Coronavirus app: will Australians trust a government with a history of tech fails and data breaches? The federal government is attempting to convince Australians it can be trusted to handle personal data collected by the coronavirus contact tracing app.
But it’s an uphill battle due to a long history of secrecy and failures to live up to promises on security and privacy of Australians’ data. Governments around the world are dealing with the same problem: everyone wants to be able to resume some level of normal life, but authorities will need to be able to quickly find and contain people who might have the virus and not yet know it. Currently they do this by relying on human memory of who a person who tests positive has been around and where they have been – and cases can be easily missed. But if everyone is running an app that records a list of everyone they’ve been in close contact with, the process would be much more simple, and faster. There will be some who flat out refuse or just aren’t able to use the app, and then there are those who are sceptical and need to be convinced.
JSC Exploits. Posted by Samuel Groß, Project Zero In this post, we will take a look at the WebKit exploits used to gain an initial foothold onto the iOS device and stage the privilege escalation exploits.
All exploits here achieve shellcode execution inside the sandboxed renderer process (WebContent) on iOS. Although Chrome on iOS would have also been vulnerable to these initial browser exploits, they were only used by the attacker to target Safari and iPhones. After some general discussion, this post first provides a short walkthrough of each of the exploited WebKit bugs and how the attackers construct a memory read/write primitive from them, followed by an overview of the techniques used to gain shellcode execution and how they bypassed existing JIT code injection mitigations, namely the “bulletproof JIT”.
It is worth noting that none of the exploits bypassed the new, PAC-based JIT hardenings that are enabled on A12 devices. Exploit 1: iOS 10.0 until 10.3.2 Exploit 2: iOS 10.3 until 10.3.3. Mysterious iOS Attack Changes Everything We Know About iPhone Hacking. Researchers label Australian data-sharing legislation a 'significant misalignment' Researchers label Australian data-sharing legislation a 'significant misalignment'The proposed legislation has been called out for prioritising the perceived greater good instead of respecting minimal rights of the individual.
Public Transport Victoria in breach of Privacy Act after re-identifiable data on over 15m myki cards released. X Learn More Public Transport Victoria leaks re-identifiable data on over 15m myki cardsPublic Transport Victoria found in breach of Privacy and Data Protection Act after a dataset containing a record of 1.8 billion myki events was provided without sufficient de-identification.
Public Transport Victoria (PTV) has been found in breach of the Privacy and Data Protection Act 2014 (PDP Act) by the Office of the Victorian Information Commissioner (OVIC) for releasing data that exposed the travel history of 15,184,336 myki cards. The myki dataset contained a record of "touch on" and "touch off" events recorded by the myki system between 1 July 2015 and 30 June 2018, amounting to approximately 1.8 billion events across the 15 million distinct myki cards.
The data allowed for individuals to be re-identified, and their travel activity for the three years exposed. See also: Melbourne's mobile myki use nears 100,000 users Both instances were reported appropriately, OVIC said. x Learn More. Australian government's recklessness with medical data is symptom of deeper problems. If you work with data -- analysing it, I mean, not just shoving it along the pipes -- then it should come as no surprise that researchers at the University of Melbourne managed to re-identify supposedly anonymous medical data.
Nor should it be a surprise that the official government response was to downplay the risk. "The Department of Health takes this matter very seriously," began the message that a departmental spokesperson sent ZDNet on Monday, echoing every corporate mea culpa ever. The department had referred the problems with this health dataset to the privacy commissioner a year ago, and now says that it has taken unspecified "further steps to protect and manage data". "The department has not been aware of anyone being identified," they finished, as if that somehow excuses them. After all, the dataset is out there in the wild, having presumably been downloaded at least once before being taken offline.
Imagine this: We take child safety very seriously. No, mate. Yes, very depressing. Major breach found in biometrics system used by banks, UK police and defence firms. The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks.
Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings. Last month, Suprema announced its Biostar 2 platform was integrated into another access control system – AEOS. AEOS is used by 5,700 organisations in 83 countries, including governments, banks and the UK Metropolitan police. In a search last week, the researchers found Biostar 2’s database was unprotected and mostly unencrypted. “It’s very common.