back to article T-Mobile US hacked, Monero wallet app infected, public info records on 1.2bn people leak from database...

Time for another roundup of all the security news that's fit to print and that we haven't covered yet. T-Mobile US says hackers broke into customer info T-Mobile US prepaid account holders got unwelcome news this week when their wireless carrier admitted on Friday it was compromised by miscreants who would have been able to …

  1. Pascal Monett Silver badge

    "All three strains of the spyware slipped into the [..] store before being spotted and removed"

    Meaning they got in. It's fine that they were removed, but it would have been better that they not get in.

    1. Anonymous Coward
      Anonymous Coward

      Re: "All three strains of the spyware slipped into the [..] store before being spotted and removed"

      Absolutely agree. But I think you will find that "techies" who like to play at God when dealing when a user is having problems, are utterly useless at doing what they are supposed to do. I.E. preventing the problems happening in the first place.

      Cue bullshit reasons for not being able to to the job properly and the downvotes (like I give a fuck)

      Ishy

      1. vtcodger Silver badge

        Re: "All three strains of the spyware slipped into the [..] store before being spotted and removed"

        20 odd hours and no downvotes so far. But be assured, they're coming as soon as the Sunday AM hangovers fade and eyes can focus. FWIW, I sort of agree with you but let's be fair here. The problem isn't that the "techies" are poor at preventing security problems. It's that they don't know the job they have signed on for is pretty much impossible.

        1. doublelayer Silver badge

          Re: "All three strains of the spyware slipped into the [..] store before being spotted and removed"

          I don't disagree with the original sentiment, but I bet it won't go over well because you're leaving out the other side of the coin. Every time a tech person does prevent a problem, nobody knows. Every time a user's action could lose them their files but something the IT department put in place prevents the loss, people continue on. But every time files are lost, whether the IT department could have done anything about it, they get the blame. Think of it this way: if a plumber does work well on your pipes, you won't need to call them in a while. But when your pipes break, you don't immediately blame the plumber; you just call them to come fix it. IT doesn't get that level of respect most of the time.

  2. Anonymous Coward
    Anonymous Coward

    "Impacted users may receive spam and phishing emails as a result of this incident."

    If they're lucky.

    At worst, they'll only get their identities stolen...

    1. macjules Silver badge

      Re: "Impacted users may receive spam and phishing emails as a result of this incident."

      No payment card data nor social security numbers nor passwords were lifted by miscreants who broke into the outfit's systems, apparently, though the company is still expecting some of the info to be weaponized.

      <beep>

      "Sorry, but our insurance policy does not allows us to say that we lost your SSN, passwords and card details. But we can admit that they got everything else."

  3. Kev99

    When will those corporate idiots learn the internet is NOT safe & secure. They should never expose any confidential information at the 'net. Remember, a net is just a bunch of holes held together with a little string.

    1. macjules Silver badge

      And it's primary purpose is for phishing.

  4. Freddellmeister

    The intel CVE is not just " a number of its more recent processors".. It looks to be everything manufactured for the past 12 years or so? Why so modest?

  5. John Brown (no body) Silver badge

    Protecting Resources on the Electric Grid with Cybersecurity Technology

    See title. That is just sooooo unAmerican! PREGCT. It's not even pronounceable.

    Shirley it should be Protecting Resources on the Electric Grid with New All-encompassing Nascent Technology. PREGNANT

  6. Kevin McMurtrie Silver badge
    Flame

    quarter of billion dollars for electric grid security

    Pay hackers to insert training materials into PG&E's intranet? California's wind turbines seem like a waste since PG&E has forgotten how to string wires so they don't break in a gentle breeze. I live next to a pair of jumpers between the middles of two perpendicular wire strings that break literally every November. There's even a line of clamps there from previous broken jumpers.

    Fire icon, of course.

  7. SVV Silver badge

    Always. Check. The. Hashes

    Don't. Store. Your. Actual. Money. Using. A. CraptoCoin. App. You. Downloaded.

  8. techmind

    Understatement of the year

    "Due to the sheer amount of personal information included, combined with the complexities identifying the data owner, this has the potential raise questions on the effectiveness of our current privacy and breach notification laws"

    - last few lines of the linked https://www.dataviper.io/ story.

    The genie has long-since left the bottle.

    It goes without saying that the risks of building a database of that size far exceed any legitimate societal* benefit.

    But without a seismic shift in how we process and share data, there's nothing can be done to prevent people building these. Laws are practically worthless.

    *societal (as opposed to a handful of marketeers' narrow interests)

  9. Robert Helpmann?? Silver badge
    Headmaster

    Depends on what "allow" means

    Uber says it is beginning trials of a program that will allow riders and drivers to record their conversations.

    Is this something that requires consent of both? Hmmm.... Looked up the cited article:

    The company plans to test it in the United States “soon,” according to the email, but the timeline for rolling it out is still unclear and may be difficult. “Laws in the United States around consent to being recorded can vary from state to state, but we hope to be able to make this available nationally,” the email said.

    Uber has never let mere laws stand in their way... or safety, for that matter. Why not just do full video and sound recording of every ride with a consent notice being required before each ride, every time? Maybe a requirement their employees independent contractors have to post a statement in their cars letting passengers know as much would be a good follow on to that. Laws surrounding dashcams and audio recording in cars are not so complicated that they can't be understood by a lay person. For example: https://www.carbibles.com/are-dash-cams-legal/ . I wonder if this is just Uber being Uber and waiting until they feel they can skirt the law that is in some way to their advantage.

    1. David Roberts

      Re: Depends on what "allow" means

      Wonderful resource for the constabulary to augment the take from all the CCTV installations.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019