs. Personal data belonging to supporters of a number of Brazilian organizations was involved in the incident, but the vast majority of the individuals exposed are fans of São Paulo-based soccer team Palmeiras, one of the country’s most popular and successful Brazilian clubs, with around 18 million supporters nationwide.
Academics from Israel have detailed and demoed a new method for stealing data from air-gapped computers. The method relies on making small tweaks to an LCD screen’s brightness settings. The tweaks are imperceptible to the human eye, but can be detected and extracted from video feeds using algorithmical methods. This article describes this innovative new method of stealing data, but readers should be aware from the start that this attack is not something that regular users should worry about, and are highly unlikely to ever encounter it. Named BRIGHTNESS, the attack was designed for air-gapped setups — where computers are kept on a separate network with no internet access.
Even though California’s landmark privacy law only took effect on Jan. 1, it is already being cited in data breach lawsuits. Salesforce.com and Hanna Andersson—a children’s clothing company—are facing data breach allegations in one of the first class action lawsuits to directly involve the CCPA. According to the complaint filed in the U.S. District Court for the Northern District of California (Barnes v. Hanna Andersson, LLC, N.D. Cal., No. 20-cv-00812), Salesforce and Hanna Andersson failed to protect user data, safeguard platforms, or provide cybersecurity warnings. These actions violated state laws including the California Consumer Privacy Act, plaintiff Bernadette Barnes claims.
The outbreak of Coronavirus in China is starting to affect the global technology industry, with reports that shipments of devices, such as graphics cards, are set to drop. That’s according to sources at companies like Asus, Foxconn and Gigabyte, who claim that first quarter shipments of motherboards and graphics cards have dropped by more than anticipated, according to Taiwanese industry newspaper Digitimes. They claim it is due to people in China avoiding public places, such as shops, as far as possible, while delivery and other services have also been affected.