courts – Page 3 – WindowsTechs.com

Facebook Has No Idea What Data It Has

Posted on September 8, 2022 by Bruce Schneier

Facebook’s stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within. The hearing amounted to two high-ranking engineers at one of the most powerful and resource-flush engineering outfits in history describing their product as an unknowable machine…

Continue reading Facebook Has No Idea What Data It Has→

Twitter Used Two-Factor Login Details for Ad Targeting

Posted on June 9, 2022 by Bruce Schneier

Twitter was fined $150 million for using phone numbers and email addresses collected for two-factor authentication for ad targeting.
Continue reading Twitter Used Two-Factor Login Details for Ad Targeting→

The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking

Posted on May 24, 2022 by Bruce Schneier

Following a recent Supreme Court ruling, the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes:

The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services…

Continue reading The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking→

Hackers Using Fake Police Data Requests against Tech Companies

Posted on April 5, 2022 by Bruce Schneier

Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data.

Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

But in certain circumstances – such as a case involving imminent harm or death – an investigating authority may make what’s known as an Emergency Data Request (EDR), which largely bypasses any official review and does not require the requestor to supply any court-approved documents…

Continue reading Hackers Using Fake Police Data Requests against Tech Companies→

Merck Wins Insurance Lawsuit re NotPetya Attack

Posted on January 25, 2022 by Bruce Schneier

The insurance company Ace American has to pay for the losses:

On 6th December 2021, the New Jersey Superior Court granted partial summary judgment (attached) in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute.

Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software…

Continue reading Merck Wins Insurance Lawsuit re NotPetya Attack→

San Francisco Police Illegally Spying on Protesters

Posted on January 20, 2022 by Bruce Schneier

Last summer, the San Francisco police illegally used surveillance cameras at the George Floyd protests. The EFF is suing the police:

This surveillance invaded the privacy of protesters, targeted people of color, and chills and deters participation and organizing for future protests. The SFPD also violated San Francisco’s new Surveillance Technology Ordinance. It prohibits city agencies like the SFPD from acquiring, borrowing, or using surveillance technology, without prior approval from the city’s Board of Supervisors, following an open process that includes public participation. Here, the SFPD went through no such process before spying on protesters with this network of surveillance cameras…

Continue reading San Francisco Police Illegally Spying on Protesters→

Proposed UK Law Bans Default Passwords

Posted on November 26, 2021 by Bruce Schneier

Following California’s lead, a new UK law would ban default passwords in IoT devices.
Continue reading Proposed UK Law Bans Default Passwords→

Apple Sues NSO Group

Posted on November 24, 2021 by Bruce Schneier

Piling more on NSO Group’s legal troubles, Apple is suing it:

The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.

NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers.

More news:

Apple’s legal complaint provides new information on NSO Group’s FORCEDENTRY, an exploit for a now-patched vulnerability previously used to break into a victim’s Apple device and install the latest version of NSO Group’s spyware product, Pegasus. The exploit was originally identified by the Citizen Lab, a research group at the University of Toronto. …

Continue reading Apple Sues NSO Group→

Textbook Rental Scam

Posted on October 20, 2021 by Bruce Schneier

Here’s a story of someone who, with three compatriots, rented textbooks from Amazon and then sold them instead of returning them. They used gift cards and prepaid credit cards to buy the books, so there was no available balance when Amazon tried to charge them the buyout price for non-returned books. They also used various aliases and other tricks to bypass Amazon’s fifteen-book limit. In all, they stole 14,000 textbooks worth over $1.5 million.

The article doesn’t link to the indictment, so I don’t know how they were discovered.

… Continue reading Textbook Rental Scam→

Missouri Governor Doesn’t Understand Responsible Disclosure

Posted on October 18, 2021 by Bruce Schneier

The Missouri governor wants to prosecute the reporter who discovered a security vulnerability in a state’s website, and then reported it to the state.

The newspaper agreed to hold off publishing any story while the department fixed the problem and protected the private information of teachers around the state.

[…]

According to the Post-Dispatch, one of its reporters discovered the flaw in a web application allowing the public to search teacher certifications and credentials. No private information was publicly visible, but teacher Social Security numbers were contained in HTML source code of the pages…

Continue reading Missouri Governor Doesn’t Understand Responsible Disclosure→