Identity in the News – Week of May 7, 2018
Selections from the top news items this week in the world of identity and application security.
Twitter advising all 330 million users to change passwords after bug exposed them in plain text
From The Verge: Twitter is urging all of its more than 330 million users to immediately change their passwords after a bug exposed them in plain text. While Twitter’s investigation showed that there was no evidence that any breach or misuse of the unmasked passwords occurred, the company is recommending that users change their Twitter passwords out of an “abundance of caution,” both on the site itself and anywhere else they may have used that password, which includes third-party apps like Twitterrific and TweetDeck.=
How Twitter's Password Screwup Might Have Happened
From LifeHacker: Last week, Twitter revealed that it had accidentally stored some user passwords in plain text, and thus suggested that all users change their Twitter password. It was bad. But honestly not that bad, according to Tristan Bolton, founder of enterprise cloud provider BoltonSmith. We talked to him about how it might have happened, and how it could have been worse.
Equifax's data breach by the numbers: The full breakdown
From CNET: Equifax is offering a closer look at its massive data breach, which revealed sensitive information on more than half the American population last year. The company released the details Monday in a Securities and Exchange Commission filing, following demands from US senators.
A Modern Identity System Can Ensure UK Citizens The Right To Vote
From Information Security Buzz: Following the news that UK citizens were denied the right to vote in the recent elections due to not having correct ID to validate their identity, Jesper Frederiksen, Head of EMEA at identity access specialists, Okta mentions that the very values of democracy are being tarnished due to archaic methods of ID processes. Jesper argues that a modern identity system capitalising on biometric and mobile technologies will ensure people are entitled to services such as voting.
Building a Framework for the Safe Management of Digital Identities and Data
From the Wall Street Journal: For much of history, our identity systems have been based on face-to-face interactions and on physical documents and processes. But the transition to a digital economy requires radically different identity systems. In a world that’s increasingly governed by digital transactions and data, our existing methods for managing digital identities and privacy are proving inadequate. Data breaches, large-scale fraud, and identity theft are becoming more common.
O, Canada! The State Of Information Security North Of The Border
From Forbes: A recent survey of over 420 information security professionals from a wide variety of enterprises in Canada revealed that 90% of the survey population experienced at least one security breach over the past year. Of those surveyed who suffered a breach, 47% had sensitive data stolen.
Will Brontech's Experiment in Blockchain-Based Identity Succeed?
From Nasdaq: Brontech is an Australian startup company focusing on the issuance, verification and usage of sovereign digital identity. It seeks to create a decentralized ecosystem that allows users to manage and control their data — who sees it and what it’s used for. This platform, which will be layered on top of the blockchain, will utilize state-of-the-art technologies such as Interplanetary File System (IPFS), zero-knowledge proofs and distributed hash tables, among others.
Oracle boosts autonomous cloud services and hints at blockchain plans
From SiliconANGLE: After rolling out its Data Warehouse Cloud in March, Oracle doubled down today on its autonomous capabilities with the general availability of built-in artificial intelligence and machine learning algorithms for its analytics, integration and visual builder cloud services. The extension of new autonomous capabilities across its platform-as-a-service portfolio highlights the company’s interest in staking out an position in offering autonomous services for enterprise applications for the database market.
Digital identity debate resurfaces following Windrush scandal
From Information Age: In the wake of the Home Secretary’s resignation over the Windrush scandal, the question of national, digital, ID cards has been brought into national conversation. Indeed, Jesper Frederiksen – head of EMEA at identity management company Okta – has suggested the UK government needs to adopt digital identities to avoid repeating the same mistakes with EU citizens post-Brexit.
Google Will Ask Buyers of U.S. Election Ads to Prove Identities
From the New York Times: Google will begin requiring those who buy ads related to federal elections in the United States through its sprawling advertising network to prove that they are citizens or lawful residents of the country. In a blog post published on Friday, Google said it would take steps to verify if people or organizations are allowed to buy political advertising and ask them to prove that they are who they say they are.
Budget 2018: DHA given AU$130m for 'identity management' platform
From ZDNet: Under the Australian government’s new 2018-2019 budget, the Department of Home Affairs (DHA) has gained AU$130 million to upgrade its "identity management" and visa processing IT infrastructure. The goal of the new allocation of funds is to detect and prevent threats from entering the nation and establish a platform for the enterprise identity management system.
Password Reuse Abounds, New Survey Shows
From Dark Reading: A new survey by LogMeIn of some 2,000 individuals in the United States, Australia, France, Germany, and the UK has revealed what can only be described as broad apathy among a majority of users on the issue of password use. Though 91% of the respondents profess to understand the risks of using the same passwords across multiple accounts, 59% said they did so anyway. More than half of the respondents confess to not changing their passwords in the past 12 months even though they were aware of the risks.
North Korea's AV Software Contains Pilfered Trend Micro Software
From Dark Reading: Researchers get hold of a copy of Kim Jong Un regime's mysterious internal 'SiliVaccine' antivirus software, provided only to its citizens, and find a few surprises. A rare hands-on analysis of the antivirus software that North Korea provides its citizens shows the proprietary tool is based on a 10-year-old version of Trend Micro's AV scanning engine that also was customized to ignore a specific type of malware rather than flag it.
Data Breaches Are Stressing Americans, Canadians Out
From PYMTS: Kaspersky Lab, the cybersecurity company, revealed in a new survey on Tuesday that 81 percent of Americans and 72 percent of Canadians are stressed out about the recent rash of data breaches. The new report, dubbed “The State of Cyber-Stress,” highlights consumers’ lack of awareness as to how they can protect themselves from hackers online. According to the company, this is leading to increased stress around technology and cybersecurity in general.
The Average Cost of an Insider Threat Hits $8.7 Million
From Security Intelligence: The mean cost of a cybersecurity breach involving employees or others within an organization is $8.7 million, according to a global study of insider threats. Based on interviews with IT security professionals across more than 700 organizations, the “2018 Cost of Insider Threats: Global Organizations” report, conducted by the Ponemon Institute, benchmarked the common causes of insider incidents over a 12-month period.
The ID card is back, and this time it's being put on your phone
From WIRED: British startup Yoti is already using its smartphone technology to check IDs in nightclubs, supermarkets and for the government of Jersey. And it's got ambitions to do a lot more. Its goal is to create a system of digital identification so people no longer need to carry identification to prove their age or name.
IT pros name users, GDPR as biggest cloud computing security threats
From TechTarget: The cloud is growing faster than companies can prepare for cloud computing security threats. But managing risk is within reach. A handful of IT leaders at the Argyle 2018 CIO Leadership Forum in Boston gathered onstage to address cloud computing security threats -- risks to users' privacy, for example, and users themselves -- as well as ways to manage them.