Always Providing You With Ongoing Information

Posts tagged ‘Privacy’

Private Instagram Posts Are Not So Private

 

Snapshot41_039

Snapshot41_187

Snapshot_020

Photos and videos posted to private accounts on Instagram and Facebook can be accessed, downloaded, and distributed publicly by friends and followers via source code

The hack — which works on Instagram stories as well — requires only a rudimentary understanding of HTML and a browser. It can be done in a handful of clicks. A user simply inspects the images and videos that are being loaded on the page and then pulls out the source URL. This public URL can then be shared with people who are not logged in to Instagram or do not follow that private user.

“The behavior described here is the same as taking a screenshot of a friend’s photo on Facebook and Instagram and sharing it with other people,” a Facebook spokesperson told BuzzFeed News. “It doesn’t give people access to a person’s private account.”

But it’s not exactly the same. There is a difference between being able to screenshot a private image from a webpage and being able to easily publicly share the URL of that private image with un-authenticated users.

There is a difference between being able to screenshot a private image from a webpage and being able to easily publicly share the URL of that private image with un-authenticated users.

The hack also works when images and videos in a private Instagram story, which are meant to last for only 24 hours, expire or are deleted. Linking URLs to content from stories seems to be valid for a couple days; links to photos on the feed remain live for potentially even longer. The same is true for stories that have purportedly expired.

 

Minnesota Police Officer Awarded $585,000 After Colleagues Snooped On Her DMV Data

 

 

Snapshot23_002

An employee had abused his access to a government driver’s license database and snooped on thousands of people in the state, mostly women. A female Minnesota officer learned that she was one of them.

When the female officer asked for an audit of accesses to her DMV records, as allowed by Minnesota state law, she learned that her information—which would include things like her address, weight, height, and driver’s license pictures—had been viewed nearly 1,000 times since 2003, even though she was never under investigation by law enforcement. The officer joined the Minneapolis Police Department in 2012, after spending eight years working elsewhere for the city, mostly as an officer for the Park & Recreation Board. She later learned that over 500 of those lookups were conducted by dozens of other cops. Even stranger, many officers had searched for her in the middle of the night. 

 Officer Krekelberg eventually sued the city of Minneapolis, as well as two individual officers, for violating the Driver’s Privacy Protection Act, which governs the disclosure of personal information collected by state Departments of Motor Vehicles. Earlier this week, she won. On Wednesday, a jury awarded Krekelberg $585,000, including $300,000 in punitive damages from the two defendants, who looked up Krekelberg’s information after she allegedly rejected their romantic advances, according to court documents.

Law enforcement officials have also been caught abusing technology that allows them to monitor the location of people’s cellphones. In April, a former Missouri sheriff was sentenced to six months in prison for tracking a judge and members of the State Highway Patrol.

Employees at private tech companies have also abused their access to databases of sensitive user information. Uber settled a lawsuit with the New York Attorney General in 2016 over its “God View” tool, which allowed employees to track the location of riders without their consent, including that of a Buzzfeed reporter

Google Is Tracking Your Purchases; See What Gmail Knows

Snapshot41_073

Google has tracking what you buy through your Gmail inbox and storing them in a Google Account page that was a secret. This purchase tracking has gone on for several years before being discovered. A list is created of your online shopping history that can stretch back five years. Google claims it is doing this to help its users keep track of everything they’ve purchased in one place — but people are seeing this as an invasion of privacy. Google says and has promised that you’re the only one who can see this data.

Here’s what you can do to delete the info Google has stored.

1. Google tracks multiple email types through Gmail, including purchases, payments, subscription services and reservations, say for hotels, cars and airline tickets. To view and manage them, start by navigating to https://myaccount.google.com/.

2. Select Payments & subscriptions.

3. From here, you can click into each grouping. You can view items here, which could include a subscription to YouTube or Google Photos.

4. Click into each item and tap “Remove reservation,” “Remover purchase” and so on to delete anything you don’t want stored in your Gmail account.

Manage your web and app activity

Your Web and App Activity includes searches through Google, Maps and Play. This is how you can update your settings. You’ll be able to pause activity from being recorded and delete anything that has been saved — especially private information.

1. Visit https://myaccount.google.com/.

2. Select Data & personalization.

3. Tap or click Manage your activity controls.

4. From here, you can turn off and delete activity being saved to Google. Even if you’re not online, Google is still able to keep track of your activity and will sync the data once you’re online, so keep your Web & App Activity off if you want to keep things private.

 

PRIVACY

Image result for nosey peopleRelated imageRelated imageImage result for amplifying conversation so others can hearImage result for amplifying conversation so others can hearRelated imageImage result for amplifying conversation so others can hearRelated imageRelated imageImage result for amplifying conversation so others can hear

 

The first American Census was posted publicly, for logistics reasons, more than anything else. Transparency was the best way to ensure every citizen could inspect it for accuracy.

Privacy-conscious citizen did find more traction with what would become perhaps America’s first privacy law, the 1710 Post Office Act, which banned sorting through the mail by postal employees.

“I’ll say no more on this head, but When I have the Pleasure to See you again, shall Inform you of many Things too tedious for a Letter and which perhaps may fall into Ill hands, for I know there are many at Boston who dont Scruple to Open any Persons letters, but they are well known here.” ~ Dr. Oliver Noyes, lamenting the well-known fact that mail was often read.

This fact did not stop the mail’s popularity

Gilded Age: 1840–1950 — Privacy Becomes The Expectation

“Privacy is a distinctly modern product” ~ E.L. Godkin, 1890

“In The Mirror, 1890” by Auguste Toulmouche

By the time the industrial revolution began serving up material wealth to the masses, officials began recognizing privacy as the default setting of human life.

 

For the poor, however, life was still very much on display. The famous 20th-century existentialist philosopher Jean Paul-Satre observed the poor streets of Naples:

Crowded apartment dwellers spill on to the streets

“The ground floor of every building contains a host of tiny rooms that open directly onto the street and each of these tiny rooms contains a family…they drag tables and chairs out into the street or leave them on the threshold, half outside, half inside…outside is organically linked to inside…yesterday i saw a mother and a father dining outdoors, while their baby slept in a crib next to the parents’ bed and an older daughter did her homework at another table by the light of a kerosene lantern…if a woman falls ill and stays in bed all day, it’s open knowledge and everyone can see her.”

Insides of houses were no less cramped:


The “Right To Privacy “ is born


While architecture failed to keep up with society, it was during the Gilded Age that privacy was officially acknowledged as a political right.

“The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.” ~ “The Right To Privacy” ~ December 15, 1890, Harvard Law Review

Interestingly enough, the right to privacy was justified on the very grounds for which it is now so popular: technology’s encroachment on personal information.

However, the father of the right to privacy and future Supreme Court Justice, Louis Brandeis, was ahead of his time. His seminal article did not get much press—and the press it did get wasn’t all that glowing.

The feelings of these thin-skinned Americans are doubtless at the bottom of an article in the December number of the Harvard Law Review, in which two members of the Boston bar have recorded the results of certain researches into the question whether Americans do not possess a common-law right of privacy which can be successfully defended in the courts. ~ Galveston Daily News on ‘The Right To Privacy’

Privacy had not helped America up to this point in history. Brazen invasions into the public’s personal communications had been instrumental in winning the Civil War.

A request for wiretapping

This is a letter from the Secretary of War, Edwin Stanton, requesting broad authority over telegraph lines; Lincoln simply scribbled on the back “The Secretary of War has my authority to exercise his discretion in the matter within mentioned. A. LINCOLN.”

It wasn’t until the industry provoked the ire of a different president that information privacy was codified into law. President Grover Cleveland had a wife who was easy on the eyes. And, easy access to her face made it ideal for commercial purposes.

The rampant use of President Grover Cleveland’s wife, Frances, on product advertisements, eventually led to the one of the nation’s first privacy laws. The New York legislature made it a penalty to use someone’s unauthorized likeness for commercial purposes in 1903, for a fine of up to $1,000.

Indeed, for most of the 19th century, privacy was practically upheld as a way of maintaining a man’s ownership over his wife’s public and private life — including physical abuse.

“We will not inflict upon society the greater evil of raising the curtain upon domestic privacy, to punish the lesser evil of trifling violence”~ 1868, State V. Rhodes, wherein the court decided the social costs of invading privacy was not greater than that of wife beating.


The Technology of Individualism

The first 150 years of American life saw an explosion of information technology, from the postcard to the telephone. As each new communication method gave a chance to peek at the private lives of strangers and neighbors, Americans often (reluctantly) chose whichever technology was either cheaper or more convenient.

Privacy was a secondary concern.

“There is a lady who conducts her entire correspondence through this channel. She reveals secrets supposed to be the most pro- found, relates misdemeanors and indiscretions with a reckless disregard of the consequences. Her confidence is unbounded in the integrity of postmen and bell-boys, while the latter may be seen any morning, sitting on the doorsteps of apartment houses, making merry over the post-card correspondence.” ~ Editor, the Atlantic Monthly, on Americas of love of postcards, 1905

Even though postcards were far less private, they were convenient. More than 200,000 postcards were ordered in the first two hours they were offered in New York City, on May 15, 1873.

Source: American Privacy: The 400-year History of Our Most Contested Right

The next big advance in information technology, the telephone, was a wild success in the early 20th century. However, individual telephone lines were prohibitively expensive; instead, neighbors shared one line, known as “party lines.” Commercial ads urged neighbors to use the shared technology with “courtesy”.

But, as this comic shows, it was common to eavesdrop.

“Party lines could destroy relationships…if you were dating someone on the party line and got a call from another girl, well, the jig was up. Five minutes after you hung up, everybody in the neighborhood — including your girlfriend — knew about the call. In fact, there were times when the girlfriend butted in and chewed both the caller and the callee out. Watch what you say.” ~ Author, Donnie Johnson


Where convenience and privacy found a happy co-existence, individualized gadgets flourished. Listening was not always an individual act. The sheer fact that audio was a form of broadcast made listening to conversations and music a social activity.

This all changed with the invention of the headphone.

“The triumph of headphones is that they create, in a public space, an oasis of privacy”~ The Atlantic’s libertarian columnist, Derek Thompson.

Late 20th Century — Fear of a World Without Privacy

By the 60’s, individualized phones, rooms, and homes became the norm. 100 years earlier, when Lincoln tapped all telegraph lines, few raised any questions. In the new century, invasive surveillance would bring down Lincoln’s distant successor, even though his spying was far less pervasive.

Upon entering office, the former Vice-President assured the American people that their privacy was safe.

“As Vice President, I addressed myself to the individual rights of Americans in the area of privacy…There will be no illegal tappings, eavesdropping, bugging, or break-ins in my administration. There will be hot pursuit of tough laws to prevent illegal invasions of privacy in both government and private activities.” ~ Gerald Ford

Justice Brandeis had finally won

2,000 A.D. and beyond — a grand reversal

In the early 2,000s, young consumers were willing to purchase a location tracking feature that was once the stuff of 1984 nightmares.

“The magic age is people born after 1981…That’s the cut-off for us where we see a big change in privacy settings and user acceptance.” ~ Loopt Co-Founder Sam Altman, who pioneered paid geo-location features.

The older generations’ fear of transparency became a subject of mockery.

“My grandma always reminds me to turn my GPS off a few blocks before I get home “so that the man giving me directions doesn’t know where I live.” ~ a letter to the editor of College Humor’s “Parents Just Don’t Understand” series.


Increased urban density and skyrocketing rents in the major cities has put pressure on communal living.

A co-living space in San Francisco / Source: Sarah Buhr, TechCrunch

“We’re seeing a shift in consciousness from hyper-individualistic to more cooperative spaces…We have a vision to raise our families together.” ~ Jordan Aleja Grader, San Francisco resident

At the more extreme ends, a new crop of so-called “life bloggers” publicize intimate details about their days:

Blogger Robert Scoble takes A picture with Google Glass in the shower

At the edges of transparency and pornography, anonymous exhibitionism finds a home on the web, at the wildly popular content aggregator, Reddit, in the aptly titled community “Gone Wild”.

Section II: How privacy will again fade away

For 3,000 years, most people have been perfectly willing to trade privacy for convenience, wealth or fame. It appears this is still true today.

AT&T recently rolled out a discounted broadband internet service, where customers could pay a mere $30 more a month to not have their browsing behavior tracked online for ad targeting.

“Since we began offering the service more than a year ago the vast majority have elected to opt-in to the ad-supported model.” ~ AT&T spokeswoman Gretchen Schultz (personal communication)

Performance artist Risa Puno managed to get almost half the attendees at an Brooklyn arts festival to trade their private data (image, fingerprints, or social security number) for a delicious cinnamon cookie. Some even proudly tweeted it out.

Tourists on Hollywood Blvd willing gave away their passwords to on live TV for a split-second of TV fame on Jimmy Kimmel Live.

Info retreived from Medium Digest

Senators Say “Smart TV’s Are Invading Privacy

Snapshot_157

Two Democratic US senators Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) have asked the Federal Trade Commission to investigate privacy problems related to Internet-connected televisions.

“Many Internet-connected smart TVs are equipped with sophisticated technologies that can track the content users are watching and then use that information to tailor and deliver targeted advertisements to consumers,” Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) wrote in a letter yesterday to FTC Chairman Joseph Simons.

It would be up to Congress to pass new laws for smart TVs. But the FTC can punish companies for unfair and deceptive business practices. Action was taken against smart TV manufacturer Vizio last year.

 

Facebook’s Bug Made Private Posts Public

Snapshotskirt3_001

Facebook recently announced that a bug made the posts of 14 million users public without their knowledge. A small software bug with big consequences. When you make a post to Facebook, it always asks who should see the post: your posts can be public, only visible to friends, only visible to certain friends, or only visible to you. Usually, Facebook remembers whatever you last set this to, automatically publishing your posts to the same audience you did last time. This bug caused the setting to default to posting publicly, many Facebook users probably didn’t notice.

Although you could still manually change the setting so anything you posted was private, you would have to notice that the default had changed. And since no one knew Facebook was making privacy changes, it was easy to miss. That means you could have made some of your private thoughts public.

The issue only affected posts from May 18 to May 27, 2018, and didn’t affect posts made before or after. But that’s was still enough time for 14 million users to have made public posts — some of which were surely unintentional.

It’s a good idea to browse through your profile and make sure no posts in May were accidentally made public.

Hackers Want 2.6 Million Or Else

Snapshotpurple_001

Equifax was hacked and they have information on 143 million Americans. The supposed hackers have made their demands of Equifax. The hackers are asking for over 600 Bitcoin – that much Bitcoin amounts to $2.66USD million. The hackers claim that if Equifax pay up , they will delete all of the data. Equifax has until September 15th to pay up.

The hackers have told Equifax to request any part of the stolen data and they will show it to them to prove that they’re legitimate.The hackers have given Equifax until September 15 to pay the ransom or the data will be publicized.

A proposed class-action lawsuit was filed against Equifax Inc. late Thursday evening, shortly after the company reported that an unprecedented hack had compromised the private information of about 143 million people.

A complaint was filed in Portland, Ore., federal court, users alleged Equifax was negligent in failing to protect consumer data, choosing to save money instead of spending on technical safeguards that could have stopped the attack. Data revealed included Social Security numbers, addresses, driver’s license data, and birth dates. Some credit card information was also put at risk.

Spyware Apps That Sneaked Its Way Into Google Play & Spy On Users

Snapshotcaramel4_001

Soniac was one of the three apps found on Google Play, according to a blog post published Thursday by a researcher from mobile security firm Lookout. The app, which had from 1,000 to 5,000 downloads before Google removed it.  Soniac had the ability to record audio, take phones, make calls, send text messages, and retrieve logs, contacts, and information about Wi-Fi access points. Google ejected the app after Lookout reported it as malicious. Two other apps—one called Hulk Messenger and the other Troy Chat—were also available in Play but were later removed. It’s not clear if the developer withdrew the apps or if Google expelled them after discovering their spying capabilities.  The apps are all part of a malware family Lookout calls SonicSpy.

Once installed, SonicSpy apps remove their launcher icon to hide their presence and then establish a connection to the control server located on port 2222 of arshad93.ddns[.]net.

The researcher said SonicSpy has similarities to another malicious app family called SpyNote, which security firm Palo Alto Networks reported last year. The name of the developer account—iraqwebservice—and several traits found in the apps’ code suggest the developer is located in Iraq. Additionally, much of the domain infrastructure associated with SonicSpy has references to that country. The phrase “Iraqian Shield” appears constantly. Lookout is continuing to follow leads suggesting the developer is based in that part of the world.

FBI Alerts Parents On Toys With Cloud Backed Features

capri10_001

The FBI say, many toys sporting cloud-backed features such as speech recognition or online content hosting “could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.

“Security safeguards for these toys can be overlooked in the rush to market them and to make them easy to use,” the FBI warns. “Consumers should perform online research of these products for any known issues that have been identified by security researchers or in consumer reports.”

This comes after a number of kids’ toys were found to be indirectly spying on kids by collecting and storing data, including audio conversations and personal information, without parents’ knowledge.

My Friend Cayla and i-Que robot

Germany’s Federal Network Agency, or Bundesnetzagentur, has banned Genesis Toys’ Cayla doll as an illegal surveillance device.

More Reading 

Elimination Of Internet Privacy Rules

Snapshotlilac3_002

The United States Senate is planning to start the process Today to eliminate rules that would prevent broadband internet providers from collecting sensitive data from subscribers. A vote is expected to take place on Thursday.

The expected vote was confirmed to International Business Times by a spokesperson for Florida Democratic Senator Bill Nelson, who will speak in opposition of the measure on Wednesday, and open internet advocacy group Public Knowledge.

FCC’s Privacy Rules

Stingray Cell Trackers & Warrants

dress2_001

 

Cute Toys Are Being Pulled From The Shelves

 

Norwegian consumer council Forbrukerrådet, says some high-tech toys created by U.S.-based manufacturer Genesis Toys are hazardous to children’s privacy and warranted a complaint to the Federal Trade Commission and the European Union.

The toys in question are My Friend Cayla and i-Que, they both have— a smartphone app that allows kids to talk to their toy and have it respond to what they say. Even though it appears that all communication stays between the app and the product, it actually gets sent to a remote server in the United States, without asking for the user’s permission first.

Parents setting up the product aren’t informed that their kids’ voices are sent to a server called Nuance, which is then free to use the recordings. According to Nuance’s Terms of Service, the data can be used for advertising and marketing and shared to third parties.

New Firefox Exploit Can Expose Tor Users

coco3_001

The exploit was delivered through a Tor mailing list that when opened could unveil the MAC address and possibly even the IP address of a user running Tor Browser on Firefox. Researcher Joshua Yabut said it is “100 percent effective for remote code execution on Windows systems, versions 41 to 50 of Firefox are reportedly affected.”

A representative of Mozilla said officials are aware of the vulnerability and are working on a fix. While the vulnerability was already being actively exploited, the publication of the complete source code now puts it in the hands of a much wider base of people. Until a patch is available, Firefox users should use an alternate browser whenever possible, or disable JavaScript on as many sites as possible. People should avoid relying on Tor in cases where deanonymizing attacks could pose a significant threat. Tor users can also disable JavaScript, but turning it off goes against the official Tor recommendations.

Facial Recognition & Police

A new study published Tuesday by researchers at Georgetown University’s Center on Privacy and Technology.

The study reveals:

  • Around 117 million American adults are already in a facial recognition network.
  • The FBI runs searches of face recognition databases more often than wiretaps.
  • About 25 percent of police departments across the country have access to facial recognition networks. Those networks are often cross-referenced with databases of ID photos such as driver’s licenses.

According to the report. law enforcement can do almost whatever they want with this technology, including scanning the photos of people who have never committed a crime. No state legislature “has passed a law comprehensively regulating police face recognition,”

Riffle- More Secure Anonymity Than TOR

Snapshotpurple_001

A team of researchers led by MIT grad student Albert Kwon (with help from EPFL) aims to leapfrog Tor’s anonymizing technique with a brand new platform called Riffle.

Tor — has prompted computer scientists to try to come up with more secure anonymity schemes. At the Privacy Enhancing Technologies Symposium in July, researchers at MIT’s Computer Science and Artificial Intelligence Laboratory and the École Polytechnique Fédérale de Lausanne will present a new anonymity scheme that provides strong security guarantees but uses bandwidth much more efficiently than its predecessors.

The system is devised by Albert Kwon and his coauthors — his advisor, Srini Devadas, the Edwin Sibley Webster Professor of Electrical Engineering and Computer Science at MIT; David Lazar, also a graduate student in electrical engineering and computer science; and Bryan Ford SM ’02 PhD ’08, an associate professor of computer and communication sciences at the École Polytechnique Fédérale de Lausanne — employs several existing cryptographic techniques but combines them in a novel manner.

The system is a series of servers called a mixnet. Each server permutes the order in which it receives messages before passing them on to the next. If, for instance, messages from senders Alice, Bob, and Carol reach the first server in the order A, B, C, that server would send them to the second server in a different order — say, C, B, A. The second server would permute them before sending them to the third, and so on. An adversary that had tracked the messages’ points of origin would have no idea which was which by the time they exited the last server. It’s this reshuffling of the messages that gives the new system its name: Riffle. Riffle also uses a technique known as onion encryption; “Tor,” for instance, is an acronym for “the onion router.” With onion encryption, the sending computer wraps each message in several layers of encryption, using a public-key encryption system like those that safeguard most financial transactions online. Each server in the mixnet removes only one layer of encryption, so that only the last server knows a message’s ultimate destination.

To thwart message tampering, Riffle uses a technique called a verifiable shuffle. Because of the onion encryption, the messages that each server forwards look nothing like the ones it receives; it has peeled off a layer of encryption. But the encryption can be done in such a way that the server can generate a mathematical proof that the messages it sends are valid manipulations of the ones it receives. Mixnets has been around for awhile, but unfortunately it’s always relied on public-key cryptography and on public-key techniques, and has been expensive. Whats different about this research is that it reveals how to  use more efficient symmetric-key techniques to accomplish the same thing. They do one expensive shuffle using known protocols, but then they bootstrap off of that to enable many subsequent shufflings.

 

There’s no plan to commercialize Riffle, either, nor will it be a replacement for Tor, even though it does some things vastly better.

Tor’s Developer Steps Down After Allegations

white sailor suit_001.png6_001

Jacob Appelbaum, has stepped down in response to what it called “public allegations of sexual mistreatment.” Tor is free software that channels internet traffic through a series of relays to anonymize its users. In addition to his security research at the Tor Project, Appelbaum is a journalist who worked on WikiLeaks and the Edward Snowden disclosures.

Rolling Stone dubbed him the “public face of the Tor Project” in a 2010 profile that detailed his involvement with Tor and WikiLeaks.

Tor Project executive director Shari Steele provided a statement . Alison Macrina, the founder of The Library Freedom Project, also referenced the allegations on Twitter, saying she had spoken to several victims. The Library Freedom Project is an organization that educates librarians about privacy and collaborates with the Tor Project to establish Tor exit nodes in libraries. “no more open secrets, no more missing stairs. you’re not alone. you were never alone. and I’m pretty sure things are just getting started,” Macrina tweeted.

 Appelbaum posted a response to the allegations against him on Twitter, saying they are part of a “calculated and targeted attack” intended to undermine his advocacy work.

Appelbaum suggested that he would sue his accusers if necessary to clear his name, calling the allegations libelous. His full statement is here

oh-how-the-tables-have-turned_o_gifsoupcom

Hacking Is Becoming Common With Smart Gadgets

Snapshotnavy7_001

The idea of turning on your TV with a spoken command may sound wonderful— no more fumbling for the remote! But for that to work, the TV needs to be listening all the time, even when you’re not watching. And even when you’re discussing something extremely personal, or engaged in some other activity to which you’d rather not invite eavesdroppers.

How much should you be concerned about it? Maybe your TV never records any of your casual conversations. Or maybe its manufacturer is recording all that, but just to find ways to make the TV better at understanding what you want it to do. Or maybe it retains everything it hears for some other hidden purpose. You  just have to can hope the company keeps its promises on privacy. More important, you have to trust that its computer systems are really secure, or those promises are suddenly worthless. That part is increasingly difficult to guarantee — or believe — as hacking becomes routine.

Then there’s the kids toys such as  Hello Barbie talking doll  which stores your conversation once the child presses her belt, or Dino, the dinosaur powered by IBM’s Watson artificial-intelligence system? 

Cars will work with GPS technology and sensors in parking meters, roads and home appliances to help route you around traffic and turn on your living-room lights as you approach the driveway. But that can also generate a detailed record of your whereabouts.

Thermostats from Nest and others will get smarter at conserving energy when you’re away. Potential burglars might find that information handy.Home security cameras are getting cheaper by the dozen, but they’re sometimes insecure themselves, especially if you set them up clumsily. There’s already a website devoted to showing video from cameras with no passwords. It appears that convenience usually wins. Shiny new things are inherently attractive, and it takes a while for some of us to get uneasy about the extent to which we may be enabling our own surveillance.

Snowden To Speak Via Video To Park City Audience

Snapshot_111

Edward Snowden, the former intelligence contractor who leaked classified documents to expose government surveillance, will speak in December 5, 2015 to a Park City Utah audience via video from his apartment in Russia where he has been given asylum. Snowden will participate in a discussion on cybersecurity at 7:30 p.m. Dec. 5 at the Eccles Center. The discussion will be moderated by KUER’s Doug Fabrizio.Another guest will be Ben Wizner, director of the American Civil Liberties Union’s Speech, Privacy & Technology Project. Snowden comes to The Eccles Center via closed video feed. The evening begins at 7:30 p.m.

Hackers Charging Less Than 100 Bucks To hack Gmail

typing4_001

There are a bunch of them on forums. These hackers remain anonymous, offering certain services, and demand decentralized payment. hacking a Gmail account goes for 90 bucks.

One post on an underground hacking forum claims it will “Website hack or ddos. Paying well.” The poster explained that they wanted a WordPress-built website down. While this person would not provide reasons, he or she did add that the bounty was as much as “2k euro.”

A tool to hack Facebook accounts: $19.99 for 3 months

On this same forum you can find a post for a downloadable tool called Facebook Hacker, which allows users hack into Facebook accounts. It claims that it can “hack any Facebook,”  People responding to this thread claimed the service worked.

One popular hacker offering involves boosting Yelp ratings. Many offer services for posting positive Yelp reviews for a price. They can go as low as $3 a pop. Other, more savvy individuals say they’ve figured out how to remove bad reviews. Some hackers even offer months-long services for a set fee

Facebook account access: $350

Facebook account access: $350

HackersList

Another post on HackersList requested help accessing a Facebook account. The description for the project is somewhat amusing; “I need to get into a facebook page. Long short of it is I must know whats going on and I have no other choice (sic).” This plea successfully closed with a $350 bid

Hilton HHonors Points: $15

Earlier this year Hilton reportedly admitted that its rewards program HHonors had been vulnerable to a breach which potentially put many members’ passwords and PINs at risk. Even though Hilton reportedly patched the problem and urged all customers to change their passwords, hackers are still offering ways to hack into HHonors member accounts and steal their points. While individual accounts go for as little as $3, some hackers have set up configurations to crack into multiple accounts. These go for about $15.

Netflix passwords: $1.25

PayIvy

One easy find online are hacked Netflix accounts. You can find numerous postings on a number of hacking forums hawking individual Netflix credentials. They go for about $1.25 a pop. A site called PayIvy recently made headlines when hackers put their loot on the PayIvy marketplace, getting payed anonymously via PayPal. While many hacked Netflix accounts are still available on PayIvy, the company claims that it will scrub all illegal content from its marketplace later this month

 

 

 

 

Internet of Things & Privacy

typing4_001

A security analyst at the software company says it’s not the things in the Internet of Things that we should worry about. It’s those cloud servers with vast databases of personal information gathered from all those connected devices. Hacking is a business. There needs to be an return on investment.” In the business of hacking, it’s not the device that’s valuable. It’s the data they generate. Individual devices are hard to secure and can be trivially easy to compromise because so many people fail to change the default user names and passwords.

The biggest profit on a cyber criminal’s investment, isn’t in hacking a toaster, it’s in grabbing data from thousands of users at a time by hacking servers. High profile hacks, from Home Depot to Target spilled user names, credit card details, or other information onto the web. And this is  just the beginning.

Greater amounts of data are going into the cloud. Hackers can learn which rooms in your house you spend the time in, and when. Smart appliances transmit our voice commands to their manufacturers. Car insurance companies deploy tracking devices to gauge driver safety. Fitness trackers know our heart rates and how many steps we take each day. The photos we upload to Instagram may include geographic coordinates. In addition to the information we deliberately post to Twitter and Facebook, social networks could log other information, such as how often we log in and what times we generally post.

Individually, it might not seem like much of this data would be problematic if it were leaked. But as it starts to be combined in new ways, this data in wrong hands could come back to haunt us, perhaps even years later.

Interaction with your devices can leave a trail of digital exhaust behind. Once this data is combined creating very rich profiles of people, some worry there may be death of privacy.

Currently, hackers often sell databases full of stolen credit card numbers, social security numbers and passwords. In the future, these databases could include even more personal information gathered from sensors and connected devices.

What can companies do?

The most important thing that companies can do to help protect their customers is to stop gathering data that isn’t necessary for the operation of the service. Moreover, they can encrypt the data they do collect — preferably in ways that only the customers themselves can decrypt. New laws regulating what information can be collected, and how it can be stored, may also help.

The Internet of Things & Hello Barbie

Hello Barbie is an  internet-connected version of a Barbie doll, complete with a wireless connection, microphone, speaker, advanced voice recognition capabilities, and a “customized cloud-based database of her owner’s likes and dislikes” so Barbie can have “real” back and forth conversations with her owner. Hello Barbie is expected to sell for $75 by the holiday shopping season.

Just last month, the “first” smart doll Cayla was hacked. Despite British toymaker Vivid Toys promising its software would block inappropriate words, security researcher Ken Munro from Pen Test Partners discovered four attacks to make Cayla spew curse words: by modifying the “database contents on the child’s phone;” via a MITM (man-in-the-middle) attack; by “backdooring” the Cayla doll and by “random pairing” such as when the doll’s owner gets out of the range; it took just one tap for an attacker’s device to pair with the doll’s Bluetooth functionality.

Parents are advised that if you intend to get your child an IoT version of Barbie, please be wise about creating a strong password in order to protect you and your child’s privacy.

Read More

Hackers Posted Details Of What They Hacked From SONY

Snapshotleatherskirt9_001

Sony Pictures documents by data ­security consultancy Identity Finder found personal information, including salaries and home addresses, posted online for staff who stopped working for Sony Pictures as far back as 2000 and one person who began working there in 1955.

The hack, by a group calling itself Guardians of Peace, illustrates the risks large companies such as Sony Pictures take by accumalting years of digital records on employees and customers on machines connected to the internet. Much of the data analyzed by Identity Finder was stored in Microsoft Excel files without password protection.

The documents also contain the social security numbers, or taxpayer-identification numbers, of thousands of freelancers, including actors who appeared in movies and television shows produced by the Sony-owned studio, one of Hollywood’s largest. Among them are Stallone, The 40-Year-Old Virgin director Judd Apatow and Australian actor Rebel Wilson.

The personal data and other sensitive documents in files now being traded on file-sharing networks such as BitTorrent. Investigators, including teams from Sony Pictures, the Federal Bureau of Investigation and computer-security firm FireEye, say the hackers used methods similar to ones previously attributed to North Korea. The malware was made on a machine with Korean language settings during Korean peninsula working hours and appears very similar to a tool used last year against South Korea banks and television stations.

A Russian cybersecurity company named Kaspersky Lab has released a report noting the similarities between the Sony hack and last year’s attacks on South Korea, although it could not identify who was behind the incident.

The studio is offering a year of free credit monitoring and fraud protection to current and former employees. Its lawyers are also trying to force websites to remove the data or links to it. But once data is out there it and becomes available on file-sharing networks, it is almost impossible to remove. Current and former Sony Pictures employees are infuriated at the leak and fear what else may appear online.

Healthcare Technology & Privacy Issues

Snapshotnavy7_001

Fitness devices , health monitoring applications and advancements in social media and mobile device technology provide new opportunities for health care providers, but also raise some pertinent privacy issues. According to a report from the California HealthCare Foundation by health economist and consultant Jane Sarasohn-Kahn, proliferation of extremely large databases of health information challenge regulators’ and society’s ability to ensure individuals’ data rights and privacy. For example, while personal health information held by health care providers and insurers is protected under the Health Insurance Portability and Accountability Act (HIPAA), many other sources of consumer data are not covered and can be disclosed to third parties. The report notes user-generated data that could be used in health profiling are held by gyms, Websites, banks, credit card companies, cosmetic medicine groups, fitness clubs, home testing labs, massage therapists, nutrition counselors, alternative medicine practitioners, disease advocacy groups, and marketers of non-prescription health products and foods. – The report warns data shared on a social networking site can become a “digital tattoo” for a consumer, which is  impossible to remove. 

Tools are being developed such as the Personal Data Locker for consumers to control their user-generated data. Former chief medical officer of Practice Fusion, Dr. Robert Rowley, is developing FlowHealth, a communication platform for care teams and patients, facilitating transitions of care, and aggregating patient-centered data from the sources where it is found. –

A report earlier this year from Accenture revealed that the vast majority of U.S. patients want to control their health data; however,(55 percent) believe they do not have very much—or any—control over their medical information. – 

Syrian Electric Army Hacked CNN

Snapshotwinter5_001

 

Hacker aka “Th3 Pr0,” decided to hack CNN when saw something on Twitter he did ‘nt like.  A recent report that alleged Bashar al-Assad’s regime is guilty of “systematic torture and killing” of thousands of detainees. Th3 Pro and another  hacker of the Electric Syrian Army sent their first fake tweet from CNN’s official Twitter account. More fake tweets included @NatlSecurityCNN@CNNSitRoom and @CNNPolitics. as well as CNN’s official Facebook page.

It seems that hackers got control of  CNN’s social-media by relying on a wave of phishing emails to CNN employees. The emails were well written in good English and contained links that looked legitimate and appeared to come from real CNN email addresses. Researchers say the Syrian Electric Amy’s attack on CNN was highly effective, and that similar hacks will continue until employees learn to detect suspicious emails, avoid clicking on links without double-checking them first and never give up their credentials.

Big Data & Education

Snapshot_143

 

 The SXSWedu conference in Austin, Texas, in early March, unveiled the most influential new ed-tech product: a $100 million database built to chart the academic paths of public school students from kindergarten through high school. The database already holds files on millions of children identified by name, address, and sometimes Social Security number, Reuters reported. It includes information about learning disabilities, test scores, and attendance. In some cases, it even tracks student hobbies, career goals, attitudes toward school, and homework completion.

The database is a joint project of the Bill & Melinda Gates Foundation, which provided most of the funding, the Carnegie Corporation of New York, and school officials from several states. A nonprofit organization called inBloom was created to run it.

Local education officials retain control over their students’ information. However, federal law allows them to share files in their portion of the database with private companies selling educational products and services.

The database had ed-tech entrepreneurs clamering over the possibilities for using data to enhance instruction. But parents from New York and Louisiana have written to state officials in protest. So have the Massachusetts chapters of the American Civil Liberties Union and Parent-Teacher Association.

If student records leak, are hacked, or are abused, “what are the remedies for parents?” asked Norman Siegel, a civil liberties attorney in New York who has been working with the protesters says “It’s very troubling.”

Supporters of the inBloom project argue that the information is safer in the database than scattered throughout school districts. Plus, the project’s upside is enormous, they say, with the power to transform classrooms nationwide.

 

Google’s Gmail Will Read Your Private Messages

Snapshot_034

People sending email to any of Google’s 425 million Gmail users should not expect  that their communications are confidential, Google has said in a court filing.

Consumer Watchdog, the advocacy group that uncovered the filing, called the revelation a “stunning admission.” It comes as Google and its peers are under pressure to explain their role in the National Security Agency’s (NSA) mass surveillance of US citizens and foreign nationals.

John Simpson, Consumer Watchdog’s privacy project director. said “Google has finally admitted they don’t respect privacy, and people should take them at their word; if you care about your email correspondents’ privacy, don’t use Gmail.”

Google is attempting to dismiss a class action lawsuit that accuses the tech giant of breaking wire tap laws when it scans emails sent from non-Google accounts in order to target ads to Gmail users.

That suit, filed in May, claims Google “unlawfully opens up, reads, and acquires the content of people’s private email messages”. It quotes Eric Schmidt, Google’s executive chairman: “Google policy is to get right up to the creepy line and not cross it.”

 

Congress Wants Some Answers About Google Glass

Snapshotlilacgown3_001

Imagine being at a crowded function , and someone approached you wearing pair of funny looking  glasses, one side of which had a thick aluminum frame. Not knowing that someone  is wearing Google glasses. This person approaching you would be able to identify you by facial recognition, and by the time he or she has walked up to you, they just done peeped your hole card, your name, your job, where you lived and how much you make? And guess what? your conversation was being recorded and that your photo, or whatever the wearer was looking at, could be posted online? What would you do? Unless you know the full capabilities of Google’s Glass project. How would you know to ask the person wearing the Google Glass headset not to record you? Chances are you wouldn’t. Worse scenario, The Google glass wearer shows up at your residence. Well some members of Congress is finding google glass kind of creepy and want some answers.  The  Bi-partisan Congressional Privacy Caucus sent a letter to Google CEO Larry Page asking questions about how Google planned to ensure that the privacy of users, and more important, non-users, was being protected. In other words the congressmen want to know what safeguards Google was putting into place to guard against the violation of privacy laws. Google has until June 14 to respond to the inquiries by the caucus. Unless they can ease the fears we can expect some regulations concerning Google Glass.

View here

Tag Cloud

%d bloggers like this: