5 on Friday: Security and Privacy Stories You Missed (and Shouldn’t)

We’re all busy, aren’t we? With our heads down at work, music blaring into our headphones, it’s easy to miss news stories relevant to our job. Here’s five IT security and privacy stories to bring you up-to-date in a hurry.

Why the Great Glitch of July 8th Should Scare You: On July 8, a computer glitch grounded all mainland United flights, the NYSE went down for the day, and Wall Street Journals’ website of the Wall Street Journal went down, too. The good news is that there’s no sign of evil perpetrators. But the bad news is almost worse: “The big problem we face isn’t coordinated cyber-terrorism, it’s that software sucks.”

OPM suspends security background investigations to fix new flaw: The Office of Personnel Management announced that its Web-based security background system will be out of service for at least four weeks. Doesn’t that fill you with confidence?

MasterCard’s Plans for Facial Recognition Raise Questions: MasterCard sort of announced (via a leak to CNN) that the company was looking at a new means of identity verification using a short video clip selfie. The idea is that you’d register a digital representation of yourself with their facial recognition software. Then when you tried to make a card-not-present purchase, you’d be asked to take a selfie in which you do something like blink. Facial recognition software has reached the point that it could work, but, writes Wayne Rash, there are a couple of holes in the idea that haven’t been addressed, like suppose you have an evil twin? The idea seems to have merit, he admits, assuming the potential holes are plugged. Testing doesn’t start until fall. We’ll see how it works out.

Apple drops Recovery Key in new two-factor authentication for El Capitan and iOS 9: Apple said at WWDC it would build a more integrated and comprehensive two-factor security system into its next OS releases. They’ve now explained what that means.

Hacking Team Breach Shows a Global Spying Firm Run Amok: The notorious firm of hackers-for-hire become a hack target themselves — which serves as a dark example of a global surveillance industry that sells to any government willing to pay to spy on its own people. On Sunday night, unidentified hackers published a massive, 400 gigabyte trove on bittorrent containing internal documents from the Milan-based Hacking Team, a firm long-accused of unethical sales of tools that help governments break into target computers and phones. The breached trove includes executive email messages, customer invoices, and even source code. The company’s Twitter feed was hacked, controlled by the intruders for nearly 12 hours, and used to distribute samples of the company’s hacked files. Those revelations may be well timed to influence an ongoing U.S. policy debate over how to control spying software, with a deadline for public debate on new regulations coming this month.

Is this roundup helpful to you? For me, it’s an experiment. Tell me if you like it, and that I should continue. Also tell me if it makes you say, “Meh;” but in that case, send me chocolate so I can drown my sorrows.

The State of Data Privacy in 2015: A Survey of IT Professionals, data privacy, enterprise data privacy, data privacy study, data privacy survey, IT data privacy, corporate data privacy, business data privacy, customer data privacy