Good morning readers, it's Jeff pinch-hitting for an Aspen-bound Robert Hackett on this gorgeous Saturday. The cyber-story of the week was the discovery of a gaping security hole in video conferencing software, Zoom. The flaw permitted hackers to remotely turn on a Mac's camera and add users' to a video call without permission. The exploit remained even if you deleted the Zoom application.
On learning of this, I added the suggested temporary fix—denying Zoom access to camera settings—to my week's to-do list but, before I got around to it, Apple had swooped in and pushed a quiet update that neutered the Zoom threat.
This episode wasn't especially remarkable in the annals of cyber-security, but I mention it because it underscores why I've reluctantly remained with Apple in recent years. Like many others, I've found the company's products don't bring the same magic as they did in the Steve Jobs era, and find them to be blatantly over-priced compared to comparable products. Yet I stay because, when it comes to security, no one equals Apple.
Whenever I get fed up with Apple and think of switching to an Android phone, I read of the latest app-store horror—typically some China-based app that gobbles data or money—and stay with my iPhone. Likewise, while Microsoft's security practices have improved dramatically in recent years, every time I read about a piece of ransomware rampaging through unpatched Windows machines, I think "ugh, I'm glad I have a Mac."
Apple has had its share of security fumbles over the years but, compared to its competitors, it's still first in class. And this has kept me—and no doubt many others—as a customer year after year. The bigger point is that, in a world awash in hacking, companies can find a competitive advantage by offering secure products. And that's a good thing.
Speaking of good things, the Federal Elections Committee has approved a request by Area 1 Security to provide free or low-cost anti-phishing protection to candidates. The company's general counsel says this will "protect against a repeat of the disastrous cyber-intrusions in prior election cycles." Here's hoping. Have a great weekend.
Jeff John Roberts | @jeffjohnroberts | firstname.lastname@example.org
Do I have your attention now? The UK fined British Airways $230 million and Marriott Hotels $123 million over their cyber-sloppiness, which amount to 1.5% of their revenues (it could have been 4%!). This looks to be just the beginning of a world of GDPR-related hurt for companies, as a UK official said regulators are looking at 12 more "significant cases."
Your pain is my gain: The onslaught of GDPR mega-fines mean a nasty financial sting for BA and others, but will lead to a likely windfall for cyber companies, lawyers and others. The FT cites a 32% increase in visitors to London-based Tessian, while Manchester-based The Defense Works saw triple traffic to its GDPR training page.
Greece gotcha: The Sea Turtles hacking group breached Greece's top level domain registrar. The fallout is unclear, but the attack raises the specter of man-in-the-middle attacks carried out by redirecting website traffic to cloned servers.
YouTube, you're killing us: Many in the tech and info-sec community are annoyed at YouTube for a new policy that appears to be barring legitimate ethical hacking videos. Per Slate: "Blocking those types of videos just serves to make us all less secure by allowing the vulnerabilities they describe to remain unaddressed."
Cyber Command vs Iran: In the wake of Iran's shooting down a U.S. drone, the Trump Administration reportedly retaliated with a cyber attack—the first major offensive strike by the newly constituted Cyber Command. But what exactly happened? The Lawfare blog concludes it was actually a three-part strike whose effectiveness was hard to assess.
The problem is that fragmented reporting has produced a muddled message about what actually happened, calling into question how clear and effective any message could have been to the intended recipients. Whatever the case may be, Cyber Command has not released a statement and seems content to wait out the news cycle without correcting the record—suggesting that this pattern of silence will continue through future such operations.
Visa Pours Millions Into Crypto Currency Startup Anchorage By Robert Hackett
U.K. Plan to Require Age Verification for Porn Sites Is ‘a Mess’ By Kelvin Chan et al
Video Game Addiction: These Are the Warning Signs to Look Out For By Lisa Marie Segarra
Stripe Outages Smacked Business for Two Hours By Julie Verhage et al
ONE MORE THING
CTRL-SHIFT-FACE: For all the alarm over deepfakes, some of them are just plain cool. Case in point: This YouTube video making the rounds that intersperses Jim Carey's face on Jack Nicholson's character during the shining. Enjoy.