Placeholder Content Image

Why do organisations still struggle to protect our data? We asked 50 professionals on the privacy front line

<p><em><a href="https://theconversation.com/profiles/jane-andrew-10314">Jane Andrew</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>; <a href="https://theconversation.com/profiles/dr-penelope-bowyer-pont-1550191">Dr Penelope Bowyer-Pont</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>, and <a href="https://theconversation.com/profiles/max-baker-25553">Max Baker</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a></em></p> <p>More of our personal data is now collected and stored online than ever before in history. The rise of data breaches should unsettle us all.</p> <p>At an individual level, data breaches can compromise our privacy, cause harm to our finances and mental health, and even enable identity theft.</p> <p>For organisations, the repercussions can be equally severe, often resulting in major financial losses and brand damage.</p> <p>Despite the increasing importance of protecting our personal information, doing so remains fraught with challenges.</p> <p>As part of a <a href="http://www.doi.org/10.25910/psq3-q365">comprehensive study</a> of data breach notification practices, we interviewed 50 senior personnel working in information security and privacy. Here’s what they told us about the multifaceted challenges they face.</p> <h2>What does the law actually say?</h2> <p>Data breaches occur whenever personal information is accessed or disclosed without authorisation, or even lost altogether. <a href="https://www.abc.net.au/news/2024-06-20/optus-hack/104002682">Optus</a>, <a href="https://www.abc.net.au/news/2022-11-09/medibank-data-release-dark-web-hackers/101632088">Medibank</a> and <a href="https://www.afr.com/technology/canva-criticised-after-data-breach-exposed-139m-user-details-20190526-p51r8i">Canva</a> have all experienced high-profile incidents in recent years.</p> <p>Under Australia’s <a href="https://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/pa1988108/">privacy laws</a>, organisations aren’t allowed to sweep major cyber attacks under the rug.</p> <p>They have to notify both the regulator – the Office of the Australian Information Commissioner (OAIC) – and any affected individuals of breaches that are likely to result in “<a href="https://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/pa1988108/#:%7E:text=Whether%20access%20or%20disclosure%20would%20be%20likely%2C%20or%20would%20not%20be%20likely%2C%20to%20result%20in%20serious%20harm%2D%2Drelevant%20matters%20%C2%A0">serious harm</a>”.</p> <p>But according to the organisational leaders we interviewed, this poses a tricky question. How do you define serious harm?</p> <p>Interpretations of what “serious harm” actually means – and how likely it is to occur – vary significantly. This inconsistency can make it impossible to predict the specific impact of a data breach on an individual.</p> <p>Victims of domestic violence, for example, may be at increased risk when personal information is exposed, creating harms that are difficult to foresee or mitigate.</p> <h2>Enforcing the rules</h2> <p>Interviewees also had concerns about how well the regulator could provide guidance and enforce data protection measures.</p> <p>Many expressed a belief the OAIC is underfunded and lacks the authority to impose and enforce fines properly. The consensus was that the challenge of protecting our data has now outgrown the power and resources of the regulator.</p> <p>As one chief information security officer at a publicly listed company put it:</p> <blockquote> <p>What’s the point of having speeding signs and cameras if you don’t give anyone a ticket?</p> </blockquote> <p>A lack of enforcement can undermine the incentive for organisations to invest in robust data protection.</p> <h2>Only the tip of the iceberg</h2> <p>Data breaches are also underreported, particularly in the corporate sector.</p> <p>One senior cybersecurity consultant from a major multinational company told us there is a strong incentive for companies to minimise or cover up breaches, to avoid embarrassment.</p> <p>This culture means many breaches that should be reported simply aren’t. One senior public servant estimated only about 10% of reportable breaches end up actually being disclosed.</p> <p>Without this basic transparency, the regulator and affected individuals can’t take necessary steps to protect themselves.</p> <h2>Third-party breaches</h2> <p>Sometimes, when we give our personal information to one organisation, it can end up in the hands of another one we might not expect. This is because key tasks – especially managing databases – are often outsourced to third parties.</p> <p>Outsourcing tasks might be a more efficient option for an organisation, but it can make protecting personal data even more complicated.</p> <p>Interviewees told us breaches were more likely when engaging third-party providers, because it limited the control they had over security measures.</p> <p>Between July and December 2023 in Australia, there was an increase of <a href="https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-july-to-december-2023">more than 300%</a> in third-party data breaches compared to the six months prior.</p> <p>There have been some highly publicised examples.</p> <p>In May this year, many Clubs NSW customers had their personal information potentially <a href="https://www.rimpa.com.au/resource/more-than-a-million-australian-data-records-potentially-exposed-in-nsw-club-and-pub-data-breach.html#:%7E:text=Outabox%2C%20the%20IT%20services%20provider,and%20has%20notified%20law%20enforcement">breached</a> through an attack on third-party software provider Outabox.</p> <p>Bunnings suffered a <a href="https://australiancybersecuritymagazine.com.au/bunnings-customer-data-compromised/">similar breach</a> in late 2021, via an attack on scheduling software provider FlexBooker.</p> <h2>Getting the basics right</h2> <p>Some organisations are still struggling with the basics. Our research found many data breaches occur because outdated or “legacy” data systems are still in use.</p> <p>These systems are old or inactive databases, often containing huge amounts of personal information about all the individuals who’ve previously interacted with them.</p> <p>Organisations tend to hold onto personal data longer than is legally required. This can come down to confusion about data-retention requirements, but also the high cost and complexity of safely decommissioning old systems.</p> <p>One chief privacy officer of a large financial services institution told us:</p> <blockquote> <p>In an organisation like ours where we have over 2,000 legacy systems […] the systems don’t speak to each other. They don’t come with big red delete buttons.</p> </blockquote> <p>Other interviewees flagged that risky data testing practices are widespread.</p> <p>Software developers and tech teams often use “production data” – real customer data – to test new products. This is often quicker and cheaper than creating test datasets.</p> <p>However, this practice exposes real customer information to insecure testing environments, making it more vulnerable. A senior cybersecurity specialist told us:</p> <blockquote> <p>I’ve seen it so much in every industry […] It’s literally live, real information going into systems that are not live and real and have low security.</p> </blockquote> <h2>What needs to be done?</h2> <p>Drawing insights from professionals at the coalface, our study highlights just how complex data protection has become in Australia, and how quickly the landscape is evolving.</p> <p>Addressing these issues will require a multi-pronged approach, including clearer legislative guidelines, better enforcement, greater transparency and robust security practices for the use of third-party providers.</p> <p>As the digital world continues to evolve, so too must our strategies for protecting ourselves and our data.<img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/236681/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /></p> <p><em><a href="https://theconversation.com/profiles/jane-andrew-10314">Jane Andrew</a>, Professor, Head of the Discipline of Accounting, Governance and Regulation, University of Sydney Business School, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>; <a href="https://theconversation.com/profiles/dr-penelope-bowyer-pont-1550191">Dr Penelope Bowyer-Pont</a>, Researcher, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>, and <a href="https://theconversation.com/profiles/max-baker-25553">Max Baker</a>, Associate professor, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a></em></p> <p><em>Image credits: Shutterstock </em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/why-do-organisations-still-struggle-to-protect-our-data-we-asked-50-professionals-on-the-privacy-front-line-236681">original article</a>.</em></p>

Legal

Placeholder Content Image

Huge fallout after panicked passenger opens exit door midflight

<p>Asiana Airlines has immediately stopped offering its emergency exit seats after a passenger opened a door during a flight over South Korea on May 26, sparking panic inside the plane.</p> <p>Passengers will no longer be seated in emergency exit seats on its 174-seat A321-200 aircrafts and the 195-seat A321-200s, as a safety measure.</p> <p>According to airline officials, the man, 33, who opened the door was seated near the emergency exit.</p> <p>During preliminary questioning, the 33-year-old told investigators that he felt suffocated and tried to get off the plane quickly, police reported.</p> <p>Twelve people suffered minor injuries as a result, with air blasting in the cabin and terrifying passengers.</p> <p>Some testified they suffered severe ear pain and saw others screaming and crying.</p> <p>A video shared on social media shows passengers’ hair being whipped by air blowing into the cabin.</p> <p>The emergency exit doors usually cannot be opened mid-flight due to the difference in air pressure inside and outside the plane.</p> <p>However, the 33-year-old managed to open the door likely because the plane was flying at a low altitude while preparing to land and there wasn’t much difference to pressure, Asiana Airlines officials report.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">(warning: distressing)</p> <p>A man traveling on an Asiana Airlines flight opened the plane's cabin door minutes before it came in for its planned landing. <a href="https://t.co/QUIUXuVDgD">pic.twitter.com/QUIUXuVDgD</a></p> <p>— NowThis (@nowthisnews) <a href="https://twitter.com/nowthisnews/status/1662179612804149249?ref_src=twsrc%5Etfw">May 26, 2023</a></p></blockquote> <p>The Transport Ministry said the plane was at 213 metres when the man pulled the door open.</p> <p>The aircraft, which was flying to the city of Daegu from the southern island of Jeju was carrying 200 passengers and landed safely.</p> <p>Passengers onboard included teenage athletes on their way to a track and field competition, according to Asiana Airlines.</p> <p>The 33-year-old told authorities that he had wanted to get out of the plane because he felt suffocated, <em>Yonhap</em> news agency reported, citing police.</p> <p><em>Yonhap</em> said the man told police he had suffered stress after losing his job recently.</p> <p>A district court in Daegu has since approved a warrant to formally arrest him.</p> <p>"I wanted to get off the plane soon," the man told reporters at the court ahead of his arrest warrant review.</p> <p>"I'm really sorry to kids," he said, likely referencing the teenage athletes.</p> <p>Daegu police said they have up to 20 days to investigate the man before determining whether to send him to prosecutors for a possible indictment.</p> <p>If convicted, he faces a maximum sentence of 10 years in prison for breaching the aviation security law that bans passengers from handling entry doors, emergency exit doors and other equipment on board, according to the Transport Ministry.</p> <p>Those who were taken to hospitals were primarily treated for minor issues such as breathing difficulties.</p> <p><em>Image credit: Twitter</em></p>

Travel Trouble

Placeholder Content Image

UN committee rules anti-lesbian sex laws breach human rights in landmark decision

<p>On Wednesday, a United Nations committee became the first international law body to recognise that criminalising female same-sex sexual activity is a fundamental breach of human rights.</p> <p>The <a href="https://www.humandignitytrust.org/wp-content/uploads/resources/CEDAW-C-81-D-134-2018-English-clean-copy.pdf" target="_blank" rel="noopener">landmark decision</a> means all countries that criminalise women having sex with other women should immediately repeal these laws.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">UN Body Condemns Sri Lanka’s Criminalization of Same-Sex Acts <a href="https://t.co/UW0Opoqfwc">https://t.co/UW0Opoqfwc</a></p> <p>— Human Rights Watch (@hrw) <a href="https://twitter.com/hrw/status/1506776054706458627?ref_src=twsrc%5Etfw">March 23, 2022</a></p></blockquote> <p><strong>Which countries criminalise homosexuality?</strong></p> <p><a href="https://antigaylaws.org/" target="_blank" rel="noopener">Seventy-one countries</a> still criminalise homosexual conduct. Many of these are our neighbours – <a href="https://antigaylaws.org/regional/asia-2/" target="_blank" rel="noopener">ten in Asia</a> and <a href="https://antigaylaws.org/regional/pacificoceania/" target="_blank" rel="noopener">seven in the Pacific</a>.</p> <p>Many people assume these laws only apply to men having sex with men, but that’s not the case. Sexual conduct between women is prohibited in the criminal codes of 34 of these 71 countries.</p> <p>Countries with sharia law such as Afghanistan, Nigeria and Saudi Arabia also essentially criminalise lesbian sex. So there are <a href="https://www.humandignitytrust.org/lgbt-the-law/map-of-criminalisation/?type_filter=crim_sex_women" target="_blank" rel="noopener">43 countries</a> where it’s a crime for women to engage in same-sex sexual activity – almost a quarter of all countries in the world.</p> <p>The majority of the countries that criminalise same-sex sexual activity are members of the <a href="https://journals.sagepub.com/doi/abs/10.1177/1037969X1403900203" target="_blank" rel="noopener">Commonwealth</a>, whose anti-homosexuality laws were introduced by the British Empire.</p> <p>However, Britain only ever criminalised male homosexual activity, and the expansion of these laws to explicitly include female sexual activity is a relatively recent phenomenon. Countries that have done so include: Trinidad and Tobago (1986), Solomon Islands (1990), Sri Lanka (1995), Malaysia (1998) and Nigeria (2014).</p> <p>In the past 35 years, <a href="https://www.humandignitytrust.org/wp-content/uploads/resources/Breaking-the-Silence-Criminalisation-of-LB-Women-and-its-Impacts-FINAL.pdf" target="_blank" rel="noopener">ten jurisdictions</a> that previously only criminalised same-sex male sexual intimacy changed their laws to include, for the first time, new criminal sanctions of lesbians and bisexual women.</p> <p>The laws criminalising same-sex activity between women aren’t just arcane laws that are never enforced. In Malaysia just over three years ago, two women were <a href="https://www.theguardian.com/world/2018/sep/03/women-caned-in-malaysia-for-attempting-to-have-lesbian-sex" target="_blank" rel="noopener">caned six times</a> for attempting to have sex.</p> <p>And late last year, a <a href="https://www.advocate.com/world/2021/12/14/lesbian-detained-iran-fears-life-sareh" target="_blank" rel="noopener">lesbian activist in Iran</a> was arrested while trying to flee to Turkey to seek asylum. Before this, she was detained for 21 days by the Iraqi Kurdistan police following an interview she did with BBC Persian about the situation of the LGBTQ+ community in Iraqi Kurdistan.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">Atrocious punishment of lesbians in <a href="https://twitter.com/hashtag/Malaysia?src=hash&amp;ref_src=twsrc%5Etfw">#Malaysia</a> <a href="https://t.co/pknBrYnlO4">https://t.co/pknBrYnlO4</a></p> <p>— Amnesty UK Rainbow Network (@AmnestyUK_LGBTI) <a href="https://twitter.com/AmnestyUK_LGBTI/status/1037277740951584773?ref_src=twsrc%5Etfw">September 5, 2018</a></p></blockquote> <p><strong>The case</strong></p> <p>The case of <em>Flamer-Caldera v Sri Lanka</em> was brought by a lesbian activist to the UN Committee on the Elimination of Discrimination Against Women (CEDAW).</p> <p>She argued that Sri Lanka’s criminal laws violated her right to live her life free from discrimination based on her sexual orientation.</p> <p>The CEDAW committee agreed.</p> <p>It found the effect of Sri Lanka’s criminal code was that lesbian and bisexual women lived with the constant risk of arrest and detention. And the laws facilitate a culture where discrimination, harassment and violence against lesbians and bisexual women can flourish.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">The verdict is clear: compulsory heterosexuality, enforced through legislation and policing as well as unchecked social stigma, violates women’s rights under international law. My piece for <a href="https://twitter.com/OutRightIntl?ref_src=twsrc%5Etfw">@OutRightIntl</a> on the <a href="https://twitter.com/hashtag/SriLanka?src=hash&amp;ref_src=twsrc%5Etfw">#SriLanka</a> <a href="https://twitter.com/hashtag/CEDAW?src=hash&amp;ref_src=twsrc%5Etfw">#CEDAW</a> ruling: <a href="https://t.co/cahtHV2k2d">https://t.co/cahtHV2k2d</a></p> <p>— Neela Ghoshal (@NeelaGhoshal) <a href="https://twitter.com/NeelaGhoshal/status/1507106976370769923?ref_src=twsrc%5Etfw">March 24, 2022</a></p></blockquote> <p>Law is a tool that governments use to communicate to society what is acceptable and unacceptable behaviour. When the Sri Lankan government declared any sexual intimacy between consenting women is a crime, it signalled to Sri Lankans that vilification, targeting and harassment of lesbians and bisexual women is acceptable, because they are criminals.</p> <p>The laws not only criminalise same-sex sexual conduct. They also perpetuate homophobia, stigmatise the LGBTQ+ community and sanction gender-based violence against lesbians and bisexual women.</p> <p>This decision sends a clear message to all governments who think it’s OK to persecute, harass and discriminate against lesbians and bisexual women – you are wrong.</p> <p><strong>What now?</strong></p> <p>Sri Lanka now has six months to provide a written response to the CEDAW Committee setting out the action it has taken, or will take, to give effect to the committee’s decision.</p> <p>Repealing the specific provision in the criminal law will not be enough. A much more holistic and nuanced response is required. In particular, the government will need to:</p> <ul> <li> <p>develop campaigns to counter prejudice and stereotypes directed at the LGBTQ+ community</p> </li> <li> <p>enact anti-discrimination laws prohibiting discrimination on the basis of sexual orientation, gender identity and intersex status</p> </li> <li> <p>embed human rights education in schools, promoting equality and respect for all regardless of their sexual orientation or gender identity</p> </li> <li> <p>provide training for police, judges and other law enforcement officials to increase their understanding of, and respect for, the human rights of LGBTQ+ people. This will also enable women to report homophobic crimes to the police without fear of retribution and with the knowledge the perpetrators will be prosecuted</p> </li> <li> <p>ensure there are adequate civil and criminal remedies for members of the LGBTQ+ community who are subjected to discrimination and gender-based violence.</p> </li> </ul> <p>The decision in <em>Flamer-Caldera v Sri Lanka</em> represents a watershed moment in international human rights law and will reverberate around the world.</p> <p>It’s now beyond dispute that criminalising consensual adult same-sex sexual conduct violates a woman’s right to privacy, dignity and non-discrimination.</p> <p>All governments have a duty to protect all women, including lesbians and bisexual women, from discrimination, gender-based violence and other harm.</p> <p>Any country that criminalises the sexual conduct of lesbians and bisexual women, regardless of whether they enforce the laws, is guilty of violating international law.<img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;" src="https://counter.theconversation.com/content/179936/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /></p> <p><em><a href="https://theconversation.com/profiles/paula-gerber-4812" target="_blank" rel="noopener">Paula Gerber</a>, Professor of Human Rights Law, <a href="https://theconversation.com/institutions/monash-university-1065" target="_blank" rel="noopener">Monash University</a></em></p> <p><em>This article is republished from <a href="https://theconversation.com" target="_blank" rel="noopener">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/un-committee-rules-anti-lesbian-sex-laws-breach-human-rights-in-landmark-decision-179936" target="_blank" rel="noopener">original article</a>.</em></p> <p><em>Image: Getty Images</em></p>

Legal

Placeholder Content Image

“Absolutely double standards”: Hillsong accused of breaching Health Order

<p><span style="font-weight: 400;">Australian artists have </span><a rel="noopener" href="https://au.news.yahoo.com/outrage-over-hillsong-video-showing-crowds-singing-dancing-nsw-085606215.html" target="_blank"><span style="font-weight: 400;">expressed their outrage</span></a><span style="font-weight: 400;"> after footage of people singing and dancing at a Hillsong event emerged online, despite new restrictions banning these activities from happening in NSW.</span></p> <p><span style="font-weight: 400;">Some have pointed out that Hillsong’s Wildlife Summer Camp, a three-day “summer camp” held near Newcastle, looks similar to a music festival - where singing and dancing have been prohibited.</span></p> <p><img style="width: 500px; height: 281.25px;" src="https://oversixtydev.blob.core.windows.net/media/7846808/hillsong2.jpg" alt="" data-udi="umb://media/8b1806a689dd4ef182e72a7825f6258c" /></p> <p><em><span style="font-weight: 400;">Hillsong has been accused of breaching the Public Health Order banning singing and dancing at recreational facilities. Image: @hillsongyouth (Instagram)</span></em></p> <p><span style="font-weight: 400;">Images and videos from the event show teenagers dancing to religious music - with many appearing to be unmasked - sparking outrage from the entertainment industry, which has seen many scheduled events cancelled in wake of the state’s rules.</span></p> <p><span style="font-weight: 400;">Music festivals across the country have also been forced to be cancelled or postponed, prompting claims that Hillsong being allowed to hold such an event is a “double standard”.</span></p> <blockquote class="twitter-tweet"> <p dir="ltr">Seeing all the artists, promoters, staff and vendors in <a href="https://twitter.com/hashtag/NSW?src=hash&amp;ref_src=twsrc%5Etfw">#NSW</a> suffer after having outdoor events cancelled and then seeing THIS happening right now in NSW for <a href="https://twitter.com/hashtag/Hillsong?src=hash&amp;ref_src=twsrc%5Etfw">#Hillsong</a> is disgusting, a huge gut punch to the already suffering industry. Absolute double standards. <a href="https://twitter.com/hashtag/NswPol?src=hash&amp;ref_src=twsrc%5Etfw">#NswPol</a> <a href="https://twitter.com/hashtag/nswcovid?src=hash&amp;ref_src=twsrc%5Etfw">#nswcovid</a> <a href="https://t.co/fi5pyQZnrr">pic.twitter.com/fi5pyQZnrr</a></p> — Leon Sjogren (@Leonsjogren) <a href="https://twitter.com/Leonsjogren/status/1481460688032010241?ref_src=twsrc%5Etfw">January 13, 2022</a></blockquote> <p><span style="font-weight: 400;">Music producer Leon Sjogren wrote on Twitter: “Seeing all the artists, promoters, staff and vendors in NSW suffer after having outdoor events cancelled and then seeing THIS happening right now in NSW for Hillsong is disgusting, a huge gut punch to the already suffering industry.</span></p> <p><span style="font-weight: 400;">“Absolutely double standards.”</span></p> <p><span style="font-weight: 400;">NSW Premier Dominic Perrottet announced the new restrictions on singing and dancing last week, telling reporters the activities would be prohibited in indoor venues from January 8 until January 27.</span></p> <p><span style="font-weight: 400;">According to the Public Health Order, singing and dancing aren’t allowed at places such as music festivals, nightclubs, major recreation facilities, hospitality venues, and entertainment facilities.</span></p> <p><span style="font-weight: 400;">However, weddings, music classes, and churches are exempt.</span></p> <p><span style="font-weight: 400;">Although Hillsong defended the event, telling the ABC it was “not similar to a music festival in any way”, NSW Health has requested that the organisation “stop singing and dancing”.</span></p> <p><span style="font-weight: 400;">“Our camps involve primarily outdoor recreational activities including sports and games,” Hillsong said in a statement to the national broadcaster.</span></p> <p><img style="width: 500px; height: 281.25px;" src="https://oversixtydev.blob.core.windows.net/media/7846809/hillsong1.jpg" alt="" data-udi="umb://media/ddd8f167cd714df785dde4fc56b5a6e6" /></p> <p><em><span style="font-weight: 400;">Despite footage showing unmasked teens singing and dancing, the religious organisation says it was not breaching the Public Health Order banning those activities. Image: @hillsongyouth (Instagram)</span></em></p> <p><span style="font-weight: 400;">The organisation added that they “follow strict Covid procedures” and “adhere to government guidelines”.</span></p> <p><span style="font-weight: 400;">But, a statement from NSW Health accused the organisation of breaching the Public Health Order, as “singing and dancing at a major recreation facility” is prohibited.</span></p> <p><span style="font-weight: 400;">Health Minister Brad Hazzard said: “While the Order does not apply to religious services, it does apply to major recreational facilities and this event is clearly in breach of both the spirit and intent of the Order, which is in place to keep the community safe.”</span></p> <p><span style="font-weight: 400;">Other Australian artists have also taken aim at the event, with rapper Illy criticising the banning of singing and dancing at festivals but not in churches.</span></p> <p><span style="font-weight: 400;">“You can postpone all our festivals and gigs, you can say no to dancing in clubs for the next 50 years, and you can make singing and shouting in public illegal except in sermons and the cricket for some reason,” he wrote on Twitter on Wednesday.</span></p> <blockquote class="twitter-tweet"> <p dir="ltr">I can handle the singing, the dancing, and the no mask wearing at this Hillsong festival last night, even though it’s illegal for the entire arts industry to do the same. But playing“turn down for what” in 2022?! Too far. <a href="https://t.co/byOWufUaWa">pic.twitter.com/byOWufUaWa</a></p> — Illy (@illyal) <a href="https://twitter.com/illyal/status/1481461459368701960?ref_src=twsrc%5Etfw">January 13, 2022</a></blockquote> <p><span style="font-weight: 400;">“FYI I’m for everyone’s religious beliefs. The post is a joke, aimed at the latest horse s*** double standard the music industry is ONCE AGAIN having to face. Not attacking religion at all.”</span></p> <p><span style="font-weight: 400;">Others said the rules should apply to everyone, religious or not.</span></p> <p><span style="font-weight: 400;">“The double standard applied to this Hillsong event vs other indoor or outdoor music festivals makes NO sense at all,” one critic shared on Twitter.</span></p> <p><span style="font-weight: 400;">“You risk a big increase in Covid infections &amp; prolonging this pandemic for all of us. The same rules need to apply to everyone.”</span></p> <p><em><span style="font-weight: 400;">Image: Getty Images / @hillsongyouth (Instagram)</span></em></p>

Music

Placeholder Content Image

Human error to blame for COVID airport breach

<div class="post_body_wrapper"> <div class="post_body"> <div class="body_text redactor-styles redactor-in"> <div class="post_body_wrapper"> <div class="post_body"> <div class="body_text redactor-styles redactor-in"> <p>Human error allowed two passengers to accidentally enter a "green zone" at the Brisbane International Airport after arriving on a flight from Papua New Guinea.</p> <p>The pair were in the area for an hour-and-a-half, shopping and using public toilets, before being retrieved by airport staff.</p> <p>Initial test results from one passenger for COVID-19 came back negative and the second passenger's test was inconclusive – but more samples sent to Queensland Health's Forensic and Scientific Services laboratory have since confirmed that he is COVID-positive.</p> <p>While the pair were in the green zone, three New Zealand flights took off with around 390 passengers – these were Air New Zealand NZ202 from Brisbane to Christchurch, Air New Zealand NZ146 from Brisbane to Auckland, and Qantas QF135 from Brisbane to Christchurch.</p> <p>Chief Health Officer Dr Jeannette Young said the pair posed a low risk to others.</p> <p>“While at the airport, they wore masks and socially distanced and neither has reported symptoms," she said.</p> <p>“They were in the wrong zone through no fault of their own and we appreciate their patience and cooperation while we rule them out as cases.</p> <p>“We’re also grateful for the prompt action by Brisbane airport staff once the mistake was identified.”</p> <p>In a statement from Brisbane Airport Corporation, the airline has "unreservedly apologised".</p> <p>"At approximately 9:30am, two transit passengers arrived on a 'red' flight from Port Moresby and proceeded through screening to transit as per normal process," a BAC statement said.</p> <p>"Initial review of CCTV indicates that at approximately 9:55am, these passengers were incorrectly allowed into the 'green zone'.</p> <p>"The breach is due to human error, and BAC is currently working with all relevant authorities including Queensland Health to investigate the circumstances of the breach."</p> <p>"BAC is conducting a thorough investigation and unreservedly apologises for this human error," the statement<span> </span><a rel="noopener" href="https://www.abc.net.au/news/2021-04-29/brisbane-airport-apologises-international-arrivals-covid-breach/100105700" target="_blank">said</a>.</p> </div> </div> </div> </div> </div> </div>

News

Placeholder Content Image

Major royal security breach as intruder pretends to be engaged to Prince Andrew

<div class="post_body_wrapper"> <div class="post_body"> <div class="body_text redactor-styles redactor-in"> <p>A woman has sparked a major scare in Windsor Great Park after being found wandering around Prince Andrew's official residence.</p> <p>Guards accidentally let the woman in after she claimed she had a lunch appointment with Prince Andrew.</p> <p>An insider has provided more information, saying to<span> </span><a rel="noopener" href="https://www.thesun.co.uk/news/14700679/prince-andrew-security-scare-windsor/" target="_blank"><em>The Sun</em></a>: "She was apparently very smartly dressed, in suit trousers, a yellow blouse and peach jacket, and had her hair done up and full make-up.</p> <p>"She cut quite a glamorous figure and the guards were completely taken in by her.</p> <p>"The woman demanded they pay her cab fare as she was a close friend of Prince Andrew, and they obliged before helpfully pointing her on her way towards the Royal Lodge.</p> <p>"They had no idea this woman was a total stranger to Andrew and seemingly had a fixation with him."</p> <p>The only reason the woman was caught was because she went up to a royal staff member and asked where Prince Andrew was, claiming she was engaged to him.</p> <p>"The woman then went up to a member of staff and asked where Prince Andrew was," the insider continued.</p> <p>"She was then asked who she was and what she was doing here.</p> <p>"To the staff member’s shock, the woman then claimed to be engaged to Prince Andrew and said she was there to get married to him.</p> <p>"She said that was the reason why she had flown over from Spain a couple of days earlier."</p> <p>The issue is being dealt with as a "major security breach" as the woman was found with maps of the building as well as a self-defence keyring with two prongs on it.</p> <p>She was initially arrested under suspicion of burglary but has since been sanctioned under the Mental Health Act.</p> </div> </div> </div>

News

Placeholder Content Image

Meghan Markle asks for urgent court ruling over “breach of privacy”

<p><span>Meghan Markle’s lawyers have asked a judge to settle her lawsuit against a newspaper before it goes to trial.</span><br /><br /><span>The 39-year-old Royal is suing Associated Newspapers for an invasion of privacy and copyright infringement over five articles published in the<em> Mail on Sunday</em> and the <em>MailOnline</em> through February of 2019.</span><br /><br /><span>Her legal team have asked a British judge to rule that the publication released a "deeply personal" letter to her estranged father that was "a plain and a serious breach of her rights of privacy".</span><br /><br /><span>The publications included portions of a handwritten letter to her father, Thomas Markle, after her marriage to Prince Harry in 2018.</span><br /><br /><span>Associated Newspapers is contesting the claim, and a full trial is due to be held in the autumn at the High Court.</span><br /><br /><span>It is set to be one of London's highest-profile civil court showdowns for years.</span><br /><br /><span>The Duchess is seeking a summary judgement that would find in her favour and dismiss the newspaper's defence case.</span><br /><br /><span>Her lawyer, Justin Rushbrooke, has that the publisher has "no real prospect" of winning the case.</span><br /><br /><span>"At its heart, it's a very straightforward case about the unlawful publication of a private letter," he said at the start of a two-day hearing, held remotely because of coronavirus restrictions.</span><br /><br /><span>Rushbrooke said Meghan had an understanding that "a heartfelt plea from an anguished daughter to her father" would remain private.</span><br /><br /><span>Lawyers for the Duchess say Thomas Markle, a retired television cinematographer, caused anguish for Meghan and Harry before their May 2018 wedding.</span><br /><br /><span>He gave multiple media interviews and posed for wedding-preparation shots taken by a paparazzi agency.</span><br /><br /><span>He did not attend the wedding ceremony after suffering a heart attack.</span><br /><br /><span>Rushbrooke said Meghan's letter was "a message of peace" and it’s aim was "to stop him talking to the press."</span><br /><br /><span>He said the Duchess took steps to ensure the five-page, 1,250-word letter would not be intercepted.</span><br /><br /><span>She sent it by FedEx through her accountant to her father's home.</span><br /><br /><span>The letter begged Thomas Markle to stop speaking to the media, saying: "Your actions have broken my heart into a million pieces."</span><br /><br /><span>The last sentences, read out in court, were: "I ask for nothing other than peace. And I wish the same for you."</span><br /><br /><span>Lawyers for Associated Newspapers however have argued that Meghan likely knew the letter would one day be published.</span></p>

Legal

Placeholder Content Image

Ash Barty promises to "be better" after COVID-19 breach

<div class="post_body_wrapper"> <div class="post_body"> <div class="body_text redactor-styles redactor-in"> <div class="post_body_wrapper"> <div class="post_body"> <div class="body_text redactor-styles redactor-in"> <p>Australia's world No. 1 tennis star Ash Barty has promised she will "be better" after accidentally committing a COVID-19 faux pas while shopping in Melbourne.</p> <p>She was in Coles shopping and forgot her mask after a pre-Australian Open training session at Melbourne Park.</p> <p>She ran into a Sky News reporter, who recognised she was maskless and took to Twitter to share the incident.</p> <p>“I accidentally forgot to wear a mask in a supermarket (on Thursday) in Melbourne,” Barty said.</p> <p>“I apologised as soon as I realised my mistake.</p> <p>“I understand we all need to do our bit to keep the community safe and I will be better next time.”</p> <blockquote style="background: #FFF; border: 0; border-radius: 3px; box-shadow: 0 0 1px 0 rgba(0,0,0,0.5),0 1px 10px 0 rgba(0,0,0,0.15); margin: 1px; max-width: 540px; min-width: 326px; padding: 0; width: calc(100% - 2px);" class="instagram-media" data-instgrm-permalink="https://www.instagram.com/p/CGRVvxjB97s/?utm_source=ig_embed&amp;utm_campaign=loading" data-instgrm-version="13"> <div style="padding: 16px;"> <div style="display: flex; flex-direction: row; align-items: center;"> <div style="background-color: #f4f4f4; border-radius: 50%; flex-grow: 0; height: 40px; margin-right: 14px; width: 40px;"></div> <div style="display: flex; flex-direction: column; flex-grow: 1; justify-content: center;"> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; margin-bottom: 6px; width: 100px;"></div> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; width: 60px;"></div> </div> </div> <div style="padding: 19% 0;"></div> <div style="display: block; height: 50px; margin: 0 auto 12px; width: 50px;"></div> <div style="padding-top: 8px;"> <div style="color: #3897f0; font-family: Arial,sans-serif; font-size: 14px; font-style: normal; font-weight: 550; line-height: 18px;">View this post on Instagram</div> </div> <p style="color: #c9c8cd; font-family: Arial,sans-serif; font-size: 14px; line-height: 17px; margin-bottom: 0; margin-top: 8px; overflow: hidden; padding: 8px 0 7px; text-align: center; text-overflow: ellipsis; white-space: nowrap;"><a style="color: #c9c8cd; font-family: Arial,sans-serif; font-size: 14px; font-style: normal; font-weight: normal; line-height: 17px; text-decoration: none;" rel="noopener" href="https://www.instagram.com/p/CGRVvxjB97s/?utm_source=ig_embed&amp;utm_campaign=loading" target="_blank">A post shared by Ash Barty (@ashbarty)</a></p> </div> </blockquote> <p>Barty has spent the last 10 months in Queensland where restrictions are much more relaxed than they are in Melbourne.</p> <p>She's making her first on-court appearance since last February alongside Serena Williams, Simona Halep, Naomi Osaka and men's legends Rafael Nadal and Novak Djokovic next Friday.</p> <p>She can't wait to return to the court.</p> <p>“We are so lucky in Australia to have a home grand slam; the support of the Australian fans means the world to me and I always want to do well here,’‘ Barty said.</p> <p>“I understand this year will be different in many respects but I hope I can do the local fans proud.</p> <p>“The circumstances around this year’s event are definitely challenging and I understand the frustration of all the players who have had to quarantine.</p> <p>“But keeping Melburnians safe and making sure we put health first has to be the priority.”</p> </div> </div> </div> </div> </div> </div>

News

Placeholder Content Image

Hackers are getting smarter by targeting councils and governments

<p>In recent weeks, <a href="https://www.zdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang/">Johannesburg’s computer network was held for ransom</a> by a hacker group called Shadow Kill Hackers. This was the <a href="https://www.bbc.com/news/technology-49125853">second time</a> in three months a ransomware attack has hit South Africa’s largest city. This time, however, hackers didn’t pose the usual threat.</p> <p>Rather than denying the city <a href="https://www.hkcert.org/ransomware.hk/ransomware-basic.html">access to its data</a>, the standard blackmail in a ransomware attack, they threatened to publish it online. This style of attack, known as <a href="https://en.wikipedia.org/wiki/Ransomware#Leakware_(also_called_Doxware)">leakware</a>, allows hackers to target more victims in a single attack – in this case the city’s citizens.</p> <p>The latest Johannesburg attack was the second leakware attack of this type ever recorded, and a similar attack could hit Australia soon. And although our current cyberattack defences are more advanced than many countries, we could be taken by surprise because of the unique way leakware operates.</p> <p><strong>A new plan of attack</strong></p> <p>During the Johannesburg attack, city employees received a computer message saying hackers had “compromised all passwords and sensitive data such as finance and personal population information”. In exchange for not uploading the stolen data online, destroying it and revealing how they executed the breach, the hackers demanded four bitcoins (worth about A$52,663) - “a small amount of money” for a vast city council, they said.</p> <p><em><a href="https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/299645/original/file-20191031-187903-1ykyg4q.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /></a> <span class="caption">The hacker group operated a Twitter account, on which they posted a photo showing the directories they had access to.</span> <span class="attribution"><span class="source">ShadowKillGroup/twitter</span></span></em></p> <p>In this case, access to data was not denied. But the threat of releasing data online can put enormous pressure on authorities to comply, or they risk releasing citizens’ sensitive information, and in doing so, betraying their trust.</p> <p>The city of Johannesburg decided <a href="https://coingeek.com/we-shall-not-pay-the-ransom-johannesburg-tells-hackers/">not to pay the ransom</a> and to restore systems on its own. Yet we don’t know whether the data has been released online or not. The attack suggests cybercriminals will continue to experiment and innovate in a bid to defeat current prevention and defence measures against leakware attacks.</p> <p><a href="https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/299644/original/file-20191031-187898-hhld2p.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" alt="" /></a> <span class="caption">This login screen message was displayed on computers in Johannesburg following the attack.</span> <span class="attribution"><span class="source">pule_madumo/twitter</span></span></p> <p>Another notable leakware attack happened a decade ago against the US state of Virginia. <a href="https://www.govtech.com/security/Cyber-Criminal-Demands-10-Million.html">Hackers stole</a> prescription drug information from the state and tried obtaining a ransom by threatening to either release it online, or sell it to the highest bidder.</p> <p><strong>When to trust the word of a cybercriminal?</strong></p> <p>Ransomware attack victims face two options: <a href="https://www.sciencedirect.com/science/article/pii/S1361372316300367">pay, or don’t pay</a>. If they choose the latter, they need to try other methods to recover the data being kept from them.</p> <p>If a ransom is paid, criminals will often decrypt the data as promised. They do this to encourage compliance in future victims. That said, paying a ransom <a href="https://www.bleepingcomputer.com/news/security/paying-the-coverton-ransomware-may-not-get-your-data-back/">doesn’t guarantee the release or decryption of data</a>.</p> <p>The type of attack experienced in Johannesburg poses a new incentive for criminals. Once the attackers have stolen the data, and have been paid the ransom, the data still has extractive value to them. This gives them <a href="https://arxiv.org/pdf/1707.06247.pdf">duelling incentives</a> about whether to publish the data or not, as publishing it would mean they could continue to extort value from the city by targeting citizens directly.</p> <p>In cases where victims decide not to pay, the solution so far has been to have strong, separate and updated <a href="https://www.csoonline.com/article/3331981/how-to-protect-backups-from-ransomware.html">data backups</a>, or use one of <a href="https://www.nomoreransom.org/en/index.html">the passkeys available online</a>. Passkeys are decryption tools that help regain access to files once they’ve been held at ransom, by applying a repository of keys to unlock the most common types of ransomware.</p> <p>But these solutions don’t address the negative outcomes of leakware attacks, because the “<a href="https://www2.deloitte.com/content/dam/Deloitte/bm/Documents/risk/cayman-islands/2017%20Deloitte%20-%20Taking%20data%20hostage%20-%20The%20rise%20of%20ransomware.PDF">hostage</a>” data is not meant to be released to the victim, but to the public. In this way, criminals manage to innovate their way out of being defeated by backups and decryption keys.</p> <p><strong>The traditional ransomware attack</strong></p> <p>Historically, <a href="https://www.techopedia.com/definition/4337/ransomware">ransomware attacks denied users access to their data, systems or services</a> by locking them out of their computers, files or servers. This is done through obtaining passwords and login details and changing them fraudulently through the process of <a href="https://en.wikipedia.org/wiki/Phishing">phishing</a>.</p> <p>It can also be done by encrypting the data and converting it to a format that makes it inaccessible to the original user. In such cases, criminals contact the victim and pressure them into paying a ransom in exchange for their data. The criminal’s success depends on both the value the data holds for the victim, and the victim’s inability to retrieve the data from elsewhere.</p> <p>Some cybercriminal groups have even developed complex online “<a href="https://www.computerworld.com/article/3173698/ransomware-customer-support-chat-reveals-criminals-ruthlessness.html">customer support</a>” assistance channels, to help victims buy cryptocurrency or otherwise assist in the process of paying ransoms.</p> <p><strong>Trouble close to home</strong></p> <p>Facing the risk of losing sensitive information, companies and governments often pay ransoms. This is <a href="https://www.synergetic.net.au/ransomware-attacks-on-the-rise-in-australia/">especially true</a> in Australia. Last year, 81% of Australian <a href="https://www.synergetic.net.au/ransomware-attacks-on-the-rise-in-australia/">companies</a> that experienced a cyberattack were held at ransom, and 51% of these paid.</p> <p>Generally, paying tends to <a href="http://www.rmmagazine.com/2016/05/02/ransomware-attacks-pose-growing-threat/">increase the likelihood</a> of future attacks, extending vulnerability to more targets. This is why ransomware is a rising global threat.</p> <p>In the first quarter of 2019, <a href="https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf">ransomware attacks went up by 118%</a>. They also became more targeted towards governments, and the healthcare and legal sectors. Attacks on these sectors are now more lucrative than ever.</p> <p>The threat of leakware attacks is increasing. And as they become more advanced, Australian city councils and organisations should adapt their defences to brace for a new wave of sophisticated onslaught.</p> <p>As history has taught us, it’s <a href="https://www.theguardian.com/australia-news/2019/oct/01/systems-shut-down-in-victorian-hospitals-after-suspected-cyber-attack">better to be safe</a> than sorry.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;" src="https://counter.theconversation.com/content/126190/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: http://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/roberto-musotto-872263">Roberto Musotto</a>, Cyber Security Cooperative Research Centre Postdoctoral Fellow, <a href="http://theconversation.com/institutions/edith-cowan-university-720">Edith Cowan University</a> and <a href="https://theconversation.com/profiles/brian-nussbaum-874786">Brian Nussbaum</a>, Assistant Professor at College of Emergency Preparedness, Homeland Security and Cybersecurity, <a href="http://theconversation.com/institutions/university-at-albany-state-university-of-new-york-1978">University at Albany, State University of New York</a></em></p> <p><em>This article is republished from <a href="http://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/hackers-are-now-targeting-councils-and-governments-threatening-to-leak-citizen-data-126190">original article</a>.</em></p>

Technology

Placeholder Content Image

What to do if your data has been hacked

<p>Unless you’ve been staying offline – in which case you won’t even be reading this piece – chances are you’ve got some information stored online.</p> <p>From basic ones like your name and address to something more personal like your health data, date of birth or credit card details.</p> <p>It’s become so common that we sometimes don’t even think twice about keying in these bits of info whenever we start a new account.</p> <p>Unfortunately, that means there’s a fair bit of data about us that can be stolen online, sometimes through no fault of our own.</p> <p>Take, for example, the recent SingHealth breach in Singapore where the hackers accessed the information of 1.5 million people, including Prime Minister Lee Hsien Loong.</p> <p>And then there’s the Facebook fiasco earlier this year where the data of 87 million people around the world was improperly shared with British political consulting firm, Cambridge Analytica.</p> <p>Having your data stolen is the digital equivalent of losing your wallet – and will give you an equally big headache.</p> <p>As long as there is information about you available online, you are vulnerable.</p> <p>The concern is, we never quite know in what way our data will be used against us down the road once it gets in the hands of hackers.</p> <p>If you’ve ever had your data stolen, here are 5 things you should immediately do in order to minimise the damage:</p> <p><strong>1. Find out what was stolen</strong></p> <p>You will be informed via email, mail or text message if your data was stolen and what was likely accessed.</p> <p>Is it just your login credentials or did the thieves get away with your credit card and identity card info?</p> <p>Take note, however, that scammers can also take advantage of situations like these and send you a phishing email or text message to try and get your personal information.</p> <p>These can look and sound like they come from the official company but are actually fraudulent.</p> <p>To be safe, don’t clink on any links provided.</p> <p>Just head straight to the company’s website to find out how you can get help.</p> <p><strong>2. Change your login information</strong></p> <p>Change your login credentials, such as your username and password, for the affected site.</p> <p>Then log in to other sites that use the same login information and change those too.</p> <p>Hackers will use the same login information across different websites to try and gain access as many people tend to reuse usernames and passwords.</p> <p><strong>3. Change your security questions</strong></p> <p>If you’ve provided the answers to several security questions, such as your mother’s maiden name, make sure to change these questions and answers as well.</p> <p>If a hacker has access to that compromised information, he can reset your passwords.</p> <p><strong>4. Check your credit card accounts</strong></p> <p>If your credit card information is one of the details that has been stolen, call your bank and let them know.</p> <p>You may want to be safe and ask to cancel the card and get a new one.</p> <p><strong>5. Update all your other online accounts</strong></p> <p>Use this opportunity to update all your logins and passwords for your different accounts. It’s best to use different passwords for different sites and services, so if information on one account has been compromised, it can’t be used to access other services.</p> <p>You don’t have to come up with completely different passwords, just a slight variation. Consider using a passphrase. For example, your password could be “ihtsosin2018”, which stands for “I have to stop online shopping in 2018”<em>.</em></p> <p><em>Written by Siti Rohani. This article first appeared in <a href="https://www.readersdigest.com.au/true-stories-lifestyle/thought-provoking/what-do-if-your-data-has-been-hacked">Reader’s Digest</a>. For more of what you love from the world’s best-loved magazine, <a rel="noopener" href="http://readersdigest.innovations.co.nz/c/readersdigestemailsubscribe?utm_source=over60&amp;utm_medium=articles&amp;utm_campaign=RDSUB&amp;keycode=WRN93V" target="_blank">here’s our best subscription offer</a>.</em></p>

Technology

Placeholder Content Image

Google Chrome security breach: Why your private passwords are at risk

<p><span style="font-weight: 400;">A new hack has alarmed people who use the internet browser Google Chrome as it has been revealed that anyone can gain access to your online passwords with a few simple clicks. </span></p> <p><span style="font-weight: 400;">All a hacker needs to do is just click in the right spots to gain access to your passwords.</span></p> <p><strong>How to unlock every password on Google Chrome</strong></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Open Google Chrome</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Click on the Menu (three dots icon in the top right corner of the browser window)</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Click Settings</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Under Autofill, click on Passwords.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">When asterisked passwords pop up, click on the eye symbol</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">In the Username and Password bar, enter the computer login</span></li> </ul> <p><span style="font-weight: 400;">It’s really that simple. </span></p> <p><strong>However, there are a few ways that you can protect yourself</strong></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Ensure no one knows your computer password</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Regularly change your password</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Avoid using password auto save or auto fill</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Ensure your computer locks after inactivity</span></li> </ul>

Technology

Placeholder Content Image

Millions of Facebook user records exposed in data breach

<p><span style="font-weight: 400;">Researchers at the cybersecurity firm UpGuard have said that they’ve discovered the existence of two datasets that contain the personal data of hundreds of millions of Facebook users.</span></p> <p><span style="font-weight: 400;">Both datasets were publicly accessible.</span></p> <p><span style="font-weight: 400;">UpGuard explained in a </span><a href="https://www.upguard.com/breaches/facebook-user-data-leak"><span style="font-weight: 400;">blog post</span></a><span style="font-weight: 400;"> how they connected the databases. They connected the first one to a Mexico-based media company called Cultura Colectiva, which contained over 146GB of data. This amounts to over 540 million Facebook user records.</span></p> <p><span style="font-weight: 400;">The user records include comments, likes, reactions, account names, Facebook user IDS and much more.</span></p> <p><span style="font-weight: 400;">The second leak was connected to an app that was integrated with Facebook called “At the pool” and had exposed around 22,000 passwords.</span></p> <p><span style="font-weight: 400;">“The passwords are presumably for the ‘At the Pool’ app rather than for the user’s Facebook account, but would put users at risk who have reused the same password across accounts,” UpGuard said.</span></p> <p><span style="font-weight: 400;">The second database contained information about users’ friends, likes, groups and locations where they checked in using the app.</span></p> <p><span style="font-weight: 400;">Both datasets were stored in unsecured Amazon S3 buckets and could have been accessed by anyone. Neither bucket was password protected, but since UpGuard have reported on the breach, they have either been taken offline or made more secure.</span></p> <p><span style="font-weight: 400;">UpGuard explained the difference in the datasets: “The data sets vary in when they were last updated, the data points present, and the number of unique individuals in each. </span></p> <p><span style="font-weight: 400;">“What ties them together is that they both contain data about Facebook users, describing their interests, relationships, and interactions, that were available to third party developers.”</span></p> <p><span style="font-weight: 400;">UpGuard then added: “As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users has been spread far beyond the bounds of what Facebook can control today.”</span></p> <p><span style="font-weight: 400;">Facebook were quick to work with Amazon to take down the databases and release a statement saying that they’ve done so:</span></p> <p><span style="font-weight: 400;">“Facebook’s policies prohibit storing Facebook information in a public database. Once alerted to the issue, we worked with Amazon to take down the databases. We are committed to working with the developers on our platform to protect people’s data.”</span></p> <p><span style="font-weight: 400;">However, the damage has already been done.</span></p> <p><span style="font-weight: 400;">UpGuard has warned users of the app to change their passwords and say that the breach “puts users at risk who have reused the same password across accounts.</span></p> <p><span style="font-weight: 400;">Have you been impacted by the breach? Let us know in the comments.</span></p>

Technology

Placeholder Content Image

Yahoo issues warning about email account breach

<p>Yahoo has warned its users of potentially malicious activity on their email accounts between 2015 and 2016.</p> <p>It is the latest development in the company’s investigation of the mega-breach that exposed one billion users’ data several years ago.</p> <p>Yahoo confirmed it was notifying users that their accounts had potentially been breached. They did not say how many people were affected.</p> <p>A warning message sent to Yahoo users overnight read: "Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account".</p> <p>The breach raises serious questions about Yahoo’s security.  </p> <blockquote class="twitter-tweet"> <p dir="ltr">Hopefully the cookie was forged by a state known for such delicacies. <a href="https://twitter.com/hashtag/yahoo?src=hash">#yahoo</a> <a href="https://twitter.com/hashtag/security?src=hash">#security</a> <a href="https://twitter.com/hashtag/baking?src=hash">#baking</a> <a href="https://t.co/7gCeEd3Y51">pic.twitter.com/7gCeEd3Y51</a></p> — Joshua B. Plotkin (@jplotkin) <a href="https://twitter.com/jplotkin/status/831908795488026625">February 15, 2017</a></blockquote> <p><strong>Related links:</strong></p> <p><span style="text-decoration: underline;"><strong><em><a href="http://www.oversixty.com.au/finance/money-banking/2017/02/pm-donated-almost-2-million-to-election-campaign/">PM accused of “buying” the election</a></em></strong></span></p> <p><span style="text-decoration: underline;"><strong><em><a href="http://www.oversixty.com.au/finance/money-banking/2017/02/prime-minister-malcolm-turnbull-to-scrap-major-political-entitlement/">Prime Minister Malcolm Turnbull to scrap major political entitlement</a></em></strong></span></p> <p><span style="text-decoration: underline;"><strong><em><a href="http://www.oversixty.com.au/finance/money-banking/2017/02/centrelink-staff-set-to-strike/">Centrelink staff prepare for major strike</a></em></strong></span></p>

Money & Banking