CllcanadaTop Poster CURE Hero9 years ago

Nothing like prompt disclosure... 🙄

neurodervish9 years ago

Ugh. I don't even know where to start.

Thanks for sharing this Neil.

MsLockYourPostsPassed Volunteer9 years ago

State sponsored actor - according to the news is a foreign site? I'm not much into computers - I need a neighbor like Chris or Neil - and had no idea what that meant.

AussieNeilPartnerAdministrator• in reply toMsLockYourPosts9 years ago

It can be any government. 'State affiliated or sponsored actors often have particular objectives aligned with either the political, commercial or military interests of their country of origin.' and it's a growing problem: mwrinfosecurity.com/our-thi...

This is a good overview of what was discovered by the major internet firms a few years ago: wired.com/2014/01/how-the-u...

As you can read, there were two main ways data from these firms was captured by one state sponsored actor. One way is now gradually being closed off by the Internet companies changing to encrypted connections to their websites and between company servers. (In plain English, it used to be possible to read any communication, including emails being sent between countries, simply by monitoring the servers at one end of the connection. *Websites without a suffix don't have encrypted communications). HealthUnlocked is the only web based CLL Forum that uses encrypted connections - it was designed this way from the start to protect sensitive member information.

Prior to the disclosure discussed in the Wired article, emails were often sent between email provider servers using what's termed 'clear text' or 'plain text'; i.e. text that has not been encrypted and thus can be read by anyone able to monitor the traffic, simply by reading it as it flows through Internet servers which direct the email along its way.

Neil

* http is the abbreviation for Hyper Text Transfer Protocol

https is the abbreviation for Hyper Text Transfer Protocol Secure. It was initially mainly used for sending credit card information and connections to financial institutions, but now is increasingly used to keep traffic secure from other than the intended recipients. https://healthunlocked.com tells you that whatever you read and write to HealthUnlocked is secured by encryption.

Reply (3)Report

CllcanadaTop Poster CURE Hero9 years ago

Email is starting to be encrypted now through services like Protonmail in Switzerland and others... These use open source code to encrypt like OpenPGP... Pretty Good Privacy.

protonmail.com

en.m.wikipedia.org/wiki/Pre...

These cyphers algorithms have been around for years, but for obvious state security reasons governments haven't been very keen on their implementation...

I think in the next few generations of mobile devices, all communications will be encrypted, but there are still struggles ahead with regulators, who want a 'back door' to access all encrypted data.

Raises lots ot ethical, moral and security issues... individual rights verses the rights of a society...

web.cs.ucdavis.edu/~rogaway...

~chris

AussieNeilPartnerAdministrator9 years ago

Sadly, it seems we'd be foolish to expect businesses to invest in better security to prevent these breaches. From an article in The Register: 'Romanosky analyzed 12,000 incident reports and found that typically they only account for 0.4 per cent of a company's annual revenues. That compares to billing fraud, which averages at 5 per cent, or retail shrinkage (ie, shoplifting and insider theft), which accounts for 1.3 per cent of revenues.

As for reputational damage, Romanosky found that it was almost impossible to quantify. He spoke to many executives and none of them could give a reliable metric for how to measure the PR cost of a public failure of IT security systems.

He also noted that the effects of a data incident typically don't have many ramifications on the stock price of a company in the long term. Under the circumstances, it doesn't make a lot of sense to invest too much in cyber security.'

theregister.co.uk/2016/09/2...

Which puts the onus for security back on us...

AussieNeilPartnerAdministrator9 years ago

Will the hack of 500 million Yahoo accounts get everyone to protect their passwords? David Glance, Director of UWA Centre for Software Practice, University of Western Australia looks at how Yahoo has learnt from this hack and last year (2015) introduced a new service to improve security called 'Account Key' which requires someone to have your mobile phone to gain access to your account. He also explains how two factor authentication, which works on the principle of using “something you know”, i.e. your password, and “something you own”, i.e. your phone, is available on Apple iCloud, Google, Facebook, Yahoo and other accounts: theconversation.com/will-th...

AussieNeilPartnerAdministrator6 years ago

With the recent mega internet account hacks, there's a growing number of password dumps from which a list of the most common worst passwords can be derived. Hopefully none of your passwords are in these top 25 and top 100 lists:

newatlas.com/most-common-wo...

More on how to stay secure here: healthunlocked.com/cllsuppo...

Neil