CyberSecurity Pulse 2016-05-05
|“In general, men judge more by the eyes than by intelligence, as everyone can see, but few understand what they see.”|
Update on Laws Regarding to Email and Cloud-based Data Access in the US
In the same way in which warrants are needed for physical papers and properties, the draft also states that warrants are also needed to collect all type of online documents as well as other private electronic files. Nevertheless, National Security Letters, which have been issued in hundreds of thousands so far, are exempted in the Bill passed by the House.
In the corporative world, several positions can be found. On the one hand, Google and many other corporations are already demanding the clarification of the reasons that justify whether a warrant is required or not. On the other hand, corporations such as Amazon and Yahoo supported the measure despite it not achieving all of the reforms they anticipated. A clear establishment of the circumstances in which one right prevails over another is an imperative need so as to guarantee an appropriate protection of basic rights. Escaping from ambiguity would help to clarify the positions of all the actors in either direction in a debate in which lots of pages are still to be written.
DHS Seeks Better Private-public Sharing of Cyber Threat Information
The Department of Homeland Security wants private-sector companies to get under the agency's information-sharing umbrella in order to manage and mitigate cyber risks to critical infrastructure in a better way. Suzanne Spaulding, the Under Secretary of DHS' National Protection and Programs Directorate, told audiences at Wednesday's MetricStream GRC Summit that they are trying to create a system capable of sending everybody the information regarding an attack to block the adversary as soon as any node on this network detects the malicious activity.
Man Charged in Alleged Theft of Frequent Flyer Miles
Fraud in the airline industry is growing constantly. A computer programmer has been charged with stealing the frequent flier accounts of American Airlines customers. According to the Miami Herald, he managed to get profit from products worth more than $260,000 linked to global travel and car rentals. Sales prices ranged from 20% to 50% of the ticket, depending on the reliability and vendor purchase method. The most common methods of payment are usually cash or even bitcoins.
Rest of the Week´s News
Personal Information Is Also Useful for Google's AI
DeepMind, the Artificial Intelligence developed by Google, has found a new application area in assisting nurses and doctors in recognizing kidney injuries earlier than normal. To achieve this goal, researchers have requested data that goes beyond the way in which the renal system of more than 1.6 million patients work, something that has lead to some significative criticism regarding the abusive usage of personal information.
ImageMagick Vulnerable to Remote Code Execution
A serious 0-day vulnerability has been discovered in ImageMagick, a widely popular software tool used by a large number of websites to process user's photos, which could allow hackers to execute malicious code remotely on servers. This tool is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images.
Commercial Solutions Do Not Patch the Vulnerabilities Found in Open Source Components
The proliferation of open source projects and its inclusion in commercial software fasten the deployment times and allows the development of new features. However, an study conducted by Black Duck Software has recently highlighted that up to 67% open source components used in commercial software may have unpatched vulnerabilities that would not have been corrected by the product providers.