AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/19/2020

Amazon owes answers on facial recognition moratorium, lawmaker says

Amazon’s move to stop providing facial recognition to law enforcement until June 2021 has left more questions than answers. The company’s announcement, limited to 102 words in a blog post, left out a lot of details on what the moratorium actually means, and a House representative is demanding answers from Amazon founder Jeff Bezos. In a letter sent to Bezos and Amazon on Wednesday, Rep. Jimmy Gomez, is asking the company to provide specific details on its moratorium, like if the pause applies to federal law enforcement agencies such as Immigration and Customs Enforcement, and if Amazon would stop developing facial recognition during that time. 


NBA restart plan includes using Oura rings to catch COVID-19 symptoms

While the NBA continues to move toward restarting its season with players and other personnel isolated at Walt Disney World in Orlando, details of how it hopes to manage the people on site are leaking out. According to Shams Charania of The Athletic, the specifics were laid out in an informational memo dubbed “Life inside the Bubble,” that described testing plans, quarantine protocols and more. The part that’s specifically interesting to us — other than players only lounges with NBA 2K and bracelets that beep if people are within sx feet of each other for too long — is its proposed use of Oura’s smart rings. Earlier this month, study results from West Virginia University’s Rockefeller Neuroscience Institute suggested that physiological data from the rings, combined in its digital platform with information obtained from wearers via in-app surveys, can “forecast and predict the onset of COVID-19 related symptoms” three days in advance, with 90 percent accuracy.


Team Telecom Recommends that the FCC Deny Pacific Light Cable Network System’s Hong Kong Undersea Cable Connection to the United States

Team Telecom, which is formally known as the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (or the Committee), further recommended that the FCC grant the portions of PLCN’s application seeking to connect the United States, Taiwan, and the Philippines, which do not have any People’s Republic of China (PRC) based ownership and are separately owned and controlled by subsidiaries of Google LLC and Facebook, Inc., on the condition that the companies’ subsidiaries enter into mitigation agreements for those respective connections. 


T-Mobile offers an explanation for its twelve-hour outage on Monday

On Monday T-Mobile’s voice and text messaging services were down all evening, with the outage stretching for over twelve hours. Now, its President of Technology Neville Ray has given some explanations of what happened and what the company says it’s doing to keep it from happening again. Contrary to reports from some Twitter accounts or trending hashtags, the company didn’t cite any DDoS attack or other nefarious behavior as a reason for the problem. Specifically, a fiber circuit owned by another provider somewhere in the southeastern US failed, and their redundant features that were supposed to help manage the situation instead created a traffic storm of their own that overwhelmed the capacity of their network that handles Voice-over-LTE (VoLTE) calls.


Massive spying on users of Google’s Chrome shows new security weakness

A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.  Alphabet Inc’s (GOOGL.O) Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month. “When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesman Scott Westover told Reuters.


In reversal, Zoom says all users will have access to end-to-end encryption

Zoom has decided it will be able to offer end-to-end encryption to both free and paid users after all, reversing a recent decision that would have limited the feature to paid users, company founder Eric S. Yuan announced Wednesday. “Since releasing the draft design of Zoom’s end-to-end encryption (E2EE) on May 22, we have engaged with civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, our own users, and others to gather their feedback on this feature. We have also explored new technologies to enable us to offer E2EE to all tiers of users,” Yuan writes in a company blog.

Related Posts