Brazil's public health agency has suffered what is arguably the worst data-exposure in world history, losing 243m+ records in a country of 211m people (the excess represents dead peoples' records).

cpomagazine.com/cyber-security…

1/
For more than six months, the HTML for the website for the Sistema Único de Saúde included the login and password to access the database as an administrator; the credentials were obscured through Base 64 encoding, a trivially detected measure that is just as easy to bypass.

2/
It was the second grave security error at SUS in less than a month (last month, a SUS techie posted a spreadsheet with the system's database keys, logins and passwords to Github, exposing 16m records).

3/
Another leak exposed records in the country's covid tracing data.

The exposed records include the most highly sensitive information: names, dates of birth, full health records, addresses and phone numbers.

4/
Included in the breach are many officials, including the Brazilian dictator Jair Bolsonaro and his junta.

The insecure systems were built by an IT contractor called Zello (formerly MBI Mobi), which has billed the Brazilian state $8.5m since 2017.

5/
The vulnerabilities were discovered by the NGO @okfnbr, who sounded the alarm. The breach puts every Brazilian at risk of identity theft and many other forms of cyberattack.

eof/

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Cory Doctorow #BLM

Cory Doctorow #BLM Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @doctorow

28 Jan
There is no shortage of takes about what's going on with Gamestop (and other surging stocks), Robinhood and Reddit's r/wallstreetbets, many of them contradictory - at least on the face of them. But I think it's possible for most of these takes to be right. Here's how.

1/ Image
First you need to understand the underlying mechanics of the story. Stock markets are fundamentally a way of making bets, including bets on the outcome of other peoples' bets, and bets on the outcomes of THOSE bets.

2/
All this complexity creates lots of exploitable opportunities. Some of these opportunities are considered legitimate and are given respectable names like "arbitrage." Others are considered illegitimate, and are called disreputable things like "stock manipulation."

3/
Read 41 tweets
28 Jan
A new research report from @seanodiggity and @expressvpn in honor #DataPrivacyDay reveals the incredible extent of commercial location tracking hidden in everyday apps.

expressvpn.com/digital-securi…

1/ Image
App vendors use free software development kits (SDKs) to build their products, not realizing (or not caring) that the SDKs come from commercial surveillance companies that harvest all their users' data and sell it in hidden, sprawling commercial markets.

2/
That's how the US military was able to buy location data on users of a Muslim prayer app: the app was built with one of these surveillance SDKs, so the data was extracted, packaged and sold on the cheap to the Pentagon.

vice.com/en/article/jgq…

3/
Read 6 tweets
27 Jan
In the early 2000s, dramatic shifts in radio spectrum allocation for mobile data applications, combined with advances in radio transmission and receiving prompted some networking engineers to propose a radical rethink of radio.

1/ Image
Our current spectrum management assumes that senders and receivers have characteristics that are fixed at the point of manufacture, determined by things like the shape of an antenna and the type of quartz crystal used as an oscillator.

2/
But software-defined radios (SDRs) and software-tunable phased-array antennas make those assumptions obsolete. Today, a radio can be a commodity computer that can sense other devices' RF use and transmit and receive on multiple frequencies to share the airwaves.

3/
Read 19 tweets
27 Jan
Today's Twitter threads (a Twitter thread).

Inside: Casino mogul steals First Nation's vaccine; Facebook champions (its own) privacy; Goldman CEO gets $17.5m reward for $4.5b fraud; and more!

Archived at: pluralistic.net/2021/01/27/vir…

#Pluralistic

1/ Image
Join me tomorrow for the launch of the print edition of my 2020 book HOW TO DESTROY SURVEILLANCE CAPITALISM!

medium.zoom.us/webinar/regist…

2/ Image
Casino mogul steals First Nation's vaccine: Rodney and Ekaterina Baker, showing us settler colonialism is alive and well.



3/ Image
Read 22 tweets
27 Jan
In 1997, Fair Wayne Bryan was convicted of stealing a pair of hedge-clippers. He was given a life-sentence because of other minor thefts. He was paroled from Angola prison in late 2020.

nbcnews.com/news/us-news/b…

1/ Image
In 2015, a conspiracy involving the Malaysian "tabloid party boy" Jho Low and a clutch of Goldman Sachs bankers stole and laundered $4.5b from the country's 1Malaysia Development Berhad fund (#1MDB).

nbcnews.com/business/busin…

2/
The multibillion dollar crime toppled the Malaysian government, but Goldman Sachs maintained that this was the result of a couple of rogue elements, despite evidence that the rot went all the way to the top.

thestar.com.my/business/busin…

3/
Read 9 tweets
27 Jan
According to their Twitter bio, the UK's @ICOnews's mission is to "uphold[] information rights in the public interest, promotes openness by public bodies & data privacy for individuals."

1/ Image
Great values, but actions speak louder than words. ICO chief @ElizabethDenham has told Parliament that she can't divulge the status of her office's audit of Facebook's app, which was triggered by the Cambridge Analytica scandal.

techcrunch.com/2021/01/26/fac…

2/
She told @KevinBrennanMP that she couldn't discuss the audit in public because her office had entered into a confidentiality agreement with Facebook whose terms couldn't be known by the public.

3/
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!