Issues Roundup: open wifi, losing Melbourne and poor ethics in infosec

Kia ora kōtou (yay, my keyboard FINALLY debugged my macron issue) and welcome to the issues team's weekly update on the access, use and trust articles that have caught our eye.

Italians asked to open up their wifi

One interesting aspect of post-natural disaster rescue work is the need for connectivity. Search & Rescue teams obviously take communications tools with them, but that doesn't mean that local Internet networks, if still functioning, aren't useful.

In Italy, the red cross has been asking locals to turn off their password protection on their home wifi to make it easier for rescuers to communicate and access the Internet. This is an excellent example of how the Internet really is very important across all facets of society, and how sharing is a good example of caring.

For those back home in Aōtearoa, don't forget that the Red Cross has an app which can send out hazard alerts.

Microsoft loses part of Melbourne

This week some of our colleagues are over in Melbourne for the ANZIAs, so this story caught my eye (as well as caused an eyeroll).
Sometimes data ingestion goes wrong. Either something's been transposed somewhere in the database or maybe you've accidentally used the wrong dataset? Well Bing Maps just covered itself in glory by using wikipedia as one of its data sources. Yes, wikipedia, the online, editable site that every 1st-year lecturer cautions their students not to use as a reference in essays.

This became public as Bing Maps misplaced Melbourne, putting the city in the wrong hemisphere because someone edited it longitude and missed of the "-" at the front. So let this be a cautionary tale on two fronts:
wikipedia is not an authoritative or reliable reference place for data sets or research. Online maps are an important part of how people get around these days. They can be essential in an emergency. Companies need to take this responsibility seriously.

Shorting stock and using Security vulnerabilities for profit

Fair warning: this story really aggravates me for reasons that will become clear.
A small medical device security firm found some vulnerabilities in pacemakers and defibrillators made by a single manufacturer. Rather than disclosing the vulnerabilities (like any researcher with a social conscience would do), these greedy, low-on-ethics idiots went to an investment firm and 'shorted' the manufacturer's stock (they make money if their stock goes down), worked with the investment firm to release an alert to investors about the vulnerabilities, hyping up the vulnerabilities as far as the could to ensure stock would drop.

This is so far from acceptable practice I'm feeling my heart rate rise just typing about this story. As the primary author for New Zealand's only guidelines on coordinated disclosure (where researchers and vendors work together in-confidence to fix vulnerabilities) I take this kind of unscrupulous behaviour pretty personally. Thankfully here in Aōtearoa no-one tries this , nor should they. Vulnerabilities should be identified and then fixed - if the vendor runs a bug bounty, all the better, but vulnerability finders should be doing the right thing...

Japan hopes to recycle phones into medals

And finally from the "cool" file, the 2020 olympics are going to be in Japan (Tokyo to be specific) and the organisers are hoping to use Japan's "eWaste" to smelt medals for the olympics.
Seems like a cool idea, especially for a country with as many high-tech manufacturer as Japan.

That's it for us this week. Take care and be excellent to one another.