e dot dot dot
a mostly about the Internet blog by

July 2019
Sun Mon Tue Wed Thu Fri Sat
 
     


D-Link Settles With FTC, Agrees To Fix Its Shoddy Router Security

Furnished content.


While the shoddy Internet of Things sector gets ample heat for being a security and privacy dumpster fire, the traditional network gear sector has frequently been just as bad. A few years ago, for example, hardware vendor Asus was dinged by the FTC for offering paper-mache grade security on the company's residential network routers. The devices were frequently being shipped with easily guessable default usernames and passwords, and contained numerous, often obvious, security vulnerabilities.In 2017, the FTC also filed suit against D-Link, alleging many of the same things. According to the FTC, the company's routers and video cameras, which the company claimed were "easy to secure" and delivered "advanced network security," were about as secure as a kitten-guarded pillow fort. Just like the Asus complaint, the FTC stated that D-Link hardware was routinely shipped with easily-guessable default usernames and passwords, making it fairly trivial to compromise the devices and incorporate them into DDoS botnets (or worse).Like any good company, D-Link at the time professed its innocence, insisting there was nothing wrong with its products and that the FTC claims were "vague and unsubstantiated." Fast forward to this week, when the company struck a settlement with the FTC, and, according to an FTC press release, has agreed to fix security flaws it previously had claimed didn't exist:

We sued D-Link over the security of its routers and IP cameras, and these security flaws risked exposing users' most sensitive personal information to prying eyes, said Andrew Smith, Director of the FTC's Bureau of Consumer Protection. Manufacturers and sellers of connected devices should be aware that the FTC will hold them to account for failures that expose user data to risk of compromise.
It has taken a while, but router manufacturers have started to finally get the message that their routers' installation process should prompt users to pick a unique username and password before finalizing device setup. As part of D-Link's agreement, it not only has to implement new and comprehensive security testing protocols, it's required every two years to obtain independent third-party assessments of its software security programs.Granted, whether we're talking about routers or the latest IoT doodad, there are far too many security vulnerabilities out there for the FTC to police them all right now. Which is why efforts by Consumer Reports and others to begin standardizing the inclusion of security and privacy weaknesses in product reviews are going to be so important in educating consumers.

Permalink | Comments | Email This Story


Read more here

posted at: 12:00am on 09-Jul-2019
path: /Policy | permalink | edit (requires password)

0 comments, click here to add the first



Months After The Law's Enactment, California Law Enforcement Agencies Are Still Blowing Off Public Records Requests

Furnished content.


It's been more than six months since a new law in California opened the books on police misconduct and use of force records. And there are still agencies stiff-arming public records requests. Law enforcement agencies aren't known for their transparency and accountability, which is why laws like California's are needed to force these obligations on them. But while violations of state law might get a resident arrested, they seem to be a bit powerless when it comes to making law enforcement behave in a legal fashion.The Desert Sun reports it still hasn't heard back from a number of agencies it's sent requests to. In some cases, it appears an effort is being made but the responding agencies are just understaffed.

Los Angeles County Sheriff Alex Villanueva acknowledged earlier this year that public records requests were "stacking up." He has said he's asked the county Board of Supervisors for funding to hire more people to handle requests.
This excuse would be a hell of a lot more legitimate if the Sheriff's Office hadn't had months of advance notice. It had a chance to staff up prior to the law's enactment date, but it chose to wait until several months after that to start asking for help.Thus ends the roundup of quasi-legitimate excuses for dodging accountability obligations. And even this one is still mainly horseshit. The Desert Sun reports the "we're doing what we can!" Sheriff has refused to search for records in response to requests, demanding requesters identify the specific cases they're seeking -- something that, in most cases, they can't possibly know until after they've gained access to records.What follows from there is a list of non-compliant agencies:
Both the Orange County Sheriff's Department and the Long Beach Police Department have yet to release any records to KPCC/LAist, the Los Angeles Times, the Orange County Register or KQED.The Los Angeles County Probation Department, which supervises youths held in detention, has declined to release records, claiming disclosure of records about cases involving minors is prohibited by law. Records from the department, which also supervises adults, could be redacted to remove names of protected individuals.
This is no longer a question of law. Courts have repeatedly held the new law is retroactive, making records generated prior to the beginning of this year responsive to requests. The state's Attorney General, Xavier Becerra, has apparently decided to see how much of this year he can spend with his head up his ass. He's appealing a decision by a judge granting access to records involving the state's DOJ… which still has yet to release the records it was ordered to release.Other agencies have been a bit more compliant. The San Francisco PD has released a handful of records on four shootings by officers and the LAPD is continuing to release files on a rolling basis. In both cases, these agencies have upped their staffing to handle the influx of requests -- all without complaining publicly about their obligations.Other agencies have chosen to go the route of antagonistic compliance -- following the letter of the law while making it very clear they hate everything about the law and every requester taking advantage of it.
The Los Angeles Sheriff's Department charged KPCC/LAist $1,655 to redact audio from shooting investigations [...]. The department has yet to provide the tapes.The city of Bakersfield estimated that reviewing the audio and body camera footage related to a single shooting would cost about $6,621.60. Footage related to cases from the past five years, when Bakersfield Police shot 28 people, would cost an estimated $185,000.West Sacramento estimated it would cost $25 per minute to redact its footage, meaning the material from five shootings would cost $25,000 in total.
The best way to close a marketplace you've been forced to enter is to price everyone out of it. This is an old school public records tactic, one designed to dissuade the general public from holding their public institutions accountable for their misbehavior.And this doesn't even include the list of agencies who saw the legislative writing on the wall last year and started destroying old records before the public could start asking for them.All of this adds up to a very ugly display of arrogance and disdain for the general public by the state's law enforcement agencies. There are a few standout agencies fully complying with the letter and the spirit of the law, but for the most part, law enforcement agencies are operating in go-fuck-yourself mode when it comes to public records requests. The end result will be an even greater divide between the police and the policed.

Permalink | Comments | Email This Story


Read more here

posted at: 12:00am on 09-Jul-2019
path: /Policy | permalink | edit (requires password)

0 comments, click here to add the first



July 2019
Sun Mon Tue Wed Thu Fri Sat
 
     







RSS (site)  RSS (path)

ATOM (site)  ATOM (path)

Categories
 - blog home

 - Announcements  (0)
 - Annoyances  (0)
 - Career_Advice  (0)
 - Domains  (0)
 - Downloads  (3)
 - Ecommerce  (0)
 - Fitness  (0)
 - Home_and_Garden  (0)
     - Cooking  (0)
     - Tools  (0)
 - Humor  (0)
 - Notices  (0)
 - Observations  (1)
 - Oddities  (2)
 - Online_Marketing  (0)
     - Affiliates  (1)
     - Merchants  (1)
 - Policy  (3743)
 - Programming  (0)
     - Bookmarklets  (1)
     - Browsers  (1)
     - DHTML  (0)
     - Javascript  (3)
     - PHP  (0)
     - PayPal  (1)
     - Perl  (37)
          - blosxom  (0)
     - Unidata_Universe  (22)
 - Random_Advice  (1)
 - Reading  (0)
     - Books  (0)
     - Ebooks  (0)
     - Magazines  (0)
     - Online_Articles  (5)
 - Resume_or_CV  (1)
 - Reviews  (2)
 - Rhode_Island_USA  (0)
     - Providence  (1)
 - Shop  (0)
 - Sports  (0)
     - Football  (0)
          - Cowboys  (0)
          - Patriots  (0)
     - Futbol  (0)
          - The_Rest  (0)
          - USA  (0)
 - Technology  (1055)
 - Windows  (1)
 - Woodworking  (0)


Archives
 -2024  March  (170)
 -2024  February  (168)
 -2024  January  (146)
 -2023  December  (140)
 -2023  November  (174)
 -2023  October  (156)
 -2023  September  (161)
 -2023  August  (49)
 -2023  July  (40)
 -2023  June  (44)
 -2023  May  (45)
 -2023  April  (45)
 -2023  March  (53)
 -2023  February  (40)


My Sites

 - Millennium3Publishing.com

 - SponsorWorks.net

 - ListBug.com

 - TextEx.net

 - FindAdsHere.com

 - VisitLater.com