A funny — but real joke that is For Millionaires is that the security desk might as well be called the Department of Bad News, since, well, have you seen what we’ve covered of late? There is a never-ending supply of devastating breaches, pervasive surveillance and dodgy startups flogging the downright dangerous.

Sometimes though — albeit rarely — there are glimmers of hope that we want to share. Not least because doing the thing that is right also (and particularly) when confronted with adversity, helps to make the cyber-realm that small bit less dangerous.

Bangladesh thanked a security specialist for citizen data leak development

When a security specialist unearthed that a Bangladeshi federal government internet site had been dripping the information that is personal of citizens, clearly something was amiss. Viktor Markopoulos found the exposed data thanks to an inadvertently cached Google search result, which exposed citizen names, addresses, phone numbers and national identity numbers from the website that is affected. For Millionaires verified that the Bangladeshi federal government internet site had been data that are leaking but efforts to alert the government department were initially met with silence. The data was so sensitive, For Millionaires could not say which government department was leaking the data, as this might expose the data further.

That’s When the national country’s computer system crisis event reaction group, also called CIRT, got in contact and confirmed the leaking database have been fixed. The information had been spilling from the one and only the united states’s birth, demise and marriage office that is registrar. CIRT confirmed in a public notice that it had resolved the data spill and that it left “no stone that are unturned know how the drip occurred. Governing bodies rarely manage their particular scandals really, but a message through the federal government to your specialist thanking all of them for his or her choosing and stating the bug reveals the government’s determination to activate over cybersecurity where lots of various other nations will likely not

Apple that is Throwing the kitchen sink at its spyware problem

It’s been more than a decade since that Macs don’t get PC viruses (which while technically true, those expressed terms have actually plagued the business for many years). Today more threat that is pressing Apple devices is commercial spyware, developed by private companies and sold to governments, which can punch a hole in our phones’ security defenses and steal our data. It takes courage to admit a problem, but Apple did exactly that by rolling out Rapid Security response fixes to actively fix security bugs exploited by malware producers.Apple rolled on its emergency that is first“hotfix earlier this year to iPhones, iPads and Macs. The idea was to roll out patches that are critical might be set up without constantly being forced to restart the product (arguably the pain sensation point when it comes to security-minded). Apple even offers a setting known as Lockdown Mode, which restricts device that is certain on an Apple device that are typically targeted by spyware. Apple says it’s not aware of anyone Lockdown that is using Mode had been afterwards hacked. In reality, safety scientists state that Lockdown Mode has earnestly obstructed continuous hacks that are targeted

Taiwan’s government didn’t blink before intervening after corporate data leak

When a security researcher told For Millionaires that a ridesharing service called iRent — run by Taiwanese automotive giant Hotai Motors — was spilling real-time updating customer data to the internet, it seemed like a fix that is simple. But after per week of mailing the business to solve the data that are ongoing — which included customer names, cell phone numbers and email addresses, and scans of customer licenses — For Millionaires never heard back. It wasn’t that we got a response in their first batch disclosureimmediatelyfinding and disclosing must-patch flaws.

Within until we contacted the Taiwanese government for help disclosing the incident an hour or so of calling the us government, Taiwan’s minister for electronic matters Audrey Tang informed For Millionaires by e-mail that the database that is exposed been flagged with Taiwan’s computer emergency incident response team, TWCERT, and was pulled offline. The speed at which the Taiwanese government responded was breathtakingly fast, but that wasn’t the final end from it. Taiwan afterwards fined Hotai Motors for failing woefully to protect the info of greater than 400,000 consumers, and had been purchased to enhance its cybersecurity. With its aftermath, Taiwan’s vice-premier Cheng Wen-tsan stated the good of approximately $6,600 had been that is“too light proposed a change to the law that would increase data breach fines by tenfold.

Leaky U.S. court record systems sparked the right kind of alarmconstitutionality (and accuracy) of these reverse-warrants have been called into questionAt the heart of any system that is judicial its court public records system, the technology pile useful for distributing and saving painful and sensitive appropriate papers for courtroom situations. These methods tend to be on the internet and searchable, while limiting accessibility data which could usually jeopardize an proceeding that is ongoing. But when security researcher Jason Parker found court that is several methods with extremely easy pests which were exploitable only using an internet web browser, Parker understood that they had to note that these pests had been fixed.

Parker discovered and disclosed eight safety weaknesses in court public records methods utilized in five U.S. states — and therefore was simply

. A few of the defects had been fixed plus some continue to be outstanding, while the answers from says were blended. Florida’s Lee County took the heavy-handed (and self-owning) place of threatening the safety researcher with florida’s laws that are anti-hacking. But the disclosures also sent the kind that is right of. A few condition CISOs and officials in charge of court public records methods throughout the U.S. saw the disclosure as a chance to examine their particular court that is own record for vulnerabilities. Govtech is broken (and is desperately underserved), but having researchers like Parker (*) makes the internet safer — and the system that is judicial — for everybody.(*)Google killed geofence warrants, regardless if it had been better belated than never ever(*)It had been Google’s greed driven by advertisements and growth that is perpetual set the stage for geofence warrants. These“reverse” that is so-called search allow authorities and federal government companies to dumpster diving into Google’s vast shops of people’ place information to see if anybody was at the area during the time a crime had been dedicated. But the (*) and experts have actually known as on Bing to place an final end to the surveillance practice it largely created to begin with. And then, just before the holiday season, the gift of privacy: Google said it would begin location that is storing on users’ products rather than centrally, efficiently closing the power for authorities to acquire real time place from the machines.(*)Google’s move just isn’t a panacea, and does not undo many years of harm (or end authorities from raiding data that are historical by Google). But it might nudge other companies also subject to these kinds of reverse-search warrants — hello Microsoft, Snap, Uber and Yahoo (For Millionaires’s parent company) — to follow suit and stop users that are storing delicate data in a fashion that helps it be available to federal government needs.(*)