How safe are school records? Not very, says student security researcher

How safe are school records? Not very, says student security researcher

Among one of the more damaging issues Demirkapi found in Follett’s student information system was an improper access control vulnerability, which if exploited could have allowed an attacker to read and write to the central Aspen database and obtain any student’s data.

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

On June 24th after 90 days of waiting, the last day before the public disclosure deadline, I discovered that Zoom had only implemented the ‘quick fix’ solution originally suggested.

Reddit Commenter's Fight for Anonynmity Is a Win for Free Speech and Fair Use

Reddit Commenter's Fight for Anonynmity Is a Win for Free Speech and Fair Use

Accordingly, Watch Tower’s subpoena could not pass the well-established “Doe” test, which allows a party to use the courts to pierce anonymity only where they can show that their claims are valid and also that the balance of harms favors disclosure.

Detroit Police Used Cellphone Location Tracking Dozens Of Times In 2018

Detroit Police Used Cellphone Location Tracking Dozens Of Times In 2018

In October 2017, the Detroit Police Department (DPD) obtained a cell-site simulator, which is a type of surveillance technology that locates and tracks phones by mimicking cell phone towers.

The Challenges of Ethical Hacking – A Minefield of Legal and Ethical Woes

The Challenges of Ethical Hacking – A Minefield of Legal and Ethical Woes

Depending on the organization that you’re dealing with, responses can be as positive as interested engagement and proactively fixing an issue, to dismissive and uninterested, to actively hostile and ready to pursue legal action.

Pentagon Says All of Google’s Work on Drones Is Exempt From the Freedom of Information Act

Pentagon Says All of Google’s Work on Drones Is Exempt From the Freedom of Information Act

According to a Pentagon memo signed last year, however, no one at Google needed worry: All 5,000 pages of documents about Google’s work on the drone effort, known as Project Maven, are barred from public disclosure, because they constitute “critical infrastructure security information.”.

Data Breaches

Data Breaches

Stationary Device (STAT) Stationary computer loss (lost, inappropriately accessed, discarded or stolen computer or server not designed for mobility) Unintended Disclosure (DISC) Unintended disclosure (not involving hacking, intentional breach or physical loss – for example: sensitive information posted publicly, mishandled or sent to the wrong party via publishing online, sending in an email, sending in a mailing or sending via fax) Unknown

617 million stolen records up for sale on dark web

617 million stolen records up for sale on dark web

The Register says the number of accounts from the following websites are for sale on the dark web: “The biggest risk of targeted individual attacks against the victims, however, is probably already in the past: now the buyers will likely conduct large-scale phishing and malware campaigns without a high degree of sophistication,” predicts Kolochenko.

Parenting site Mumsnet hit by data breach

Parenting site Mumsnet hit by data breach

These are external links and will open in a new window These are external links and will open in a new window Image copyright Mumsnet Image caption Mumsnet founder Justine Roberts posted a lengthy explanation about the breach Parenting site Mumsnet has reported itself to the UK's data protection watchdog after an upgrade let some people see details of other accounts.

Thousands of industrial refrigerators can be remotely defrosted, thanks to default passwords

Thousands of industrial refrigerators can be remotely defrosted, thanks to default passwords

More than 7,000 vulnerable temperature controlled systems , manufactured by U.K.-based firm Resource Data Management, are accessible from the internet and can be controlled by simply plugging in its default password found in documentation on the company’s website, according to Noam Rotem, one of the security researchers who found the vulnerable systems.

LibreOffice patches malicious code-execution bug, Apache OpenOffice – wait for it, wait for it – doesn't

LibreOffice patches malicious code-execution bug, Apache OpenOffice – wait for it, wait for it – doesn't

After trying various approaches to exploit the vulnerability, Inführ found that he could rig the event to call a specific function within a Python file included with the Python interpreter that ships with LibreOffice.

Canadian Privacy Laws: A Primer

Canadian Privacy Laws: A Primer

The Act also applies to the Government’s collection, use and disclosure of personal information in the course of providing services.”[1] Personal Information Protection and Electronic Documents Act (the “PIPEDA“) and Provincial Privacy Acts: The PIPEDA and Provincial Privacy Acts set out “the ground rules for how private-sector organizations collect, use, and disclose personal information in the course of for-profit, commercial activities across Canada.

The Internet Is A Privacy Disaster. But We Still Don't Know How To Talk About It.

The Internet Is A Privacy Disaster. But We Still Don't Know How To Talk About It.

One of the most shocking claims revolved around Facebook partner contracts that allegedly allowed Netflix and Spotify to “ read, write, and delete users’ private messages .” This raucous parade of privacy missteps has stoked a growing collective outrage about tech companies playing fast and loose with personal information we have assumed they would properly secure and protect from misuse.

A thread written by @The3Million

A thread written by @The3Million

1/ The @ukhomeoffice is forcing every EU citizen applying for Settled Status to accept its Privacy policy that allows it to share all data with "public and private sector organisations in the UK and overseas".

D.C. Attorney General Sues Facebook

D.C. Attorney General Sues Facebook

The D.C. Attorney General filed a complaint against Facebook under the D.C. Consumer Protection Procedures Act, making D.C. the first U.S. jurisdiction to take action against the company for the mishandling of user data that led to Cambridge Analytica.

A new standard for government based data collection – PrivaSecTech

A new standard for government based data collection – PrivaSecTech

I would like to see every government organization publish whom they have shared personal information with. In summary, related to the specific case at hand, I feel that StatsCan like every other organization in Canada, including political parties, should be bound by privacy laws.

Fortnite Android App Vulnerable to Man-in-the-Disk Attacks

Fortnite Android App Vulnerable to Man-in-the-Disk Attacks

They refused, creating an unnecessary risk for Android users in order to score cheap PR points," Sweeney said on Twitter, referring to one of his engineers' request to Google to hold off from publishing for 90 days so Fortnite users could update their apps.

Telling the Truth About Defects in Technology Should Never, Ever, Ever Be Illegal. EVER.

Telling the Truth About Defects in Technology Should Never, Ever, Ever Be Illegal. EVER.

The worst of these actors use threats of invoking CFAA and DMCA 1201 to silence researchers altogether, so the first time you discover that you've been trusting a defective product is when it is so widely exploited by criminals and grifters that it's impossible to keep the problem from becoming widely known.