ECP NetHappenings: 12-2-19 morning edition

An Excellent Letter, a Perfect Letter. People are saying it is the Best Letter they’ve EVER Seen.

Laundromat movie starring Meryl Streep on Netflix
{Panama Papers Mossack breach}

The ownership of central banks

The Big Interception Flaw in the US-UK Cloud Act Agreement | Center for Internet and Society

Edward Snowden:’Without encryption we will lose all privacy. This is our new battleground’: The US, UK and Australia are taking on Facebook in a bid to undermine the only method that protects our personal information.

Internet Ethics on Twitter: “It’s sort of weird that we’re reaching a point where you can go into someone’s home and not even be remotely aware that an Echo is curled up against a wall socket”

The Internet of Things is a Sham – YouTube

Google chief: I’d disclose smart speakers before guests enter my home

So looking through the fine print of the apartment we are renting… Time to go hunting for cameras since we’ve already found microphones


Fact:  Washington does not have an extradition treaty with Beijing.

Cambridge Analytica whistleblower: US following China with privacy

CacheBrowser: Bypassing Chinese Firewall Without Proxies

Starting December 1st, China’s new MLPS 2.0 cybersecurity laws will require submission of a facial scan to receive internet access

China’s New Cybersecurity Program: NO Place to Hide

The China Connection: How One D.E.A. Agent Cracked a Global Fentanyl Ring

The City Of Baltimore Blew Off A $76,000 Ransomware Demand Only To Find Out A Bunch Of Its Data Had Never Been Backed Up

A list of the Colorado priests named in the Catholic church sex abuse report, where they worked and when The report accuses 43 priests, but most of the abuse was committed by five

College admissions officers rank prospective students based on web browsing, family finances and other data

Children’s digital rights to Privacy!!!!
YouTube in particular is a top destination for children under 13.
The Federal Trade Commission – Children’s Online Privacy Protection Act — the only comprehensive federal privacy law we have in the United States. The FTC review comes after a spate of children’s protection failures by tech giants. Most recently, the agency fined Google $170 million for violating the kids’ privacy law on YouTube.
YouTube claimed its services were not for kids — even as the platform promoted itself to advertisers at the top online destination for children.
Educational institutions and ed tech vendors have as poor a track record on children’s data protection as tech giants. Over the last three years, there have been more than 700 data breaches, hacks, ransome and DDS attacks in U.S. public schools, according to K-12 cybersecurity data.

Hacker stole 77 million user accounts from Edmodo, a social learning platform used widely in K-12 schools around the world.

The K-12 Cyber Incident Map 715 Incidents Since January 2016

Now Hyperstealth Biotechnology Corp’s Quantum Stealth technology or “broadband invisibility cloak” that bends light around a target. The light can be visible spectrum, ultraviolet, infrared or shortwave infrared light/.

Phone passwords support these symbols
~ @ ! # $ % ^ & * () / : ; ? , . <> _ –

DHS cyber unit wants to subpoena ISPs to identify vulnerable systems

Samsung: Anyone’s thumbprint can unlock Galaxy S10 phone

Turla group exploits Iranian APT to expand coverage of victims – NCSC

Malicious Payloads – Hiding Beneath the WAV

How the OceanLotus Threat Group leveraged steganography to conceal malicious backdoor payloads within image files

FACEBOOK ADS INC “The evil genius of Ads Inc was that it evaded detection in part by using thousands of different Facebook accounts to place ads. And it got these by paying average Americans $15 a month to “rent” their FB accounts.

Mysterious UAE cyber firm luring ex-Israeli intel officers with astronomical salaries

Remember this? Judge approves $415M settlement in Apple, Google wage case

@NordVPN hacked

Hackers steal secret crypto keys for NordVPN.

“So apparently NordVPN was compromised at some point. Their (expired) private keys have been leaked, meaning anyone can just set up a server with those keys”

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

Meet America’s newest military giant: Amazon

Hacking Group Keksec is back. This time they didn’t post funny pictures of their billboard Hacks. They published a guide on How to Hack them.

The secret life of our HIPAA data
“There’s a misconception that all health information is protected by HIPAA; it’s just not true,” she says. A growing number of apps and websites skirt oversight, such as wearable devices that track your heart rate, or an app or portal where individuals can store their own health information. If a company isn’t covered by HIPAA, it “can do more with your health information than you might think, without your consent,” she said.
Can your medical records become marketing? We investigate a reader’s suspicious ‘patient portal. Our tech columnist helps identify a HIPAA loophole, explains Apple Pay and shares a Firefox upgrade that helps you track the data trackers on your computer. The patient portal reserves rights to use “personal health record” data for “marketing and advertising purposes, including sending you marketing and advertising communications whether on our behalf or on behalf of marketing partners.” Say what? Nobody wants to see their medical diagnosis turn into an ad. What’s the law here? A patient portal that has a business associate agreement with your doctor’s office to collect your personal health information should be covered by HIPAA, said Deven McGraw, the former deputy director of health information privacy at the Office for Civil Rights in the U.S. Department of Health and Human Services. And under HIPAA, showing paid, targeted advertisements should require consent from each patient. When I contacted Follow My Health’s corporate parent Allscripts, it painted a narrower picture of its practices — and claimed the site wasn’t limited by HIPAA. Follow My Health claims it is not limited by HIPAA. “Unlike a patient portal that a vendor hosts or supports for a single health-care provider, a vendor of a personal health record product that allows individual consumers to aggregate their health information from multiple sources is not regulated by HIPAA,” Lynch said. The HIPAA-covered business associate relationship, he said, is “limited to the technical work that is necessary to establish and maintain connectivity” between a doctor’s electronic records system and Follow My Health.

Bernie’s tax plan Healthcare cost

Researchers unveil the world’s first programmed DNA computer prototype