Collaborate Disseminate
The Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business.
Continue reading Justice Department Indicts Tech CEO for Falsifying Security Certifications
Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies:
From CNN:
In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” according to the AG’s statement.
General Motors sold this information to several other companies, including to at least two companies for the purpose of generating “Driving Scores” about GM’s customers, the AG alleged. The suit said those two companies then sold these scores to insurance companies…
Continue reading Texas Sues GM for Collecting Driving Data without Consent
The New York Times has a long story on the DarkSide ransomware gang.
A glimpse into DarkSide’s secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month.
DarkSide offers what is known as “ransomware as a service,” in which a malware developer charges a user fee to so-called affiliates like Woris, who may not have the technical skills to actually create ransomware but are still capable of breaking into a victim’s computer systems…
From an interview with an Amazon Web Services security engineer:
So when you use AWS, part of what you’re paying for is security.
Right; it’s part of what we sell. Let’s say a prospective customer comes to AWS. They say, “I like pay-as-you-go pricing…. Continue reading Amazon Has Trucks Filled with Hard Drives and an Armed Guard
Sunoo Park and Kendra Albert have published “A Researcher’s Guide to Some Legal Risks of Security Research.”
From a summary:
Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions (DMCA §1201), electronic privacy law (ECPA), and cryptography export controls, as well as broader legal areas such as contract and trade secret law.
Our Guide gives the most comprehensive presentation to date of this landscape of legal risks, with an eye to both legal and technical nuance. Aimed at researchers, the public, and technology lawyers alike, its aims both to provide pragmatic guidance to those navigating today’s uncertain legal landscape, and to provoke public debate towards future reform…
Peter Cao, writing at 9to5Mac, has penned a particularly interesting article, detailing Crowdfence, an Emirati based company, poised to garner beucoup dinero in the Windows, Android, iOS and macOS bug and exploitation marketplace, the legal marketplac… Continue reading Crowdfence, Bug and Exploit Mercantile