A Review of the Best News of the Week on Identity Management & Web Fraud
How Big Companies Buy Credit Card Data on Millions of Americans (VICE, Feb 19 2020)
Yodlee, America’s largest financial data broker, says the data it sells it is anonymous. A confidential document obtained by Motherboard shows people could be unmasked in the data.
500 Chrome extensions secretly uploaded private data from millions of users (Ars Technica, Feb 13 2020)
Extensions were part of a long-running ad-fraud and malvertising network.
UCLA Abandons Plans to Use Facial Recognition After Backlash (VICE, Feb 19 2020)
“Let this be a lesson to other school administrators: if you try to experiment on your campus with racist, invasive surveillance technology, we will come for you. And we don’t lose.”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Big Telecom Say It Has First Amendment Right to Sell Your Private Data (VICE, Feb 19 2020)
ISPs say that a law requiring users to opt-in to having their location and financial data sold is a ‘burdensome restriction’ on their ‘protected speech.’
Puerto Rico Government Loses $2.6m in Phishing Scam (, Feb 13 2020)
Puerto Rico’s government conned out of $2.6m in an email phishing scam
Google forced to reveal anonymous reviewer’s details (Naked Security – Sophos, Feb 17 2020)
A court has forced Google to reveal the details of an anonymous poster who published an unpalatable review of a dentist.
Ring and Nest helped normalize American surveillance and turned us into a nation of voyeurs (Washington Post, Feb 18 2020)
People who own Ring, Nest and other Web-connected cameras say they’ve reshaped their daily awareness around what’s going on at home. But all that added vigilance has come at a surprising cost.
Ring makes 2FA mandatory to keep hackers out of your doorbell account (Naked Security – Sophos, Feb 20 2020)
Amazon is following Google’s lead by forcing all users to use two-factor authentication when logging into their Ring accounts.
Employees aware of privacy risks, but unsure of how they affect the workplace (Help Net Security, Feb 13 2020)
62 percent of employees are unsure if their organization has to comply with the recently-enacted CCPA, which gives California residents enhanced consumer data privacy rights, according to a survey of more than 1,000 employees conducted by Osterman Research.
California Police Have Been Illegally Sharing License Plate Reader Data (VICE, Feb 13 2020)
A major audit found that California cops shared data on the movements of millions of drivers, disregarding state laws about automatic license plate readers.
Pay Up, Or We’ll Make Google Ban Your Ads (Krebs on Security, Feb 17 2020)
A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.
Personal Data of 144K Canadians Breached by Federal Government (Infosecurity Magazine, Feb 17 2020)
Federal departments and agencies mishandled the data of at least 144K Canadians over the past two years
ISPs sue Maine, claim Web-privacy law violates their free-speech rights (Ars Technica, Feb 18 2020)
Law says ISPs need opt-in consent before using or sharing Web-browsing history.
OpenSSH eases admin hassles with FIDO U2F token support (Naked Security – Sophos, Feb 19 2020)
OpenSSH version 8.2 is out and the big news is that the world’s most popular remote management software now supports authentication using any FIDO (Fast Identity Online) U2F hardware token.
This Senate Bill Would Ban Federal Use of Facial Recognition (VICE, Feb 19 2020)
Jeff Merkley and Cory Booker have introduced a senate bill to place a moratorium until regulations are passed by Congress.
YouTube Gaming’s Most-Watched Videos Are Dominated by Scams and Cheats (Wired, Feb 18 2020)
YouTube is littered with bot-driven videos promising big in-game riches—that also try to steal your personal information.
Encoding Stolen Credit Card Data on Barcodes (Krebs on Security, Feb 18 2020)
“Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service, the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards. The scammers then pay for merchandise by instructing a cashier to scan the barcode and enter the expiration date and card security code.”
Zero-Factor Authentication: Owning Our Data (Dark Reading, Feb 19 2020)
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.