Final exam question: The default setting is “NOT
SECURE.” What should your first step be?
Mallory Locklear reports:
Data leaks are par for the course these days, and the latest company to be involved in one is GoDaddy. The company, which says it’s the world’s top domain name registrar with over 18 million customers, is the subject of a new report from cybersecurity firm UpGuard that was shared exclusively with Engadget. In June, cyber risk analyst Chris Vickery discovered files containing detailed server information stored in an unsecured S3 bucket — a cloud storage service from Amazon Web Services. A look into the files revealed multiple versions of data for over 31,000 GoDaddy systems.
Read more on Engadget.
An ethical hacking tool. OR Why I remain
anti-social.
New facial
recognition tool tracks targets across different social networks
The
Verge – The open-source program is designed for security
researchers: “Today, researchers at Trustwave released a
new open-source tool called Social Mapper, which uses facial
recognition to track subjects across social media networks. Designed
for security researchers performing social engineering attacks, the
system automatically locates profiles on Facebook, Instagram,
Twitter, LinkedIn, and other networks based on a name and picture.
Those searches can already
be performed manually, but the automated process means it
can be performed far faster and for many people at once. “Performing
intelligence gathering online is a time-consuming process,”
Trustwave explained in
a post this morning. “What if it could be automated and done
on a mass scale with hundreds or thousands of individuals?” Social
Mapper doesn’t require API access to social networks, a restriction
that has hampered social
media tracking tools like Geofeedia. Instead, the system
performs automated manual searches in an instrumented browser window,
then uses facial recognition to scan through the first 10 to 20
results for a match. The manual searches mean the tool can be quite
slow compared to API-based scans. The developer estimates that
searching a target list of 1,000 people could take more than 15
hours. The end result is a spreadsheet of confirmed accounts for
each name, perfect for targeted phishing campaigns or general
intelligence gathering. Trustwave’s emphasis is on ethical hacking
— using phishing techniques to highlight vulnerabilities that can
then be fixed — but there are few restrictions on who can use the
program. Social Mapper is licensed as free software, and it’s
freely available on
GitHub…”
I should poll my students before showing them
this.
Study –
How Do Americans Feel About Online Privacy in 2018?
The Best VPN – “Concerns around online privacy
have come to a head in 2018. In mid-March, The
New York Times and The
Guardian reported that data from 50 million Facebook profiles was
harvested for data mining firm Cambridge Analytica — a number that
would eventually be revised to 87 million in one of the largest data
collection scandals of all time. Two months later, inboxes were
flooded by a slew of privacy policy updates following the
implementation of the EU’s GDPR, a privacy policy law that set
guidelines for the collection and use of data. Although the law was
designed to increase transparency regarding the collection of data,
the updates raised user concern around how companies had been
obtaining and using personal information in the past. So, with
thundering headlines about data breaches and privacy loss stoking
fears, just how are Americans feeling about their online privacy? To
answer this question, we used Google Surveys to target 1,000
Americans of all genders and ages across the United States. Read
on to see how we conducted our survey and learn more about our
individual findings, or jump
to view our full infographic…”
The Internet equivalent of shouting “Fire!” in
a crowded theater?
Hard
Questions: Where Do We Draw The Line on Free Expression?
… While we’re not bound by international
human rights laws that countries have signed on to, we are a member
of a global initiative
that offers internet companies a framework for applying human rights
principles to our platforms. We look for guidance in documents like
Article 19 of the International
Covenant on Civil and Political Rights (ICCPR), which set
standards for when it’s appropriate to place restrictions on
freedom of expression. ICCPR maintains that everyone has the right
to freedom of expression — and restrictions on this right are only
allowed when they are “provided by law and are necessary for: (a)
the respect of the rights or reputations of others; (b) for the
protection of national security or of the public order, or of public
health or morals.”
… Posts that contain a credible threat of
violence are perhaps the most obvious instances where restricting
speech is necessary to prevent harm.
… Hate speech too can constitute harm because
it creates an environment of intimidation and exclusion and in some
cases may have dangerous offline implications. It is perhaps one of
the most challenging of our standards to enforce because determining
whether something is hate speech is so dependent on the context in
which it is shared.
… It’s important to note that whether or not
a Facebook post is accurate is not itself a reason to block it.
(Related)
Facebook
Blocks Sharing Of 3D-Printed Gun Files On Its Platforms
… “Sharing instructions on how to print
firearms using 3D printers is not allowed under our Community
Standards,” Facebook said in a statement. “In line with our
policies, we are removing this content from Facebook.”
Security Perspective.
… We don't know enough to conclude whether
this is a good idea, but it shouldn't be dismissed out of hand. We
need to evaluate airport security based on concrete costs and
benefits, and not continue to implement security
theater based on fear.
And we should applaud the agency's willingness to explore changes in
the screening process.
… Over the years, I have written
many
essays
critical of the TSA and airport security, in general. Most of it is
security theater – measures that make us feel safer without
improving security. For example, the liquids ban makes no sense as
implemented, because there's no
penalty for repeatedly trying to evade the scanners. The
full-body scanners are terrible
at
detecting
the explosive material PETN if it is well concealed – which is
their whole point.
There are two basic kinds of terrorists. The
amateurs will be deterred or detected by even basic security
measures. The professionals will figure out how to evade even the
most stringent measures. I've repeatedly
said
that the two things that have made flying safer since 9/11 are
reinforcing the cockpit doors and persuading passengers that they
need to fight back. Everything beyond that isn't worth it.
Perspective.
'Snapchat
dysmorphia' is a disturbing new phenomenon where people want to look
more like their filtered selfies
Instagram and Snapchat filters are the new
celebrity photo, offering up unrealistic standards of beauty that
might trigger people to feel unhappy with the way they look in real
life.
That's according to three Boston University
researchers, who
published an article about body dysmorphia in the JAMA Facial
Plastic Surgery medical journal this month. The article is not a
study, but an overview of industry research and studies.
Free is good!
Roku is moving beyond its own platform by
launching The Roku Channel on the web. This means you no longer need
to own a Roku device to watch Roku’s free,
ad-supported movie channel. Instead, you just need a web
browser pointed at TheRokuChannel.com.
No comments:
Post a Comment