Millions of Records Exposed Online
Security researchers Bob Diachenko and Vinny Troia have discovered an unprotected, publicly accessible MongoDB database containing 150gb of
detailed, plaintext marketing data which contains data about individual consumers as well as what appears to be “business
intelligence data”. The database which is owned by ‘Email Validation’ firm Verifications.io was taken off-line the same day Diachenko
reported it to the company.
Playing a crucial role in the email marketing industry, they vet customer’s mailing lists to ensure that the email addresses are valid
and won’t bounce back. The 809 million total records include information like names, email address, phone numbers and physical addresses
but many may also include gender, date of birth and other personal information.
Responding with an unsigned note, Verifications advised that it is a company database built with public information, not client data, but
they have secured the database.
To check if your email address is one of those impacted you can use this website – https://haveibeenpwned.com/
Russia: Thousands Protest Against Cyber-Security Bill
Thousands of people in Moscow, Russia have protested against plans to introduce tighter restrictions on the internet. The bill, which
allows it to isolate Russia’s internet from the rest of the world will improve cyber-security according to the government. Campaigners
are opposed and say it’s and attempt to increase censorship and stifle dissent.
The government has said that the bill will reduce Russia’s dependance on internet servers in the United States and seeks to stop the
country’s internet traffic being routed through foreign servers. A second vote is expected later this month and if passed, will need to
be signed by President Vladimir Putin.
Security Holes Found in Car Alarms
Security flaws which have left vehicles vulnerable to being stolen or hijacked as been found in three specialist car alarm apps –
Clifford, Viper and Pandora. Security researchers have exploited the bugs to activate car alarms, unlock a vehicles doors and start the
engine via the insecure app. Resulting from a recent update, the company does not believe that any client data has been accessed without
authorisation and has now been fixed.
Australia’s Anti-Encryption Laws
The decision to rush in laws designed to weaken encryption has drawn ridicule from international cryptographic experts at the annual RSA
security conference. Independent security researcher Paul Kocher joined public-key cryptography pioneer Whitfield Diffie in panning the laws
saying they would not be “productive”. Kocher was quoted as saying “I don’t think Australia can do a better job than the
NSA, so it’s not going to end well”.
Vodafone: “NBN Co Still Providing Dodgy Speed Data”
Vodafone has claimed that retail internet providers are in no better position to judge the maximum attainable speed of NBN services than
a year ago. Vodafone considered NBN Co supplied speed test results so unreliable that it needs to build its own speed test system to run
checks as the checks had “observed significant variability”. In response to these claims NBN Co have said in a statement that
it has “been providing RSPs with additional granular performance reporting since December 2018, with real time updates”. NBN
Co are continuing to assess options to add further capability to RSPs.
Facebook’s Future is Going Big on Private Chats
In this latest sign that Facebook sees its future in intimate online chats, Mark Zuckerberg has said that the company would encrypt
conversations on more of its messaging services and make them compatible. He also said that within a few years, direct messaging would
dwarf discussion on the traditional open platform of Facebook’s News feed. In a move that could frustrate law enforcement surveillance
efforts, it could also limit Facebook’s ability to generate revenue through targeted ads. As part of the strategy, a Facebook user would
be able to communicate with WhatsApp users whilst only having a Messenger account and vice versa.
