recentpopularlog in

Weaverbird : security   263

« earlier  
The 'Surveillance Scores' Companies Use to Rip You Off Might Be Totally Illegal
Ultimately, the point is it’s impossible for consumers to avoid the harm inflicted by algorithms when one decides to charge them a different price or results in them receiving lousy customer service. All the evidence this is happening is stamped “Confidential and Proprietary,” and is shielded from the eyes of consumers by the very agency tasked with protecting them.

The FTC did not respond to a request for comment.
2019-07  surveillance  privacy  security  tech 
6 weeks ago by Weaverbird
Server image mystery in Georgia election security case
The case of whether hackers may have tampered with elections in Georgia has taken another strange turn.

Nearly two years ago, state lawyers in a closely watched election integrity lawsuit told the judge they intended to subpoena the FBI for the forensic image, or digital snapshot, the agency made of a crucial server before state election officials quietly wiped it clean. Election watchdogs want to examine the data to see if there might have been tampering, given that the server was left exposed by a gaping security hole for more than half a year.

A new email obtained by The Associated Press says state officials never did issue the subpoena, even though the judge had ordered that evidence be preserved, including from the FBI.
campaign2018  election  security  voting-rights  law  2019-07 
6 weeks ago by Weaverbird
Lisa Murkowski joins Mitch McConnell's opposition to election security proposals, setting up clash with House - CNNPolitics
"I'm not sure why we need to have one," Murkowski said when asked if she believed the Senate should advance an election security bill. "I know there are some who believe we have to do more election reform. I think some of it is calculated to add, I think, additional fuel to the Mueller report and the aftermath of that."
2019-06  election  security  congress  politics  voting-rights 
9 weeks ago by Weaverbird
How to defend your privacy online - The Boston Globe
Even as Amazon and the tech giants Facebook and Google scoop up every available fleck of our personal data, they insist they really care about privacy.

And they mean it, up to a point. These companies know that simmering public outrage about the abuse of our personal data is bad for business. So they’ve loaded their products and services with privacy features, trusting that most of us won’t use them.

They’re probably right. But if you’re one of the few who value privacy enough to do something about it, here’s a far-from-complete list of smart moves you can make to protect your data:
tech  privacy  security  data 
10 weeks ago by Weaverbird
It’s time to face the facts: Racism is a national security issue - The Washington Post
Ever since U.S. intelligence agencies reported that the Russian government worked to sway the 2016 election, foreign election meddling has been one of our nation’s top national security concerns. But our discussions about Russian interference rarely touch on the other major threat to our elections: the resurgence of state-sponsored voter suppression in the United States. In light of these disturbing new reports, it is clear we can no longer think of foreign election meddling as a phenomenon separate from attempts to disenfranchise Americans of color. Racial injustice remains a real vulnerability in our democracy, one that foreign powers are only too willing to attack.
racism  race  security  politics 
april 2019 by Weaverbird
Facebook Stored Millions of Passwords in Plaintext—Change Yours Now | WIRED
BY NOW, IT’S difficult to summarize all of Facebook’s privacy, misuse, and security missteps in one neat description. It just got even harder: On Thursday, following a report by Krebs on Security, Facebook acknowledged a bug in its password management systems that caused hundreds of millions of user passwords for Facebook, Facebook Lite, and Instagram to be stored as plaintext in an internal platform. This means that thousands of Facebook employees could have searched for and found them. Krebs reports that the passwords stretched back to those created in 2012.
2019-03  facebook  security  privacy  tech 
march 2019 by Weaverbird
The data brokers quietly buying and selling your personal information
You’ve probably never heard of many of the data firms registered under a new law, but they’ve heard a lot about you. A list, and tips for opting out.
tech  privacy  surveillance  data  security 
march 2019 by Weaverbird
The internet thinks I want dresses and I love it | ZDNet
When you go undercover on the internet, ad networks don’t know who you are, so you aren't targeted by ads. And the ads you do see totally miss the mark. It really reduces your online friction. Here’s how you can test your browser and do it, too.
tech  privacy  security  surveillance  data 
march 2019 by Weaverbird
Fighting the surveillance economy — A practical guide for individuals and companies
Listing all the ways our realities are being tracked by companies is a challenging task. Browsing history, decisions, clicks and taps were the start, then with the rapid adoption of smartphones, fitness trackers and IoT devices, it’s now the data on how often you hit the breaks in your car, what products you pick in the supermarket and what you say during intimate conversations in your bedroom. There is little going on in your life that at least one major corporation doesn’t know about. Data collection like this can be framed as inevitability, as progress, as a necessity that brings us free services or convenience and personalized experiences. And it can be framed as something Shoshana Zuboff in her new book calls “surveillance economy”.

Considering the possibilities of where all this might take us by 2025 is an alarming exercise.
tech  surveillance  data  privacy  security 
february 2019 by Weaverbird
Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com — Krebs on Security
Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned.

Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains tied to GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world’s most trusted corporate names and brands.
2019-01  tech  security  godaddy 
january 2019 by Weaverbird
Bill would end state sale of voters’ data - NewsTimes
A new bill introduced by state Reps. Fred Camillo, R-Greenwich and Brenda Kupchick, R-Fairfield, would limit the disclosure of voter registration data — which includes things birth date, home addresses, party affiliation and more — and prohibit the sale of that data for commercial use.

Connecticut is the only state in the country that allows for the sale of voter registration data for commercial purposes, a vestige of the state’s strong Freedom of Information Act long before electronic privacy became an issue.
connecticut  data  privacy  security 
january 2019 by Weaverbird
I Gave a Bounty Hunter $300. Then He Located Our Phone
T-Mobile, Sprint, and AT&T are selling access to their customers’ location data, and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country.
privacy  security  data  surveillance 
january 2019 by Weaverbird
Why you should use a VPN in 2019
Prices for paid VPNs vary widely depending on the plan you choose and the company you go with. They’re subscription-based services, so you’ll generally be paying a monthly fee, just like you do with Netflix. However, some VPN providers do sell annual installment plans that allow you to pay for a year’s worth of service up front–and usually save quite a bit over the standard monthly cost. In general, expect to pay anywhere from $3 to $10 a month for monthly service or between $30 and $80 a year if you go with an annual plan.

WHICH VPN SERVICE SHOULD YOU USE?
I’ll recommend three VPN providers to give you a good place to start looking–but I would suggest you don’t sign up for any of them without researching them yourself and even contacting the companies to clarify their data-retention policies.
tech  privacy  security  advice  data 
january 2019 by Weaverbird
Facebook chief's emails exposed by MPs - BBC News
The UK parliament's fake news inquiry has published a cache of seized Facebook documents.

The correspondence includes internal emails sent between Mark Zuckerberg and the social network's staff. The emails were obtained from the chief of a software firm that is suing the tech giant.

About 250 pages have been published, some of which are marked "highly confidential".
2018-12  facebook  corruption  evil  privacy  security  tech  surveillance 
december 2018 by Weaverbird
Google Home (in)Security – JerryGamblin.com
After I was able to get the Hub to reboot I was hooked and gave up a few hours of sleep to do some research and ended up finding a bunch of “good” information (see reading list at bottom). 

At the end of the night, I was extremely disappointed with the security of these devices especially coming from Google who I trust with so much of my data and is the driving force behind BeyondCorp. 
2018-11  google  security  privacy  tech  review 
november 2018 by Weaverbird
Feds Order Google To Hand Over A Load Of Innocent Americans' Locations
Forbes detailed one such order in August, not long after local media publication WRAL reported on a handful of others in Raleigh, North Carolina.

Now another order has been uncovered in Virginia. And it doesn’t contain some crucial limitations to protect innocents’ privacy.

“This fishing expedition infringes on the privacy rights of so many possible people who had the misfortune of being in an area where a crime is alleged to be committed,” said Jerome Greco, staff attorney at the Legal Aid Society. “We should not allow for such broad access to the data of so many on the mere speculation that a suspect may have used a cellphone near the location of the crime.”
privacy  security  tech  google  police_state 
november 2018 by Weaverbird
Georgia Officials Quietly Patched Security Holes They… — ProPublica
A ProPublica analysis found that the state was busily fixing problems in its voter registration hours after the office of Secretary of State Brian Kemp, the Republican candidate for governor, had insisted the system was secure.
voter-suppression  election  security  corruption  politics 
november 2018 by Weaverbird
Tech's most egregious violations of user privacy - Axios
Technologies that have become ubiquitous in the daily lives of most Americans — from ride-sharing and dating apps to social media — are using sketchy practices and violating user privacy information, while most of us are unaware.

Why it matters: With tech becoming more and more sophisticated, users don't pay as close attention as they probably should to what they're signing on for and if their information is being inappropriately used.
2018-08  tech  privacy  data  security 
september 2018 by Weaverbird
AP Exclusive: Google tracks your movements, like it or not
Google wants to know where you go so badly that it records your movements even when you explicitly tell it not to.

An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you’ve used a privacy setting that says it will prevent Google from doing so.

Computer-science researchers at Princeton confirmed these findings at the AP’s request.
2018-08  privacy  security  google 
august 2018 by Weaverbird
How FREE VPNs Sell Your Data | TheBestVPN.com
At TheBestVPN, we generally advise against the use of free VPNs.

The reason is simple – many of them simply sell your data to 3rd party advertisers.

And this defeats the whole purpose of having a VPN in the first place.

But there’s more:
VPN  tech  privacy  security  advice  data 
august 2018 by Weaverbird
Hackers break into voting machines within 2 hours at Defcon - CBS News
Synack, a San Francisco security platform, discovered serious flaws with the WinVote machine months ahead of this weekend's convention. The team simply plugged in a mouse and keyboard and bypassed the voting software by clicking "control-alt-delete."

"It's really just a matter of plugging your USB drive in for five seconds and the thing's completely compromised at that point," Synack co-founder Jay Kaplan told CNET. "To the point where you can get remote access. It's very simple."

The Synack team also cracked the machine from a mobile application by installing a remote desktop program to it. In one case study, Synack found a Virginia poll worker hacked the machine to play Minesweeper.
2018-07  voting-rights  data  security  election 
july 2018 by Weaverbird
Cory Doctorow: Zuck’s Empire of Oily Rags – Locus Online
But while the acknowledgment of the problem of Big Tech is most welcome, I am worried that the diagnosis is wrong.

The problem is that we’re confusing automated persuasion with automated targeting. Laughable lies about Brexit, Mexican rapists, and creeping Sharia law didn’t convince otherwise sensible people that up was down and the sky was green.

Rather, the sophisticated targeting systems available through Facebook, Google, Twitter, and other Big Tech ad platforms made it easy to find the racist, xenophobic, fearful, angry people who wanted to believe that foreigners were destroying their country while being bankrolled by George Soros.
socialmedia  data  corruption  privacy  security  surveillance  politics  society  facebook 
july 2018 by Weaverbird
The Wayback Machine’s archives could be deleted with the click of a button | The Outline
It’s difficult to reckon with the (occasionally understandably) spotty nature of the Wayback Machine when it is one of the few remaining guardians of digital history. Other archival services exist, sure, but not on this scale, and the current fake news crisis raises the record keeping stakes even higher. High-profile removals like these are a sobering reminder of just how fragile the internet’s collective memory really is. If someone wants to wipe their digital history from the records, they can. And there’s really nothing we can do to get it back.
internet  data  security  history 
june 2018 by Weaverbird
Jeff Bezos Announces Customers Can Delete All Of Alexa’s Stored Audio By Rappelling Into Amazon HQ, Navigating Laser Field, Uploading Nanovirus To Servers
“We take privacy concerns seriously, and I want our valued customers to know they can erase all the information their Amazon Echo has gathered just by being dropped from a helicopter over one of our towers, using a diamond-tipped glass cutter to carve out a hole in a 32nd-story window, and then employing advanced cyberwarfare techniques to compromise our data centers,” said Bezos,
satire  humor  privacy  security  data 
june 2018 by Weaverbird
US takes aim at Russian hackers who infected over 500,000 routers - CNET
The VPNFilter malware targeted devices worldwide from Linksys, MikroTik, Netgear and TP-Link.
tech  security  russian 
june 2018 by Weaverbird
Service Meant to Monitor Inmates’ Calls Could Track You, Too - The New York Times
Thousands of jails and prisons across the United States use a company called Securus Technologies to provide and monitor calls to inmates. But the former sheriff of Mississippi County, Mo., used a lesser-known Securus service to track people’s cellphones, including those of other officers, without court orders, according to charges filed against him in state and federal court.

The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically used by marketers and other companies to get location data from major cellphone carriers, including AT&T, Sprint, T-Mobile and Verizon, documents show.
privacy  security  surveillance  police_state 
may 2018 by Weaverbird
It's not just Facebook. Thousands of companies are spying on you (opinion) - CNN
Harvard Business School professor Shoshana Zuboff calls it "surveillance capitalism." And as creepy as Facebook is turning out to be, the entire industry is far creepier. It has existed in secret far too long, and it's up to lawmakers to force these companies into the public spotlight, where we can all decide if this is how we want society to operate and -- if not -- what to do about it.
privacy  security  surveillance  data 
may 2018 by Weaverbird
“Who cares, I have nothing to hide” — Why the popular response to online privacy is so flawed
The “nothing to hide” argument starts to break down when you consider the different types of people we generally interact with.

“It’s important to acknowledge that privacy isn’t about hiding — it’s about having and exercising more agency over who sees our personal information,” said Rebecca Ricks, a Mozilla fellow and technologist, in an email exchange with Mic. “So much of our social, networked lives is contextual: There are conversations I have with my friends that I wouldn’t want my family to see. There is information I give my bank that I wouldn’t want a hacker to see. Strengthening privacy controls means improving trust and communication online.”
2018-04  privacy  security  surveillance 
may 2018 by Weaverbird
Announcing 1.1.1.1: the fastest, privacy-first consumer DNS service
Cloudflare's mission is to help build a better Internet. We're excited today to take another step toward that mission with the launch of 1.1.1.1 — the Internet's fastest, privacy-first consumer DNS service. This post will talk a little about what that is and a lot about why we decided to do it.
tech  privacy  security  internet 
april 2018 by Weaverbird
The web is under threat. Join us and fight for it. – World Wide Web Foundation
Today, March 12, is the World Wide Web’s 29th birthday. Here’s a message from our founder and web inventor Sir Tim Berners-Lee on what we need to ensure that everyone has access to a web worth having.
internet  privacy  security  regulation 
march 2018 by Weaverbird
How to Live Without Google
Google trackers have been found on 75% of the top million websites. This means they are not only tracking what you search for, they're also tracking which websites you visit, and using all your data for ads that follow you around the internet. Your personal data can also be subpoenaed by lawyers, including for civil cases like divorce. Google answered over 100,000 such data requests in 2016 alone!

More and more people are also realizing the risk of relying on one company for so many personal services. If you're joining the ranks of people who've decided Google's data collection has become too invasive, here are some suggestions for replacements with minimal switching cost. Most are free, though even those that are paid are worth it — the cost of not switching is a cost to your personal privacy, and the good news is we have a choice!
google  privacy  security 
february 2018 by Weaverbird
PrivacyHaus // App Directory
The apps and services listed below value your privacy, use reasonably strong encryption, and are dedicated to preserving your civil liberties.
privacy  security  tech  software 
february 2018 by Weaverbird
DuckDuckGo adds tracker blocking to help curb the wider surveillance web | TechCrunch
Some major product news from veteran anti-tracking search engine DuckDuckGo: Today it’s launched revamped mobile apps and browser extensions that bake in a tracker blocker for third party sites, and include a suite of other privacy features intended to help users keep surfing privately as they navigate around the web.

The apps and browser extensions are available globally for Android, iOS, Chrome, Firefox and Safari as of now. (DDG tells us Opera is also on its radar but there’s no launch date yet.)

“Our vision has been to set the standard of trust online,” says CEO and founder Gabe Weinberg, discussing the new products. “[To date] we’ve been really focused on the search engine because it’s really complicated to compete with Google in their core market. But now that we feel we can handle that we are making progress on this broader vision of protecting people across the Internet.
privacy  security  surveillance  tech  internet  duckduckgo 
january 2018 by Weaverbird
Three Types of Passphrases
A short guide on how to generate the best passphrases for your digital life.
security  privacy  data  tech  tutorial 
january 2018 by Weaverbird
Researchers Discover Two Major Flaws in the World’s Computers - The New York Times
Computer security experts have discovered two major security flaws in the microprocessors inside nearly all of the world’s computers.

The two problems, called Meltdown and Spectre, could allow hackers to steal the entire memory contents of computers, including mobile devices, personal computers and servers running in so-called cloud computer networks.

There is no easy fix for Spectre, which could require redesigning the processors, according to researchers. As for Meltdown, the software patch needed to fix the issue could slow down computers by as much as 30 percent — an ugly situation for people used to fast downloads from their favorite online services.
2018-01  tech  security 
january 2018 by Weaverbird
Brave and DuckDuckGo Partner to Improve Privacy on the Web | Join Brave and change the web together
Brave and DuckDuckGo are thrilled to announce a partnership today to radically improve Internet privacy. Standard browsing and search compromise user data.  To combat this, we’ve integrated DuckDuckGo search within the Brave browser’s private tabs, providing users with a simple way to ensure privacy.
The feature is available today via the new Brave browser desktop release 0.19.116, and will be integrated in Brave Android and iOS apps in the first quarter of 2018.
privacy  security  surveillance  data  tech 
december 2017 by Weaverbird
The Motherboard Guide to Not Getting Hacked - Motherboard
Do you want to stop criminals from getting into your Gmail or Facebook account? Are you worried about the cops spying on you? We have all the answers on how to protect yourself.
privacy  security  tech  resources  tutorial 
november 2017 by Weaverbird
No boundaries: Exfiltration of personal data by session-replay scripts
You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make.  But lately, more and more sites use “session replay” scripts. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.
privacy  security  tech  surveillance  data 
november 2017 by Weaverbird
How to Choose a Good VPN
How to choose from the many VPN providers out there? Here are some important factors to think about:
VPN  tech  privacy  security 
october 2017 by Weaverbird
Serious flaw in WPA2 protocol lets attackers intercept passwords and much more | Ars Technica
Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.
2017-10  security  privacy  tech 
october 2017 by Weaverbird
Leaky-by-design location services show outsourced security won't ever work • The Register
It gets worse. As reported in El Reg, little bit of code published to Github a fortnight ago showed how any app granted access to the photos on your smartphone (hint: that’s quite a few of them) can simply walk through your database of images and generate an accurate map of your movements. In many cases this record of movements can go back years.

Every geek I’ve told about this had the same reaction: a facepalm. Of course our photos keep a record of our movements. Of course any app that has access to our photos can produce a map of our movements. Two unrelated features collide, generating a kind of retrospective self-surveillance of which the NSA would be proud.
2017-10  data  security  surveillance  tech 
october 2017 by Weaverbird
How Israel Caught Russian Hackers Scouring the World for U.S. Secrets - The New York Times
It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.

What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies.

The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.
2017-10  data  tech  privacy  security  surveillance  russian 
october 2017 by Weaverbird
Websites Must Use HSTS in Order to Be Secure | Electronic Frontier Foundation
You would think that by now the Internet would have grown up enough that things like online banking, email, or government websites would rely on thoroughly engineered security to make sure your data isn't intercepted by attackers. Unfortunately when it comes to the vast majority of websites on the Internet, that assumption would be dead wrong. That's because most websites don't yet support a standard called HSTS—HTTPS Strict Transport Security.1
internet  security  tech 
september 2017 by Weaverbird
While Congress kills internet privacy, states take a stand for users | TheHill
The bottom line is that private information should be kept private, both for the good of the consumer and for the overall health of the internet ecosystem.

With Congress stripping away consumer privacy protections, it’s up to states push back against the repeal of federal policies that protect basic consumer rights. California and other states have already taken the first step toward making that a reality. Now the question remains: Will other states follow?  
2017-08  internet  privacy  security  surveillance  law  regulation 
august 2017 by Weaverbird
We’re rewiring the Internet for freedom. – David Robinson – Medium
For the last two years, a team of engineers and researchers has quietly been working to develop new technology for Internet freedom. Today, we are pleased to share results from the first large-scale field trial of refraction networking, a fundamentally new way to help people around the world learn and communicate online in the face of censorship. We served more than 50,000 users, for more than a week, by deploying refraction networking at partner ISPs.
privacy  security  internet  tech  geekery 
august 2017 by Weaverbird
How to: Use Tor for Windows | Surveillance Self-Defense
Tor is a volunteer-run service that provides both privacy and anonymity online by masking who you are and where you are connecting. The service also protects you from the Tor network itself.

For people who might need occasional anonymity and privacy when accessing websites, Tor Browser provides a quick and easy way to use the Tor network.
privacy  security  internet  tech  tutorial 
august 2017 by Weaverbird
Hackers breach dozens of voting machines brought to conference | TheHill
The conference acquired 30 machines for hackers to toy with. Every voting machine in the village was hacked.

Though voting machines are technologically simple, they are difficult for researchers to obtain for independent research. The machine that Richards learned how to hack used beneath-the-surface software, known as firmware, designed in 2007. But a number of well-known vulnerabilities in that firmware have developed over the past decade.

“I didn’t come in knowing what to expect, but I was surprised by what I found,” he said.
2017-08  voting-rights  security 
august 2017 by Weaverbird
Facebook patent application describes spying on users through their webcams
Your worst internet nightmare could be on its way to becoming a reality.

A newly discovered patent application shows Facebook has come up with plans to potentially spy on its users through their phone or laptop cameras—even when they’re not turned on. This could allow it to send tailored advertisements to its nearly two billion members. The application, filed in 2014, says Facebook has thought of using “imaging components,” like a camera, to read the emotions of its users and send them catered content, like videos, photos, and ads.
facebook  privacy  security  wtf 
july 2017 by Weaverbird
How to See What the Internet Knows About You (And How to Stop It) - The New York Times
The relentlessly unyielding (but highly profitable) personalization of the products and services we use is getting deeper and creepier than ever. This type of data is incredibly valuable, we’re producing a ton of it every day, and it’s all being used to turn us into products. As one Facebook developer famously said: “The best minds of my generation are thinking about how to make people click ads.”

Let’s go down this rabbit hole. Start with this neat and medium-scary site, which our friends at Gizmodo flagged, that shows you everything your browser knows about you the second you open it. Here’s another one.
privacy  security  internet  data 
july 2017 by Weaverbird
How to Send Files Securely (like Tax Info) | Firewalls Don't Stop DragonsFirewalls Don't Stop Dragons
Editor’s Note: Yeah, this is a long article. But if you ever need to transfer a file that contains financial, medical, or otherwise personal/private stuff, you need to know the techniques and concepts in this article. So read it carefully
security  privacy  tech  tutorial 
july 2017 by Weaverbird
Now It's Easier than Ever to Steal Someone's Keys - Schneier on Security
The website key.me will make a duplicate key from a digital photo.

If a friend or coworker leaves their keys unattended for a few seconds, you know what to do.
security  geekery 
july 2017 by Weaverbird
Under pressure, Western tech firms bow to Russian demands to share cyber secrets | Reuters
Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found.

Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems.

But those inspections also provide the Russians an opportunity to find vulnerabilities in the products' source code - instructions that control the basic operations of computer equipment - current and former U.S. officials and security experts said.
privacy  security 
june 2017 by Weaverbird
Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it | ZDNet
We wanted to see if such a bold claim could hold up.

Spoiler alert: It didn't.
microsoft  security 
june 2017 by Weaverbird
Advanced CIA firmware has been infecting Wi-Fi routers for years | Ars Technica
Home routers from 10 manufacturers, including Linksys, DLink, and Belkin, can be turned into covert listening posts that allow the Central Intelligence Agency to monitor and manipulate incoming and outgoing traffic and infect connected devices. That's according to secret documents posted Thursday by WikiLeaks.
privacy  security  surveillance  police_state 
june 2017 by Weaverbird
Your Data Is Way More Exposed Than You Realize - WSJ
To get a handle on your online privacy, first understand how much of your data is already out there, and how it can be weaponized
privacy  security  internet  data 
june 2017 by Weaverbird
Privacy Goes Mainstream: People Take Action As Privacy Risks Increase
Most people say they are concerned with online privacy, but do they care enough to actually take action? After polling American adults we found the number of people now taking action is large — mainstream large. We surveyed thousands of random US adults in October 2016 and again in May 2017, asking them:
privacy  security  polling 
june 2017 by Weaverbird
The World Is Getting Hacked. Why Don’t We Do More to Stop It? - The New York Times
It is time to consider whether the current regulatory setup, which allows all software vendors to externalize the costs of all defects and problems to their customers with zero liability, needs re-examination. It is also past time for the very profitable software industry, the institutions that depend on their products and the government agencies entrusted with keeping their citizens secure and their infrastructure functioning, step up and act decisively.
ethics  security  software 
may 2017 by Weaverbird
It might be time to stop using antivirus | Ars Technica
Update your software and OS regularly instead, practice skeptical computing.
tech  security  antivirus 
may 2017 by Weaverbird
Google security expert says antivirus apps don’t work | Network World
It's time to switch to whitelisting instead of intrusion detection
tech  security 
may 2017 by Weaverbird
Intel's Management Engine is a security hazard, and users need a way to disable it | Electronic Frontier Foundation
Intel’s CPUs have another Intel inside.
Since 2008, most of Intel’s CPUs have contained a tiny homunculus computer called the “Management Engine” (ME). The ME is a largely undocumented master controller for your CPU: it works with system firmware during boot and has direct access to system memory, the screen, keyboard, and network. All of the code inside the ME is secret, signed, and tightly controlled by Intel. Last week, vulnerabilities in the Active Management (AMT) module in some Management Engines have caused lots of machines with Intel CPUs to be disastrously vulnerable to remote and local attackers. While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one.
tech  security 
may 2017 by Weaverbird
Uber’s C.E.O. Plays With Fire - The New York Times
For months, Mr. Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple’s engineers. The reason? So Apple would not find out that Uber had secretly been tracking iPhones even after its app had been deleted from the devices, violating Apple’s privacy guidelines.

But Apple was on to the deception, and when Mr. Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks, Mr. Cook was prepared. “So, I’ve heard you’ve been breaking some of our rules,” Mr. Cook said in his calm, Southern tone. Stop the trickery, Mr. Cook then demanded, or Uber’s app would be kicked out of Apple’s App Store.
2017-04  privacy  wtf  surveillance  data  security  uber 
april 2017 by Weaverbird
Hollow Privacy Promises from Major Internet Service Providers | Electronic Frontier Foundation
It’s no surprise that Americans were unhappy to lose online privacy protections earlier this month. Across party lines, voters overwhelmingly oppose the measure to repeal the FCC’s privacy rules for Internet providers that Congress passed and President Donald Trump signed into law.

But it should come as a surprise that Republicans—including the Republican leaders of the Federal Communications Commission and the Federal Trade Commission—are ardently defending the move and dismissing the tens of thousands who spoke up and told policymakers that they want protections against privacy invasions by their Internet providers
2017-04  privacy  internet  security 
april 2017 by Weaverbird
Tracing Spam: Diet Pills from Beltway Bandits — Krebs on Security
Your average spam email can contain a great deal of information about the systems used to blast junk email. If you’re lucky, it may even offer insight into the organization that owns the networked resources (computers, mobile devices) which have been hacked for use in sending or relaying junk messages.
2017-04  tech  security 
april 2017 by Weaverbird
Legalized sale of browser histories should worry journalists - Columbia Journalism Review
In the face of overwhelming negative public response to the change, Internet Service Providers like Comcast have been quick to assert that they have no intention of selling individual browsing histories. The key word in such statements, however is individual, which should not be confused with the real cause for concern: the selling of aggregate browsing information that nonetheless remains importantly identifiable.
#0000  privacy  security  internet  law  regulation 
april 2017 by Weaverbird
Your Government's Hacking Tools Are Not Safe - Motherboard
Recent data breaches have made it startlingly clear hacking tools used by governments really are at risk of being exposed. The actual value of the information included in each of these dumps varies, and some may not be all that helpful in and of themselves, but they still highlight a key point: hackers or other third parties can obtain powerful tools of cyber espionage that are supposedly secure. And in most cases, the government does not appear to clean up the fallout, leaving the exploits open to be re-used by scammers, criminals, or anyone else—for any purpose.

It's as if someone posted a skeleton key online for breaking into an unimaginable number of locks.
2017-04  #0000  security  privacy  NSA  tech 
april 2017 by Weaverbird
« earlier      
per page:    204080120160

Copy this bookmark:





to read