What I'm Reading 2/12/2020 - OPM hack Revisited

Sydney Morning Herald - Swiss investigate report that firm helped CIA crack top-secret messages -

After being told late last year of fresh research about the company, the Swiss government in January appointed a former Swiss Supreme Court judge to scrutinise Crypto's activities "to investigate and clarify the facts of the matter", the defence ministry said in a statement.

"The events under discussion date back to 1945 and are difficult to reconstruct and interpret in the present day context," it added.

Judge Niklaus Oberholzer is due to report back by the end of June, after which the Swiss cabinet will be briefed. 

 BBC - Tech giants face probe into deals going back a decade -

The orders that the FTC announced on Tuesday concern deals completed between 1 Jan 2010 and 31 December 2019, focusing on the many, often smaller, transactions that the firms were not required to report to the government.

The FTC said it expected its request to yield information on "hundreds" of purchases and inform debate about whether the US should change its rules for what kinds of deals are subject to government review.

 FOX - Utah law would decriminalize polygamy among consenting adults -

Despite polygamy being made a felony in Utah some 85 years ago, its practitioners still number in the thousands. Republican Senator Deidre Henderson, who proposed removing the threat of jail time for polygamists, said efforts to curb the practice have been largely ineffectual and, in some cases, have made matters worse.

Infosec Institute - Account Management Concepts For ICS/SCADA Environments -

Managing user authentication includes all of the items related to minimizing the potential for bad actors to get access to a system and ensuring users are using their credentials in a proper manner. 

Endgadget - US claims Huawei can secretly access carrier backdoors -

Officials talking to the Wall Street Journal have claimed that Huawei can "covertly" access phone networks worldwide using backdoors meant for law enforcement. While manufacturers are often required to design their gear in a way that prevents them from gaining access without a carrier's permission, Huawei supposedly maintains that access without the carriers being any the wiser.

 techdirt - Appeals Court Rules That People Can't Be Locked Up Indefinitely For Refusing To Decrypt Devices - 

The Third Circuit Court of Appeals has finally decided -- after more than four years -- that the government can't keep someone locked up indefinitely for contempt of court charges. 

The Verge - The high cost of a free coding bootcamp -

Lambda’s intentions appear to be well-meaning, if also a bit self-serving. Of course, Silicon Valley’s solution to upward mobility and education boils down to teaching people to code. After all, engineering jobs demand a skilled workforce, and these gigs pay remarkably well. But the startup ethos of prioritizing efficiency, speed, and scale is incompatible with many people’s ability to actually learn.

Still, it’s easy to see the appeal of a school built upon a financial agreement that aligns the schools’ incentives with the goals and aspirations of its students. With the ISA, if a student succeeds in landing a job, the school gets paid. If a student can’t find work within five years after completing the program, the ISA is automatically dissolved. “If we promise someone that our education will help them get a job, and we’re wrong about that, why should we be paid?” CEO Austen Allred asked earnestly in a blog post on Medium.

CSO - The OPM hack explained: Bad security practices meet China's Captain America - 

What is clear is that OPM's technical leadership, overly confident that they had defeated X1 with the "big bang," did not use the intrusion as a "wake up call" and failed to take measures that would have helped them detect X2. They had also largely failed to institute a number of important and recommended security measures, the most the important of which in the event was two-factor authentication. Under a two-factor authentication scheme, users need a chip-enhanced ID card that correlates with their username and password in order to log into the system. Without it, an attacker who manages to steal a valid username and password—as X2 did, using a login pilfered from KeyPoint—has free access to the system. OPM finally implemented two-factor authentication in January 2015, after X2 had already wormed their way into the network.