Connect with us

Technology

Telegraph newspaper exposes 10TB of server, user data online • The Register

Voice Of EU

Published

on

The Telegraph newspaper managed to leak 10TB of subscriber data and server logs after leaving an Elasticsearch cluster unsecured for most of September, according to the researcher who found it online.

The blunder was uncovered by well-known security researcher Bob Diachenko, who said that the cluster had been freely accessible “without a password or any other authentication required to access it.”

After sampling the database to determine its owner, Diachenko saw the personal details of at least 1,200 Telegraph subscribers along with a substantial quantity of internal server logs, he told The Register.

“A significant portion of the records were unencrypted,” he said. Screenshots he provided showed information including the user-agent string and device type, while categories of personal data included subscribers’ first and last names, email addresses, subscriber status, IP addresses and device type and operating system.

Affected users “should be on the lookout for targeted phishing and scams,” Diachenko advised. “Names and emails in the database can be used to send readers targeted scam messages.”

Aside from potential scam emails, the risk from this breach is relatively low unless having your news-reading habits collated in one place might cause professional embarrassment: Diachenko highlighted that in the data sample he viewed were a handful of gov.uk email addresses.

We have asked the Telegraph whether it has notified affected subscribers and will update this article if the media organisation responds. It appears to have told the researcher that “only a small number of records were exposed – less than 0.1 per cent of our users and we have contacted all the users to advise them.”

Diachenko said he found the Elasticsearch cluster on 14 September, eventually getting the attention of the Telegraph which closed off public access two days later. He theorised that it had been exposed online for most of September.

Unsecured Elasticsearch clusters are relatively common ways for personal or sensitive data to be exposed to the wider world. At the same time as Diachenko reckoned the Telegraph’s cluster became publicly accessible, Indonesian authorities were investigating a million leaked records that originated from an Elasticsearch installation powering its eHAC vaccine passport app. Microsoft managed to do something similar with 6.5TB of Bing search data a year ago.

Similarly, Diachenko himself – an expert in finding unsecured databases online – spotted 106 million travellers’ details freely accessible online through a data store in Thailand. That contained 10 years of travel history relating to people entering and leaving the nation.

With the rise in the 2010s of dedicated search engines such as Censys and Grayhat Warfare, it has become ever easier for researchers to find data stores that aren’t properly secured and draw their owners’ attention to them. Unfortunately, that also means nefarious people can use the same tools to extract their contents.

Elasticsearch itself made a foray into the security market a couple of years ago, launching its own SIEM product after seeing others building similar suites on top of its database technology. ®

Source link

Technology

New EU law may force big messaging vendors to open up • The Register

Voice Of EU

Published

on

The European Parliament’s new Digital Markets Act, adopted as a draft law this week, could compel big platforms owned by large firms including Apple, Google, and Facebook to make their tech interoperable.

Among other things, this might mean forcing the tech vendors’ messaging apps to allow communication with other services.

If the EU deems a company to be what it calls a “gatekeeper”, it could impose “structural or behavioural remedies” – compelling the largest outfits to allow interoperability, or imposing fines. The Act would also restrict what companies could do with personal data – not the first time it’s tried.

While the legislation carefully phrases the characteristics that make a company a gatekeeper in terms of its operations inside the EU, the fines are assessed against global revenue. It applies to companies that provide a “core platform service” in at least three EU nations, with more than 45 million monthly users and 10,000 business users. In money terms, it’s talking about €8bn a month inside the union, and a market cap of 10 times that.

A potential get-out is that it applies to “number-independent interpersonal communication services” – so services that identify you by your phone number rather than an account, such as Whatsapp, Telegram, Signal, and the like, might be able to dodge the new rules, which won’t come into force for a year or two.

As we pointed out a week ago, services already exist that can talk to most vendors’ proprietary offerings. Nothing technical prevents this and many of the services talked to one another in the past.

For example, Apple’s iMessage originally used AOL’s OSCAR protocol, and AOL allowed authentication using Gmail credentials. Google’s Chat, Talk, and Hangouts, and Facebook Messenger, all used the Extensible Messaging and Presence Protocol or XMPP – to and from which Skype offered a gateway.

As far as the phone number-based systems go, there’s also an existing standard for internet-based SMS – not that anybody cares. ®

Source link

Continue Reading

Technology

What happens when we ‘power through’ burnout?

Voice Of EU

Published

on

Employers know that burnout levels are increasing, but it’s important to step in and tackle it head on before it’s too late.

A recent survey from HRLocker found that more than half (52pc) of respondents are experiencing burnout.

The company surveyed 1,000 full-time employees across Ireland to assess their stress levels and the primary causes of stress.

Click here to check out the top sci-tech employers hiring right now.

This is common thread with many other surveys and reports from around the world suggesting a significant increase in stress, exhaustion and burnout among the global workforce.

Another recent survey, this one of US workers, found that 89pc of respondents reported experiencing burnout over the past year.

While it’s easy to acknowledge that this increase in burnout is a problem, it’s a very different thing to take steps to actually address it, whether you’re an employee on the verge of crashing or a manager starting to notice the signs among your team.

Burnout is classified by the World Health Organization as a “occupational phenomenon”. While this can seem problematically vague for those who are experiencing it, Prof John Gallagher, chief medical officer at Cork-based Cognate Health, sees it from a different perspective.

He said that because burnout is considered a workplace phenomenon, it is not so much about the individual as much as it is about the impact that the workplace environment has on them.

“We can support the individual, but the real question is how do we fix the workplace and the impact it is having on the employee?”

‘The blurring of the lines between work and life has had an impact’
– DR SARAH O’NEILL

Many people will be familiar with the symptoms of burnout, which include profound exhaustion, cynicism about work, decreased productivity and extreme emotions.

However, it’s also worth noting that some people are more prone to burnout than others. “More often than not these are the more idealistic, committed and dedicated employees,” said Gallagher.

Dr Sarah O’Neill, chartered psychologist and chief clinical officer at Spectrum Life, agrees that it can often affect the most high-achieving employees. However, she said there are other people who can be prone to burnout too.

“People can also experience ‘bore-out’ when they are in a role that is dull, repetitive and there is a distinct lack of stimulation. The third common iteration is when people become worn down over a period of time,” she said.

“While the first example may be much more aligned with what we think of when we imagine burnout, the end result is the same.”

When the elastic band snaps

Burnout occurs when there are unusual levels of pressure or stress over a prolonged period of time. Those who start to suffer the symptoms will most likely have been ‘on’ for a long time with no opportunity to rest and recover.

“Think about an elastic band,” said O’Neill. “They stretch and bounce back. If the band is stressed, stretched out without the opportunity to bounce back and reset, overtime it loses its stretch. You can think about stress this way. Then burnout is when the band eventually snaps.”

Often, employees don’t mean to ignore their own health. Even the overachievers would rather reap the rewards that come with rest and recovery, which are higher energy levels, more productivity and better focus.

But sometimes an ongoing stressful period seems never-ending, like during a pandemic for example, and it can feel impossible to find the time to actually stop and take a break. You might just feel like you have to power through your stress in the hope that you’ll make it to the end of the tunnel.

However, it is this ‘powering through’ that will directly result in burnout. While it’s important for employees to be aware of this, Gallagher said it’s vital that employers and managers know when to step in.

“What employers and managers will see if an issue isn’t addressed is that the person will pull back and distance themselves from their work, become more cynical and ultimately disengage from the workplace completely. The physical symptoms are similar to those seen across other mental health issues such as feelings of exhaustion and weariness, as well as bowel and stomach problems,” he said.

“It’s important that managers engage with employees early once they see any of these warning signs and that they check in to see if the person is OK. Often the people that are most likely of experiencing burnout are those who take on more and more work without raising any red flags about their mental health and ability to cope.”

O’Neill agreed that early intervention is key but that it’s also important that managers understand how each member of the team responds to stress and pressure within the workplace.

“It’s critical for managers to know their teams well enough to recognise when something is off. That makes it possible to mitigate issues before they progress too far by managing an employee’s workload and having open conversations with them about the mental wellbeing,” she said.

The pandemic effect

Burnout has been a concern for employers and employees for several years now but, as we have seen from recent surveys and reports, the pandemic has likely compounded the stressors that can bring about burnout.

O’Neill said there has been a 30pc increase in people presenting with burnout compared to pre-pandemic trends.

“The blurring of the lines between work and life has had an impact and we’re seeing pretty consistent results from research where employees are identifying blurring of boundaries impacting their mental health.”

Gallagher has seen a similar increase, including increased incidences of anxiety and depression.

“It would seem that mental health concerns will be at the core of our work in occupational health for the foreseeable future. There are the more obvious reasons for this – increased feelings of isolation, loneliness, disconnection from people, as well as the general stress and anxiety of living during a global health crisis,” he said.

“But this is all compounded by the fact that it is easier to hide any issues from your colleagues and employers while working remotely and being less connected in real life.”

However, it’s not all bad news. O’Neill also said there are some positives to be gleaned from the pandemic when it comes to mental health. “We have collectively lived through a traumatic time which has, at its best, given us a new perspective on our lives. The theory of post-traumatic growth shows how a difficult experience can shift your values and your perspective on different situations in life, allowing you to move through them and grow as a result.”

Employers’ duty of care

While it’s important for employees to watch out for signs of burnout in themselves, both O’Neill and Gallagher agree that managers have a duty of care when it comes to workplace risks for their employees and these risks must include psychosocial risks.

“What I always say is that managers and employers need to ‘ask, don’t assume’ when it comes to discussing mental health concerns. We can’t assume a person is dealing with an issue and we can’t leave them to handle it by themselves. Managers need to reach out to employees and ask them how they are doing, especially if there have been any warning signs,” said Gallagher.

“Sometimes employers and managers prefer to pull back when an employee appears to be dealing with a mental health issue but that is when we need to lean in and address it openly and directly.”

‘We need to ask ourselves why employees are more comfortable saying that they are having issues with their physical health as opposed to their mental health’
– JOHN GALLAGHER

O’Neill said it’s also important to look at the supports in place for teams, such as an employee assistance programme, and examine whether or not they are sufficient.

“We know people are increasingly experiencing mental health distress, that impacts them in the workplace and the mental healthcare system is, like many parts of the health service, overwhelmed by demand,” she said.

“Even if mental health distress is not a work-related issue, it can be in the interests of companies to provide support to employees from both a cultural and business perspective.”

While having support systems in place are vital, Gallagher highlighted the fact that the area of mental health can still be highly stigmatised. “While we have seen great developments to date, there needs to be an increased effort made to eradicate any stigma around mental health in the workplace,” he said.

“We need to ask ourselves why employees are more comfortable saying that they are having issues with their physical health as opposed to their mental health – we still see employees asking for their medical certs to say they are suffering from back pain rather than stress, anxiety or depression. We need to cultivate an environment where employees are as comfortable saying they need time to care for their mental health as they are saying they need time to prioritise their physical health.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Technology

Best podcasts of the week: the life and death of Diego Maradona | Podcasts

Voice Of EU

Published

on

Picks of the week

The Last Days of Maradona
“Everyone – fans and non-fans alike – must have asked themselves: how did Maradona’s life end the way it did?” Thierry Henry narrates this podcast about the football legend’s death at the age of 60 in 2020 – part forensic investigation, part homage to his greatness. In a novel twist – and perhaps a sign of things to come for podcasting – the series is also available in French, Spanish, Portuguese and Italian, via a series of hosts. Hannah J Davies

I’m Not a Monster
Listeners were captivated by the case of Indiana mother Sam Sally and how she ended up at the heart of the Islamic State caliphate. Now, host Josh Baker is back for two new follow-up episodes. He answers listeners’ questions – and heads back to Iraq. Hannah Verdier

Twenty Thousand Hertz
More offbeat sonic discoveries in a miniseries from the long-running audio show. It’s Not TV, it’s HBO, tells the story of the network’s bombastic 80s theme song as well as its iconic – if more understated – “static angel” sound, as heard before everything from The Sopranos to Sex and the City. HJD

Behind the Wand
More than 20 years after Harry Potter’s first film adaptation, Potterheads are still looking to learn something new about the wizarding world. Here, Emma
Watson’s body double Flick Miles takes us behind the scenes with crew members. It’s not as exciting as, say, the upcoming TV reunion, but fans might enjoy the nitty gritty details about how the story came to life on the big screen. Hollie Richardson

Even the Rich: Murder in the House of Gucci
With Lady Gaga and Adam Driver ’s new film throwing the spotlight on to the Gucci dynasty, this podcast tells the story of the family’s humble beginnings. Brooke Siffrinn and Aricia Skidmore-Williams bring their gloriously salacious tone to the tale, from observing Guccio Gucci’s knowledge of luggage to analysing Patrizia Reggiani’s controversial white fur school coat. HV

Sunny delight ... Rob McElhenney, Glenn Howerton, Kaitlin Olson, Danny DeVito and Charlie Day on the set of It’s Always Sunny In Philadelphia.
Sunny delight … Rob McElhenney, Glenn Howerton, Kaitlin Olson, Danny DeVito and Charlie Day on the set of It’s Always Sunny In Philadelphia. Photograph: Michael Buckner/Getty Images

Chosen by Danielle Stephens

There is always a risk in learning how something you adore is made. That’s why I was slightly apprehensive to listen to The Always Sunny podcast, which launched earlier this month. The premise is simple: each week, the geniuses behind the hit show It’s Always Sunny in Philadelphia sit down to bring us insider knowledge on how every episode came to be, starting all the way back in 2005.

The worry is that your favourite (terrible) characters are somehow played by an unfunny trio, but Rob McElhenney, Charlie Day and Glenn Howerton allay any fears early on, making one another laugh as much as you might imagine. The scoring is the same as the show, and sound design is nonexistent, so the content needs to carry – which it does. For true fans, it’s a must listen, as we hear how they developed ideas; the stumbling blocks they encountered; and, most interestingly, some of the things they regret with hindsight.

Talking points

  • As podcasts evolve, expect to see even more boundary-blurring with other creative mediums. A case in point: US culture show How Long Gone will release a double-CD album via Jagjaguwar on 17 December, featuring about releases from the record label’s other acts, including Moses Sumney, Dinosaur Jr and Angel Olsen.

  • Why not try: Close to Death | Is This Working? | Sh***hole Country

Get in touch

If you have any questions or comments about Hear Here or any of our newsletters please email newsletters@theguardian.com

Sign up to the Guide, our weekly look at the best in pop culture

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!