Information Technology

Australia has kicked off its investigation into the Optus data breach, during which the data practices of the mobile operator as well as its sister companies, Optus Mobile and Optus Internet, will be scrutinised to determine if they were in compliance with local regulations. The investigation would focus on whether the Optus companies took “reasonable steps” to safeguard the personal data they held from misuse, interference, loss, unauthorised access, modification, or disclosure, said the Office of the Australian Information Commissioner (OAIC) in a statement Tuesday. It also would determine if the Singtel-owned entities had collected and retained only information necessary to facilitate their business.In addition, the investigation would assess whether the companies took reasonable steps to implement practices and systems to ensure compliance with the Australian Privacy Principles. Outlined in the country’s Privacy Act 1988, these 13 principles govern standards and obligations around, amongst others, the collection and use of personal information as well as an organisation’s governance and accountability. OAIC said its investigation would be coordinated with that of the Australian Communications and Media Authority (ACMA). The September 22 Optus security breach compromised various personal data of the telco’s 9.8 million customer base, including 1.2 million customers with at least one number from a current and valid form of identification information. Should the investigation determine there was an interference with the privacy of at least one individual, the OAIC could require the Optus companies to take steps to ensure the act or practice was not repeated or continued, as well as to redress any loss or damage. The government agency noted that it had the power to seek civil penalties through the federal court, should the investigation uncover serious or repeated breaches of Australia’s Privacy Act 1988, of up to AU$2.2 million ($1.42 million) for each contravention.  Australian Information and Privacy Commissioner Angelene Falk said attention given to the Optus breach underscored the need for local organisations to look at key privacy issues. Falk said: “If they have not done so already, I urge all organisations to review their personal information handling practices and data breach response plans to ensure information is held securely and that, in the event of a data breach, they can rapidly notify individuals so those affected can take steps to limit the risk of harm from their personal information being accessed.”And collecting and storing personal information that is not reasonably necessary to your business breaches privacy and creates risk. Only collect what is reasonably necessary,” she added. In line with the OAIC’s Privacy Regulatory Action Policy, the OAIC will await the conclusion of the investigation before commenting further.RELATED COVERAGE More

Getty Images Once upon a midnight dreary, I was inundated with a deluge of spam and malicious messages on Android. Every morning I’d wake up wondering how many such messages would pummel my phone. But then Google got smart and added features that would help prevent that never-ending rain of unwanted missives. It took Google […] More

Getty Images/iStockphoto China’s government is aiming to build strategic advantage by by shaping the world’s use of technology according to the head of the UK’s GCHQ spy agency. Sir Jeremy Fleming, the director of GCHQ said that the Chinese Communist Party (CCP) is seeking to gain influence abroad by exporting technologies used in everything from […] More

ZinetroN/Shutterstock We use containers all the time, but we’re not ready to give up on Virtual Machines (VM) yet. Both have their uses. But, what if we could use the flexibility and ease of deployment of containers with the security and manageability of VMs?  That’s the idea behind the OpenInfra Foundation’s Kata Containers, and it’s […] More

Source: Google Building software is challenging work that takes a range of different tools, libraries and other components referred to as the ‘software supply chain’. Any weak link in that supply chain can lead to cyber breaches with major consequences — such as the 2020 SolarWinds breach that targeted a wide range of entities, including […] More

Google employees at work in a Google workspace. Image: Google Google is one of the biggest technology and software companies in the world, with over 150,000 employees and billions of users – and that status means it’s a high-profile target for cyberattacks.   Google knows it is a target – and has a team of […] More

BitTorrent uses its own special set of buzzwords to describe various aspects of how the system works. If you want to really understand what’s happening, it helps to understand what the terms mean.Seed: This is the machine that originally distributes the shared file. Technically, any peer that has 100% of the shared file also becomes a seed.Peer: This is a machine that downloads the shared file and then shares parts of the file to other peers. When you run a BitTorrent client on your machine to get a file, you’re running a peer.Piece: Part of a shared file, to be combined with other pieces when reassembled into a usable whole.Torrent: Torrent is used in two ways. When specified with the word file (as in “torrent file”), this is a file containing metadata describing all of the pieces of the shared file and its checksum (validation) data. When used on its own (as in “I downloaded a torrent of Ubuntu”), it means the shared file (and all its pieces).Swarm: This is the full network that’s sharing a file, consisting of all the peers and seeds.Tracker: This is a server that keeps track of the seeds and peers in the swarm. A tracker is often not involved in the actual transfer of data, but acts as more of an index or search engine for people looking for torrents. Trackers are often the target of legal action, because they’re seen as the enablers of illicit file sharing.Leech: This is a term for a peer that does not share pieces of a shared file. Basically, this is someone who wants to download a file using BitTorrent, but is not willing to do their part to support the swarm. Some leeches on very low-bandwidth connections can’t download and share, so they download first, then share. But most leeches simply choose to be a “bit piggy” and download files without giving back.Health: Do not confuse the BitTorrent term “health” with quality or safety of a file. In BitTorrent, health means how much of a file is available to download (anything less than 100% health means you’re not getting a full file today). Do not assume something that shows 100% health is, for example, free of viruses. This also spotlights one of the downfalls of torrenting: Not all files are fully available to download. You may have to wait until a peer shows up with the missing pieces or, for less popular files, you may never get those missing pieces.Fake: A file that spoofs what it claims to have. Generally, it’s a file that contains malware or just junk bytes, designed to either attack users or improve the uploader’s ratio.Ratio: This is a measure of how much you’ve uploaded. It is sometimes used by trackers to allow more access to more files.TOR: Folks often get confused by this. TOR stands for The Onion Router and is unrelated to BitTorrent. Because TOR is a way of communicating over the Internet anonymously, some people do run torrents over TOR. But the TOR Project and BitTorrent are completely separate beasts.Have I missed any important terms for torrents? If I did, let us know in the comments below. More

A thermal image showing heat traces left by fingertips on a keyboard, which researchers say could be used to crack passwords. Image: University of Glasgow Computer security researchers say they’ve developed an AI-driven system that can guess computer and smartphone passwords in seconds by examining the heat signatures that fingertips leave on keyboards and screens […] More