Aug 202018

Meduza reports:

On August 16, blogger Lana Sator, a self-described “urbex [urban exploration] tourist” published photographs from an abandoned building on Bolshaya Cheremushkinskaya Street, which once housed a police station and office of the (now dissolved) Federal Migration Service. Sator says she crawled into the two-story building through an open window. The building was unguarded and the gate in the fence surrounding the site was unlocked.

“Observing the protections on personal data with all their hearts!” Sator wrote sarcastically on social media. “There are cubic meters of documents abandoned in this building: applications with copies of various certificates, boxes with Muscovites’ IDs and passports, criminal and misdemeanor case files, juvenile delinquents’ records, officers’ personnel files, and more.”

Read more on Meduza and take a look at the photographs of what she found.

Aug 202018

Catalin Cimpanu reports:

Twitch is warning users of a bug in one of its recently retired features that may have exposed some of their messages to other users.

“On May 5, 2018, Twitch removed a legacy feature called Messages and provided  users the ability to download an archive of past messages,” the game streaming company informed users via emails last week.

“Due to a bug in the code that generated the message archive files, which we have since fixed, a small percentage of messages were included in the wrong archives,” Twitch added. “As a result, some users who downloaded their message bundle may have one or more of your messages in their archive.”

Read more on BleepingComputer.

Aug 172018

Yael Grauer reports:

By misconfiguring pages on Trello, a popular project management website, the governments of the United Kingdom and Canada exposed to the entire internet details of software bugs and security plans, as well as passwords for servers, official internet domains, conference calls, and an event-planning system.

The U.K. government also exposed a small quantity of code for running a government website, as well as a limited number of emails. All told, between the two governments, a total of 50 Trello pages, known on the site as “boards,” were published on the open web and indexed by Google.

Read more on The Intercept.

Aug 152018

Curt Devine and Drew Griffin report:

Georgia’s shotgun-toting, Trump-style Republican candidate for governor Brian Kemp has sought to assure voters that his state’s election system is secure and that any allegations to the contrary are “fake news.”

But Kemp, who is also the secretary of state in charge of Georgia’s elections, is now being accused in a federal lawsuit of failing to secure his state’s voting system and allowing a massive breach that exposed voter records and other sensitive election information.

Read more on CNN.

Aug 152018

Following up on their earlier reporting, Ange McCormack of Triple j Hack reports that documents left improperly at the Garrawarra center for the aged remain on the floor while “safety procedures around potential asbestos contamination of the site is underway.”

Take a look at the scene there:

Image Source: TripleJ Hack.

And pictures from other rooms, shown in their original coverage of the breach, are just as bad.

There is no way that anyone should be able to claim that there was anything accidental or unknowing about this.  But apparently the Shadow Minister for Health Walt Secord told Hack that:

“This is not about apportioning blame, but this is about preventing it happening again and protecting the privacy of those affected.”

The two are not mutually exclusive. When you have a callous disregard for the security of sensitive information this way,  you damned well should be able to apportion blame, because if you can’t, it means you have no accountability in your system.

Read more on TripleJ Hack.