Posted by Kevin on September 29, 2014.
The ITsecurity daily security briefing: Monday, September 29, 2014.
If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com.
With New Ad Platform, Facebook Opens Gates to Its Vault of User Data
“Facebook built itself into the No. 2 digital advertising platform in the world by analyzing the vast amount of data it had on each of its 1.3 billion users to sell individually targeted ads on its social network.
“Now it is going to take those targeted ads to the rest of the Internet, mounting its most direct challenge yet to Google, the leader in digital advertising with nearly one-third of the global market.
“On Monday, Facebook will roll out a rebuilt ad platform, called Atlas, that will allow marketers to tap its detailed knowledge of its users to direct ads to those people on thousands of other websites and mobile apps.”
New York Times:
Big brother’s little helper inside the European Commission
Access Now has obtained a document under FOIA that suggests that the US and the EU’s Home Affairs department colluded to weaken the European General Data Protection Regulation.
“It reveals how the Home Affairs department of the European Commission (DG Home) has been working alongside the U.S. administration during the early stages of the privacy reform effort.
“The email is between staff working at the NTIA of the Department of Commerce. The email makes reference to the drafting of one of the lobby documents the Obama administration produced to influence the outcome of the data protection reform package (read EDRi’s analysis on the paper here). This is one of the many documents which likely contributed to a diluting of the Data Protection Regulation even before the proposal had been made public.”
Palo Alto’s missing news item
Palo Alto published its Palo Alto Networks News of the Week – September 27 on Saturday. It mostly talks about where they’ve been and where they’re going. But there’s one little bit of news they forgot: “Palo Alto Networks Inc’s flagship next-generation security firewall ranks as the least effective in a new test of such equipment by NSS Labs… NSS Chief Executive Officer Vikram Phatak said that Palo Alto had issued two major revisions to its firewall operating system since the last test. ‘They broke something in the process,’ he said.”
EU to accuse Apple of taking illegal tax aid from Ireland
“The European Union will accuse Apple of taking illegal aid from the Irish state through sweetheart tax deals over two decades, the Financial Times reported on Monday.
“A European Commission investigation into Apple’s tax affairs in Ireland, where it has a rate of less than 2%, has found that the company benefited from illegal state aid, the newspaper reported, citing sources close to the matter.
“Ireland is favoured as a European base by several major companies including Amazon, Facebook, PayPal and Twitter.
Deutsche Post DHL to Deliver Medicine Via Drone
“Deutsche Post DPW.XE -0.04% DHL AG said it would use a drone to deliver medication to a German island in the North Sea, marking the first routine drone delivery to customers and another step in the rapid advancement of the technology.
“DHL said Wednesday that as part of a month-long feasibility project, it will start using unmanned aircraft this week to carry medicine from the harbor town of Norddeich, Germany, to the small island of Juist. Each day—depending on weather—the drone will fly autonomously on a preprogrammed seven-and-a-half-mile route, the first routine missions in Europe in which a drone will operate beyond the pilot’s eyesight, DHL said.”
Wall Street Journal:
California governor vetoes bill that would have limited police use of drones
“Democratic Gov. Jerry Brown on Sunday vetoed a bill that would have required law enforcement agencies to obtain warrants to use drones for surveillance.
Brown, in his veto message, said that although there may be some circumstances when a warrant is appropriate, the bill went too far.
“The measure appeared to impose restrictions on law enforcement that go beyond federal and state constitutional protections against unreasonable search and seizures and the right to privacy, the governor stated.
Tim Berners-Lee calls for internet bill of rights to ensure greater privacy
“The inventor of the world wide web has warned that the freedom of the internet is under threat by governments and corporations interested in controlling the web.
“Tim Berners-Lee, the British computer scientist who invented the web 25 years ago, called on Saturday for a bill of rights that would guarantee the independence of the internet and ensure users’ privacy.
“’If a company can control your access to the internet, if they can control which websites they go to, then they have tremendous control over your life,’ Berners-Lee said at the Web We Want festival on the future of the internet in London.”
Swedish human rights professor slams xenophobia in Sweden
There is a strong body of opinion that the US engineered first the revolution in Ukraine and then the installation of a ‘fascist’ regime. There is, however, very little reporting in the West discussing this view — rather the official view that Russia, not the West, is behaving belligerently is the standard reporting. In a new post on The Professor’s Blog, Prof. Marcello Ferrada de Noli warns that “the disinformation campaign at the Swedish SvT [state television] in support of the fascist junta in Ukraine continues unabated.”
The Professor’s Blog:
Organized crime exploiting the hidden internet
“The 2014 iOCTA (Internet Organised Crime Threat Assessment), published today by Europol’s European Cybercrime Centre (EC3), describes an increased commercialisation of cybercrime.
“A service-based criminal industry is developing, in which specialists in the virtual underground economy develop products and services for use by other criminals. This ‘Crime-as-a-Service’ business model drives innovation and sophistication, and provides access to a wide range of services that facilitate almost any type of cybercrime. The iOCTA report highlights that, as a consequence, entry barriers into cybercrime are being lowered, allowing those lacking technical expertise – including traditional organised crime groups – to venture into cybercrime by purchasing the skills and tools they lack.”
Lenovo Set to Close Acquisition of IBM’s x86 Server Business
“Lenovo (HKSE: 992) (ADR: LNVGY) and IBM (NYSE: IBM) announced today that conditions for Lenovo’s acquisition of IBM’s x86 server business have been satisfied and the parties anticipate they will begin closing the transaction effective on October 1, 2014. The acquisition will make Lenovo the third-largest player in the $42.1 billion global x86 server market.[i]
“Lenovo is acquiring System x, BladeCenter and Flex System blade servers and switches, x86-based Flex integrated systems, NeXtScale and iDataPlex servers and associated software, blade networking and maintenance operations. IBM will retain its System z mainframes, Power Systems, Storage Systems, Power-based Flex servers, PureApplication and PureData appliances.”
FBI Warns of Hacktivist Threats Following U.S. Airstrikes in Iraq and Syria
“The FBI Cyber Division has issued a notification to private industry and law enforcement to be aware of the potential for retaliatory cyber attacks following recent U.S. military actions in the Middle East. While the FBI has “no information at this time to indicate specific cyber threats to US networks or infrastructure in response to ongoing US military air strikes against the terrorist group known as the Islamic State of Iraq and the Levant (ISIL)” the bulletin states that the FBI believes that “extremist hackers and hacktivist groups, including but not limited to those aligned with the ISIL ideology, will continue to threaten and may attempt offensive cyber actions against the United States in response to perceived or actual US military operations in Iraq or Syria.”
NSA scam alert
The NSA issued the following warning on Friday:
“The NSA/CSS is aware of a computer malware scam using the NSA/CSS seals and banner. Victims of this malware report that a pop-up or a locked Internet browser alerts them that they have violated the law and/or are being monitored. The scam may also request that victims pay a fine. This activity and the associated alerts have no affiliation to the federal government, NSA included, and no money should be paid to the scammers. Victims should consult a computer professional on how to address the computer infection.”