Security Longreads — Issue

September 19, 2014

Issue #17

With a wealth of security reading available, the Security Longreads weekly e-mail is designed to highlight particularly interesting longer reads. Our “Security Reads” covers topics related to Information Security while our “Other Reads” are topics that have nothing to do with security but could be of interest to Information Security professionals.

Did someone forward this to you? Sign up at jayschulman.com.

Security Reads

Breach at Goodwill Vendor Lasted 18 Months — Krebs on Security

C&K Systems Inc., a third-party payment vendor blamed for a credit and debit card breach at more than 330 Goodwill locations nationwide, disclosed this week that the intrusion lasted more than 18 months and has impacted at least two other organizations.

Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying | WIRED

The best hope of shielding your metadata from the NSA was invented by a middle-school dropout in his spare time.

On August 29, Popular Science published a map of interceptor towers — surveillance devices that masquerade as cell phone towers to intercept voice and data transmissions from every cell user in an area. 19 of the interceptors were found in the United States in August, and two more popped up on September 5: one in Garden City, NY, and another in downtown Las Vegas. They were spotted by owners of the CryptoPhone 500 device, a roughly $3,500 ultra-high-end phone that allows ordinary, if well-heeled, citizens to see surveillance invisible to standard phones.

Medical Records For Sale in Underground Stolen From Texas Life Insurance Firm — Krebs on Security

This week, KrebsOnSecurity discovered medical records being sold in bulk for as little as $6.40 apiece. The digital documents, several of which were obtained by sources working with this publication, were apparently stolen from a Texas-based life insurance company that now says it is working with federal authorities on an investigation into a possible data breach.

Reads by Jay

On 10 Weeks of Security Longreads | Jay S Schulman

A retrospective on creating 10 weeks of the Security Longreads newsletter.

Other Reads

With Tech Taking Over in Schools, Worries Rise — NYTimes.com

Parent groups and privacy advocates are challenging the practices of an industry built on data collection, and California has passed wide-ranging legislation protecting students’ personal information.

CS50 Logs Record-Breaking Enrollment Numbers | News | The Harvard Crimson

Nearly 12 percent of Harvard College is enrolled in a single course, according to data released by the Faculty of Arts and Sciences Registrar’s Office on Wednesday.

The course, Computer Science 50: “Introduction to Computer Science I,†attracted a record-breaking 818 undergraduates this semester, marking the largest number in the course’s 30-year history and the largest class offered at the College in the last five years.

Shenzhen trip report — visiting the world’s manufacturing ecosystem — Joi Ito’s Web

We started in the section of the market where people were taking broken or trashed cellphones and stripping them down for all of the parts. Any phone part that conceivably retained functionality was stripped off and packaged for sale in big plastic bags. Another source of components seemed to be rejected parts from the factory lines that were then repaired, or sheets of PCBs in which only one of the components had failed a test. iPhone home buttons, wifi chipsets, Samsung screens, Nokia motherboards, everything. bunnie pointed to a bag of chips that he said would have a street value of $50,000 in the US selling for about $500. These chips were sold, not individually, but by the pound. Who buys chips by the pound? Small factories that make all of the cellphones that we all buy ‘new’ will often be short on parts and they will run to the market to buy bags of that part so that they can keep the line running. It’s very likely that the ‘new’ phone that you just bought from ATT has ‘recycled’ Shenzhen parts somewhere inside.

Thanks! Longreads is published every Friday, just in time for the weekend.

Comments to [longreads@jayschulman.com](mailto = longreads@jayschulman.com).

Collect and curate content easily for brilliant newsletters. Try Goodbits for free!