Photos and videos posted to private accounts on Instagram and Facebook can be accessed, downloaded, and distributed publicly by friends and followers via source code
The hack — which works on Instagram stories as well — requires only a rudimentary understanding of HTML and a browser. It can be done in a handful of clicks. A user simply inspects the images and videos that are being loaded on the page and then pulls out the source URL. This public URL can then be shared with people who are not logged in to Instagram or do not follow that private user.
According to tests performed by BuzzFeed’s Tech + News Working Group, JPEGs and MP4s from private feeds and stories can be viewed, downloaded, and shared publicly this way.
“The behavior described here is the same as taking a screenshot of a friend’s photo on Facebook and Instagram and sharing it with other people,” a Facebook spokesperson told BuzzFeed News. “It doesn’t give people access to a person’s private account.”
But it’s not exactly the same. There is a difference between being able to screenshot a private image from a webpage and being able to easily publicly share the URL of that private image with un-authenticated users.
There is a difference between being able to screenshot a private image from a webpage and being able to easily publicly share the URL of that private image with un-authenticated users.
The hack also works when images and videos in a private Instagram story, which are meant to last for only 24 hours, expire or are deleted. Linking URLs to content from stories seems to be valid for a couple days; links to photos on the feed remain live for potentially even longer. The same is true for stories that have purportedly expired.
An employee had abused his access to a government driver’s license database and snooped on thousands of people in the state, mostly women. A female Minnesota officer learned that she was one of them.
When the female officer asked for an audit of accesses to her DMV records, as allowed by Minnesota state law, she learned that her information—which would include things like her address, weight, height, and driver’s license pictures—had been viewed nearly 1,000 times since 2003, even though she was never under investigation by law enforcement. The officer joined the Minneapolis Police Department in 2012, after spending eight years working elsewhere for the city, mostly as an officer for the Park & Recreation Board. She later learned that over 500 of those lookups were conducted by dozens of other cops. Even stranger, many officers had searched for her in the middle of the night.
Officer Krekelberg eventually sued the city of Minneapolis, as well as two individual officers, for violating the Driver’s Privacy Protection Act, which governs the disclosure of personal information collected by state Departments of Motor Vehicles. Earlier this week, she won. On Wednesday, a jury awarded Krekelberg $585,000, including $300,000 in punitive damages from the two defendants, who looked up Krekelberg’s information after she allegedly rejected their romantic advances, according to court documents.
Law enforcement officials have also been caught abusing technology that allows them to monitor the location of people’s cellphones. In April, a former Missouri sheriff was sentenced to six months in prison for tracking a judge and members of the State Highway Patrol.
Employees at private tech companies have also abused their access to databases of sensitive user information. Uber settled a lawsuit with the New York Attorney General in 2016 over its “God View” tool, which allowed employees to track the location of riders without their consent, including that of a Buzzfeed reporter.
Google has tracking what you buy through your Gmail inbox and storing them in a Google Account page that was a secret. This purchase tracking has gone on for several years before being discovered. A list is created of your online shopping history that can stretch back five years. Google claims it is doing this to help its users keep track of everything they’ve purchased in one place — but people are seeing this as an invasion of privacy. Google says and has promised that you’re the only one who can see this data.
Here’s what you can do to delete the info Google has stored.
1. Google tracks multiple email types through Gmail, including purchases, payments, subscription services and reservations, say for hotels, cars and airline tickets. To view and manage them, start by navigating to https://myaccount.google.com/.
2. Select Payments & subscriptions.
3. From here, you can click into each grouping. You can view items here, which could include a subscription to YouTube or Google Photos.
4. Click into each item and tap “Remove reservation,” “Remover purchase” and so on to delete anything you don’t want stored in your Gmail account.
Manage your web and app activity
Your Web and App Activity includes searches through Google, Maps and Play. This is how you can update your settings. You’ll be able to pause activity from being recorded and delete anything that has been saved — especially private information.
4. From here, you can turn off and delete activity being saved to Google. Even if you’re not online, Google is still able to keep track of your activity and will sync the data once you’re online, so keep your Web & App Activity off if you want to keep things private.
The first American Census was posted publicly, for logistics reasons, more than anything else. Transparency was the best way to ensure every citizen could inspect it for accuracy.
Privacy-conscious citizen did find more traction with what would become perhaps America’s first privacy law, the 1710 Post Office Act, which banned sorting through the mail by postal employees.
“I’ll say no more on this head, but When I have the Pleasure to See you again, shall Inform you of many Things too tedious for a Letter and which perhaps may fall into Ill hands, for I know there are many at Boston who dont Scruple to Open any Persons letters, but they are well known here.” ~ Dr. Oliver Noyes, lamenting the well-known fact that mail was often read.
This fact did not stop the mail’s popularity
Gilded Age: 1840–1950 — Privacy Becomes The Expectation
“Privacy is a distinctly modern product” ~ E.L. Godkin, 1890
Two Democratic US senators Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) have asked the Federal Trade Commission to investigate privacy problems related to Internet-connected televisions.
“Many Internet-connected smart TVs are equipped with sophisticated technologies that can track the content users are watching and then use that information to tailor and deliver targeted advertisements to consumers,” Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) wrote in a letter yesterday to FTC Chairman Joseph Simons.
It would be up to Congress to pass new laws for smart TVs. But the FTC can punish companies for unfair and deceptive business practices. Action was taken against smart TV manufacturer Vizio last year.
Facebook recently announced that a bug made the posts of 14 million users public without their knowledge. A small software bug with big consequences. When you make a post to Facebook, it always asks who should see the post: your posts can be public, only visible to friends, only visible to certain friends, or only visible to you. Usually, Facebook remembers whatever you last set this to, automatically publishing your posts to the same audience you did last time. This bug caused the setting to default to posting publicly, many Facebook users probably didn’t notice.
Although you could still manually change the setting so anything you posted was private, you would have to notice that the default had changed. And since no one knew Facebook was making privacy changes, it was easy to miss. That means you could have made some of your private thoughts public.
The issue only affected posts from May 18 to May 27, 2018, and didn’t affect posts made before or after. But that’s was still enough time for 14 million users to have made public posts — some of which were surely unintentional.
It’s a good idea to browse through your profile and make sure no posts in May were accidentally made public.
Equifax was hacked and they have information on 143 million Americans. The supposed hackers have made their demands of Equifax. The hackers are asking for over 600 Bitcoin – that much Bitcoin amounts to $2.66USD million. The hackers claim that if Equifax pay up , they will delete all of the data. Equifax has until September 15th to pay up.
The hackers have told Equifax to request any part of the stolen data and they will show it to them to prove that they’re legitimate.The hackers have given Equifax until September 15 to pay the ransom or the data will be publicized.
A proposed class-action lawsuit was filed against Equifax Inc. late Thursday evening, shortly after the company reported that an unprecedented hack had compromised the private information of about 143 million people.
A complaint was filed in Portland, Ore., federal court, users alleged Equifax was negligent in failing to protect consumer data, choosing to save money instead of spending on technical safeguards that could have stopped the attack. Data revealed included Social Security numbers, addresses, driver’s license data, and birth dates. Some credit card information was also put at risk.
Soniac was one of the three apps found on Google Play, according to a blog post published Thursday by a researcher from mobile security firm Lookout. The app, which had from 1,000 to 5,000 downloads before Google removed it. Soniac had the ability to record audio, take phones, make calls, send text messages, and retrieve logs, contacts, and information about Wi-Fi access points. Google ejected the app after Lookout reported it as malicious. Two other apps—one called Hulk Messenger and the other Troy Chat—were also available in Play but were later removed. It’s not clear if the developer withdrew the apps or if Google expelled them after discovering their spying capabilities. The apps are all part of a malware family Lookout calls SonicSpy.
Once installed, SonicSpy apps remove their launcher icon to hide their presence and then establish a connection to the control server located on port 2222 of arshad93.ddns[.]net.
The researcher said SonicSpy has similarities to another malicious app family called SpyNote, which security firm Palo Alto Networks reported last year. The name of the developer account—iraqwebservice—and several traits found in the apps’ code suggest the developer is located in Iraq. Additionally, much of the domain infrastructure associated with SonicSpy has references to that country. The phrase “Iraqian Shield” appears constantly. Lookout is continuing to follow leads suggesting the developer is based in that part of the world.
The FBI say, many toys sporting cloud-backed features such as speech recognition or online content hosting “could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.
“Security safeguards for these toys can be overlooked in the rush to market them and to make them easy to use,” the FBI warns. “Consumers should perform online research of these products for any known issues that have been identified by security researchers or in consumer reports.”
This comes after a number of kids’ toys were found to be indirectly spying on kids by collecting and storing data, including audio conversations and personal information, without parents’ knowledge.
Germany’s Federal Network Agency, or Bundesnetzagentur, has banned Genesis Toys’ Cayla doll as an illegal surveillance device.
The United States Senate is planning to start the process Today to eliminate rules that would prevent broadband internet providers from collecting sensitive data from subscribers. A vote is expected to take place on Thursday.
The expected vote was confirmed to International Business Times by a spokesperson for Florida Democratic Senator Bill Nelson, who will speak in opposition of the measure on Wednesday, and open internet advocacy group Public Knowledge.
A bipartisan group of House and Senate lawmakers introduced a bill that would require US police agencies to obtain a warrant before deploying cell-site simulation surveillance devices known as “stingrays,” reports USA Today
Norwegian consumer council Forbrukerrådet, says some high-tech toys created by U.S.-based manufacturer Genesis Toys are hazardous to children’s privacy and warranted a complaint to the Federal Trade Commission and the European Union.
The toys in question are My Friend Cayla and i-Que, they both have— a smartphone app that allows kids to talk to their toy and have it respond to what they say. Even though it appears that all communication stays between the app and the product, it actually gets sent to a remote server in the United States, without asking for the user’s permission first.
Parents setting up the product aren’t informed that their kids’ voices are sent to a server called Nuance, which is then free to use the recordings. According to Nuance’s Terms of Service, the data can be used for advertising and marketing and shared to third parties.
The exploit was delivered through a Tor mailing list that when opened could unveil the MAC address and possibly even the IP address of a user running Tor Browser on Firefox. Researcher Joshua Yabut said it is “100 percent effective for remote code execution on Windows systems, versions 41 to 50 of Firefox are reportedly affected.”
The Tor Project has announced the release of its prototype for a Tor-enabled smartphone—an Android phone complete with privacy and security in mind.
Tor developer Mike Perry who designed the phone, says they are trying to demonstrate that it is possible to build a phone that respects user choice and freedom, vastly reduces vulnerability surface, and sets a direction for the ecosystem with respect to how to meet the needs of high-security users. To protect user privacy, the prototype runs OrWall, the Android firewall that routes traffic over Tor, and blocks all other traffic. Users can punch a hole through the firewall for voice traffic, for instance, to enable Signal
The FBI runs searches of face recognition databases more often than wiretaps.
About 25 percent of police departments across the country have access to facial recognition networks. Those networks are often cross-referenced with databases of ID photos such as driver’s licenses.
According to the report. law enforcement can do almost whatever they want with this technology, including scanning the photos of people who have never committed a crime. No state legislature “has passed a law comprehensively regulating police face recognition,”
A team of researchers led by MIT grad student Albert Kwon (with help from EPFL) aims to leapfrog Tor’s anonymizing technique with a brand new platform called Riffle.
Tor — has prompted computer scientists to try to come up with more secure anonymity schemes. At the Privacy Enhancing Technologies Symposium in July, researchers at MIT’s Computer Science and Artificial Intelligence Laboratory and the École Polytechnique Fédérale de Lausanne will present a new anonymity scheme that provides strong security guarantees but uses bandwidth much more efficiently than its predecessors.
The system is devised by Albert Kwon and his coauthors — his advisor, Srini Devadas, the Edwin Sibley Webster Professor of Electrical Engineering and Computer Science at MIT; David Lazar, also a graduate student in electrical engineering and computer science; and Bryan Ford SM ’02 PhD ’08, an associate professor of computer and communication sciences at the École Polytechnique Fédérale de Lausanne — employs several existing cryptographic techniques but combines them in a novel manner.
The system is a series of servers called a mixnet. Each server permutes the order in which it receives messages before passing them on to the next. If, for instance, messages from senders Alice, Bob, and Carol reach the first server in the order A, B, C, that server would send them to the second server in a different order — say, C, B, A. The second server would permute them before sending them to the third, and so on. An adversary that had tracked the messages’ points of origin would have no idea which was which by the time they exited the last server. It’s this reshuffling of the messages that gives the new system its name: Riffle. Riffle also uses a technique known as onion encryption; “Tor,” for instance, is an acronym for “the onion router.” With onion encryption, the sending computer wraps each message in several layers of encryption, using a public-key encryption system like those that safeguard most financial transactions online. Each server in the mixnet removes only one layer of encryption, so that only the last server knows a message’s ultimate destination.
To thwart message tampering, Riffle uses a technique called a verifiable shuffle. Because of the onion encryption, the messages that each server forwards look nothing like the ones it receives; it has peeled off a layer of encryption. But the encryption can be done in such a way that the server can generate a mathematical proof that the messages it sends are valid manipulations of the ones it receives. Mixnets has been around for awhile, but unfortunately it’s always relied on public-key cryptography and on public-key techniques, and has been expensive. Whats different about this research is that it reveals how to use more efficient symmetric-key techniques to accomplish the same thing. They do one expensive shuffle using known protocols, but then they bootstrap off of that to enable many subsequent shufflings.
There’s no plan to commercialize Riffle, either, nor will it be a replacement for Tor, even though it does some things vastly better.
Jacob Appelbaum, has stepped down in response to what it called “public allegations of sexual mistreatment.” Tor is free software that channels internet traffic through a series of relays to anonymize its users. In addition to his security research at the Tor Project, Appelbaum is a journalist who worked on WikiLeaks and the Edward Snowden disclosures.
Rolling Stone dubbed him the “public face of the Tor Project” in a 2010 profile that detailed his involvement with Tor and WikiLeaks.
Tor Project executive director Shari Steele provided a statement . Alison Macrina, the founder of The Library Freedom Project, also referenced the allegations on Twitter, saying she had spoken to several victims. The Library Freedom Project is an organization that educates librarians about privacy and collaborates with the Tor Project to establish Tor exit nodes in libraries. “no more open secrets, no more missing stairs. you’re not alone. you were never alone. and I’m pretty sure things are just getting started,” Macrina tweeted.
Appelbaum posted a response to the allegations against him on Twitter, saying they are part of a “calculated and targeted attack” intended to undermine his advocacy work.
Appelbaum suggested that he would sue his accusers if necessary to clear his name, calling the allegations libelous. His full statement is here
The idea of turning on your TV with a spoken command may sound wonderful— no more fumbling for the remote! But for that to work, the TV needs to be listening all the time, even when you’re not watching. And even when you’re discussing something extremely personal, or engaged in some other activity to which you’d rather not invite eavesdroppers.
How much should you be concerned about it? Maybe your TV never records any of your casual conversations. Or maybe its manufacturer is recording all that, but just to find ways to make the TV better at understanding what you want it to do. Or maybe it retains everything it hears for some other hidden purpose. You just have to can hope the company keeps its promises on privacy. More important, you have to trust that its computer systems are really secure, or those promises are suddenly worthless. That part is increasingly difficult to guarantee — or believe — as hacking becomes routine.
Then there’s the kids toys such as Hello Barbie talking doll which stores your conversation once the child presses her belt, or Dino, the dinosaur powered by IBM’s Watson artificial-intelligence system?
Cars will work with GPS technology and sensors in parking meters, roads and home appliances to help route you around traffic and turn on your living-room lights as you approach the driveway. But that can also generate a detailed record of your whereabouts.
Thermostats from Nest and others will get smarter at conserving energy when you’re away. Potential burglars might find that information handy.Home security cameras are getting cheaper by the dozen, but they’re sometimes insecure themselves, especially if you set them up clumsily. There’s already a website devoted to showing video from cameras with no passwords. It appears that convenience usually wins. Shiny new things are inherently attractive, and it takes a while for some of us to get uneasy about the extent to which we may be enabling our own surveillance.
Edward Snowden, the former intelligence contractor who leaked classified documents to expose government surveillance, will speak in December 5, 2015 to a Park City Utah audience via video from his apartment in Russia where he has been given asylum. Snowden will participate in a discussion on cybersecurity at 7:30 p.m. Dec. 5 at the Eccles Center. The discussion will be moderated by KUER’s Doug Fabrizio.Another guest will be Ben Wizner, director of the American Civil Liberties Union’s Speech, Privacy & Technology Project. Snowden comes to The Eccles Center via closed video feed. The evening begins at 7:30 p.m.
There are a bunch of them on forums. These hackers remain anonymous, offering certain services, and demand decentralized payment. hacking a Gmail account goes for 90 bucks.
One post on an underground hacking forum claims it will “Website hack or ddos. Paying well.” The poster explained that they wanted a WordPress-built website down. While this person would not provide reasons, he or she did add that the bounty was as much as “2k euro.”
A tool to hack Facebook accounts: $19.99 for 3 months
On this same forum you can find a post for a downloadable tool called Facebook Hacker, which allows users hack into Facebook accounts. It claims that it can “hack any Facebook,” People responding to this thread claimed the service worked.
One popular hacker offering involves boosting Yelp ratings. Many offer services for posting positive Yelp reviews for a price. They can go as low as $3 a pop. Other, more savvy individuals say they’ve figured out how to remove bad reviews. Some hackers even offer months-long services for a set fee
Facebook account access: $350
Another post on HackersList requested help accessing a Facebook account. The description for the project is somewhat amusing; “I need to get into a facebook page. Long short of it is I must know whats going on and I have no other choice (sic).” This plea successfully closed with a $350 bid
Hilton HHonors Points: $15
Earlier this year Hilton reportedly admitted that its rewards program HHonors had been vulnerable to a breach which potentially put many members’ passwords and PINs at risk. Even though Hilton reportedly patched the problem and urged all customers to change their passwords, hackers are still offering ways to hack into HHonors member accounts and steal their points. While individual accounts go for as little as $3, some hackers have set up configurations to crack into multiple accounts. These go for about $15.
Netflix passwords: $1.25
One easy find online are hacked Netflix accounts. You can find numerous postings on a number of hacking forums hawking individual Netflix credentials. They go for about $1.25 a pop. A site called PayIvy recently made headlines when hackers put their loot on the PayIvy marketplace, getting payed anonymously via PayPal. While many hacked Netflix accounts are still available on PayIvy, the company claims that it will scrub all illegal content from its marketplace later this month
A security analyst at the software company says it’s not the things in the Internet of Things that we should worry about. It’s those cloud servers with vast databases of personal information gathered from all those connected devices. Hacking is a business. There needs to be an return on investment.” In the business of hacking, it’s not the device that’s valuable. It’s the data they generate. Individual devices are hard to secure and can be trivially easy to compromise because so many people fail to change the default user names and passwords.
The biggest profit on a cyber criminal’s investment, isn’t in hacking a toaster, it’s in grabbing data from thousands of users at a time by hacking servers. High profile hacks, from Home Depot to Target spilled user names, credit card details, or other information onto the web. And this is just the beginning.
Greater amounts of data are going into the cloud. Hackers can learn which rooms in your house you spend the time in, and when. Smart appliances transmit our voice commands to their manufacturers. Car insurance companies deploy tracking devices to gauge driver safety. Fitness trackers know our heart rates and how many steps we take each day. The photos we upload to Instagram may include geographic coordinates. In addition to the information we deliberately post to Twitter and Facebook, social networks could log other information, such as how often we log in and what times we generally post.
Individually, it might not seem like much of this data would be problematic if it were leaked. But as it starts to be combined in new ways, this data in wrong hands could come back to haunt us, perhaps even years later.
Interaction with your devices can leave a trail of digital exhaust behind. Once this data is combined creating very rich profiles of people, some worry there may be death of privacy.
Currently, hackers often sell databases full of stolen credit card numbers, social security numbers and passwords. In the future, these databases could include even more personal information gathered from sensors and connected devices.
What can companies do?
The most important thing that companies can do to help protect their customers is to stop gathering data that isn’t necessary for the operation of the service. Moreover, they can encrypt the data they do collect — preferably in ways that only the customers themselves can decrypt. New laws regulating what information can be collected, and how it can be stored, may also help.
Hello Barbie is an internet-connected version of a Barbie doll, complete with a wireless connection, microphone, speaker, advanced voice recognition capabilities, and a “customized cloud-based database of her owner’s likes and dislikes” so Barbie can have “real” back and forth conversations with her owner. Hello Barbie is expected to sell for $75 by the holiday shopping season.
Just last month, the “first” smart doll Cayla was hacked. Despite British toymaker Vivid Toys promising its software would block inappropriate words, security researcher Ken Munro from Pen Test Partners discovered four attacks to make Cayla spew curse words: by modifying the “database contents on the child’s phone;” via a MITM (man-in-the-middle) attack; by “backdooring” the Cayla doll and by “random pairing” such as when the doll’s owner gets out of the range; it took just one tap for an attacker’s device to pair with the doll’s Bluetooth functionality.
Parents are advised that if you intend to get your child an IoT version of Barbie, please be wise about creating a strong password in order to protect you and your child’s privacy.
Sony Pictures documents by data security consultancy Identity Finder found personal information, including salaries and home addresses, posted online for staff who stopped working for Sony Pictures as far back as 2000 and one person who began working there in 1955.
The hack, by a group calling itself Guardians of Peace, illustrates the risks large companies such as Sony Pictures take by accumalting years of digital records on employees and customers on machines connected to the internet. Much of the data analyzed by Identity Finder was stored in Microsoft Excel files without password protection.
The documents also contain the social security numbers, or taxpayer-identification numbers, of thousands of freelancers, including actors who appeared in movies and television shows produced by the Sony-owned studio, one of Hollywood’s largest. Among them are Stallone, The 40-Year-Old Virgin director Judd Apatow and Australian actor Rebel Wilson.
The personal data and other sensitive documents in files now being traded on file-sharing networks such as BitTorrent. Investigators, including teams from Sony Pictures, the Federal Bureau of Investigation and computer-security firm FireEye, say the hackers used methods similar to ones previously attributed to North Korea. The malware was made on a machine with Korean language settings during Korean peninsula working hours and appears very similar to a tool used last year against South Korea banks and television stations.
A Russian cybersecurity company named Kaspersky Lab has released a report noting the similarities between the Sony hack and last year’s attacks on South Korea, although it could not identify who was behind the incident.
The studio is offering a year of free credit monitoring and fraud protection to current and former employees. Its lawyers are also trying to force websites to remove the data or links to it. But once data is out there it and becomes available on file-sharing networks, it is almost impossible to remove. Current and former Sony Pictures employees are infuriated at the leak and fear what else may appear online.
Fitness devices , health monitoring applications and advancements in social media and mobile device technology provide new opportunities for health care providers, but also raise some pertinent privacy issues. According to a report from the California HealthCare Foundation by health economist and consultant Jane Sarasohn-Kahn, proliferation of extremely large databases of health information challenge regulators’ and society’s ability to ensure individuals’ data rights and privacy. For example, while personal health information held by health care providers and insurers is protected under the Health Insurance Portability and Accountability Act (HIPAA), many other sources of consumer data are not covered and can be disclosed to third parties. The report notes user-generated data that could be used in health profiling are held by gyms, Websites, banks, credit card companies, cosmetic medicine groups, fitness clubs, home testing labs, massage therapists, nutrition counselors, alternative medicine practitioners, disease advocacy groups, and marketers of non-prescription health products and foods. – The report warns data shared on a social networking site can become a “digital tattoo” for a consumer, which is impossible to remove.
Tools are being developed such as the Personal Data Locker for consumers to control their user-generated data. Former chief medical officer of Practice Fusion, Dr. Robert Rowley, is developing FlowHealth, a communication platform for care teams and patients, facilitating transitions of care, and aggregating patient-centered data from the sources where it is found. –
A report earlier this year from Accenture revealed that the vast majority of U.S. patients want to control their health data; however,(55 percent) believe they do not have very much—or any—control over their medical information. –
Edward Snowden has plans to work on technology to preserve personal data privacy and called on programmers to join his efforts. He spoke via a Google Hangout from Russia at the Hackers on Planet Earth Conference in New York.
Hacker aka “Th3 Pr0,” decided to hack CNN when saw something on Twitter he did ‘nt like. A recent report that alleged Bashar al-Assad’s regime is guilty of “systematic torture and killing” of thousands of detainees. Th3 Pro and another hacker of the Electric Syrian Army sent their first fake tweet from CNN’s official Twitter account. More fake tweets included @NatlSecurityCNN, @CNNSitRoom and @CNNPolitics. as well as CNN’s official Facebook page.
It seems that hackers got control of CNN’s social-media by relying on a wave of phishing emails to CNN employees. The emails were well written in good English and contained links that looked legitimate and appeared to come from real CNN email addresses. Researchers say the Syrian Electric Amy’s attack on CNN was highly effective, and that similar hacks will continue until employees learn to detect suspicious emails, avoid clicking on links without double-checking them first and never give up their credentials.
The leaking of classified documents detailing the data collection activities of the U.S. National Security Agency earlier this year reignited some long-standing concerns about the vulnerability of enterprise data stored in the cloud.
Experts have predicted, that leaks about the NSA spy programs are driving some long overdue changes in enterprise and service provider security and privacy policies.
When Edward Snowden first began spilling details of the NSA’s surveillance practices via metadata to selected reporters in June, industry analysts had expected that it would dampen plans for cloud deployment.
For instance, the Information Technology & Innovation Foundation in August said the leaks could cause U.S. cloud providers to lose up to $35 billion in potential sales through 2016.
Another industry group, the Cloud Security Alliance, predicted a similar backlash due to concerns by European companies that the U.S. government would access to their data.
Six months later, now the impact appears to be less severe than anticipated.
Despite some reports of slowing sales of cloud services by U.S. vendors to overseas companies, experts now expect that the Snowden leaks will have little effect on long-term sales. The business benefits of using cloud-based services continue to supersede enterprise fears of government snooping.
At the same time though, the detailing of classified NSA spy programs has prompted an increased emphasis on cloud data security and protection that’s expected to grow further in 2014.
Analysts say IT security officials are looking at several key areas, such as data encryption, key management and data ownership, regionalization, and the need for increased government transparency, to improve cloud security.
Encryption has gained a lot of attention since the Snowden leaks. Major service providers like Microsoft, Yahoo and Google set the tone by adding end-to-end encryption of data they host and manage for customers.
For instance, Google Cloud Storage now automatically encrypts all new data before it’s written to disk. Such server-side encryption will soon be available for older data stored in Google clouds.
Since the NSA programs were disclosed, Microsoft has announced that it plans to ramp up encryption support for various services, including Outlook.com, Office 365, SkyDrive and Windows Azure.
By the end of 2014, Microsoft expects to have measures in place for encrypting data in transit between customer locations and its data centers, and while in transit between its own data centers.
Like Google, Microsoft says it plans to encrypt all stored data in the cloud
Several other cloud services providers, like Dropbox, Sonic.net and SpiderOak, have announced support for similar data encryption programs, and for features like 2048-bit key lengths and the “Perfect Forward Secrecy” method for future-proofing encrypted data.
Information in the classified documents about NSA attempts to weaken encryption algorithms, and to tap fiber links connecting service provider data centers provided much of the force for these efforts.
Meanwhile, large U.S.-based cloud service providers are setting up service operations in different parts of the world in part to lower delivery costs and deliver better performance to local customers.
Back in December, for instance, Amazon announced that it plans to start delivering Amazon Web Services products in China starting 2014. The plan calls for the company to install cloud servers in China facilities to deliver hosted services to businesses in that country.
Concerns stemming from the Snowden affair definitely will force the government to be more transparent about data collection programs.
Google, Microsoft, Yahoo and an array of other high-technology vendors are now pressing the government to allow them to disclose details about secret requests for customer data by the NSA and other intelligence agencies. The companies argue that laws prohibiting them disclosing details of such requests have created false perceptions about their role in government data collection activities.
Google, Microsoft and others plan to provide more details in their periodic Transparency Reports, and have indicated a willingness to legally challenge certain government requests for data.
Verizon, for instance, says it plans to soon release a Transparency Report that details law enforcement requests for its customer data.
The SXSWedu conference in Austin, Texas, in early March, unveiled the most influential new ed-tech product: a $100 million database built to chart the academic paths of public school students from kindergarten through high school. The database already holds files on millions of children identified by name, address, and sometimes Social Security number, Reuters reported. It includes information about learning disabilities, test scores, and attendance. In some cases, it even tracks student hobbies, career goals, attitudes toward school, and homework completion.
The database is a joint project of the Bill & Melinda Gates Foundation, which provided most of the funding, the Carnegie Corporation of New York, and school officials from several states. A nonprofit organization called inBloom was created to run it.
Local education officials retain control over their students’ information. However, federal law allows them to share files in their portion of the database with private companies selling educational products and services.
The database had ed-tech entrepreneurs clamering over the possibilities for using data to enhance instruction. But parents from New York and Louisiana have written to state officials in protest. So have the Massachusetts chapters of the American Civil Liberties Union and Parent-Teacher Association.
If student records leak, are hacked, or are abused, “what are the remedies for parents?” asked Norman Siegel, a civil liberties attorney in New York who has been working with the protesters says “It’s very troubling.”
Supporters of the inBloom project argue that the information is safer in the database than scattered throughout school districts. Plus, the project’s upside is enormous, they say, with the power to transform classrooms nationwide.
People sending email to any of Google’s 425 million Gmail users should not expect that their communications are confidential, Google has said in a court filing.
Consumer Watchdog, the advocacy group that uncovered the filing, called the revelation a “stunning admission.” It comes as Google and its peers are under pressure to explain their role in the National Security Agency’s (NSA) mass surveillance of US citizens and foreign nationals.
John Simpson, Consumer Watchdog’s privacy project director. said “Google has finally admitted they don’t respect privacy, and people should take them at their word; if you care about your email correspondents’ privacy, don’t use Gmail.”
Google is attempting to dismiss a class action lawsuit that accuses the tech giant of breaking wire tap laws when it scans emails sent from non-Google accounts in order to target ads to Gmail users.
That suit, filed in May, claims Google “unlawfully opens up, reads, and acquires the content of people’s private email messages”. It quotes Eric Schmidt, Google’s executive chairman: “Google policy is to get right up to the creepy line and not cross it.”
A new technology, used by hackers, can allow them to track and pinpoint your exact geographic location of the posted pictures.
Hackers can track down your location on the web and find your home address, the school you or your children attend, your place of work or any place you visit. With a click of the mouse, online predators can can access multiple online media sites and search to find exactly where your pictures were taken.Smartphones can leave an invisible locator trail of all the information you access on the web.
Potential hackers access websites such as ………. and repost pictures that people upload online without their knowledge. When doing this they can translate the photos address to the picture.
You can disable this geo-tag service function on your smartphone by going to the “Settings” section of your phone and turning off the location services for your pictures.
So, before you post your pictures online, make sure you take all precautions to assure your privacy is not violated.
Imagine being at a crowded function , and someone approached you wearing pair of funny looking glasses, one side of which had a thick aluminum frame. Not knowing that someone is wearing Google glasses. This person approaching you would be able to identify you by facial recognition, and by the time he or she has walked up to you, they just done peeped your hole card, your name, your job, where you lived and how much you make? And guess what? your conversation was being recorded and that your photo, or whatever the wearer was looking at, could be posted online? What would you do? Unless you know the full capabilities of Google’s Glass project. How would you know to ask the person wearing the Google Glass headset not to record you? Chances are you wouldn’t. Worse scenario, The Google glass wearer shows up at your residence. Well some members of Congress is finding google glass kind of creepy and want some answers. The Bi-partisan Congressional Privacy Caucus sent a letter to Google CEO Larry Page asking questions about how Google planned to ensure that the privacy of users, and more important, non-users, was being protected. In other words the congressmen want to know what safeguards Google was putting into place to guard against the violation of privacy laws. Google has until June 14 to respond to the inquiries by the caucus. Unless they can ease the fears we can expect some regulations concerning Google Glass.