by Josh Arrington
A talk about Siemens SCADA hack gets pulled, Dropbox gets caught lying and could there be hackers in space? These are just a few of the headlines we’re focused on for this week’s IT Security Rewind. Let’s dig into the details:
Liar, liar files aren’t encrypted: The FTC has filed a complaint that Dropbox “has and continues to make deceptive statements to consumers regarding the extent to which it protects and encrypts their data.” According to WIRED, the FTC provides evidence that Dropbox employees could view customer data and files. This puts users at risk of government searches, rogue Dropbox employees, and even companies trying to bring mass copyright-infringement suits. While Dropbox defends claims that employees couldn’t access files due to company policies it looks like they are in some hot water with the FTC.
Hacker in space: This week Threatpost reported a Romanian hacker, who uses the handle “Tinkode,” has published a screen capture from what he claims is an FTP server at NASA’s Goddard Center. NASA, no stranger to security issues, has been criticized for its lackluster policies on cyber security. They can now add this FTP server to their list of weaknesses. Interestingly enough, this wasn’t “Tinkode’s” first time in space, in April he published the names and e-mail addresses of European Space Agency employees after compromising a server operated by that agency.
The White House focuses on the Utility Industry: While most of last week’s proposed Cybersecurity Legislation focuses on better reporting practices – one area of specific interest is the potential impact on the utility industry. An industry that is continuously looking for guidance on how to protect itself, this proposal will give utility executives some things to consider and clear ramifications for those who don’t take action.
U.S. cybersecurity and Siemens representatives cancel SCADA talk: Attendees at the TakeDown Conference in Dallas may have left disappointed as a scheduled talk on the security vulnerabilities in Siemens industrial control systems was canceled. ComputerWorld’s Rob MacMillan explained, “It is common for security researchers to talk about security bugs once the software in question has been patched. But if the vendor can’t get the issue fixed in time that can create problems for security researchers, who may be expecting to talk about the issue at a hacker conference.”
What other security headlines do you think are worth highlighting?