Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

File-Sharing Software on State Election Servers Could Expose Them to Intruders

ProPublica: A ProPublica analysis found election computer servers in Wisconsin and Kentucky could be susceptible to hacking. Wisconsin shut down its service in response to our inquiries.

“As recently as Monday [October 29,2018], computer servers that powered Kentucky’s online voter registration and Wisconsin’s reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password. The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky’s was accessible from other Eastern European countries. The service, known as FTP, provides public access to files — sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a server’s operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives. Officials in both states said that voter-registration data has not been compromised and that their states’ infrastructure was protected against infiltration. Still, Wisconsin said it turned off its FTP service following ProPublica’s inquiries. Kentucky left its password-free service running and said ProPublica didn’t understand its approach to security…”

Twitter now lets you report accounts that you suspect are bots

The Verge – Part of Twitter’s broader fake account crackdown: “Twitter has updated a portion of its reporting process, specifically when you report a tweet that you think might be coming from a bot or a fake account masquerading as someone or something else. Now, when you tap the “it’s suspicious or spam” option under… Continue Reading

Americans Are Easy Marks for Russian Trolls, According to New Data

A Daily Beast analysis of Twitter data shows the Kremlin troll farm’s English-language propaganda is nine times more effective than its disinformation in Russian: “You don’t need to read the federal indictments to spot the moment Russia began targeting the United States with its army of internet trolls. Just chart the American flag emoji. Best… Continue Reading

ABA ethics opinion offers guidance on data breaches

ABA Journal: “Lawyers have to safeguard client data and notify clients of a data breach, and the ABA Standing Committee on Ethics and Professional Responsibility has issued a formal opinion that reaffirms that duty. In Formal Opinion 483, issued Tuesday, the standing committee also provided new guidance to help attorneys take reasonable steps to meet… Continue Reading

Study – Almost 9 in 10 Android Apps Are Able To Share Data With Google

Third Party Tracking in the Mobile Ecosystem. Reuben Binns, Ulrik Lyngs, Max Van Kleek, Jun Zhao, Timothy Libert, Nigel Shadbolt. 18 October 2018. “Third party tracking allows companies to identify users and track their behaviour across multiple digital services. This paper presents an empirical study of the prevalence of third-party trackers on 959,000 apps from… Continue Reading

Eliminating Tech Tribalism Surveying IT Collaboration in State and Local Government

Route Fifty Report: “With government technology increasingly a team sport, Route Fifty partnered with the National Association of State Chief Information Officers to see how government leaders perceive collaborating across state and local agencies and jurisdictions. Our hope is by getting a pulse on the perceived opportunities for—and barriers to—partnerships, government leaders at all levels… Continue Reading

Apple Launches Portal for U.S. Users to Download Their Data

The Verge: “Starting on Wednesday [October 17, 2018], Apple will allow US users to download all of their data from the company, following a GDPR-mandated feature for EU citizens that launched in May. The download tool is accessible from the company’s Data and Privacy page, and it encompasses device-syncing data like iCloud bookmarks as well… Continue Reading

FBI Releases Article on Defending Against Payroll Phishing Scams

US-CERT: “The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own… Continue Reading

From Canada to Argentina, Security Researchers Have Rights—Our New Report

“EFF is introducing a new Coders’ Rights project to connect the work of security research with the fundamental rights of its practitioners throughout the Americas. The project seeks to support the right of free expression that lies at the heart of researchers’ creations and use of computer code to examine computer systems, and relay their… Continue Reading

‘Do Not Track,’ the Privacy Tool Used by Millions of People, Doesn’t Do Anything

Gizmodo: “When you go into the privacy settings on your browser, there’s a little option there to turn on the “Do Not Track” function, which will send an invisible request on your behalf to all the websites you visit telling them not to track you. A reasonable person might think that enabling it will stop… Continue Reading

Slack Doesn’t Have End-to-End Encryption Because Your Boss Doesn’t Want It

Motherboard: A former Slack employee and the company’s current chief information security officer say that Slack’s paying customers aren’t that interested in end-to-end encryption. “End-to-end encryption—where keys are stored on individual devices by users, meaning only the intended recipients can read message content—is continuing to spread across messaging platforms. But work communication service Slack has… Continue Reading

New on LLRX for September and part of October

If you are not checking in on Pete’s weekly column on cyber security issues and privacy on LLRX – please take some time to read about what you are missing! Privacy and security issues impact every aspect of our lives – home, work, travel, education, healthcare and medical issues, to name but a few. On… Continue Reading