September 19, 2019

Air Force to offer up a satellite to hackers at Defcon 2020

By Lisa Vaas

Last month, when the US Air Force went to the Defcon hacker conference, it dragged along an F-15 fighter-jet data system.

The destination: a corner of the conference where the first-ever Aviation Village brought together the aviation industry with the infosec/hacker community. There, vetted security researchers picked that system to pieces.

As in, they literally went at it with screwdrivers and pliers. They filled hotel glasses with screws, nuts and bolts from the Trusted Aircraft Information Download Station. They also remotely inflicted malware on the unit, which collects video and sensor data while the F-15 is in flight.

The attitude of the Air Force to the results: well, that went well. Now, the Air Force has decided to up the ante, as Wired reports. Next year, it’s offering up an orbiting satellite.

Will Roper, the Air Force’s top acquisition official, told the Washington Post that he wasn’t surprised at this year’s results with the F-15 subsystem. He expected the results to be this bad, given decades of neglect of cybersecurity, added to the military’s hitherto, mostly hands-off approach to penetration testing from the private sector – not to mention what the Post calls the “arcane and byzantine” military contracting process, in which companies that build software components won’t let the Air Force pry apart their products for testing.

Read more at https://nakedsecurity.sophos.com/2019/09/19/air-force-to-offer-up-a-satellite-to-hackers-at-defcon-2020/

Researchers find 737 million medical images exposed on the internet

By John E Dunn

Earlier this summer, researchers at German company Greenbone Networks decided to spend a few weeks trawling the internet to see how many medical imaging archives might be exposing patient data.

Presumably, they had a hunch they’d turn up something but appear to have been taken aback by the scale of the data leakage they uncovered.

Of the 2,300 archiving systems looked at, 590 were accessible from the internet, exposing 24 million medical records from 52 countries.

Linked to this patient data were 737 million medical images from x-rays, CT and MRI scans, including 400 million in a state that meant they could be downloaded and viewed using easily available software.

Just to rub in the lack of care and attention, a further 39 were so weakly secured that they allowed access to patient data using nothing more specialized than a web browser and HTTP.

In the US, the exposure was 45.8 million medical images associated with 13.7 million records which almost makes the UK’s figures of 5,000 images and 1,500 medical records sound good.

Clearly, something is going very wrong here, not only because so much medical data and imagery has been exposed but because it has taken a security company to point out this out.

Read more at https://nakedsecurity.sophos.com/2019/09/19/researchers-find-737-million-medical-images-exposed-on-the-internet/

US files suit against Snowden to keep book profits out of his hands

By Lisa Vaas

The US has filed suit against government surveillance secret leaker Edward Snowden for publishing a book – Permanent Record – in violation of the non-disclosure agreements (NDAs) he signed with both the Central Intelligence Agency (CIA) and the National Security Agency (NSA).

The NSA is, of course, where Snowden was working as a CIA employee and subcontractor when he leaked secret documents exposing covert NSA surveillance programs.

The government isn’t looking to stop or restrict the publication or distribution of the book, which was released worldwide on Tuesday – the same date that the lawsuit was filed. Rather, it wants to seize any money Snowden makes from book sales.

The complaint alleges that Snowden published his book without submitting it to the CIA and NSA for pre-publication review, in violation of his express obligations under the agreements he signed when he went to work for the agencies.

The suit also alleges that Snowden has given public speeches on intelligence-related matters, also in violation of his NDAs.

The suit names the publishers, Macmillan Publishers Inc., Macmillan Publishing Group LLC (doing business as Henry Holt and Company), and Holtzbrinck Publishers LLC. In its press release, the US Attorney’s Office for the Eastern District of Virginia said that it’s suing the publishers just to make sure that they don’t pay anything to Snowden while the court resolves the US’s claims.

Read more at https://nakedsecurity.sophos.com/2019/09/19/us-files-suit-against-snowden-to-keep-book-profits-out-of-his-hands/

ACS

Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880
863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.


Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation