Tech Friday


Customs and Border Protection Photo and License Plate Database Hacked:

  • US Customs and Border Protection (CBP) recently disclosed that hackers breached a database of travelers' photos and license plates
  • CBPprocesses nearly 400 million travelers at ports of entry annually
  • CBPhas been building an extensive photo database as part of its growing facial-recognition program
  • Theysaid copies of "license plate images and traveler images collected by CBP" were transferred to a subcontractor’s network, violating the CBP's security and privacy rules
  • The subcontractor's network was hacked and the database was stolen. CBP said its own systems had not been compromised
  • The database included photos of travelers in vehicles entering and exiting the US through specific lanes at a single Port of Entry over roughly 2 months
  • CBPsaidthat no other identifying information was included with the photos and no passport or other travel document photos were compromised. Images of airline passengers were also not impacted
  • CBPreported that less than 100,000 people were compromised by the breach
  • This attack happened amid the rollout of CBP's "biometric entry-exit system", a government initiative to verify the identities of all travelers crossing US borders using biometrics
  • ACLU lawyer Neema Singh Gulianisaid "This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers" 
  • The privacy implications for those whose information was included in the breach could be significant
  • Gulianialso said "This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency's data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place"
  • You can read the CBP statement here:

What will happen to you music now that Apple is killing iTunes?:

  • After 18 years Apple is killing iTunes in favor of Apple Music, Apple Podcasts and Apple TV
  • This has many iTunes users asking what will happen to their existing library of music
  • Apple Music is an ad-free streaming service that costs $10 per month, $15 a month for a family of six or $5 per month for students. It competes with Spotify and you can listen to songs offline across your devices
  • All 3 apps will be available across all your devices and so will your music collection
  • If you don't want to pay for a subscription, you'll still be able to:
    • Access the full catalog of more than 50 million songs as well as your personal collection including playlists
    • Burn a CD and backup your files
    • Move files between devices
  • Apple Music will allow you to use content from other services like iTunes Match did
  • Movies will move to Apple TV
  • The iTunes Store brand will fade away, but you will still be able to buy music if you like
  • Apple Music promises to be faster and easier to use than the now bloated iTunes

1.5 Billion Gmail And Calendar warned of new attack:

  • Kaspersky Labs recently warned thathackers are currently exploiting the popularity of Gmail and Google Calendar
  • Users are being targeted with a credential-stealing attackbased on the tight integration between the different Google services
  •  The calendar application is designed so that anyone can try to schedule a meeting with you,and you will recevie a Gmail notification
  • Described as a "sophisticated scam" by Kaspersky, unsolicited Google Calendar notifications are targeting Gmail users
  • The attackers send an invitation with a malicious link that takes advantage of the trust in calendar notifications
  • The links point to credential stealing web sites that capture user's login information. This is a new way to get around the fact that people are increasingly aware of phishing attempts
  • Javvad Malik,KnowBe4security awareness advocate, said"Beyond phishing, this attack opens up the doors for a whole host of social engineering attacks"
  • Kaspersky suggested that users disable the capability to add calendar invitations automatically
  • To do so, go to the "Event Setting" menu in Google Calendar. Then choose "only show invitations to which I've responded" to disable adding calendar entriesautomatically
  • If you don't want to disable this functionality, you should question and carefully examine any calendar entries you receive, especially if unsolicited
  • If you have even the slightest doubt about the veracity of an invitation, do not click on any links or attachments and reach out the person that it appears to be from to ensure it's legitimate
  • Apparently, Google has been aware of this attack vector for some time and has said that making changes to the core Gmail/Calendar integration "would cause major functionality drawbacks for legitimate API events with regards to Calendar"

Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more


Content Goes Here