Top infosec trends in the media spotlight this week.
Last Friday was one year since the huge Equifax data breach which saw 145.5 million people’s information stolen when the credit-broking service failed to patch its systems.
And this week, social media users were busy marking the anniversary by reminding their followers of the devastating impact these breaches have on the little guy.
Understandably, people are angry that Equifax seems to have gotten off scot-free, while millions of customers are left in limbo – a subject that The Daily Swig covered in detail this week.
It comes as Senator Elizabeth Warren released a scathing report on how failures on Equifax’s part led to the leak.
Needless to say, it was one anniversary that infosec Twitter wasn’t celebrating with joy.
The UK’s TV Licensing company majorly screwed up when it was revealed its website wasn’t actually as secure as it said it was.
For background, Brits have to pay £150.50 per year to watch television in their home, a cost that funds state channel, the BBC.
Customers were told this week to keep an eye on their bank accounts after marketing guru Mark Cook noticed the website wasn’t forcing users to its HTTPS version.
TV Licensing apologized for the incident, and claimed there was a “low” chance that anyone’s details had actually been nicked.
But to make matters more awkward, this instance proved the licencing agency was ignoring recommendations by the UK’s National Cyber Security Centre, which states that all websites should be served over HTTPS.
The issue has now been corrected.
Speaking of British security services, victory for privacy this week saw the European Court of Human Rights rule that the UK’s intelligence organization GCHQ broke the law in mass-surveillance measures revealed in the 2013 WikiLeaks files.
The court ruled that GCHQ breached British citizen’s human rights by violating their privacy and failing to implement permissible surveillance safeguarding measures.
These practices were revealed in documents leaked by NSA whistleblower Edward Snowden, who welcomed the decision on his Twitter page.
Snowden is currently in exile in Russia.
He wasn’t the only person celebrating, as privacy advocates Amnesty International and other key figures shared their thoughts online.
GCHQ is now expected to introduce tighter safeguards.
Twitter bot @isthisphish was popular with infosec types this week, thanks to its handy service of analyzing a URL for any suspicious activity.
But it was shut down on the same day a Twitter user tricked it into revealing its local files, tickling the infosec tweeting community.
User @NathOnSecurity tweeted the account asking it to verify whether file:///etc/passwd was a phishing attack or not, seemingly in an attempt to “break” the service.
Leading to this…
The account, created by Claudio Guarnieri, was later taken down after users began directing it to websites that would lead to a Twitter suspension.