Equifax has lost the keys to the kingdom in the latest security breach.

Today, it came out that “Equifax Says Cyberattack May Have Affected 143 Million Customers” in the latest Equifax security breach. While the number alone falls well short of some other recent hacks, the potential for damage makes it even more serious than both Yahoo! breaches combined. The Yahoo! breaches were serious enough because password resets usually take place via email, but at least that requires the data thieves to work harder to get more information. Since Equifax has all credit data, including Social Security numbers, it is a one-stop shop for hackers. It is sufficient information for identity thieves to present to creditors, lenders and other service providers, to include information that identifies a person as the legitimate account holder.

“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

While there is no evidence that “core … reporting databases” were breached, the potential exists, and, as a result, Equifax has set up a website Cybersecurity Incident & Important Consumer Information where you can put in your last name and last six of your SSN to check whether or not you qualify for free credit monitoring.

Sadly, that falls far flat from a real solution, because once the information is out there, it is out there, and it can impact someone years from now. It really is time that companies that are negligent with personal identifying data be legally liable for their lack of safeguards.

 

Tim Berners-Lee on the Internet as a human right
Tim Berners-Lee on the Internet as a human right

I heard about the UK’s “Snooper Law” just the other day on Jupiter Broadcasting, and the most surprising part is that it “sailed through” parliament. Where is the uproaor?

Older But Geeky has a write-up on it in “UK Officially Gives Up Any Pretense That It Is Not George Orwell’s Nightmare Come True”.

Apparently, spying on all of your activities has become a priority for many “freedom loving” nations and forget about any notion of privacy. Do you still believe you live in a democracy?

“This snoopers charter has no place in a modern democracy – it undermines our fundamental rights online. The bulk collection of everyone’s internet browsing data is disproportionate, creates a security nightmare for the ISPs who must store the data – and rides roughshod over our right to privacy. Meanwhile, the bulk hacking powers in the Bill risk making the internet less safe for everyone.”

~ Sir Tim Berners-Lee, as quoted by the BBC News in “‘Snoopers law creates security nightmare’

spy silhouette

Technically, I would definitely call this “spyware” rather than the run-of-the-mill adware if the adware uploads screenshots!

A new adware has been discovered that performs a severe privacy breach by uploading a screenshot of the user’s active windows to a server under their control. This means that any info on the screen, whether it is a tax return, password manager, or corporate secrets is now available the adware company.

Source: Adware uploads Screenshot of your Active Windows without your Permission

[Re-blogged from The Guardian]

The law requires a balance between flexibility and tyranny, and was never intended to allow the government to dictate software design

All Writs Act: Congress wanted to give the government enough power to govern effectively, but also to set up limits so that the new government didn’t become a tyranny. Photograph: Nicholas Kamm/AFP/Getty Images

Apple’s celebrated fight with the FBI over the security of its encrypted iPhones has shone the spotlight on an old and obscure federal law from 1789 known as the All Writs Act (AWA).

The AWA is a short little statute, giving federal courts the power to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

The FBI argues that the AWA empowers a court to order Apple to create custom software to circumvent the security on an iPhone possessed by one of the San Bernadino shooting suspects.

Passed by the First Congress in 1789, this little law is a piece of Swiss Army knife legislation that the FBI is trying to turn into a giant sword, out of all proportion to what it is supposed to do. But if we want to make sense of the current security and privacy controversy pitting the FBI against the tech giant, it helps to understand what the AWA is and what its limits are.

Read more at The Guardian.