CyberSecurity Pulse 2016-06-09

CyberSecurity Pulse 2016-06-09

“I think we ought always to entertain our opinions with some measure of doubt. I shouldn’t wish people dogmatically to believe any philosophy, not even mine.”
Bertrand Russell

Analyst Insight

The Story Behind the Email Privacy Act

The US Senate is deliberating on how to reform the 1986 Electronic Communications Privacy Act (ECPA). Known as Email Privacy Act, this bill would introduce significant changes in the way in which Law Enforcement Agencies in the United States will be able access the digital information stored in the cloud. From then on, they will be required a search warrant approved by a judge and justified based on probable causes.

CyberSecurity Pulse 2016-06-09In this regard, the Fourth Amendment to the US Constitution refers to the "right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures", a right which shall not be violated based on an arbitrary investigation. Nevertheless, the so-called Third-Parties Doctrine states that those who hand information to third parties should not have reasonable expectations of privacy. This statement entails the failure to protect information shared under the wings of the Fourth Amendment. In the case of Michael Lee Smith v. Maryland 1979 (Smith v. Maryland, 442 US 735), claims by Smith about the legitimate expectations of privacy regarding the phone numbers called were rejected. According to the court, it is known by the user that phone companies have tools to store information on the numbers that mark because, amongst other things, users receive monthly bills with the expenses charged. For some advocacy groups in the US, this principle states that those who give information to third-party providers such as telephone companies or an email provider, are also aware about the fact of handing their personal information and, therefore, should not expect it to be private anymore. This reality coexists with the mechanisms available to Law Enforcement Agencies in the US to gain access under certain circumstances to digital information which has been stored for more than 180 days, what represents a sticking point for several activist organizations.

On the other hand, some defenders of the doctrine as Professor Orin S. Kerr (Kerr, Orin S (2009). "The Case for the Third-Party Doctrine", Michigan Law Review, Vol. 107:561.) are less sharp and argue that this is not a choice between all or nothing. For Kerr, the other part is missing other tools and regulations that can also provide the claimed protection. The problems arising from the different interpretations taken by international courts will remain given that the use of computer products and services will continue its global spread while the lack of balance between international laws is not being solved. At the moment, the Email Privacy Act seems to be a step forward in the protection of the users privacy. It remains to be seen whether it will definitely come true.

M&ore information U.S. House of Representatives

Top Stories

Senate Bill Would Encourage "Retro" Grid Security Approach

CyberSecurity Pulse 2016-06-09Four senators introduced a bill Monday that aims to reduce the electrical grid’s cybersecurity vulnerability by replacing modern systems with older technology. The legislation would work on a two-year study regarding technology that makes the grid vulnerable, with an emphasis on automated systems that can be hacked remotely. The Energy Department would then have to report on the study and the feasibility of certain technological changes. “The United States is one of the most technologically-advanced countries in the world, which also means we’re one of the most technologically-vulnerable countries in the world”, said Sen. Angus King.

» More information at The Hill

MI5 Collected Significantly More Data Than It Can Use

CyberSecurity Pulse 2016-06-09A lot of documents leaked by Edward Snowden in 2010 revealed that the British Security service MI5 was collecting "significantly more [data] than it is able to exploit fully". Now, The Intercept which has got access to these documents refers the MI5 as the "principal collector and exploiter of target’s digital footprint in the domestic space". Also they mention one of the most important surveillance programs operated by the UK Government code-named: Preston. In just one six-month period, the program intercepted more than 5 million communications, but only the 3% of the calls and data collected were finally reviewed by the authorities.

» More information at Security Affairs

Rest of the Week´s News

TeamViewer Confirms Number of Hacked User Accounts Is “Significant”

On Sunday, TeamViewer spokesman Axel Schmidt acknowledged that the number of takeovers was "significant", but he continued to maintain that the compromises are the result of the user and passwords that have been compromised through a cluster of recently exposed megabreaches involving more than 642 million passwords belonging to users of LinkedIn, MySpace, and other services.

» More information at Ars Technica UK

Angler Exploit Kit Is Able to Bypass Microsoft EMET Defense

Over the time, security researchers have devised methods to bypass the EMET defense, and now according to experts from the FireEye firm a current version of the infamous Angler exploit kit is able to deliver Flash Player and Microsoft Silverlight exploits evading the security tool.

» More information at Security Affairs

Researcher Finds a Way to Delete and Modify Facebook Messages Sent to Other Users

According to a researcher a simple HTML tweak can be used to exploit Facebook online chat as well as its Messenger app. It could be exploited by malicious users by sending a legitimate link in a Facebook chat or group chat, and later change it to a malicious link that could lead to a malware installation, tricking victims so as to infect their systems.

» More information at The Hacker News

Further Reading

Mark Zuckerberg Hacked on Twitter and Pinterest

» More information at Ars Technica

µTorrent Forum Hacked

» More information at Security Affairs

100 Million Vk Passwords Leaked

» More information at The Hacker News