Wednesday, June 16, 2021

This is how fast a password leaked on the web will be tested out by hackers

 

Grant me courage to serve others; for in service there is true life.
Separator icon
Cesar Chavez

Cesar Chavez spent his life fighting for the American workforce, and in particular Latin American farm workers. A civil rights activist and labor leader, he co-founded (along with Dolores Huerta) the National Farm Workers Association, which became the powerful United Farm Workers labor union. This line is part of a prayer Chavez wrote for farm workers in which he empathized with their struggle. He underlined the importance of serving others, writing "give me honesty and patience, so that I can work with other workers."


'Full of s---': Candidates warned not to fake Trump endorsement - POLITICO


Exclusive: Saudi assassins picked up illicit drugs in Cairo to kill Khashoggi





Fastly outage explained: How one customer broke Amazon, Reddit and the wider internet

CNET: “Tuesday [June 8, 2021] will be remembered as the day the internet broke — before swiftly being fixed again. Early in the morning, websites including Amazon, Reddit, Spotify, Ebay, Twitch, Pinterest and, unfortunately, CNET went offline due to a major outage at a service called Fastly. Everywhere you looked, there were 503 errors and people complaining they couldn’t access key services and news outlets. It all demonstrated just how much of the internet relies on this largely unheard-of cloud computing service. After an investigation into what happened, Fastly published a blog post into exactly what went down — and it turns out the whole incident was triggered by just a single, unnamed Fastly customer… Fastly is a cloud computing service provider, headquartered in San Francisco, that’s been around since 2011. In 2017, it launched an edge cloud platform designed to bring websites closer to the people who use them. Effectively this means that if you’re accessing a website hosted in another country, it will store some of that website closer to you so that there’s no need to waste bandwidth by going to fetch all of that website’s content from far away every time you need it. This makes for faster website load times, and optimizes images, videos and other high-payload content to show up quickly and smoothly when you land on a web page. Among the boasts on the company’s website, it says it made loading pages on Buzzfeed 50% faster and allowed The New York Times to simultaneously handle 2 million readers on election night. Edge computing also performs vital cybersecurity functions, protecting sites from DDoS attacks and bots, as well as providing a web application firewall…”

 

This is how fast a password leaked on the web will be tested out by hackers

ZDNet: “Half of accounts compromised in phishing attacks are manually accessed within 12 hours of the username and password being leaked, as cyber criminals look to exploit stolen credentials as quickly as possible. Cybersecurity researchers at Agari planted thousands of credentials – that were made to look like they belonged to real users, but were in fact of under the control of the researchers – onto websites and forums popular for dumping stolen usernames and passwords. The false credentials – seeded over the course of six months – were designed to look like compromised logins for well-known cloud software applications. Researchers found that the accounts are actively accessed within hours of the login credentials being posted online on phishing websites and forums…”



Tech Crunch: “A change to TikTok’s U.S. privacy policy on Wednesday [June 7, 2021] introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content. This includes things like “faceprints and voiceprints,” the policy explained. Reached for comment, TikTok could not confirm what product developments necessitated the addition of biometric data to its list of disclosures about the information it automatically collects from users, but said it would ask for consent in the case such data collection practices began. The biometric data collection details were introduced in the newly added section, “Image and Audio Information,” found under the heading of “Information we collect automatically” in the policy. This is the part of TikTok’s Privacy Policy that lists the types of data the app gathers from users, which was already fairly extensive…”




DOJ requested data on 73 phone numbers and 36 email addresses from Apple

  • CNN – “The Department of Justice sent a broad request in February 2018 to Apple as part of its investigation that collected data on members of Congress, staffers and their families. The department demanded metadata on 73 phone numbers and 36 email addresses from Apple, the company said Friday evening. Apple received the subpoena from the Justice Department on Feb. 6, 2018, but it contained no information about who the investigation was targeting or why, the company said. Apple also said determining who the targeted accounts belonged to would have required extensive research. A person familiar with the request said the subpoena requested information on the targeted accounts beginning with the inception of the accounts through the day of the subpoena. Apple said it limited the information it provided to metadata and account subscriber information and did not provide any content such as emails or pictures. While Apple says it would have normally informed customers, a nondisclosure order prevented it from doing so in this case, the company said…. “In this case, the subpoena, which was issued by a federal grand jury and included a nondisclosure order signed by a federal magistrate judge, provided no information on the nature of the investigation and it would have been virtually impossible for Apple to understand the intent of the desired information without digging through users’ accounts,” Apple said in the statement. “Consistent with the request, Apple limited the information it provided to account subscriber information and did not provide any content such as emails or pictures.” As with the subpoena sent to Apple, Microsoft was subject to a gag order, a company spokesperson said. The gag order was in effect for more than two years…”
  • The New York Times – In Leak Investigation, Tech Giants Are Caught Between Courts and Customers. “Apple, under fire for turning over the data of two lawmakers to the Trump Justice Dept., said it did so unknowingly, while Google fought a request for New York Times data because it related to a corporate client…”‘
  • The New York Times – Justice Dept. Watchdog to Investigate Seizure of Democrats’ Data Democratsdenounced the Trump administration’s seizure of lawmakers’ data as an abuse of power and called on Republicans to back the congressional inquiry.