CyberSecurity Pulse 2016-06-09
|“I think we ought always to entertain our opinions with some measure of doubt. I shouldn’t wish people dogmatically to believe any philosophy, not even mine.”|
The Story Behind the Email Privacy Act
In this regard, the Fourth Amendment to the US Constitution refers to the "right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures", a right which shall not be violated based on an arbitrary investigation. Nevertheless, the so-called Third-Parties Doctrine states that those who hand information to third parties should not have reasonable expectations of privacy. This statement entails the failure to protect information shared under the wings of the Fourth Amendment. In the case of Michael Lee Smith v. Maryland 1979 (Smith v. Maryland, 442 US 735), claims by Smith about the legitimate expectations of privacy regarding the phone numbers called were rejected. According to the court, it is known by the user that phone companies have tools to store information on the numbers that mark because, amongst other things, users receive monthly bills with the expenses charged. For some advocacy groups in the US, this principle states that those who give information to third-party providers such as telephone companies or an email provider, are also aware about the fact of handing their personal information and, therefore, should not expect it to be private anymore. This reality coexists with the mechanisms available to Law Enforcement Agencies in the US to gain access under certain circumstances to digital information which has been stored for more than 180 days, what represents a sticking point for several activist organizations.
On the other hand, some defenders of the doctrine as Professor Orin S. Kerr (Kerr, Orin S (2009). "The Case for the Third-Party Doctrine", Michigan Law Review, Vol. 107:561.) are less sharp and argue that this is not a choice between all or nothing. For Kerr, the other part is missing other tools and regulations that can also provide the claimed protection. The problems arising from the different interpretations taken by international courts will remain given that the use of computer products and services will continue its global spread while the lack of balance between international laws is not being solved. At the moment, the Email Privacy Act seems to be a step forward in the protection of the users privacy. It remains to be seen whether it will definitely come true.
Senate Bill Would Encourage "Retro" Grid Security Approach
Four senators introduced a bill Monday that aims to reduce the electrical grid’s cybersecurity vulnerability by replacing modern systems with older technology. The legislation would work on a two-year study regarding technology that makes the grid vulnerable, with an emphasis on automated systems that can be hacked remotely. The Energy Department would then have to report on the study and the feasibility of certain technological changes. “The United States is one of the most technologically-advanced countries in the world, which also means we’re one of the most technologically-vulnerable countries in the world”, said Sen. Angus King.
MI5 Collected Significantly More Data Than It Can Use
A lot of documents leaked by Edward Snowden in 2010 revealed that the British Security service MI5 was collecting "significantly more [data] than it is able to exploit fully". Now, The Intercept which has got access to these documents refers the MI5 as the "principal collector and exploiter of target’s digital footprint in the domestic space". Also they mention one of the most important surveillance programs operated by the UK Government code-named: Preston. In just one six-month period, the program intercepted more than 5 million communications, but only the 3% of the calls and data collected were finally reviewed by the authorities.
Rest of the Week´s News
TeamViewer Confirms Number of Hacked User Accounts Is “Significant”
On Sunday, TeamViewer spokesman Axel Schmidt acknowledged that the number of takeovers was "significant", but he continued to maintain that the compromises are the result of the user and passwords that have been compromised through a cluster of recently exposed megabreaches involving more than 642 million passwords belonging to users of LinkedIn, MySpace, and other services.
Angler Exploit Kit Is Able to Bypass Microsoft EMET Defense
Over the time, security researchers have devised methods to bypass the EMET defense, and now according to experts from the FireEye firm a current version of the infamous Angler exploit kit is able to deliver Flash Player and Microsoft Silverlight exploits evading the security tool.
Researcher Finds a Way to Delete and Modify Facebook Messages Sent to Other Users
According to a researcher a simple HTML tweak can be used to exploit Facebook online chat as well as its Messenger app. It could be exploited by malicious users by sending a legitimate link in a Facebook chat or group chat, and later change it to a malicious link that could lead to a malware installation, tricking victims so as to infect their systems.