NewsSecurity

It’s not all doom and gloom: When cybersecurity gave us hope in 2023

4 Mins read

A funny — but true — joke at TechCrunch is that the security desk might as well be called the Department of Bad News, since, well, have you seen what we’ve covered of late? There is a never-ending supply of devastating breaches, pervasive surveillance and dodgy startups flogging the downright dangerous.

Sometimes though — albeit rarely — there are glimmers of hope that we want to share. Not least because doing the right thing, even (and especially) in the face of adversity, helps make the cyber-realm that little bit safer.

Bangladesh thanked a security researcher for citizen data leak discovery

When a security researcher found that a Bangladeshi government website was leaking the personal information of its citizens, clearly something was amiss. Viktor Markopoulos found the exposed data thanks to an inadvertently cached Google search result, which exposed citizen names, addresses, phone numbers and national identity numbers from the affected website. TechCrunch verified that the Bangladeshi government website was leaking data, but efforts to alert the government department were initially met with silence. The data was so sensitive, TechCrunch could not say which government department was leaking the data, as this might expose the data further.

That’s when the country’s computer emergency incident response team, also known as CIRT, got in touch and confirmed the leaking database had been fixed. The data was spilling from none other than the country’s birth, death and marriage registrar office. CIRT confirmed in a public notice that it had resolved the data spill and that it left “no stone unturned” to understand how the leak happened. Governments seldom handle their scandals well, but an email from the government to the researcher thanking them for their finding and reporting the bug shows the government’s willingness to engage over cybersecurity where many other countries will not.

Apple throwing the kitchen sink at its spyware problem

It’s been more than a decade since Apple dropped its now-infamous claim that Macs don’t get PC viruses (which while technically true, those words have plagued the company for years). These days the most pressing threat to Apple devices is commercial spyware, developed by private companies and sold to governments, which can punch a hole in our phones’ security defenses and steal our data. It takes courage to admit a problem, but Apple did exactly that by rolling out Rapid Security Response fixes to fix security bugs actively exploited by spyware makers.

Apple rolled out its first emergency “hotfix” earlier this year to iPhones, iPads and Macs. The idea was to roll out critical patches that could be installed without always having to reboot the device (arguably the pain point for the security-minded). Apple also has a setting called Lockdown Mode, which limits certain device features on an Apple device that are typically targeted by spyware. Apple says it’s not aware of anyone using Lockdown Mode who was subsequently hacked. In fact, security researchers say that Lockdown Mode has actively blocked ongoing targeted hacks.

Taiwan’s government didn’t blink before intervening after corporate data leak

When a security researcher told TechCrunch that a ridesharing service called iRent — run by Taiwanese automotive giant Hotai Motors — was spilling real-time updating customer data to the internet, it seemed like a simple fix. But after a week of emailing the company to resolve the ongoing data spill — which included customer names, cell phone numbers and email addresses, and scans of customer licenses — TechCrunch never heard back. It wasn’t until we contacted the Taiwanese government for help disclosing the incident that we got a response .

Within an hour of contacting the government, Taiwan’s minister for digital affairs Audrey Tang told TechCrunch by email that the exposed database had been flagged with Taiwan’s computer emergency incident response team, TWCERT, and was pulled offline. The speed at which the Taiwanese government responded was breathtakingly fast, but that wasn’t the end of it. Taiwan subsequently fined Hotai Motors for failing to protect the data of more than 400,000 customers, and was ordered to improve its cybersecurity. In its aftermath, Taiwan’s vice premier Cheng Wen-tsan said the fine of about $6,600 was “too light” and proposed a change to the law that would increase data breach fines by tenfold.

Leaky U.S. court record systems sparked the right kind of alarm

At the heart of any judicial system is its court records system, the tech stack used for submitting and storing sensitive legal documents for court cases. These systems are often online and searchable, while restricting access to files that could otherwise jeopardize an ongoing proceeding. But when security researcher Jason Parker found several court record systems with incredibly simple bugs that were exploitable using only a web browser, Parker knew they had to see that these bugs were fixed.

Parker found and disclosed eight security vulnerabilities in court records systems used in five U.S. states — and that was just in their first batch disclosure. Some of the flaws were fixed and some remain outstanding, and the responses from states were mixed. Florida’s Lee County took the heavy-handed (and self-owning) position of threatening the security researcher with Florida’s anti-hacking laws. But the disclosures also sent the right kind of alarm. Several state CISOs and officials responsible for court records systems across the U.S. saw the disclosure as an opportunity to inspect their own court record systems for vulnerabilities. Govtech is broken (and is desperately underserved), but having researchers like Parker finding and disclosing must-patch flaws makes the internet safer — and the judicial system fairer — for everyone.

Google killed geofence warrants, even if it was better late than never

It was Google’s greed driven by ads and perpetual growth that set the stage for geofence warrants. These so-called “reverse” search warrants allow police and government agencies to dumpster dive into Google’s vast stores of users’ location data to see if anyone was in the vicinity at the time a crime was committed. But the constitutionality (and accuracy) of these reverse-warrants have been called into question and critics have called on Google to put an end to the surveillance practice it largely created to begin with. And then, just before the holiday season, the gift of privacy: Google said it would begin storing location data on users’ devices and not centrally, effectively ending the ability for police to obtain real-time location from its servers.

Google’s move is not a panacea, and doesn’t undo the years of damage (or stop police from raiding historical data stored by Google). But it might nudge other companies also subject to these kinds of reverse-search warrants — hello Microsoft, Snap, Uber and Yahoo (TechCrunch’s parent company) — to follow suit and stop storing users’ sensitive data in a way that makes it accessible to government demands.

Source

1409 posts

About author
Harry is a crypto enthusiast and experienced trader with a track record of success. With a deep understanding of blockchain technology, he has analyzed market trends and identified profitable opportunities, resulting in impressive returns. Harry 's expertise lies in developing effective trading strategies that leverage the potential of cryptocurrencies. Through his articles, guides, and educational resources, he shares his insights and knowledge, helping individuals make informed trading decisions. With a keen eye for market patterns, Harry has navigated the volatile crypto landscape with confidence. Stay tuned for valuable perspectives and expert advice from Harry as he contributes to the Ailtra platform.
Articles
Related posts
CryptoNews

Indonesia's presidential elections pose uncertainty for the thriving cryptocurrency industry

1 Mins read
Indonesia, has emerged as a formidable player in the global cryptocurrency space in recent years. However, the nation’s upcoming general elections in…
BNBCryptoNews

Understanding the Cryptocurrency Boom - Dogecoin Climbs Due to X Payment Integration, While Stellar and BNB Also Experience Growth

1 Mins read
The cryptocurrency market has been experiencing notable gains over the past few days. This is led by an unexpected and surprising spike…
CryptoNews

Crypto Entrepreneur Charged with Defrauding Investors Out Of $150 Million Through Marketing Scheme

1 Mins read
Federal prosecutors have charged a German businessman with securities fraud, wire fraud and money laundering for allegedly scamming over 150 investors out…

🚀 Ailtra Crypto Bot Earned $8.9M Million in 7 Months with 0% Loss!

🚀 Ailtra generated $7.4 in 7 months only!

Unlock 20-75% Monthly Returns & Get $100 FREE!

Meet Ailtra Bot! Launching on 31st March an AI Crypto Bot boasting 20%-75% monthly gains and $7.5M earnings in 7 months. 💸Secure a FREE $100 bonus and up to $20K potential via referrals every month. 🎉Only 1,000 spots are available in first phase – claim yours fast! 🔥

Ailtra.ai will not disclose your account information to any 3rd parties.