Brazil's public health agency has suffered what is arguably the worst data-exposure in world history, losing 243m+ records in a country of 211m people (the excess represents dead peoples' records).
For more than six months, the HTML for the website for the Sistema Único de Saúde included the login and password to access the database as an administrator; the credentials were obscured through Base 64 encoding, a trivially detected measure that is just as easy to bypass.
2/
It was the second grave security error at SUS in less than a month (last month, a SUS techie posted a spreadsheet with the system's database keys, logins and passwords to Github, exposing 16m records).
3/
Another leak exposed records in the country's covid tracing data.
The exposed records include the most highly sensitive information: names, dates of birth, full health records, addresses and phone numbers.
4/
Included in the breach are many officials, including the Brazilian dictator Jair Bolsonaro and his junta.
The insecure systems were built by an IT contractor called Zello (formerly MBI Mobi), which has billed the Brazilian state $8.5m since 2017.
5/
The vulnerabilities were discovered by the NGO @okfnbr, who sounded the alarm. The breach puts every Brazilian at risk of identity theft and many other forms of cyberattack.
eof/
• • •
Missing some Tweet in this thread? You can try to
force a refresh
There is no shortage of takes about what's going on with Gamestop (and other surging stocks), Robinhood and Reddit's r/wallstreetbets, many of them contradictory - at least on the face of them. But I think it's possible for most of these takes to be right. Here's how.
1/
First you need to understand the underlying mechanics of the story. Stock markets are fundamentally a way of making bets, including bets on the outcome of other peoples' bets, and bets on the outcomes of THOSE bets.
2/
All this complexity creates lots of exploitable opportunities. Some of these opportunities are considered legitimate and are given respectable names like "arbitrage." Others are considered illegitimate, and are called disreputable things like "stock manipulation."
3/
A new research report from @seanodiggity and @expressvpn in honor #DataPrivacyDay reveals the incredible extent of commercial location tracking hidden in everyday apps.
App vendors use free software development kits (SDKs) to build their products, not realizing (or not caring) that the SDKs come from commercial surveillance companies that harvest all their users' data and sell it in hidden, sprawling commercial markets.
2/
That's how the US military was able to buy location data on users of a Muslim prayer app: the app was built with one of these surveillance SDKs, so the data was extracted, packaged and sold on the cheap to the Pentagon.
In the early 2000s, dramatic shifts in radio spectrum allocation for mobile data applications, combined with advances in radio transmission and receiving prompted some networking engineers to propose a radical rethink of radio.
1/
Our current spectrum management assumes that senders and receivers have characteristics that are fixed at the point of manufacture, determined by things like the shape of an antenna and the type of quartz crystal used as an oscillator.
2/
But software-defined radios (SDRs) and software-tunable phased-array antennas make those assumptions obsolete. Today, a radio can be a commodity computer that can sense other devices' RF use and transmit and receive on multiple frequencies to share the airwaves.
3/
In 1997, Fair Wayne Bryan was convicted of stealing a pair of hedge-clippers. He was given a life-sentence because of other minor thefts. He was paroled from Angola prison in late 2020.
In 2015, a conspiracy involving the Malaysian "tabloid party boy" Jho Low and a clutch of Goldman Sachs bankers stole and laundered $4.5b from the country's 1Malaysia Development Berhad fund (#1MDB).
The multibillion dollar crime toppled the Malaysian government, but Goldman Sachs maintained that this was the result of a couple of rogue elements, despite evidence that the rot went all the way to the top.
According to their Twitter bio, the UK's @ICOnews's mission is to "uphold[] information rights in the public interest, promotes openness by public bodies & data privacy for individuals."
1/
Great values, but actions speak louder than words. ICO chief @ElizabethDenham has told Parliament that she can't divulge the status of her office's audit of Facebook's app, which was triggered by the Cambridge Analytica scandal.
She told @KevinBrennanMP that she couldn't discuss the audit in public because her office had entered into a confidentiality agreement with Facebook whose terms couldn't be known by the public.
3/