Category: Tech

Why security experts were blindsided by the SolarWinds attack

Posted onAuthoradmin

The SolarWinds cyberattack on U.S. government agencies and private organizations was and is frightening in its scale and success. It proved no match for the government agencies charged with defending against such things, and brought into sharp focus the fact that the government’s current model for responding to cyberthreats is lacking. The Senate Intelligence Committee hosted some of the main players in the SolarWinds saga Tuesday for some soul-searching on how the government and private tech companies should work together to stop future attacks. Some of the main themes discussed in the hearing are likely to end up in new cybersecurity legislation this year, a Congressional source told me. SolarWinds is the name of the Texas-based company whose IT management software is used by many government agencies and large corporations. Back in March 2020, the attackers—widely thought to be employed by Russia’s Foreign Intelligence Service—first planted malware in the SolarWinds system that sends updates to all its clients. When government agencies installed the update, they installed the malware, too. The attack was finally reported in December 2020 by the private security firm FireEye, and then only because the firm discovered its own systems had been infected. The SolarWinds attack was novel, in that it targeted both government and private-sector entities, and for its use of a government supplier (SolarWinds) as a Trojan horse to gain access to government agency systems. The white hats (security good guys) were not ready for this roundabout way of attacking. During the hearing, SolarWinds CEO Sudhakar Ramakrishna said the security community knows how to defend against direct attacks on networks and spear-phishing attacks in which hackers pose as a trusted party and try to trick employees of the target company into giving up their network credentials. Security experts have less experience with attacks that exploit a private-sector supplier of software to the government to gain entry. It’s hard for the eventual target organization—in this case government agencies and corporations—to see that kind of attack coming. The attackers attached malware to an update to SolarWinds’ Orion software. When the company’s clients—18,000 of them—installed the update, they also installed the malware. The attackers are thought to have penetrated the systems of 100 private companies and 11 government agencies, including the Departments of State, Energy, Homeland Security, and Treasury, and the National Nuclear Security Administration Read More …

Fry’s is dead, and it’s taking part of Silicon Valley culture with it

Posted onAuthoradmin

Fry’s Electronics is dead. The chain of computer and consumer electronics superstores is closing its 31 remaining stores , thereby joining Circuit City, CompUSA, and my own beloved RadioShack among the once-mighty retailers of technology products that went into decline and finally collapsed. If you live in one of the 41 states that didn’t have a Fry’s, or you don’t consider yourself much of a nerd, this news might mean nothing to you. But for some of us, Fry’s demise—though inevitable—is a shock. (Happily, Micro Center, another venerable chain skewing more to the eastern half of the U.S., is still with us .) Fry’s eventually had locations as eastward as Indiana, but it began in the Bay Area in 1985, where it was cofounded by three brothers whose father had sold his grocery empire (also called Fry’s ) and given them some of the proceeds Read More …

This new digital rights report flunks the tech giants

Posted onAuthoradmin

A new report on the human-rights policies of 26 tech and telecom firms around the world delivers a harsh verdict: From Alibaba to Vodafone, they all get an F. The 2020 Ranking Digital Rights Corporate Accountability Index , as previewed in advance of its Wednesday posting, blames this collective failure to get “even close to earning a passing grade” on widespread opacity among these firms in how they analyze, promote, and demote the speech of their customers for marketing, advertising, and content-moderation purposes. That focus on the uses and abuses of algorithms was the major new addition to this corporate scorecard from Ranking Digital Rights (RDR), a project founded by longtime digital-human-rights advocate Rebecca MacKinnon and housed at the nonprofit New America in Washington. Founded with a Knight News Challenge grant and since underwritten by foundation grants and State-Department funding, RDR has graded the policies of tech and telecom companies worldwide since 2015. RDR has yet to hand out a score better than 65 out of 100 (to Google , in 2015 and 2017 ; it’s down to 48 this year). In the new report, Twitter’s score—just 53–was the highest of any company. The report credits Twitter with transparency in such areas as its content-moderation decisions, ad-targeting operations, and government demands that it remove users’ posts. Amazon is way behind its peers in the U.S.” Ellery Biddle, Ranking Digital Rights But the report also knocks the company for not shedding the same light on security practices. In particular, it calls for more disclosure of how Twitter controls employee access to user data, citing Twitter insiders caught spying on Saudi dissidents in 2019 and the July 2020 breach that saw such boldface-name accounts as those of Elon Musk and Jeff Bezos hacked to push a Bitcoin scam . Bezos’ own firm Amazon, meanwhile, lands at the bottom of RDR’s digital-platforms list with a score of 20—below even the Chinese e-commerce firm Alibaba, the other company the group added to its 2020 list. The report raps Amazon for disclosing so much less than other U.S. firms about its marketing uses of customer data, its oversight of products in its online store, its rules for use of its of its AWS hosting service , and its responses to government demands for customer information. Amazon’s transparency reports have been skimpier than those of other tech giants for years. The latest runs all of three pages and does not itemize requests for data from Alexa devices Read More …

These states are on track to pass data privacy laws this year

Posted onAuthoradmin

Over the last decade there has been a reckoning over how digital companies collect personal data, what they do with it, and whether or not they’re capable of protecting it. Online data collection is still not regulated at the federal level in the U.S. But states are slowly embracing policies to ensure that digital companies protect their users—or at least introduce more transparency. Illinois led the way in 2008 with the Biometric Information Privacy Act, a law that lets Illinois residents sue companies that collect their biometric data (face scans, fingerprints, etc.) without their consent. After Europe passed the General Data Protection Regulation in 2016, which entitles people to obtain any data collected on them and have their records deleted, California decided to use it as a framework for its own law. Two years later it introduced its version of the GDPR, called the California Consumer Privacy Act . California has since passed an amendment , called the California Privacy Rights Act, that clarifies the original law and adds a governing body called the California Privacy Protection Agency that can bring action against violators. Read More …

5 hidden Google gems you aren’t using—yet

Posted onAuthoradmin

For a tool most of us use every day to find stuff on the web, Google has more than a few helpful tricks up its sleeve that aren’t super apparent unless you know where to look. Here are a few I’ve found recently that have saved me countless clicks, spared me visits to garishly designed apps, and generally made things a little less complicated. Order up some food There are enough food-ordering services out there that you might starve before flipping through them all to find something you want. Instead, just navigate to orderfood.google.com , and you’ll be presented with a map of nearby restaurants that offer pickup and delivery. Google pulls in listings from popular apps and services and lets you browse by category if you’re in the mood for a particular style of food. Once you’re ready to order, you can do so via a clean, easy, very Google-like interface instead of being shuttled off to a third-party app or site Read More …