Millions of Facebook records found on Amazon cloud servers in plain sight

Facebook Inc. user data is still showing up in places it shouldn’t.Researchers at UpGuard, a cybersecurity firm, found troves of user information hiding in plain sight, inadvertently posted publicly on Amazon.com Inc.’s cloud computing servers. The discovery shows that a year after the Cambridge Analytica scandal exposed how unsecure and widely disseminated Facebook users’ information is online, companies that control that information at every step still haven’t done enough to seal up private data.In one instance, Mexico City-based digital platform Cultura Colectiva, openly stored 540 million records on Facebook users, including identification numbers, comments, reactions and account names. The records were accessible and downloadable for anyone who could find them online. That database was closed on Wednesday after Bloomberg alerted Facebook to the problem and Facebook contacted Amazon. Facebook shares pared their gains after the Bloomberg News report.Another database for a long-defunct app called At the Pool listed names, passwords and email addresses for 22,000 people. UpGuard doesn’t know how long they were exposed, as the database became inaccessible while the company was looking into it.Facebook shared this kind of information freely with third-party developers for years, before cracking down more recently. The problem of accidental public storage could be more extensive than those two instances. UpGuard found 100,000 open Amazon-hosted databases for various types of data, some of which it expects aren’t supposed to be public.“The public doesn’t realize yet that these high-level systems administrators and developers, the people that are custodians of this data, they are being either risky or lazy or cutting corners,” said Chris Vickery, director of cyber risk research at UpGuard. “Not enough care is being put into the security side of big data.”Related Stories:Facebook suspends tens of thousands of apps in response to Cambridge Analytica rowJudge lets Facebook privacy class action proceed, calls company’s views ‘so wrong’Big tech probes could break up firms, result in huge fines, or neitherCultura Colectiva is a digital platform that posts stories about celebrities and culture and largely targets a Latin American audience. The company’s website says it creates content through data and technology and has more than 45 million followers on Facebook, Instagram, Twitter, YouTube and Pinterest.Facebook for many years allowed anyone making an app on its site to obtain information on the people using the app, and those users’ friends. Once the data is out of Facebook’s hands, the developers can do whatever they want with it.About a year ago, Facebook Chief Executive Officer Mark Zuckerberg was preparing to testify to Congress about a particularly egregious example: A developer who handed over data on tens of millions of people to Cambridge Analytica, the political consulting firm that helped Donald Trump on his presidential campaign. That one instance has led to government probes around the world, and threats of further regulation for the company.Last year, Facebook started an audit of thousands of apps and suspended hundreds until they could make sure they weren’t mishandling user data. Facebook now offers rewards for researchers who find problems with its third-party apps.A Facebook spokesperson said that the company’s policies prohibit storing Facebook information in a public database. Once it was alerted to the issue, Facebook worked with Amazon to take down the databases, the spokesperson said, adding that Facebook is committed to working with the developers on its platform to protect people’s data.In the Cultura Colectiva dataset, which totaled 146 gigabytes, it was difficult for researchers to know how many unique Facebook users were affected. UpGuard also had trouble working to get the database closed. The firm sent emails to Cultura Colectiva and Amazon over many months to alert them to the problem. It wasn’t until Facebook contacted Amazon that the leak was addressed. Cultura Colectiva didn’t respond to Bloomberg’s request for comment.This latest example shows how the data security issues can be amplified by another trend: the transition many companies have made from running operations predominantly in their own data centers to cloud-computing services operated by Amazon, Microsoft Corp., Alphabet Inc.’s Google, and others.Those tech giants have built multibillion-dollar businesses by making it easy for companies to run applications and store troves of data, from corporate documents to employee information, on remote servers.Programs like Amazon Web Services’ Simple Storage Service, essentially an internet-accessed hard drive, offer clients the choice of whether to make the data visible to just the person who uploaded it, other members of their company, or anyone online. Sometimes, that information is designed to be public-facing, as in the case of a cache of photos or other images stored for use on a corporate website.These Are the Worst Corporate Hacks of All TimeOther times, it isn’t. In recent years, information stored on several cloud services — U.S. military data, personal information of newspaper subscribers and cell phone users — has been inadvertently shared publicly online and discovered by security researchers.Amazon in the last two years has beefed up protocols to keep customers from exposing sensitive materials, adding prominent warning notices, making tools for administrators to more simply turn off all public facing items, and offering for free what was formerly a paid add-on to check a customer’s account for exposed data.“Originally I would have put a lot of this on AWS,” said Corey Quinn, who advises businesses that use Amazon’s cloud at the Duckbill Group, a consulting firm. But since Amazon has taken steps to address the issue, companies like Cultura should be aware, he said. “With all of this in the news, and all of this continuing to come out, if you’re still opening AWS buckets [to the public], you’re not paying attention.”Amazon isn’t the only company that periodically gets caught up in cases of private records mistakenly made public. But it has a wide lead in the business of selling rented data storage and computing power, putting a spotlight on Seattle-based company’s practices. An Amazon Web Services spokesman declined to comment.Bloomberg.com read more

This gun is smoking 100 leaked Huawei staff CVs prove links with

A manager at Huawei who has worked at the company since 2012 worked at the National Information Security Engineering Centre, which reportedly “collaborated for years” with Unit 61398 of the Chinese Army, a unit accused of being “at the heart of China’s alleged cyber war against Western commercial targets.” The study links another Huawei engineer, who has worked in Europe, to being a “representative” of the Ministry of State Security, China’s intelligence agency.A further CV reveals a senior Huawei engineer worked on “a database-driven surveillance system capable of accessing every citizen’s record and connecting China’s security organisations” — otherwise known as the “Great Firewall of China.”One more CV shows a Huawei telecom engineer involved in development of 5G “base stations” who says on his CV that he cannot comment on his previous employment “due to the involvement of military secrets.” Prof. Balding said “these CVs are a treasure trove.”Charles Parton, a British diplomat who spent much of his career in China, said the cases “give the lie to Huawei’s claim that there is no evidence that they help the Chinese intelligence services. This gun is smoking.”Ed Brewster of Huawei, said: “Huawei does not work on military or intelligence projects for the Chinese Government. This information is not new and is not secret, being freely available on career websites. It is not unusual that Huawei employs people from public service and government. We are proud of their backgrounds and we are open about them.” LONDON — Huawei staff admitted to having worked with Chinese intelligence agencies in a “mass trove” of employment records leaked online.Analysis of CVs of Huawei employees appear to show “far closer links” between the telecommunications company and military-backed cyber agencies than previously thought, a think tank claims.The employment files suggest that some Huawei staff have also worked as agents within China’s Ministry of State Security; worked on joint projects with the Chinese People’s Liberation Army; were educated at China’s leading military academy; and have been employed by a military unit accused of a cyber attack on U.S. corporations.Analysis of the CVs found 11 Huawei staff graduated from the PLA’s Information Engineering University, a military academy reputed to be China’s centre for “information warfare research.” Down to Business podcast: Why Huawei thinks Canada should trust its 5G gear U.S. ban is hurting Huawei more than it thought — $30 billion more Huawei controlling Canada’s 5G would be ‘crazy,’ warns Rogers vice-chairman The claims will strengthen demands for the telecom operator to be frozen out of a deal to build part of Britain’s new 5G mobile phone network. The Daily Telegraph disclosed in April that Theresa May had given the green light to Huawei to build parts of the network despite national security concerns. Huawei said it does not work on military projects for China’s regime.The CVs of up to 25,000 Huawei employees were uncovered by Christopher Balding, an associate professor at the Fulbright University Vietnam, while investigating Huawei’s ownership structure. The CVs were uploaded on Chinese recruitment platforms in the past year and began to appear online and on publicly accessible sites. Prof. Balding, in conjunction with the Henry Jackson Society, a London-based think tank, concluded that about 100 Huawei staff had connections with the Chinese military or intelligence agencies and their “backgrounds indicated experience in matters of national security.”The study claims that one Huawei project team leader refers on his CV to work on joint projects between the telecom company and the Chinese Army’s National University of Defence Technology, one of China’s leading military academies and was put on a U.S. list, banning American firms from selling it technology in 2015, under Barack Obama’s presidency.Another Huawei employee’s CV says she works both at the telecom giant as a software engineer and also at the Radar Academy of the Chinese Army. The academy, says Prof. Balding, “matches closely her work for Huawei.”(These cases) give the lie to Huawei’s claim that there is no evidence that they help the Chinese intelligence services. This gun is smoking.Charles Parton, former British diplomat to China read more

Sessions focus on interpersonal communication

The Student Development Centre is hosting sessions about interpersonal communication over the next two months.The sessions, called Foundations in Interpersonal Communications, are part of the Foundations in Leadership Practicum Series. They are being offered to staff at a “bronze” level in the series.This level consists of six two-hour sessions, which with between-session tasks amounts to 15 or 16 hours. The sessions will be Thursdays on Nov. 3, 10, 17, 24 and Dec. 8 and 15. The cost is $45.For information, contact Les McCurdy-Myers at 905-688-5550 x4123 or lmccurdy@brocku.ca. Register at the Human Resources training sessions page.Monday, Tuesday, Wednesday read more

CCOVI lectures continue this Wednesday

The 2012 CCOVI Lecture Series continues this week with a free talk on the topic of sour rot.Wendy McFadden-Smith, CCOVI Professional Affiliate and Integrated Pest Management Specialist at the Ontario Ministry of Agriculture, Food and Rural Affairs (OMAFRA), will discuss “What we’ve learned about sour rot: An update on research”.This lecture takes place Wednesday, March 14 at 3 p.m. in IH313. Admission is free and everyone is welcome.The lecture will also be available via live webcast.

Brooke Henderson named CP female athlete of the year

Golfer Brooke Henderson has been named the Canadian Press female athlete of the year after winning the Bobbie Rosenfield Award.The 21-year-old from Smiths Falls, Ont. has won the award in three of the last four years. She picked up 30 of 54 votes (55.6 per cent) in a poll of broadcasters and editors from across the country.Figure skater Kaetlyn Osmond and short-track speedskater Kim Boutin were tied for second with 10 votes apiece.Henderson became the first Canadian to win the CP Women’s Open since Jocelyne Bourassa in 1973. She won twice on the LPGA Tour last season and finished ninth in the world rankings. read more

Huawei Canada says it met federal security requirements for new Arctic 4G

OTTAWA — Huawei Canada says it has received federal approval to work with a northern telecom company and an Inuit development corporation to extend high-speed 4G wireless services to 70 communities in the Arctic and northern Quebec.Alykhan Velshi, the vice president of corporate affairs for the Canadian arm of the Chinese telecommunications giant, says the new project was approved under the federal Security Review Program, which is designed to protect critical infrastructure.The program is run by the Communications Security Establishment, in conjunction with the Public Safety Department, Global Affairs Canada and other federal departments.A spokesman for Public Safety Minister Ralph Goodale referred questions of about today’s announcement to CSE, which did not immediately reply.Huawei is a controversial company in Canada because its chief financial officer Meng Wanzhou is at the centre of a diplomatic battle between Canada and China since her arrest in Vancouver in December on an extradition warrant from the United States, which wants her on fraud charges.Huawei is waiting for a federal decision on whether it will be allowed to supply equipment for next-generation 5G wireless networks in the rest of the country, amid pressure from the U.S. not to do business with a company it views as an organ of Chinese military intelligence — an allegation the company denied again today.Huawei’s announcement in Ottawa is about extending 4G service, which is common in populated areas in southern Canada, to more rural and remote parts of the North.The Canadian Press read more

Detroit centre removes name of exmayor with racist past

DETROIT — The home of the Detroit’s annual auto show and other major events is officially changing its name that honoured a former mayor known for his racist, segregationist policies.Officials on Tuesday announced that Cobo Center becomes TCF Center. The change follows the February announcement of a $33 million naming rights deal with Chemical Bank, now a division of TCF Bank.Officials have said the name change will save state taxpayers millions of dollars and move the riverfront facility toward being financially self-sustaining. It had been owned and operated by the city until 2009, when a regional authority was created.Officials said earlier this year a new name also removes negative history. Albert Cobo, who served as mayor from 1950 to 1957, sought to keep blacks out of predominantly white neighbourhoods.Jeff Karoub, The Associated Press read more

Canadian pot growers say marijuana byproduct a wasted opportunity for industry

VANCOUVER — Licensed marijuana producers in Canada are throwing out thousands of kilograms of plant waste each year in what some of them say is a missed opportunity to find other uses for the byproduct.Health Canada’s destruction policy for producers makes it impossible to benefit or learn from the potentially valuable waste product, said Terry Lake, the vice-president of corporate social responsibility at Hydropothecary, a licensed producer in Gatineau, Que.“We’re growing like 3,000 kilograms to a 108,000 thousand kilograms each year, that’s an awful lot of waste,” said Lake, who is a former health minister in British Columbia.Lake said almost half of everything Hydropothecary grows is tossed into the compost bin.Like its cousin the hemp plant, Lake said the stems of the marijuana plant could be used as fibre for a wealth of products like T-shirts, animal feed and housing siding.“The stalk could be used as a reinforcer for cement, another use of hemp fibre, or could be used as insulation,” said Lake.Shawn McDougall, production manager at BlissCo, a licensed producer in Langley, B.C., said the company mixes leftover stalks, stems and leaves into its food waste compost, and must report the amount dumped to Health Canada.“There is some great future potential stuff there, but we’re mandated by Health Canada to destroy and dispose,” said McDougall.Lake said Hydropothecary has to undergo the same process.No one from Health Canada was available for an interview.McDougall and Lake said most of the plant material underneath the flowered buds, such as leaves, stems, and stalks, all have negligible amounts of THC, the active chemical ingredient found in marijuana plants.McDougall said for years when marijuana was unregulated in California and Oregon personal growers would juice the leaves and stems of the plant, turning them into a beverage.BlissCo CEO Damian Kettlewell said juicing is just one of the applications they would like to develop after legalization in Canada later this year, along with distilled marijuana resin, commonly known as shatter.“We are in the process of doing research on edibles and on vape pens, and then we anticipate there will be other high concentrate and high THC products like shatter available as well,” said Kettlewell.McDougall said none of the company’s plants are sprayed with pesticides.While purchasing cannabis from a licensed dealer will become legal in the coming months, people waiting to buy legalized edibles and other products will have to wait longer.Health Canada has said edibles and specific concentrates will be legalized no later than 12 months after the Cannabis Act comes into force.Lake said Health Canada is likely overwhelmed with the pending marijuana legislative changes, but it is only be a matter of time before the agency reverses its policies on the potential benefits to be found in byproducts from marijuana plants.“I have every confidence that in the future they’ll look at how we can utilize what is now just a waste product into something that’s useful for Canadian society.” read more

Canada supports EU plan to help WTO deal with Trump disruption

OTTAWA — Canada’s trade minister is endorsing a European Union plan to prevent the Trump administration from paralyzing the World Trade Organization’s dispute-settlement body later this year.Jim Carr tells The Canadian Press that the EU’s plan to set up a proxy version of the WTO’s Appellate Body has merit and deserves further examination.The United States is blocking appointments to fill vacancies at the Appellate Body, which acts as an appeal court of sorts for the WTO’s Dispute Settlement Body. WTO says tariff war will hammer global trade growth this year Gears of WTO about to come to a halt amid U.S. refusal to appoint new judges, Canada warns EU proposes new WTO reform to safeguard dispute settlement system under threat by U.S. President Donald Trump, along with other members of his administration, has disparaged the Geneva-based WTO as a disaster for the U.S. — part of his broader wrecking-ball approach toward the international trading order.If no approvals for new vacancies are forthcoming by December, the body could effectively shut down.Canada has convened about a dozen like-minded countries — minus the U.S. and China — to try to reform the WTO, and Carr says the EU’s proposal to keep the Appellate Body functioning has been discussed there. read more