Topics
Latest
AI
Amazon
Image Credits:Bryce Durbin / TechCrunch
Apps
Biotech & Health
clime
Image Credits:Bryce Durbin / TechCrunch
Cloud Computing
DoC
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
computer hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
certificate
Social
Space
Startups
TikTok
transport
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
video
Partner Content
TechCrunch Brand Studio
Crunchboard
meet Us
A lighter note from TechCrunch’s Department of Bad News
A mirthful — but true — joke at TechCrunch is that the security desk might as well be called the Department of Bad News , since , well , have you seen what we ’ve cover of late?There is a never - cease supplying of annihilative breach , pervasive surveillance and chanceful startups flogging the downright dangerous .
Sometimes though — albeit rarely — there are inkling of hope that we need to share . Not least because doing the right matter , even ( and especially ) in the face of adversity , helps make the cyber - land that piffling bit dependable .
Bangladesh thanked a security researcher for citizen data leak discovery
When a security researcher bump that a Bangladeshi government website was leak the personal entropy of its citizens , intelligibly something was amiss . Viktor Markopoulos found the exposed datum thanks to an inadvertently cached Google search issue , which expose citizen names , destination , telephone set act and national identity number from the affected site . TechCrunch assert that the Bangladeshi authorities website was leak data , but efforts to alarm the government departmentwere initially meet with silence . The information was so sensitive , TechCrunch could not say which government section was leak the data point , as this might endanger the data further .
That ’s when the land ’s computer pinch incident response team , also known as CIRT , get in touch andconfirmed the leak database had been fixed . The data was spilling from none other than the country ’s birth , death and wedding registrar office . CIRT confirmed in a public placard that it had resolved the data spilland that it left “ no rock unturned ” to understand how the passing water happened . government seldom deal their scandals well , but an e-mail from the government to the research worker thank them for their finding and reporting the bug shows the government ’s willingness to engage over cybersecurity where many other countries will not .
Apple throwing the kitchen sink at its spyware problem
It ’s been more than a tenner sinceApple spend its now - infamous claimthat Macs do n’t get personal computer viruses ( which while technically dead on target , those words have plagued the company for years ) . These day the most pressing threat to Apple devices is commercial spyware , developed by private companies and betray to government , which can punch a hole in our headphone ’ security defenses and steal our datum . It take up courage to admit a problem , but Apple did just that byrolling out Rapid Security Response fixes to secure security hemipteron actively exploited by spyware shaper .
Apple rolled out its first emergency brake “ hotfix ” originally this year to iPhones , iPads and Macs . The idea was to roll out decisive temporary hookup that could be instal without always having to reboot the gimmick ( arguably the painfulness point for the surety - minded ) . Apple also has a setting call Lockdown Mode , which restrain certain gadget features on an Apple gadget that are typically direct by spyware . Apple saysit ’s not aware of anyone using Lockdown Mode who was subsequently hack . In fact , security measures researchers say that Lockdown Mode has actively blocked ongoing targeted hacks .
Taiwan’s government didn’tblinkbefore intervening after corporate data leak
When a security investigator told TechCrunch that a ridesharing service called iRent — run by Chinese automotive whale Hotai Motors — was spilling real - prison term updating customer datum to the internet , it seemed like a wide-eyed fix . But after a week of email the company to correct the on-going data spill — which included client names , cell phone figure and email address , and scans of customer licence — TechCrunch never hear back . It was n’t untilwe contacted the Formosan politics for help disclosing the incidentthat we father a responseimmediately .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Within an hour of adjoin the government , Taiwan ’s diplomatic minister for digital amour Audrey Tang told TechCrunch by electronic mail that the disclose database had been flagged with Taiwan ’s computer emergency brake incident response squad , TWCERT , and was deplumate offline . The speed at which the Chinese government responded was breathtakingly fast , but that was n’t the ending of it . Taiwansubsequently fined Hotai Motors for failing to protect the dataof more than 400,000 customers , and was order to meliorate its cybersecurity . In its aftermath , Taiwan ’s vice chancellor Cheng Wen - tsan tell the fine of about $ 6,600 was “ too light ” and purpose a change to the jurisprudence that would increase information breach mulct by tenfold .
Leaky U.S. court record systems sparked the right kind of alarm
At the heart of any judicial system is its court of justice records system , the tech stack used for submitting and storing sensitive legal document for court cases . These organization are often on-line and searchable , while trammel access code to files that could otherwise adventure an on-going proceeding . But when security researcher Jason Parker foundseveral court record systems with incredibly simple bugs that were exploitable using only a World Wide Web browser app , Parker knew they had to see that these bugs were gear up .
Parker come up and disclosed eight security vulnerabilities in court record systems used in five U.S. state — and that was justin their first batch disclosure . Some of the defect were fixed and some remain salient , and the responses from United States Department of State were mixed . Florida ’s Lee County took the heavy - handed ( and self - owning ) status of threatening the certificate researcher with Florida ’s anti - hacking laws . But the disclosures also sent the right kind of alarm . Several state CISOs and officials responsible for courtroom records organisation across the U.S. saw the revealing as an opportunity to inspect their own court record organization for vulnerabilities . Govtech is break out ( and is desperately underserved ) , but ingest researchers like Parkerfinding and disclosing must - patch flawsmakes the net safer — and the judicial organization fairer — for everyone .
Google killed geofence warrants, even if it was better late than never
It was Google ’s greed drive by ads and perpetual growth that set the stage for geofence warrant . These so - predict “ reverse ” search stock warrant allow police force and government agency to dumpster plunge into Google ’s huge memory board of users ’ location data to see if anyone was in the vicinity at the meter a crime was committed . But theconstitutionality ( and accuracy ) of these reverse gear - warrants have been holler into questionand critics have call on Google to put an death to the surveillance pattern it largely create to begin with . And then , just before the holiday time of year , the gift of privacy : Google say it would begin storing location data on users ’ devices and not centrally , effectivelyending the ability for police to prevail material - time locationfrom its servers .
Google ’s move is not a catholicon , and does n’t unwrap the years of terms ( or stop constabulary from raiding historic data stored by Google ) . But it might nudge other companies also subject to these kinds of reverse - hunt warranty — hello Microsoft , Snap , Uber and Yahoo ( TechCrunch ’s parent party ) — to observe courting and finish storing users ’ tender datum in a way that makes it accessible to administration demands .
come across the cybercriminals of 2023
