STE WILLIAMS

Destructive attacks and disinformation will likely target the Summer Olympics in Tokyo, two groups of threat experts say.

Japan’s rivals in the Asia-Pacific region will likely target the nation with cyberattacks and disinformation during the coming Summer Olympics to be held in Tokyo this July, according to an assessment published by the Cyber Threat Alliance (CTA) on February 20.

Based on past attacks against the 2018 Olympics in Pyeongchang, South Korea, disruptive cyberattacks and distributed denial-of-service (DDoS) attacks are likely to target the Olympic Games’ infrastructure. In addition, attacks on organizations related to the games, such as the World Anti-Doping Agency (WADA), will likely precede the games as well, says Neil Jenkins, chief analytical officer for the CTA.

“The most concerning threats [are] disruptive cyberattacks and disinformation campaigns conducted by nation-state actors from Russia, North Korea, and China,” he says, adding that disinformation is a likely tactic as well. “Disinformation campaigns could use targeted data leaks to embarrass officials or participants and spread false narratives.”

The threat analysis underscores that the Olympic Games are not just an arena for athletic rivalries between nations. Political tensions also spill over to cyberattacks.

While online attacks were limited to fraud and hacktivism in the 2008, 2010, and 2012 Games, a 40-minute denial-of-service attack did target the Olympic Park’s power systems in 2012, with 10 million packets hitting the servers from 90 IP addresses, according to a RAND assessment of the threat to the 2020 Games.

“The Olympic Games are a target-rich environment, drawing athletes from more than 200 nations and worldwide media coverage,” RAND stated in its own assessment. “This high visibility makes the games a target for those seeking to cause politically motivated harm, enrich themselves through criminality, or embarrass the host nation on the international stage.”

Russian hackers will most likely attack the games, according to Jerry Ray, chief operating officer for enterprise data security firm SecureAge, which has an office in Tokyo. Between land disputes with Japan and its ongoing feud with WADA, Russia has not just the capability but the motivation to disrupt the Olympic Games in Tokyo.

“It’s only a matter of time before Russia takes action against WADA again,” Ray says. “These attacks will likely come via a combination of data leaks and disinformation aimed at exposing private or medical information on participating athletes and altering it to embarrass other countries or anti-doping officials.”

While nation-state rivals are the most serious cyber threat to the Olympics, the chaotic business of hosting the games is a siren call to criminals, according to the assessments. While foreign intelligence services have the highest level of sophistication and impact, criminals are equally sophisticated — and while they may not aim to disrupt the games, their financial schemes could still cause havoc.

“The most likely threats are focused around criminal activity due to the large number of potential victims leveraging online systems to conduct business,” CTA’s Jenkins says. “Athletes, spectators, sponsors, and officials all must be vigilant and watch out scams, phishing emails, and spoofed websites that use the Olympics as a lure.”

The Cyber Threat Alliance warned that threat analysts need to gather a much evidence as possible before attributing attacks. The 2018 Olympic Destroyer attack disabled IT systems and shut down Wi-Fi at the Pyeongchang Winter Olympics, and evidence overwhelmingly pointed to North Korea as the culprit in the attack. However, a few months later, Kaspersky cited its own research to state the telltale markers left behind were actually planted as part of a false-flag operation.

“If these actors were to leverage disruptive cyberattacks or conduct disinformation campaigns, they would do everything possible to make public attribution of their attacks difficult by leveraging false-flag techniques and obscuring their tooling,” CTA’s Jenkins says.

In a statement on February 20, security firm FireEye has concluded that the Russian intelligence group, GRU Unit 74455, is responsible for the attack on the Pyeongchang Olympics. Also known as Sandworm, the group is thought to be behind attacks on Ukraine’s infrastructure and the 2016 US elections.

“In addition to the election interference, Ukraine blackouts, and the NotPetya incidents, we believe the organization was behind an attack on the Pyeongchang Olympics,” John Hultquist, senior director of intelligence analysis at FireEye, said in the statement. “Notably, they have not been publicly admonished for their attempt to disrupt the Games, and we are concerned that the actors will target the Games in Tokyo this year.”

Japan has prepared for more cyber activity in the run-up to the games. As part of a 2014 law aimed at improving the cybersecurity of its infrastructure, the country created a committee to study security measures that it should undertake. In 2019, the government announced an effort to scan 200 million internet-connected devices for vulnerabilities.

“The best thing the country can do in the short term is to create a countrywide push to educate its citizens and incoming tourists about how to protect themselves and their devices,” says SecureAge’s Ray. “After all, it’s usually the human element that ends up being the weakest link in the cybersecurity chain.”

Related Content

• How Hackers Could Hit Super Bowl LIII 
• US Indicts 7 Russian Intel Officers for Hacking Anti-Doping Organizations
• For Data Thieves, the World Cup Runneth Over
• ‘Olympic Destroyer’ Reappears in Attacks on Europe, Russia
• Olympic Destroyer’s ‘False Flag’ Changes the Game

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “10 Tough Questions CEOs Are Asking CISOs.”

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/olympics-could-face-disruption-from-regional-powers/d/d-id/1337112?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The organization, which sells patient administration tools to hospitals, could not confirm whether patient data was accessed.

A Feb. 11 ransomware attack targeting NRC Health has driven concerns about the security of patient data stored on the organization’s servers. NRC Health manages patient survey systems and works with 75% of the 200 largest hospital chains in the United States, CNBC reports.

When it learned of the attack, NRC Health shut down its systems and has since been working to restore them, said chief information officer Paul Cooper in a statement. An email to its hospital clients explained how it took its entire environment offline, including client-facing reporting portals. The company also notified the FBI and launched an investigation into the attack.

The incident has caused concern due to the vast amount of patient information NRC Health has on its servers. Its customers include 9,000 healthcare institutions including Cedars Sinai and Jefferson Health, and it stores data from more than 25 million healthcare consumers each year. Patient survey data isn’t only used for marketing; regulators use this information to determine how much hospitals are reimbursed and how much their executives are paid, the report states.

So far there is no indication of whether the attackers were able to view or steal confidential or patient data. If they were, NRC’s customers will have to alert their patients to the attack.

Ransomware, and cyberattacks in general, are increasingly taking aim at the healthcare industry due to its vast stores of vauable data. Attacks against healthcare targets jumped 60% in the first nine months of 2019 alone, with criminals favoring Emotet and Trickbot in their arsenals. Since 2016, ransomware has cost US healthcare organizations more than $157 million – and that’s only counting the incidents that affected more than 500 people.

Read more details here.

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s featured story: “10 Tough Questions CEOs Are Asking CISOs.“

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/nrc-health-ransomware-attack-prompts-patient-data-concerns/d/d-id/1337116?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The distributed denial-of-service attacks took a congressional candidate’s website offline for a total of 21 hours during the campaign for office.

A man in Santa Monica, Calif., has been arrested for launching a series of attacks on the website of a California congressional candidate. Arthur Jan Dam is charged with one federal count of  intentionally damaging and attempting to damage a protected computer.

According to the arrest affidavit, Dam was responsible for four distributed denial-of-service (DDoS) attacks on the candidates’ Web server, taking the site offline for a total of 21 hours during the campaign in 2018. Dam, it was noted, was married to an employee of the candidate’s rival for the office.

All of the attacks originated from a single Amazon Web Server account owned by Dam and were controlled by logins originating from either his residence or workplace.

Read more here.

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s featured story: “10 Tough Questions CEOs Are Asking CISOs.“

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/california-man-arrested-for-politically-motivated-ddos/d/d-id/1337117?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The American Civil Liberties Union (ACLU) dubbed 2019 the year that proved that ubiquitous facial recognition surveillance isn’t inevitable. The latest (tentative) win for legislative restrictions on the increasingly pervasive technology: the state of Washington.

On Wednesday, the state senate passed a bill – Senate Bill 6280 – that would prohibit state and local government agencies from using facial recognition in most instances, including…

Ongoing surveillance – meaning tracking people as they move through public places over time, be it in real-time or through use of a service that relies on historical records.

And…

Persistent tracking – which refers to the use of facial recognition to persistently track someone without first having identified them or verified their identity.

If passed, the law will require law enforcement to first get a search warrant before using those types of faceprint-reliant tracking and surveillance, or else would be limited to emergency situations in which people’s lives are at risk.

From here, the bill goes to the state House for consideration.

The latest version of the bill specifies that at least 90 days before government agencies adopt a new facial recognition technology, they must inform the public about the technology in question – in detail.

Accountability reports would have to include the name of the technology, the vendor, what kind of data it collects and from where, how that data is processed, why and how it’s going to be used, data or research that demonstrates its supposed benefits, whether it’s going to be used by other agencies and how, data retention policy, how data will be securely stored and accessed, and how it’s going to affect civil rights liberties… to name a few.

It would be an understatement to say that this type of transparency would be a marked change from the secretive (and sometimes slapdash) way in which agencies have been adopting the technology to surveil people, often without the need for warrants.

SB 6280 would also require that decisions with legal implications that are based on facial-recognition programs be reviewed by an agency worker with training on the technology – someone with authority to reverse the decision, according to analysis (PDF) from the Washington senate committee on Environment, Energy and Technology.

Examples of such decisions include whether or not somebody gets a loan, housing, insurance, health care, and educational or job opportunities. If a given program does have such an impact, it would have to be tested before being deployed. The bill would also set training standards for government employees handling personal data gleaned from facial recognition.

According to the Seattle Times, SB 6280 is likely going to face resistance in the House, where a competing bill – House Bill 2856 (PDF) – would go further still, by imposing a moratorium on local and state facial recognition programs until 1 July, 2023.

The Seattle Times quoted the House bill’s sponsor, Rep. Debra Entenman, who is herself one of the people whom facial recognition most frequently fails to correctly identify: a black woman.

[This debate is about] having a technology that is not ready to be used in the public sphere.

As an African American woman, I am of course concerned about the fact that law enforcement and others believe that this technology will make people safer.

The Seattle Times also quoted the Senate bill’s sponsor, Sen. Joe Nguyen:

Right now, facial-recognition technology is being used unchecked and with little recourse. And tech companies generally don’t care about the moral values of the products they are creating.

Running tally of pushback

In October, the state of California outlawed facial recognition in police bodycams. Some of its biggest cities have gone further still in restricting the controversial technology, including San Francisco, Berkeley, and Oakland.

Outside of California, government use of facial recognition has also been banned in three Massachusetts municipalities: Somerville, Northampton and Brookline. New York City tenants also successfully stopped their landlord’s efforts to install facial recognition technology to open the front door to their buildings.

---

Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/EQuUOXoeqVU/

After fixing a fat pile of critical security flaws as part of last week’s Patch Tuesday update, Adobe has come back with two more that need urgent attention.

This is what’s called an out of band update, which means that a vulnerability is too risky or likely to be exploited to leave to the next scheduled update.

The first is in the Windows and macOS versions of the After Effects graphics software and affects anyone running version 16.1.2 and earlier.

Identified as CVE-2020-3765 after being reported to Adobe only days ago, the company offers little detail on the vulnerability itself beyond stating that the update:

Resolves a critical out-of-bounds write vulnerability that could lead to arbitrary code execution in the context of the current user.

All that tells us is that exploiting the flaw would require access to the user’s machine which shouldn’t detract from the need to patch the issue.

The second is also an out-of-bounds write weakness, this time in Adobe Media Encoder, affecting Windows and macOS versions 14.02. Identified as CVE-2020-3764, this requires similar current user access.

There is no evidence that either of these flaws is being exploited in the wild, but you never know, hence the need to patch now.

The update

The fix for After Effects (APSB20-09) is to upgrade to version 17.0.3. For Media Encoder (APSB20-10) it’s version 14.0.2.

It’s unusual for Adobe to issue out of band updates. Excluding the later than usual patching of a slew of flaws last October, the last was three emergency fixes for ColdFusion the month before that.

Despite the inconvenience, this is to be applauded. The sooner a critical is patched, the sooner everybody stops worrying about it.

---

Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/EikvZUdR_eM/

The personal data of 10,683,188 MGM hotel guests that leaked sometime in or before 2017 was posted for sale on the Dark Web this week, ZDNet reports.

It doesn’t matter that the data isn’t freshly baked: it’s still edible. ZDNet called hotel guests whose details were included in the data dump and found that, while some of the phone numbers had been disconnected, many were still valid, as “the right person answered the phone.”

The data was first spotted by an Israeli security researcher calling themselves Under the Breach who claims to have “deep relations” with various threat actors that gives them “pre-breach information on many publicly traded companies.”

Under the Breach says they spotted some Vegas-big names among the leaked guest records, including Twitter CEO Jack Dorsey, pop star Justin Bieber, and government officials from the Department of Homeland Security (DHS) and the Transportation Security Administration (TSA).

Under the Breach came across the leaked files on an online forum commonly used by hackers, they told Business Insider. The researcher said that they’d cross-referenced the information with publicly available data and emails that had been exposed in previous breaches.

A spokesperson for MGM Resorts confirmed the security breach, saying that the data is old. The dump included full names, addresses, phone numbers, emails and birthdays, but MGM says that no payment information was compromised. The hotel chain hasn’t confirmed the identity of any of the affected guests; nor has Twitter commented on whether or not Dorsey’s information was involved.

ZDNet confirmed the authenticity of the data on Wednesday. None of the hotel guests whom the news outlet contacted had stayed at the hotel more recently than 2017. But regardless of how long ago the initial breach happened, the personally identifiable information (PII) is still valuable for use in spearphishing campaigns or in SIM-swap attacks, as Under the Breach told ZDNet.

An MGM spokesperson told ZDNet that the data came out of a security breach that happened last year:

Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts. We are confident that no financial, payment card or password data was involved in this matter.

The hotel chain said that it had promptly notified all affected hotel guests in accordance with applicable state laws. ZDNet wasn’t able to find any of those notifications, but it did find posts dating to August 2019 on the Vegas Message Board from people who said that they’d been alerted to the July breach.

The sale of the records has been linked to the threat actor known as GnosticPlayers, which has claimed responsibility for multiple big breaches, including the September 2019 hack of online social game maker Zynga, the massive hack of 26 million records stolen from another six online companies in March 2019, and plenty more.

The tally of records put up for sale on the Dark Web by GnosticPlayers spirals ever upward: in 2019, the entity dumped more than a billion user records, ZDNet reports.

---

Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/Z2tLH5LX16k/

The US and UK governments have both accused Russia of launching a cyber attack against the Georgian government last year. The attacks, mounted on 28 October 2019, came from Russia’s notorious GRU military intelligence unit, according to announcements from the US State Department and the UK’s National Cyber Security Centre.

This is a rare statement of attribution from western governments. Both the US and the UK rebuked Russia for its behaviour and pledged their support for Georgia.

In its announcement, the US State Department said:

This action contradicts Russia’s attempts to claim it is a responsible actor in cyberspace and demonstrates a continuing pattern of reckless Russian GRU cyber operations against a number of countries. These operations aim to sow division, create insecurity, and undermine democratic institutions.

Sandworm has been active in Ukraine, reaching power utilities there in 2015 and 2016 in attacks that deprived thousands of electrical power. The hacking group has also been linked to NotPetya, a worm that spread globally in 2017. In his book of the same name, Greenberg tracked this group’s connection to several egregious hacks, including the attack on the Olympic Games in Seoul in 2018, which it tried to blame on North Korea.

The group is also said to be responsible for the 2016 attack on US election infrastructure, and for the theft of emails from the Democratic National Committee (DNC) and their distribution to WikiLeaks. An FBI indictment released as part of the Robert Mueller investigation tied GRU operatives to that attack. Sandworm has also been spotted uploading malicious Android apps to the Google Play Store.

In the book, Greenberg linked all these attacks to Russia’s Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). He identified Sandworm as GRU Unit 74455, operating from a Moscow suburb.

The UK government backed up the US claims. Its National Cyber Security Centre (NCSC) said that it “assesses with the highest level of probability” (which is 95% or more) that the GRU carried out large-scale disruptive cyberattacks against web hosting companies in Georgia, defacing sites including those belonging to the Georgian government, courts, NGOs, media and businesses. It also disrupted broadcast services in the country, the government said, adding that Georgia is a strategic partner of the US.

Foreign Secretary Dominic Raab added:

The Russian government has a clear choice: continue this aggressive pattern of behaviour against other countries, or become a responsible partner which respects international law.

The UK government also identifies Sandworm as BlackEnergy Group (after the 2015 Ukraine electrical system attack), Telebots, and VoodooBear. Alongside the electrical grid and NotPetya attacks, it was also responsible for the BadRabbit ransomware in October 2017, according to the NCSC.

Greenberg added that the US is shining a light on cyber-subterfuge by going public with its claims. He also suggested that it could be an attempt to head off any election shenanigans:

Calling out the Georgian attacks, a US official tells me, is meant to make the rules clearer for the Kremlin: These… twitter.com/i/web/status/1…

—
Andy Greenberg (@a_greenberg) February 20, 2020

It’s important to note that the Sandworm hacking group is a separate thing from the malware of the same name.

---

Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/k1GSfrG1_cs/

Larry Tesler, the computer scientist who is widely credited with the copy-and-paste function that is now nearly ubiquitous in user interfaces, has died at 74.

Tesler – note the spelling! – worked at the influential Xerox Palo Alto Research Center, better known as PARC, in the 1970s.

Old-timers in the computer industry will tell you that “everything that we take for granted in computing these days was invented at PARC”, and there’s a grain of truth in that rose-tinted reminiscence.

Xerox, so the story goes, was worried that the paperless office was on its way, which wouldn’t be great for its vast photocopier business.

If everyone in an office had their own computer, companies wouldn’t need copiers because they could share documents electronically, and if they did need a printed copy, then they could just print it out themselves.

At least, they could do those things if [a] they had their own computers, [b] those computers were easy to use, [c] the computers could be interconnected reliably, [d] the computers could be programmed easily, and [e] if they had printers that were kind of like copiers, but didn’t need an original document to copy from.

So the researchers at PARC came up with, and learned to program and use, a whole raft of technologies that we do now take for granted – such as ethernet networking, object-oriented programming, laser printers, personal computers, bitmapped screens (so you could do text and graphics at the same time, just like in a book), square pixels, GUIs, a mouse to control them, and, of course…

…copy-and-paste.

Steve Jobs visited PARC in the 1970s, and by 1983, Apple had come out with a personal computer called Macintosh that had a bitmapped screen, square pixels, a GUI, a mouse to control it and, of course… copy-and-paste. By 1985, Apple had followed up with the Laserwriter, an astonishingly powerful personal printer with more memory and a more powerful processor than the Macintosh itself.

In fact, Larry Tesler’s ideas about user interface design went much deeper than just copy-and-paste.

He lived by the computer science motto No Modes.

His car tag and his personal website both featured the text NOMODES – which, in computing terms, means that things such as mouse clicks and keypresses should work consistently, rather than changing what they mean and do as you navigate through a program.

You wouldn’t tolerate a keyboard where A came out as B, B as C, and so on, but only when you were in the menu to pick a new font – it wouldn’t just be annoying, it would be confusing and error-prone.

You wouldn’t be safe driving a car where the brake and clutch pedals swapped over when you entered a private car park, only to swap over again when you exited back onto a public road.

Why modes?

So why, argued Tesler, do we have so much computer software where keystrokes and mouse clicks change their meaning depending on where you are in the program?

The classic example of a “modal program” is the famous vi editor, where characters sometimes stand for themselves, and sometimes stand for controls to choose an operating mode.

For instance, if you are in the middle of a file, editing it with vi, and you want to add the word riddle into the document, you might think you’d just click where you wanted the text and then type r – i – d – d – l – e.

But that’s not how it works, because r enters replace mode, which says to overwrite the current character with the next one you type, namely i.

Then the d in riddle enters delete mode, and the d after that is a delete-mode operator that says to delete the entire line, ironically including the i character you just entered into the text incorrectly.

Now you are automatically back in command mode, where l says to move the cursor right (don’t shoot us, we’re just the messenger), and the final e moves to the end of the current word.

Phew!

To enter riddle into the document itself you have to type i – r – i – d – d – l – e – Esc, which first turns on insert mode, then inputs the characters you want, and finally escapes from insert mode back to command mode.

You can see why Larry Tesler was passionate about NOMODES.

Even if there are still millions of vi-loving techies and programmers who don’t yet agree with him.

Larry Tesler, RIP.

---

Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Featured image of Larry Tesler from Wikipedia.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/EMu5ZKWZB4c/

Something for the Weekend, Sir? Where’s my free promo tat? Fellow convention attendees have no such problem being showered with promotional gifts from all sides as they totter up and down the rows of booths.

You can see them staggering back to their hotel rooms, arms full of corporate-branded freebies, where they have prepared an empty suitcase specifically for shipping it all back to their BOFH Central at the end of the show.

Sure, it’s all crap. It’s usually the likes of childish desk toys, cable tidies that will snap within the week, pencils and logo-shaped erasers (as if you use such items all the time, right?), and Swiss army knives that will be routinely confiscated as you pass through airport security for the trip home. No matter, just turn up to the expo and companies will toss gifts at you like you were the GitHub messiah taking a seaside donkey ride into sysadmin Jerusalem.

Well, nobody tosses any in my direction. No blotchy ballpoint pens for me. No evil-smelling pads of sticky-notes that don’t stick to anything. No spongey stress balls. No smartphone stands. No sharply angular keyfobs that stab into my bollocks when I sit down.

Me, when I visit an IT exhibition stand on the cadge, I have to provide evidence of my media accreditation, two forms of photo ID, an electricity bill, birth certificates of my family going back four generations (originals only, please) and a DNA swab before I qualify to receive a boiled sweet.

So when last week’s MWC was cancelled for fears over COVID-19 – Barcelona being a particular hotspot for this potentially deadly virus, I understand – I was smugly satisfied that nobody else would be picking up promotional tat either. Not wanting to make undue light of the circumstances around the coronavirus outbreak in Wuhan, the cancellation left a lot of peripheral ex-exhibitors stranded with venue bookings they couldn’t wriggle out of. I and all of my IT journalist colleagues received a surprising – I could even say refreshing, minty – invitation to Barcelona anyway to witness the launch of an “exciting new technology in oral hygiene.”

I briefly considered going, not least because flights and hotel were being offered gratis. In the end I sent a polite letter of apology to explain that dentistry wasn’t in my field of expertise.

Besides, I know for certain I’d be the only attendee to fly home without a free toothbrush.

The cancellation of such a big event forced marketeers to work harder to publicise the tech announcements they had originally planned to perform in person in the Catalan capital by ramming heaps of extra info through business social media. Unfortunately for them, getting seen by the right people this way is impossible since business social media is already stuffed with undiluted blah, thanks to all the unsolicited, undiluted wannabe influencer shite of the highest crapitude.

LinkedIn gets a particular kicking for being useless as a means of developing corporate interests these days – yet it has always been so, as I may have mentioned in my uninfluential past.

A competitor’s recent press release, masquerading as yet another popular survey (yawn), “found” that LinkedIn members reckon barely one in five of their connections on the service serve any use in terms of business networking. The rest is just desperate noobs haggling for employment, photos of people in work attire standing in a row in front of the final slide of a PowerPoint presentation, and tosspots sharing inspirational quotes about the nirvana of startup failure.

The press release came from rival business messaging app company Guild, which says its own product is better because it’s more “dedicated” or something nebulous like that. Bless ’em, Guild is one of hundreds of messaging apps out there saying the same thing, and they can’t all be right; indeed, possibly none of them are.

One thing they all claim is that they are more private and more secure: you can exchange your grown-up, officey, worky stuff through us and nobody else will ever find out!

Ethical questions aside, this simply can’t be true, can it? Business or consumer social media have their obvious differences but claims regarding privacy, security, encryption and so on should be common to both types. How can the security of private messaging between domestic users be any different from that between corporate users?

This is something discovered by French politician Benjamin Griveaux over the last fortnight (or as we say here, 15 days). Previously a key spokesman for president Emmanuel Macron, he was flying high in the polls to be elected mayor of Paris next month… until the electorate got a good look at his knob.

In a case of political revenge porn that is gripping the French nation almost as tightly as Griveaux was gripping himself, videos of him buffing the aubergine appeared on a short-lived satirical website apparently focusing on “political pornography” (don’t bother asking) and promptly went viral.

These were private, first-person videos he’d taken himself spiralising the old courgette and sent to the object of his amour who, unfortunately for his wife, was not his wife. Predictably, neither woman was impressed with the, er, outcome.

Cue an embarrassed press conference with lots of deliberately posed shots of him looking downwards and contrite, during which he announced he would stand down from the imminent elections and pass the, er, baton to someone else. Taking their example from Griveaux himself, Macron’s party La République en Marche (since redubbed “La République en Main”) did a bit of frenzied reshuffling to find a replacement.

Put aside the political, moral and human issues: these are being thoroughly argued out in the media as you read this. As for nudey selfies, come on, most of us have tried it for a laugh – albeit most probably when we were students. What I want to know is how an intelligent, well-connected and tech-savvy party executive like this could allow his personal instruction video on the subject of unclothed self-taming to get into the wild in the first place.

Griveaux’s official statement to the police claims that he sent the video person-to-person via a certain private messenging system – press reports do not name which one, unfortunately – that would delete the video after one minute. If this is true, it strengthens his case for “invasion of personal privacy”, which has massive punitive outcomes in France thanks to Jacques Chirac who as president beefed up the privacy laws to protect his illegal financial dealings from media scrutiny.

What messaging app was he using? And is he being all that tech-savvy in his belief that his video would self-destruct after 60 seconds, like in some ’70s episode of Mission Impossible? Even in WhatsApp, you have to remember to delete it yourself.

DON’T add me to your social network, I have NO IDEA who you are

READ MORE

Perhaps he was using a business-focused porn-selfie messenger: a kind of doing-the-business sharing app. It’s the innovative new way of engaging with your contacts. Norbert Spankmoney wants to connect with you! Yes, I bet he does.

Come on, Ben, surely you know that for every ultra-secure, ultra-private, ultra-personal video messaging app, there are a dozen freebie video-grabbing utilities out there. Even if you code it up to prevent screen capture, someone could always video your video, just like they can photograph an onscreen secret document.

Give it up. Nothing is private any more.

That is, I assume you can get freebie video-grabbing utilities. I’m guessing to an extent. Since they are freebies, I didn’t get any.

Much like Benjamin Griveaux.

Youtube Video

Alistair Dabbs is a freelance technology tart, juggling tech journalism, training and digital publishing. He believes Guild does not deserve to be associated with a facetious Register column like this and apologises profusely for taking advantage of its LinkedIn survey whose findings he wholeheartedly agrees with. On the other hand, he is fed up hearing about business social media apps that are supposed to be more effective than LinkedIn: even a freebie pencil and cheap pad of unsticky notes can be that. @alidabbs

Sponsored:
Detecting cyber attacks as a small to medium business

Article source: https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/21/something_for_the_weekend/

Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.

The Dark Reading team is happy to welcome a new audience to its growing online community: the readership of the Security Now cybersecurity news and information site.

The merger will combine the audiences of Dark Reading – the IT security industry’s leading news organization – and its sister site under parent company Informa LLC, Security Now. The combined community, which will operate under the Dark Reading name, will be one of the cybersecurity industry’s largest and most comprehensive sources of news and information on the Web.

Security Now readers will have an opportunity to become members of Dark Reading, which provides the latest news and analysis of emerging security threats, vulnerabilities, and next-generation technology. Security Now readers will also get regular commentary and insights from some of the IT security industry’s top experts and be able to submit commentary ideas of their own. In addition, Security Now readers will be able to gain deeper insights from The Edge, Dark Reading’s features section, which offers in-depth perspective on cybersecurity issues and best practices.

As part of the Dark Reading community, Security Now readers will also gain access to a broad range of related content designed to help security professionals do their jobs. Dark Reading Reports provide original research and insight on trends and attitudes in the cybersecurity industry. Dark Reading’s Tech Digest e-zines offer in-depth coverage of key issues and news developments. Dark Reading webinars bring some of the industry’s top experts online – both live and on demand – to offer advice and recommendations on key security challenges. And Dark Reading virtual events deliver an all-day, online conference experience that helps to illuminate new threats and methods of response.

If you’re a Security Now reader who wants to gain the full benefits of membership in the Dark Reading community, you can sign up for membership here. You can also sign up to receive the latest news and updates via our daily and weekly newsletters. 

For more information, questions, or to submit an idea for Dark Reading’s Commentary section, please write us at [email protected].

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech’s online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one … View Full Bio

Article source: https://www.darkreading.com/theedge/security-now-merges-with-dark-reading/b/d-id/1337109?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple