This week in InfoSec reminds us of the conscience of a hacker Rant of the Week is a rare privacy snafu from Google Billy Big Balls has China asking “are we the baddies?” Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week something wonderfully British
This week in InfoSec (08:45)
With content liberated from the “today in infosec” twitter account and further afield
25th September 1986: "The Hacker Manifesto" was published by The Mentor (Loyd Blankenship) in issue 7 of the hacker zine Phrack. It was originally titled "The Conscience of a Hacker".
https://twitter.com/todayininfosec/status/1706364950623515017
26th September 1988: Time Magazine published the article "Technology: Invasion of the Data Snatchers - A 'virus' epidemic strikes terror in the computer world". The 9 page article is an interesting glimpse into the state of malware risk, response, and fears 35 years ago.
Technology: Invasion of the Data Snatchers
https://twitter.com/todayininfosec/status/1706690706863952278
Rant of the Week (13:54)
After failing at privacy, again, Google is working to keep Bard chats out of Search
Google's Bard chatbot is currently being re-educated to better understand privacy.
In July, Bard gained the ability to share conversations with other people using a unique public link. Unfortunately, Google Search has indexed those shared links, making them more widely available and discoverable than Bard patrons might expect.
[Open the story and read from there - it’s much easier 🙂]
At least such oversights don't happen all that often at Google, which has a 33-page privacy policy [PDF] detailing how much the company values user privacy. Apart from an $100 million biometric privacy settlement with Illinois in April 2022, an $85 million location data settlement with Arizona in October 2022, a $391.5 million privacy settlement in November 2022 with a 40-state coalition of Attorneys General, and $29.5 million to settle location tracking claims in Indiana and Washington DC, you have to back all the way to 2019 – when the FTC settled with Google and YouTube for gathering kids info without consent – to find substantive privacy issues at the 25-year-old search advertising biz.
Frankly, the presence of Bard chats in Google Search barely rates on a list of text ads giant's greatest privacy misses, which includes Street View cars collecting sensitive data from Wi-Fi networks and combining its ad data with Google user's personal data.
Billy Big Balls of the Week (22:46)
China's national security minister rates fake news among most pressing cyber threats
This story in a meme:
Chinese minister for national security Chen Yixin has penned an article rating the digital risks his country faces and rated network security incidents as the most realistic source of harm to the Chinternet – both in terms of attacks and the dissemination of fake news.
The new article reiterates Xi Jinping's thoughts on network and cyber power, which boil down to a recognition of the internet's central role in almost all aspects of modern life and the subsequent need for security and governance.
In China governance includes restrictions on free speech and detection and deletion of information felt to be incorrect. Or as minister Chen put it, after machine translation: "The internet has increasingly become the source, conductor, and amplifier of various risks. A small incident can become a whirlpool of public opinion. Some rumours can easily turn a 'storm in a teacup' into a 'tornado' in real society."
Chen's article rates "increasingly fierce competition between great powers in cyberspace" as the most significant competitive threat China faces in the digital domain. He accused rivals of using "so-called 'risk removal' as an excuse and using ideology as a standard to create technology 'small circles' such as 'Clean Network' and 'Chip Alliance,' and even expanded the use of policy tools such as export controls, security reviews, and restricted exchanges."
The minister argues such initiatives are motivated by other nations' desire to cement technology leadership positions and build monopolies, rather than genuine concerns.
Industry News (30:07)
UK-US Confirm Agreement for Personal Data Transfers
US Government IT Staffer Arrested on Espionage Charges
Half of Cyber-Attacks Go Unreported
NCSC Launches Cyber Incident Exercise Scheme
Attacks on European Financial Services Double in a Year
Regulator Warns Breaches Can Cost Lives
US and Japan Warn of Chinese Router Attacks
US Lawmaker: Government Shutdown Will Leave Americans Exposed to Cyber-Attacks
Booking.com Customers Targeted in Major Phishing Campaign
Tweet of the Week (37:51)
https://twitter.com/SoVeryBritish/status/1707463344016306453