Welcome to Codebook, the cybersecurity newsletter with two new siblings on the way (see below).
Tips? Feel free to reply to this email.
Email awareness: The Axios newsletter family is growing.
Photo: Martin Barraud/Getty Images
The U.S. Chamber of Commerce has published a list of principles it hopes the government will follow for federal data privacy legislation — marking the rare occasion on which the business advocacy group is proposing, rather than fighting, regulation of its constituents.
The big picture: Tim Day, senior vice president of the Chamber Technology Engagement Center, which compiled the chamber's proposal, acknowledged to Codebook that this is a defensive move.
The chamber's proposals emphasize simplicity and uniformity across industries and localities. That may not prove easy in a nation that's never been simple or uniform.
But privacy advocates argue that the relative ease with which states can pass these laws is valuable because federal rulemaking is so slow.
"If you lose the state laws, you don’t just lose the substance of those laws. You lose the states' agility," says Laura Moy, executive director of Georgetown University's Center on Privacy & Technology.
The U.S. regulates privacy differently in each industry, unlike the rest of the world, with a different standard for health care than for retail. The chamber hopes to trim that to a single standard.
The details: The chamber also wants to require any enforcement to be based on “concrete harm.”
Hackers can easily clone key fobs on Model S Teslas sold before June, according to researchers at KU Leuven university in Belgium. To prevent an attack, owners of older Teslas can either now set their cars to require a PIN before starting or replace their fobs with the souped-up new one.
The details: As the researchers outlined to Wired, the old key fobs used 40-bit encryption. "40-bit" describes the size of the cryptographic key used to secure the system. Each bit makes it exponentially more difficult to hack.
Be smart: If you have a Model S, set up a PIN or get a new fob.
In a unque bit of synchronicity, Palo Alto's Unit 42 research group discovered that a network of hacked computers (known as a botnet) was spreading through the Apache Struts vulnerability used in the massive Equifax breach almost a year to the day of that breach.
On Sunday, Unit 42 announced finding a first-of-its-kind Mirai botnet targeting unpatched versions of Struts.
Photo: Nehru Sulejmanovski / EyeEm via Getty Images
Schneider Electric, a major provider of the systems that control industrial plants, announced last month that some of its products were shipped with malware-infected USB drives containing documentation and non-essential software.
What they're saying: "Schneider Electric has determined that some USB removable media shipped with the Conext Combox and Conext Battery Monitor products were contaminated with malware during manufacturing by one of our suppliers," the firm wrote in an advisory dated Aug. 24.
The details: According to the advisory, the malware appears to be the sort that a typical antivirus program can identify.
Correction: In the previous newsletter, a story on Equifax cited a report by Reuters that the Consumer Financial Protection Bureau halted its investigation in Equifax. The CFPB disputed that report and said the investigation is ongoing.