The Gaurdian

Smart fridges and TVs should carry security rating, police chief says

Guardian Security - Mon, 07/24/2017 - 10:53am

At-a-glance security information should be beside energy efficiency ratings to protect households according to Durham chief constable Mike Barton

Televisions, fridges and other internet-connected home appliances should carry cyber security ratings alongside energy efficiency ratings, a police chief has suggested.

Durham chief constable Mike Barton said customers should be given the at-a-glance information for internet-ready equipment in the same way fridges, freezers, TVs and other appliances have to display their energy efficiency ratings before sale.

Continue reading...
Categories: The Gaurdian

Politicians need to get digitally literate – and fast | Martha Lane Fox

Guardian Security - Tue, 07/18/2017 - 3:00am
Corporate bosses now truly understand the risks of poor web security. The public sector must catch up
• Martha Lane Fox is founder of Doteveryone and a cross-bench peer

NHS data breaches, WannaCry ransomware attacks, ATMs hijacked, fake news, violent jihadist content on YouTube. The challenges posed by today’s digital culture make those I faced with Brent Hoberman when we started nearly 20 years ago seem trifling. Back then we were grappling with early technologies to help make credit card payments on the web safe. Today the difficulties are of a different order of magnitude. And that’s before you begin to think about the future – which promises more big data, autonomous vehicles and the internet of things, with machine learning underpinning it all.

Related: The ransomware attack is all about insufficient funding of the NHS | Charles Arthur

Corporate boards now make digital security a top priority … this has to be true in the public sector, too

Related: Flawed reporting about WhatsApp | Open door | Paul Chadwick

Continue reading...
Categories: The Gaurdian

Hospitals to receive £21m to increase cybersecurity at major trauma centres

Guardian Security - Wed, 07/12/2017 - 1:59pm

Jeremy Hunt pledges funding for 27 hospitals across England after the WannaCry ransomware attack disabled NHS IT systems

Hospitals responsible for treating patients from major incidents including terrorist attacks will receive £21m to beef up their cybersecurity in the wake of the WannaCry assault on NHS IT systems.

Jeremy Hunt, the health secretary, has pledged the extra money to try to stop future malware attacks disrupting operations and appointments in key medical centres.

Continue reading...
Categories: The Gaurdian

Amazon and WhatsApp 'falling short over privacy', says pressure group

Guardian Security - Tue, 07/11/2017 - 10:30am

EFF’s annual Who Has Your Back report criticises world’s largest retailer and biggest messaging app for not keeping up on privacy

Amazon and WhatsApp have been scolded by the privacy campaigning group the Electronic Frontier Foundation over their “disappointing” privacy practices, and told that they can and should be doing better in its yearly review.

The seventh annual Who Has Your Back privacy report analysed the policies and public actions of 26 companies, rating them out of five categories covering industry best practices, privacy policies and their dealing with governments – including two new entries of “promises not to sell out users” and “stands up to National Security Letter (NSL) gag orders”.

Continue reading...
Categories: The Gaurdian

The Guardian view on patient data: we need a better approach | Editorial

Guardian Security - Wed, 07/05/2017 - 2:49pm
The deal between an NHS hospital and Google’s artificial intelligence division DeepMind is a cautionary tale for the future use of sensitive data by tech monopolists

Any fair-minded assessment of the dangers of the deal between the NHS and DeepMind must start by acknowledging that both sides mean well. DeepMind, owned by Google’s owners, is one of the leading artificial intelligence outfits in the world. The potential of this work applied to healthcare is very great. But it could also lead to further concentration of power in the tech giants. It is against that background that the information commissioner, Dame Elizabeth Denham, has issued her damning verdict against the Royal Free hospital trust, which handed over to DeepMind the records of 1.6 million patients in 2015 on the basis of a vague agreement which took far too little account of the patients’ rights and their expectations of privacy.

DeepMind has almost apologised. The trust has mended its ways. Further arrangements – and there may be many – between the NHS and DeepMind will be carefully scrutinised to ensure that all necessary permissions have been asked of patients and all unnecessary data has been sanitised. There are lessons about informed patient consent to learn. But privacy is not the only angle in this case and not even the most important. Dame Elizabeth chose to concentrate the blame on the NHS trust, since under existing law it “controlled” the data and DeepMind merely “processed” it. But this distinction misses the point that it is processing and aggregation, not the mere possession of bits, that gives the data value.

Continue reading...
Categories: The Gaurdian

Hackers who targeted Ukraine clean out bitcoin ransom wallet

Guardian Security - Wed, 07/05/2017 - 7:02am

‘NotPetya’ ransomware creators move £8,000 in bitcoin, leaving observers uncertain over the attack’s motive

The hackers behind the NotPetya ransomware, which wiped computers in more than 60 countries in late June, have moved more than £8,000 worth of bitcoins out of the account used to receive the ransoms.

The transfer has added credence to messages purporting to be from the attackers offering to decrypt every single infected computer for a one-off payment of £200,000, after security researchers suggested they may be state-sponsored actors.

Continue reading...
Categories: The Gaurdian

Medicare data breach: Alan Tudge admits department unaware darknet vendor selling card details

Guardian Security - Tue, 07/04/2017 - 7:49pm

Human services minister defends department’s security procedures as AFP investigate revelation that Australians’ card details are for sale online

Inside the darknet: where Australians buy and sell illegal goods

The human services minister, Alan Tudge, has admitted that his department was unaware that a darknet vendor had been selling Australians’ Medicare details since October 2016.

On Tuesday an investigation by the Guardian revealed that a darknet vendor on a popular auction site for illegal products claimed to have access to any Australians’ Medicare card details and could supply them on request.

Related: Darknet sale of Medicare data 'traditional criminal activity', minister says

Related: The Medicare machine: patient details of 'any Australian' for sale on darknet

Continue reading...
Categories: The Gaurdian

'NotPetya' malware attacks could warrant retaliation, says Nato researcher

Guardian Security - Mon, 07/03/2017 - 8:34am

If malware outbreak was state sponsored it could count as violation of sovereignty and open possibility of countermeasures, says Tomáš Minárik

The NotPetya malware that wiped computers at organisations including Maersk, Merck and the Ukrainian government in June “could count as a violation of sovereignty”, according to a legal researcher at Nato’s cybersecurity division.

If the malware outbreak was state-sponsored, the Nato researcher says, it could open the possiblity of “countermeasures”. Those could come through retaliatory cyber--attacks, or more conventional means such as sanctions, but they must fall short of a military use of force.

Continue reading...
Categories: The Gaurdian

Flawed reporting about WhatsApp | Open door | Paul Chadwick

Guardian Security - Wed, 06/28/2017 - 9:06am

Cumulative effect of missteps led the Guardian to overstate the potential impact on the security of users’ messaging

The Guardian was wrong to report in January that the popular messaging service WhatsApp had a security flaw so serious that it was a huge threat to freedom of speech.

But it was right to bring to wide public notice an aspect of WhatsApp that had the potential to make some messages vulnerable to being read by an unintended recipient.

Continue reading...
Categories: The Gaurdian

NotPetya ransomware attack 'not designed to make money'

Guardian Security - Wed, 06/28/2017 - 7:46am

Digital security researchers say malware attack that spread from Ukraine appeared to be focused on damaging IT systems

A ransomware attack that affected at least 2,000 global users on Tuesday appears to have been deliberately engineered to damage IT systems rather than extort funds, according to security researchers.

The attack began in Ukraine, and spread through a hacked Ukrainian accountancy software developer to companies in Russia, western Europe and the US. The software demanded payment of $300 (£230) to restore the user’s files and settings.

Related: Is it safer to use an app or a browser for banking?

Continue reading...
Categories: The Gaurdian