So many people have had their DNA sequenced that they’ve put other people’s privacy in jeopardy

A new study argues that more than half of Americans could be identified by name if all you had to start with was a sample of their DNA and a few basic facts, such as the region where they live and about how old they might be.

More than 1 million Americans have already published their genetic information, and dozens more do so every day.

…One of them is the rise of direct-to-consumer genetic testing. Companies such as Ancestry.com and 23andMe can sequence anyone’s DNA for about $100.

…The other essential element is the proliferation of publicly searchable genealogy databases like GEDmatch. Anyone can upload a full genome to these sites and powerful computers will crunch through it, looking for stretches of matching DNA sequences that can be used to build out a family tree.

…After a long day of painstaking work, they researchers were able to correctly name the owner of the DNA sample.

The authors said the same process would work for about 60% of Americans of European descent, who are the people most likely to use genealogical websites, Erlich said. Though the odds of success would be lower for people from other backgrounds, it would still be expected to work for more than half of all Americans, they said.

…If you can find a person’s third cousin in a genealogical database, then you should be able to identify the person with a reasonable amount of sleuthing, Erlich said.

So many people have had their DNA sequenced that they’ve put other people’s privacy in jeopardy – Los Angeles Times

hmmmmm

Advertisements

Facebook’s Massive Security Breach: Everything We Know

This is the second security vulnerability that Facebook has disclosed in recent months. In June, the company announced it had discovered a bug that made up to 14 million people’s posts publicly viewable to anyone for days. This is the first time in Facebook’s history, though, that users’ entire accounts may have been compromised by outside hackers.

Facebook’s Massive Security Breach: Everything We Know | WIRED

The “geniuses” at facebook sure come off as incompetent and out of their depth, don’t they?

Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States

The nation’s top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.

The statement [indicates that previous comments they offered on this subject were outright lies. For example] in February …a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. “None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software,” the spokesperson said.

…ES&S is the top voting machine maker in the country, a position it held in the years 2000-2006 when it was installing pcAnywhere on its systems. The company’s machines were used statewide in a number of states, and at least 60 percent of ballots cast in the US in 2006 were tabulated on ES&S election-management systems. 

…Election-management systems are not the voting terminals that voters use to cast their ballots, but are just as critical: they sit in county election offices and contain software that in some counties is used to program all the voting machines used in the county; the systems also tabulate final results aggregated from voting machines.

Software like pcAnywhere is used by system administrators to access and control systems from a remote location to conduct maintenance or upgrade or alter software. But election-management systems and voting machines are supposed to be air-gapped for security reasons—that is, disconnected from the internet and from any other systems that are connected to the internet.

…The presence of such software makes a system more vulnerable to attack from hackers, especially if the remote-access software itself contains security vulnerabilities. If an attacker can gain remote access to an election-management system through the modem and take control of it using the pcAnywhere software installed on it, he can introduce malicious code that gets passed to voting machines to disrupt an election or alter results.

[Sen. Ron] Wyden told Motherboard that installing remote-access software and modems on election equipment “is the worst decision for security short of leaving ballot boxes on a Moscow street corner.”

…Security researchers discovered a critical vulnerability in pcAnywhere that would allow an attacker to seize control of a system that had the software installed on it, without needing to authenticate themselves to the system with a password. And other researchers with the security firm Rapid7 scanned the internet for any computers that were online and had pcAnywhere installed on them and found nearly 150,000 were configured in a way that would allow direct access to them.

Although Wyden’s office asked ES&S to identify which of its customers were sold systems with pcAnywhere installed, the company did not respond.

“ES&S needs to stop stonewalling and provide a full, honest accounting of equipment that could be vulnerable to remote attacks,” [Wyden]e told Motherboard. “When a corporation that makes half of America’s voting machines refuses to answer the most basic cyber security questions, you have to ask what it is hiding.”

Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States – Motherboard

Grrrrrrrrrrrrrrrrrrrrrrrrrrrrrr

How Comey intervened to kill WikiLeaks’ immunity deal

“Subject to adequate and binding protections, including but not limited to an acceptable immunity and safe passage agreement, Mr. Assange welcomes the opportunity to discuss with the U.S. government risk mitigation approaches relating to CIA documents in WikiLeaks’ possession or control, such as the redaction of agency personnel in hostile jurisdictions and foreign espionage risks to WikiLeaks staff,” Waldman wrote Laufman on March 28, 2017.

Not included in the written proffer was an additional offer from Assange: He was willing to discuss technical evidence ruling out certain parties in the controversial leak of Democratic Party emails to WikiLeaks during the 2016 election. The U.S. government believes those emails were hacked by Russia; Assange insists they did not come from Moscow.

“Mr. Assange offered to provide technical evidence and discussion regarding who did not engage in the DNC releases,” Waldman told me. “Finally, he offered his technical expertise to the U.S. government to help address what he perceived as clear flaws in security systems that led to the loss of the U.S. cyber weapons program.”

…Waldman couldn’t believe a U.S. senator and the FBI chief were sending a different signal, so he went back to Laufman, who assured him the negotiations were still on. “What Laufman said to me after he heard I was told to ‘stand down’ by Warner and Comey was, ‘That’s bullshit. You are not standing down and neither am I,’” Waldman recalled.

…Multiple sources tell me the FBI’s counterintelligence team was aware and engaged in the Justice Department’s strategy but could not explain what motivated Comey to send a different message around the negotiations through Warner. A lawyer for Comey did not immediately return calls seeking comment.

…Soon, the rare opportunity to engage Assange in a dialogue over redactions, a more responsible way to release information, and how the infamous DNC hacks occurred was lost — likely forever.

How Comey intervened to kill WikiLeaks’ immunity deal | TheHill

More Comey interference in things related to the outcome of the 2016 election. Huh.