Daily Digest (10/21)

Justice Department Case Unlikely to Break Up Google, Analysts Say; Google’s Waze App Allows Hackers to Track User Locations; 5 Dem Senators Urge DHS to Drop Biometrics Collection Proposal; 9GB of Personal Information Exposed in Ohio School District Breach. Click “Continue reading” below.

Justice Department Case Unlikely to Break Up Google, Analysts Say

The U.S. Department of Justice and 11 states sued Google Tuesday on antitrust grounds, but experts warned that anyone expecting a major shake-up of the tech industry was likely to be disappointed.

Antitrust specialists considered the upcoming action as more of a tremor than an earthquake, Reuters reports.

Even if the Justice Department takes the case to trial and wins, which is not guaranteed, any changes to the role played by Google in people’s lives are likely to be incremental — and years away.

“They shouldn’t see this as ‘the beginning of the end,’” Eleanor Fox, a New York University law professor, told Reuters. “It certainly wouldn’t go to the guts of what some people think is wrong with Google.”

Critics long have argued that Google and other Big Tech companies such as Amazon.com and Facebook have too much power and routinely abuse their dominant market positions — but government efforts to rein them in historically have proven challenging, Reuters reports.

Sources (all external links):

Google’s Waze App Allows Hackers to Track User Locations 

A security researcher discovered a vulnerability in Google’s Waze app that could allow hackers to identify users and track people by their locations. 

Security DevOps engineer Peter Gasper discovered an API flaw in the navigation software after he visited waze.com/livemap to research how the site implemented icons of nearby drivers, Threatpost reports. 

Gasper posted the findings in his “malgregator” blog after discovering that Waze sent him coordinates of other drivers nearby and identification numbers associated with each driver.

“With enough time, an attacker would find out the victim’s ID by stalking its known location,” Gasper said in the blog.

Gasper disclosed the flaw to Google in December, receiving a bug bounty of $1,337 from the company’s Vulnerability Reward Program in January, Threatpost reports.

Google said it had patched the flaw. 

Sources:

5 Dem Senators Urge DHS to Drop Biometrics Collection Proposal

Five Democratic senators have called on the Department of Homeland Security (DHS) to withdraw its proposal to expand biometric data-collection practices by the U.S. Citizenship and Immigration Services (USCIS).

Sens. Ed Markey, D-Mass., Bernie Sanders, I-Vt., Ron Wyden, D-Ore., Elizabeth Warren, D-Mass., and Jeff Merkley, D-Ore., sent a letter Friday to DHS acting Secretary Chad Wolf urging the agency to abandon its biometrics proposal out of privacy concerns, Nextgov reports. 

“Expanding biometric data collection in this manner would chill legal immigration, be inconsistent with our privacy values and pose disproportionate risks to individuals of color,” the senators said.

“The scope, sensitivity, and invasiveness of the proposed DHS biometric data-collection program would amount to an unacceptable escalation of government surveillance.”

Early last month, USCIS issued a notice of public rulemaking to expand its collection of biometric information and allowed a 30-day public comment period that ended last Tuesday.

The proposed rule would have increased the amount of biometric information the agency and two others, Customs and Border Protection and Immigration and Customs Enforcement, could collect, according to Nextgov. 

Source: 

9GB of Personal Information Exposed in Ohio School District Breach 

The personal information of faculty, staff and students of the Toledo Public Schools District in Ohio were published online after its system was breached in a recent distributed denial of service (DDoS) attack.

Nearly 9GB of sensitive data — including names, addresses, birth dates, phone numbers and Social Security numbers — had been exposed, Infosecurity reports. 

Deputy Superintendent Jim Gant said administrators would be reaching out to faculty and staff who had been affected to advise of the next steps, according to local TV station 13-ABC Action News.

District officials also said they would provide credit-monitoring services to those affected.

The breach was first reported on by DataBreaches.net on Sept. 14, when the Ransomware gang Maze first claimed responsibility online.

The data was not dumped until last week, and 13-ABC said it learned of the dump last Thursday.

Sources: 

— By DPN Staff