Don’t be fooled by this email, Canada’s Digital Charter, and political party security.
Welcome to Cyber Security Today. It’s Wednesday May 22nd. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com. To hear the podcast, click on the arrow below:
Some people in the United States are getting phony emails pretending to be from the U.S. Postal Service. That warning comes from the Post Office Inspector General. The email message is about an attempted or intercepted package delivery for you, or for online postage charges. But the message also includes a link or attachment with supposedly more information. In fact, it’s a link to a virus to infect a personal computer, tablet or smartphone. Usually, these messages can be spotted because of spelling or grammar errors. They can also be detected by good anti-malware security software. At any rate, if you receive a suspicious-looking or unexpected email from the Post Office, don’t click on the link or open the attachment. If you get one of these messages, you can report it to the Inspector General’s hotline at www.uspsoig.gov.
The government of Canada announced a Digital Charter to be used for guiding federal legislation. That would include any changes to be made in the privacy legislation that affects businesses that come under federal oversight. However, the government won’t be making any privacy-related legislative changes before the upcoming election in October. So, maybe privacy will be an election issue. There’s more detail on this in my story on ITWorldCanada.com.
Speaking of elections, a company called SecurityScorecard looked at how 29 U.S. and European political parties protect the privacy of the personal data they hold. It concluded parties are getting better, but they still need to do more work. The examination looked at things like whether a web site was running outdated software, and whether usernames and passwords were scrambled. Parties in Sweden were ranked number one, those in France were last. U.S. parties were in the middle. You should encourage the party you support to make cyber security a priority.
A Quebec company has pleaded guilty and fined $247,000 for trafficking in stolen identity information. Defiant Tech operated a web site called LeakedSource, which was selling access to a database of about 3 billion hacked personal identity records and passwords. According to ZDNet, the database was pulled together from public lists of stolen data, or had been bought from hackers. The RCMP said the company earned just under a quarter of a million dollars. The FBI and Dutch police helped in the investigation. According to ZDNet a man alleged to be the site’s operator was arrested in December, 2017.
(This item was updated from the original to add that the company was fined)
Finally, attention IT security professionals: If your company uses ElasticSearch for searching through data, the latest versions now include core security features. Until now these features had to be paid for with a Gold subscription. But if you get versions 6.8 or 7.1 of the Elastic Stack, you get the ability to encrypt communications, create a file realm for managing users and impose access control. However, you have to pay for advanced features like single sign-on. This is good news because, as I’ve noted before, clumsy employees sometimes leave unprotected ElasticSearch searches open on the Internet. That’s a big security problem.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon