A Few News Items that Pissed Me Off

There were several stories this past few weeks that just sort of … well I’ll just say it … pissed me off. I know that’s not too professional of me but it just gets my blood boiling. Companies just seem to be doing the wrong thing lately. Whether it be changing their terms of service (ToS) or downplaying potential serious vulnerabilities, everyone is taking the sleazeball way out instead of standing up and fixing their security problems.

Sony’s New ToS: As a fallout of all their recent breaches the good lawyers over at Sony decided to update their ToS forcing users to waive their right to take part in class action lawsuits. Really? Instead of spending the millions of dollars on their lawyer brigade, they should have spent it on rehiring the security monitoring staff they laid off and invested in strengthening their security posture. On the other hand they do provide the option to opt-out. You just have to write them a letter that includes “(1) YOUR NAME, (2) YOUR ADDRESS, (3) YOUR PSN ACCOUNT NUMBER, IF YOU HAVE ONE, AND (4) A CLEAR STATEMENT THAT YOU DO NOT WISH TO RESOLVE DISPUTES WITH ANY SONY ENTITY THROUGH ARBITRATION.” Now by letter I’m not talking about an email message … get this … we’re talking old-fashion paper, pen, envelope , and a stamp. Do they even sell stamps anymore? I jest… (original article)

Medtronic Response: As many of you may remember back in August at BlackHat, Jay Radcliffe wirelessly hacked his own insulin pump to demonstrate its inherent security weaknesses. A few weeks later after no response from the manufacture, Jay released their name as being Medtronic. Since then Congress has urged an investigation of these and similar wirelessly controlled pumps. Metronic responded saying that it’s a relatively low risk because patients would hear “beeping” if their pumps were being reprogrammed. I don’t have any personal experience with these devices but I’ve heard that they beep ALL THE F&#&NG TIME. As expected most people tune these beeps out after a while so the wireless attack surface still exists. (original article)

OnStar’s New Data Tracking: The folks over at OnStar have decided to update their ToS as well starting this December. The update included language stating that they can track your speed and location. Now this maybe makes sense for active subscribers as OnStar may need this data to assist if their users run into trouble. But get this … if choose to discontinue the service they still retain the right to collect this information. And even if you never signed up for OnStar they will still be tracking you. It get worse … they reserve the right to SELL this information in an anonymized format. WTF? This makes no sense for anyone – whether you are currently signed up for the service, have discontinued it, or never activated it. Could it get even more worse in terms of eroding our privacy? Maybe. Think FaceBook or ISPs being forced through court order to turn over account data to authorities as part of an investigation… What could OnStar be forced to turn over? The good news is that you don’t have to pull out a piece of paper, pen, envelope, and a stamp a la Sony … just call them at 1-888-4ONSTAR to opt-out. (original article)

#####

If these or any other recent news items gets your blood boiling too, vent with us by leaving a comment below. The post image is by Ed Padgett. See ya!

Related posts:

1. NSTIC Back in the News

Tags: breach, metronic, onstar, opt-out, sony, tos