Yes, Panera Bread, the place that serves great(?) bread and snacks was hacked many many months ago:
In August 2017, …reported a vulnerability to Panera Bread that allowed the full name, home address, email address, food/dietary preferences, username, phone number, birthday and last four digits of a saved credit card to be accessed in bulk for any user that had ever signed up for an account. This includes my own personal data! Despite an explicit acknowledgement of the issue and a promise to fix it, Panera Bread sat on the vulnerability and, as far as I can tell, did nothing about it for eight months.
This is why it’s important to take seriously any emails coming in that report a vulnerability on your website or web app; especially when related to data breaches. It’s important to prioritize this kind of work too, in 2018 you cannot sit idly while a data breach threat looms over the entire organization. With the Equifax data breach, maybe we’ll start to see shareholders and customers take their data more seriously and start filing lawsuits about the immense risk that organizations are not preparing for.
Democratic senator Elizabeth Warren is proposing a new law that would see companies fined for data breaches that are on the scale of the Equifax data breach:
Sen. Elizabeth Warren of Massachusetts and Sen. Mark Warner of Virginia introduced a bill Wednesday that aims to make data breaches hurt companies’ bottom lines. The bill addresses problems the lawmakers say let credit reporting agencies collect consumer data without doing enough to protect it from hackers.
In the case of the Equifax breach, that would have meant a fine of at least $14.3 billion. However, the fines would be capped at 50 percent of a company’s gross revenue from the prior year.
The creator of Signal, the popular privacy-enhanced secure messaging app for iPhone and Android, is creating MobileCoin. MobileCoin is a new cryptocurrency that aims to be user-friendly:
MobileCoin wants to leverage an extensive architecture to add simplicity to real privacy protections and resilience against attacks. The ultimate goal: To make MobileCoin as intuitive as any other payment system.
“I think usability is the biggest challenge with cryptocurrency today,” says Marlinspike. “The innovations I want to see are ones that make cryptocurrency deployable in normal environments, without sacrificing the properties that distinguish cryptocurrency from existing payment mechanisms.”
Usability efforts for older generation cryptocurrency protocols, like bitcoin, have largely been left to services like Coinbase, which centralize everything from currency exchange to your wallet, key management, and processing transactions. These platforms make actually using cryptocurrency more realistic for the average person, but they also consolidate mechanisms that are meant to be kept separate in the private and decentralized concept of cryptocurrency.
The KDE foundation is working with the Purism organization to create the world’s first truly free smartphone. The phone is called the Librem 5 and you can help fund the development of the hardware and the software for the phone by clicking here. As of this moment, they’re hoping to raise $1.5 million and have already reached $844,150 with 24 days to go!
The Librem 5 phone will not be running Android or iOS. It will be running PureOS which is a GNU/Linux derivative of Debian. Basically, any app you write for PureOS and the Librem 5 can also be made to work on your desktop Linux computer. This is a huge advantage that you don’t get with Android or iOS apps, most developers end up using Qt or Unity to be able to create multi-platform applications.
Since the Librem 5 functions as a small computer, you can also hook it up to a monitor, mouse, and keyboard and use it that way. All of our smartphones, iPhones and Android phones alike, are powerful enough to be used as desktop computers but they don’t provide a convenient method for doing so. One of the Librem 5’s goals is to change that. Take a look at the crowdfunding rewards, the higher tier rewards include a monitor, mouse, and keyboard with them ($1399 includes a 24-inch monitor, $1699 includes a 30-inch monitor)! When you fund the phone, you’re funding the development of a privacy-focused computer that fits in your pocket. It feels like some days we forget just how powerful the phones we have in our pockets are. The Librem 5 aims to remind us of that.
It will feature end to end encrypted chat with Matrix along with other privacy and security features. By default, there will be no tracking.
If you want to break out of the duopoly that Apple and Google have over the industry, you will definitely want to check out the Librem 5 smartphone.
Public Service Announcement: Always use VPN on public (especially unencrypted) wi-fi.
Continue reading “Tip: Use VPNs on Public WiFi”
SHA2017 is on today (it started over the weekend and ends tomorrow) and it is a hacker conference and camp.
Most of the conference videos are up on Youtube and they are very informative and fun. There are a lot of good talks. I’ve picked a few to showcase here but you should check out the whole playlist of SHA2017 videos.
Decentralize! Self-hosting in your own home using Sovereign
In the Decentralize! talk, the software Sovereign is explored and shown to be a good way to set up your own personal cloud and host your own services and data. Sovereign is a set of playbooks that can be run to install the software on a server that you run. It’s similar to the Freedom Box project.
The software you can self-host with Sovereign is:
- Dovecot, Postfix and Roundcube for email servers and a webmail interface
- Jabber/XMPP messaging server with Prosody
- RSS reader
- VPN server with OpenVPN (FreedomBox also can do this)
- Git code repository hosting
Continue reading “SHA2017: hacker conference/camp videos are up”
Thought-provoking article in Bitcoin Magazine about a conference that happened at the end of September, the Hackers Congress Paralelni Polis in Prague.
It’s an interview with two crypto-anarchists who explain their views on the direction of society and the possibilities of a future that includes mainstream usage of Bitcoin and encryption technologies.
One of the first questions asked by the interviewer is, “what is cryptoanarchy?”
This is their answer:
Sip: Simply put, crypto-anarchy is the idea that people can govern and organize themselves without governments, by using the tools of cryptography, cryptocurrencies and other means of decentralization.
Lupták: With these tools, we can build a more effective, a more free and a more voluntary society…
This is a nifty idea, and what makes it nifty is that free software and open source developers have been collaborating for decades and have been more effective, more free and all open source developers are contributing voluntarily.
In fact, there was a recent article by Daniel Pink suggesting that the further we are from a problem, the more creatively we will think about it. In open source development, we are close to the problem but when reviewing other people’s code or submitting patches, we are further away from the problem meaning we can be more creative in coming up with solutions.
So at least for software development, a decentralized model can work. Can it work as a replacement for government? That question is still open but we have seen lots of actions to make government more transparent and more accountable to the people. If you’re looking for small-scale examples of “anarchy” in action, you can look at the Workplace Anarchy described by someone who works at Igalia, a software co-operative that sells consulting service and is quite profitable.
In the interview they mention OpenBazaar which is free/open source software that lets you run a peer2peer ecommerce site. The idea there is to reduce transaction costs to whatever the bitcoin transaction costs are and to remove any middlemen that would cut into profits. A thoroughly free-market-oriented concept that is based on market efficiency and accomplished through free/open source software with the BitCoin currency.