Symantec
Speaks on Latest Threat Trends
… According to the
report (PDF), the number of exposed identities jumped 23%
to 429 million. "But this number
hides a bigger story. In 2015, more and more companies chose not to reveal the
full extent of the breaches they experienced."
Another court explains “search in the digital era.”
Maryland
Court ends Baltimore police use cellphone tracking devices
by Sabrina I. Pacifici on Apr 12, 2016
Via TechDirt: “The Baltimore Police Department’s warrantless
deployment of Stingray devices has come to an end. It may have gotten away with more than 4,300 times so far, but the Maryland Special Appeals Court
has declared these devices operate as searches under the Fourth
Amendment. The 74-page opinion — which belatedly follows its two-page
order from nearly a month ago, indicating which side it had taken in this
dispute — dives into every issue implicated by the warrantless use of
Stingray devices and examines them alongside a long list of Fourth
Amendment-related Supreme Court decisions and the Fourth Circuit Appeals
Court’s precedent-setting US v. Graham opinion on cell site location info…”
[Darlene Fichter]
Because of their App, Uber may have much more information
about you than an “old fashioned” taxi company.
What
Private Information Did Uber Give the Government?
Between July and December 2015, Uber provided information
on more than 11.6 million users and nearly 600,000 drivers to state and local
regulatory agencies, the ride-sharing mobile app said Tuesday.
In its first-ever transparency report,
the transportation company said it is required by law to provide certain
information to government agencies, and has been asked to hand over information
on trip requests, pickup and drop-off locations, and fees. Uber says it was able to negotiate “a narrower
scope,” limiting the amount of information provided than was requested by
regulatory agencies, for more than 42 percent of requests.
Finding the next “Unabomber?”
USPS
leveraging social media to target employee misconduct
by Sabrina I. Pacifici on Apr 12, 2016
Via NextGov: “Paid consultants are scheduled to teach agents
“Internet reconnaissance” during a three-day June workshop at the office’s
Arlington, Virginia, headquarters, according to a November 2015 contracting notice. The training will include methods “to identify the target individual/organization’s social media and Internet
footprint,” the notice states, referring to government employees,
contractors and other companies. “Developing the methods necessary to attack those targets
successfully” via social media and other public Internet pathways will be one
lesson. A government or contract employee’s online footprint could
include, among other things, dating websites, user name searches, phone
searches, website downloads, people searches, and public records, according to
the contract synopsis. Specific websites
mentioned are Facebook, YouTube, Pinterest, Google Image Recognition,
CraigsList and Google Advanced Search. The online surveillance performed
must be covert “with no attribution back” to Postal Service agents,
according to the contract…”
Eventually the FBI will leak everything about this
hack. Meanwhile, would Apple buy details
of the security flaw they used?
FBI paid
professional hackers one-time fee to crack San Bernardino iPhone
The FBI cracked a San Bernardino terrorist’s phone with
the help of professional hackers who discovered and brought to the bureau at
least one previously unknown software flaw, according to people familiar with the matter.
… The bureau in
this case did not need the services of the Israeli firm Cellebrite, as some
earlier reports had suggested, people
familiar with the matter said.
… At least one of
the people who helped the FBI in the San Bernardino case falls into a third
category, often considered ethically murky: researchers who sell flaws — for
instance, to governments or to companies that make surveillance tools.
This last group, dubbed “gray hats,” can be controversial.
Critics say they might be helping
governments spy on their own citizens. Their
tools, however, might also be used to track terrorists or hack an adversary
spying on the United States. These researchers do not disclose the flaws to the companies responsible
for the software, as the exploits’ value depends on the software remaining
vulnerable.
Someone really, really needs to explain technology to this
guy. Learning security by watching TV
News? Is that the best the FBI can
do? (By the way, did you also disable
the microphone on your laptop?)
The
Director of the FBI Puts a Piece of Tape Over his Laptop Webcam. Should You?
FBI
Director James Comey said this week, while speaking about privacy issues
at Kenyon College, that he places a piece of tape over his laptop webcam to
mitigate the danger of secret surveillance.
“I saw something in the news, so I
copied it, I put a piece of tape over the camera,” Comey explained,
“because I saw somebody smarter than I am had a piece of tape over their
camera.”
Passwords are passé. And they are far from adequately secure!
DoD tests
public key infrastructure for DTIC secure website access
by Sabrina I. Pacifici on Apr 12, 2016
SecureIDNews: “The federal government’s use of user
IDs and passwords for access to its applications could soon give way to more
secure PKI-based credentials if more government entities follow the lead of the
U.S. Department of Defense. The Defense
Department is leveraging PKI to better protect its information systems, with
the intent of making access much more secure than the old login system. The DOD’s Defense Technical Information Center
(DTIC) – a DOD entity that
serves the information needs of the defense community and maintains a large
database of research information –
announced that it would no longer enable users to access its secure
websites by a user ID and password…”
(Related) “Two factor” is also less than perfect.
Two-Factor
Authentication Bypassed in Simple Attacks
… In their paper called “How
Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication,”
researchers Radhesh Krishnan Konoth, Victor van der Veen, and Herbert Bos
demonstrate practical attacks against both Android and iOS devices, showing how
a Man-in-the-Browser attack can be elevated to bypass 2FA.
A tool to make Facebook’s job easier? At least it provides the content owner a sense
that they can do something.
Facebook
Launches Tool to Combat Video ‘Freebooting’
Amid complaints
from video creators that their content is being stolen and re-uploaded
across Facebook, the
company on Tuesday announced the release of a new rights management tool for
video producers and companies that aims to combat the “freebooting” piracy
issue.
In a blog post, Facebook said that the tool, called Rights
Manager, will allow video creators to “easily upload and maintain a reference
library of the video content they want to monitor and protect.” Creators can set rules that either permit or
report copies of their work based on criteria like how much of the video has
been clipped or how many views it has garnered.
… Video creators,
many of whom make their living on Google’s YouTube through advertising, had griped
for months that pirated clips were running wild across Facebook as the
social network pushed more into expanding its video business.
Perspective.
The
chatbots are coming — and they want to help you buy stuff
The battle for your online shopping dollars has largely
been waged on websites and, more recently, smartphone apps. Now, retailers are looking to another digital
tool to win your money and your loyalty: An army of chatbots.
Chatbots — the name for robots that simulate human conversation
— have been thrust into the spotlight in recent weeks amid a flurry of new experiments
in how they might be used to shape the future of shopping. Retail heavyweights Sephora
and H&M recently launched
bots on messaging app Kik that help shoppers browse and buy their products.
Taco Bell showed off its TacoBot, a way to use
the messaging app Slack to place a meal order. And on Tuesday, Facebook announced it has
created a platform that allows companies to develop bots that run
within its Messenger app, which has some 900 million users worldwide.
… evangelists of
the technology say that bots are poised to be at the center of a crucial
paradigm shift in how we think about using the Internet. While a Web browser might once have been our
front door to the Internet and apps often play that role today, experts say
that bots could soon become our primary digital gateway. At a conference last month, Microsoft chief
executive Satya Nadella said, “Bots
are the new apps.”
No comments:
Post a Comment