Tag Archives: Security

SCOTUS Will Hear A Challenge That Could Lead To TikTok Ban

SCOTUS, TikTok

On Wednesday, the Supreme Court confirmed it would review whether a federal law that could ban or force a sale of TikTok is unconstitutional, ArsTechnica reported. 

The announcement came just one day after TikTok and its owner ByteDance petitioned SCOTUS for a temporary injunction to halt the ban until the high court could consider what TikTok claimed is “a massive and unprecedented speech restriction” ahead of a change in the US presidential administrations.

“We’re pleased with today’s Supreme Court order,” TikTok said in a statement. “We believe the Court will find the TikTok ban unconstitutional so the over 170 million Americans on our platform can continue to exercise their free speech rights.”

But while SCOTUS agreed to review the key question that remains for TikTok — whether the Protecting Americans from Foreign Adversary Controlled Applications Act violates the First Amendment — the court declined to order the injunction that TikTok sought.

“Considering the applications for an injunction pending review presented to The Chief Justice and by him referred to the Court is deferring pending oral argument,” court’s announcement said.

TechCrunch reported: The Supreme Court said on Wednesday that it will hear ByteDance and TikTok’s challenge to a law that would ban the social network in the U.S. unless the social network divests from Chinese ownership by January 19. 

On January 10, the Supreme Court justices will hear arguments about whether the sell-or-ban law violates the First Amendment. It is unknown how quickly the court will come to a decision.

The two companies asked the Supreme court on Monday to block the law. Last week, ByteDance and TikTok filed an emergency motion asking an appeals court to temporarily block the law in order to give the Supreme Court a chance to assess the case.

The social network may also get a lifeline from President-elect Donald Trump, who has vowed to save TikTok, it’s worth noting that TikTok CEO Shou Chew reportedly met with President-elect Donald Trump at Mar-a-Lago on Monday, according to CNN’s Kaitlan Collins.

The Verge reported:The Supreme Court agreed to hear arguments on whether a bill that could ban TikTok violates the First Amendment, The arguments will take place on January 10th, just over a week before a potential ban could take effect.

While the outcome is far from guaranteed, SCOTUS’ decision to take up the case is a small win for TikTok, which is barreling toward expulsion from the US unless the court throws out or pauses the law, or its China-based parent company ByteDance agrees to sell it in time.

The law at the center of the case, the Protecting Americans from Foreign Adversary Controlled Applications Act, seeks to prohibit apps like TikTok from being owned by companies in a list of foreign adversary countries.

In my opinion, it sounds like SCOTUS is going to take a close look whether or not banning or forcing a sale of TikTok is unconstitutional.

Meta Fined $263M Over 2018 Security Breach

Meta

Meta has been fined €251 million (around $263 million) in the European Union for a Facebook security breach that affected millions of user, which the company disclosed back in September 2018, TechCrunch reported.

The penalty, issued on Tuesday by Ireland’s Data Protection Commission (DPC) enforcing the bloc’s General Data Protection Regulations (GDPR), is far from being the largest GDPR fine Meta has been hit with since the regime came into force over five years ago. Still, it is notable as its a substantial sanction for a single security incident.

The breach dates back to July 2017, when Facebook rolled out a video upload function that included a “View as” feature, which let the user see their own Facebook pages a it would be seen by another user.

On Tuesday, the Irish regulator issued its final decisions on two inquiries it had opened into the 2018 incident: One decision covers Meta’s breach notification, as the GDPR requires prompt and comprehensive reporting of major security incidents, while the other concerns rules on data protection by design and default.

The Irish Data Protection Commission fines Meta €251 million. From the press release:

The Irish Data Protection Commission (DPC) has today announced its final decisions following two inquires into Meta Platforms Ireland Limited (‘MPIL’). These own-volition inquires were launched by the DPC following a persona data breach, which was reported by MPIL in September 2018.

This data breach impacted approximately 29 million Facebook accounts globally, of which approximately 3 million were based in the EU/EEA. The categories of personal data affected included: user’s full name; email address; phone number; location; place of work; date of birth; religion; gender; posts on timelines; groups of which a user was a member; and children’s personal data. 

The breach was remedied by MPIL and its US parent company shortly after its discovery.

Reuters reported: The lead European Union data privacy regulator for Meta fined the social media giant 251 million euros ($263.5 million) on Tuesday for a 2018 Facebook security breach that affected 29 million users.

Meta notified Ireland’s Data Protection Commission at the time that cyber attackers had exploited a vulnerability in Facebook’s code that impacts the “View As” feature that lets users see what their own profile looks like to someone else.

Meta remedied the breach shortly after its discovery, DPC said. Of the 29 million Facebook accounts impacted globally, about 3 million were based on the EU and European Economic Area.

The DCP is the lead EU regulator for most of the top U.S. Internet firms due to the location of their EU operations in Ireland.

In my opinion, it seems like the DCP is displeased with Meta’s inability to prevent Facebook users from being hacked by cyber attackers.

Appeals Court Upholds Ban of TikTok

Security, TikTok

A federal appeals court ruled Friday that TikTok can be banned in the U.S. over national security concerns, upholding a federal law requiring the popular social media app to shed its Chinese ownership to keep operating, The Wall Street Journal reported.

A three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit said Congress has the power to take action against TikTok to protect U.S. interests.

The ruling rejected a First Amendment challenge brought by the app and several of its star users, who argued the ban was an unconstitutional infringement on free speech.

The sell-or-ban law — signed by President Biden in April— passed with bipartisan support after lawmakers reviewed classified briefings from the intelligence community about China’s ability to use TikTok to surveil Americans and spread Chinese propaganda.

“The First Amendment exists to protect free speech in the United States. Here the Government acted solely to protect that freedom from a foreign adversary nation and to limit that adversary’s ability to gather data on people in the United States.” Judge Douglas Ginsburg wrote for the court.

TikTok, a U.S. entity owned by Beijing-based ByteDance, has claimed that American security fears are speculative and overblown. The ban’s terms are set to take effect in mid-January, but that doesn’t mean that TikTok will necessarily disappear from app stores by that time.

CNBC reported: A federal appeals court on Friday cited national security concerns as it upheld a law requiring China-based ByteDance to sell the popular social media app TikTok next month or face an effective ban in the United States.

The unanimous ruling by a three-judge panel of the U.S. Court of Appeals in Washington, D.C., rejected TikTok’s argument that the law is unconstitutional and violates the First Amendment rights of the 170 million Americans who use the app.

TikTok said later Friday that it will ask the U.S. Supreme Court to overturn the appeals court decision.

If ByteDance fails to sell TikTok by Jan. 19, the law would require app store companies, such as Apple, and Google, and internet hosting providers to stop supporting TikTok, which would effectively ban the app.

The Hill reported: A federal appeals court on Friday upheld a law requiring TikTok’s Chinese parent company to sell the popular app or face a U.S. ban.

A three-judge panel with the U.S. Court of Appeals for the D.C. Circuit found that the law does not violate the First Amendment, as TikTok argued. The decision brings a ban one step closer to reality, with about a month until the law goes into effect.

The divest-or-ban law moved rapidly through Congress earlier this year amid widespread bipartisan national security concerns over the app’s China-based parent company ByteDance. It was signed by President Biden in April.

 In my opinion, it appears that lawmakers want make sure that TikTok is banned from the U.S., and are giving ByteDance short notice on when that should happen. 

FCC Bans U.S. Sales Of Huawei And ZTE Over Security Concerns

Security,

Huawei, ZTE, Hikvision, Hytera and Dahua all sell telecommunications equipment and video surveillance technology into the United States, but many of their future security cams and radio hardware will no longer be welcome, The Verge reported.

According to The Verge, the Federal Communications Commission has just announced it will no longer authorize some of their equipment – which is a big deal, because companies can’t legally import or sell anything with a radio in the US without authorization.

The FCC posted news (in the form of a PDF, Docx, or Txt) titled: “FCC Bans Equipment Authorizations For Chinese Telecommunications And Video Surveillance Equipment Deemed To Pose A Threat To National Security”.

From the news:

The Federal Communications Commission adopted new rules prohibiting communications equipment deemed to pose an unacceptable risk to national security from being authorized for importation or sale in the United States. This is the latest step by the Commission to protect our nation’s communications networks. In recent years, the Commission, Congress, and the Executive Branch have taken multiple actions to build a more secure and resilient supply chain for communications equipment and services within the United States.

“The FCC is committed to protecting our national security by ensuring that untrustworthy communications equipment is not authorized for use within our borders, and we are continuing that work here,” said Chairwoman Jessica Rosenworcel. “These new rules are an important part of our ongoing actions to protect the American people from national security threats involving telecommunications.”…

… The new rules prohibit the authorization of equipment through the FCC’s Certification process, and makes clear that such equipment cannot be authorized under the Supplier’s Declaration of Conformity process or be imported or marketed under rules that allow exemptions from an equipment authorization. The Covered List (which includes both equipment and services) currently includes communications equipment produced by Huawei Technologies, ZTE Corporation, Hytera Communications, Hangzhou Hikvision Digital Technology, and Dahua Technology (and their subsidiaries and affiliates). The new rules implement the directive in the Secure Equipment Act of 2021, signed into law by President Biden last November, the requires the Commission to adopt such rules…

Brendan Carr, the FCC’s commissioner tweeted: “Today the FCC takes an unprecedented step to safeguard our networks and strengthen America’s national security. Our unanimous decision represents the first time in FCC history that we have voted to prohibit the authorization of new equipment based on national security concerns.”

Engadget reported that this latest move follows years of conflict between the US and companies closely tied to Chinese governments. That’s included placing several notable Chinese companies, including DJI, on the Department of Commerce’s “Entity List,” which prohibits US firms from selling equipment to them.

According to Engadget, the FCC is also calling for $5 billion to help US carriers with the massive task of replacing equipment from Huawei and ZTE.

In my opinion, it seems like a good idea for the United States to try and protect itself from products and services that “could pose a threat to national security”. I think the FCC is right to request $5 billion to help US carriers remove equipment from Huawei and ZTE, and I hope the money will also enable the carriers to install equipment made in the United States.

Microsoft Introduces Microsoft Defender – A 365 Online Security App

Microsoft,

Microsoft introduced its Microsoft Defender. It is a new Microsoft 365 online security app for you and your family.

Everyone deserves to feel safe online. Securing your personal data and devices is more challenging than ever, increasing malicious threats, more time online, and many connected personal devices can leave us feeling vulnerable. It’s time for online security that provides simplified and secure protection to meet you where you are.

Microsoft Defender for Individuals is a new security app designed to keep individuals and families safer online. Available for Microsoft 365 Personal and Family subscribers starting on June 16, 2022, Microsoft Defender helps simplify your online security through one, unified view into your family’s protections, across your personal phones and computers.

The footnotes attached to parts of that paragraph include: “App requires a Microsoft 365 Family or Personal subscription, and is available as a separate download.” A second footnote says: “App is available on Windows, macOS, Android, and iOS in select Microsoft 356 Family or Personal billing regions.”

Microsoft says that Microsoft Defender extends the production already built into Windows Security beyond your PC to your macOS, iOS, and Android devices. This, too, comes with a footnote which says: “New malware protection is not available where these protections exist in iOS and Windows”. Yet another footnote says: “Security tips are available on Windows and macOS only.”

Corporate Vice President, Security, Compliance, Identity and Management, Vasu Jakkal, wrote a post titled: “Making the world a safer place with Microsoft Defender for individuals”. Here are some key points from that post:

What does Microsoft Defender Do?

Microsoft Defender is simplified online security that meets you and your family where you are by bringing multiple protections together into a single dashboard. It provides online protection across the devices you and your family use. It offers tips and recommendations to strengthen your protection further. And, as you grow your digital footprint by adding family members and devices, Defender grows with you and keeps your defenses up-to-date using trusted technology.

  • This seamless solution, which includes continuous antivirus and anti-phishing protection for your data and devices, will enable you to:
  • Manage your security protections and view security protections for everyone in your family, from a singe, easy-to-use, centralized dashboard.
  • View your existing antivirus protection (such as Norton or McAfee). Defender recognizes these protections within the dashboard.
  • Extend Windows device protections to iOS, Android, and macOS devices for cross-platform malware protection on the devices you and your family use the most.
  • Receive instant security alters, resolution strategies, and expert tips to help keep your data and devices secure.

Personally, I am pleasantly surprised that Microsoft is extending Microsoft Defender to not only people who use PCs and Android devices, but also to those of us who use macOS and iOS devices. It is unusual for a tech company to extend its security protections to those outside of its “universe” of products.

Ukraine picks up six hackers behind Clop ransomware

Hacker, Information,

It’s been a rough spell for hackers, one was just extradited from Mexico to face charges in California for a DDoS attack on the city of Santa Cruz. 

Now six members of a group responsible for the Clop ransomware were picked up in a raid in the Ukraine. It is not clear if these were all the members behind it or just one cell. The search of the home resulted in the seizure of hundreds of thousands of dollars and expensive vehicles such as an AMG 63 and a Tesla. 

A Ukrainian report states that “[in] 2021, the defendants attacked and encrypted the personal data of employees and financial reports of Stanford University Medical School, the University of Maryland and the University of California.” 

As S Korea and the US were also in on this roundup and have charges pending for hacks in both countries, it’s unclear where things go from here. 

MJR Digital Cinemas has upgraded, but what’s wrong with this picture?

Security

Despite the ever-increasing tab at the box office, we all, or most of us, enjoy seeing an occasional movie on the big screen. There are just some flicks that lend themselves to the immersive experience. 

The good news is theaters around the country have been upgrading recently – improved seating and digital systems along with a wider selection of (overpriced) goodies to choose from and dine on during your show. Some now even have bars. 

One theater chain in Michigan, MJR, has been among those to upgrade, however they apparently failed to consult any sort of IT professional, or at least one who knows anything about security. Take a look at the image below and see if any problems seem apparent. 

At least they made the job easy for hackers. In fact, there’s no real job at all, it’s just handed over to them.