For
my Computer Security class. It's your fellow employees who will doom
your entire security program unless you can drum this lesson into
them.
Stealing
Nude Pics From iCloud Requires Zero Hacking Skills -- Just Some
YouTube Guides
The Department of Justice yesterday charged
a 36-year-old man with stealing nude photos from at least 50 iCloud
and 72 Gmail accounts, most of which belonged to celebrities. Though
not explicitly stated in the court filings or official
statements from the DoJ, it’s apparent Ryan Collins is a chief
suspect in the
2014 “celebgate” leaks in which major actresses were
targeted, including Jennifer
Lawrence and Kate
Upton. Collins has pled guilty to one count of unauthorized
access to a protected computer to obtain information, officials said.
What’s startling about Collins’ alleged
“hacks” is how little technical ability he needed to get access
to those celebrity accounts. Court documents
showed he required no hacking skills at all, creating fake email
addresses – e-mail.protection318@icloud.com and
noreply_helpdesk0118@outlook.com – that appeared to come from
official Apple
and Google
sources. He simply emailed
the celebrities and asked them for their login information, which, it
seems, they duly gave away.
… On YouTube, a simple search for “iCloud
phishing” brings up tutorials on how to craft an effective account
theft campaign in just 15 minutes
… The DoJ said: “In some instances, Collins
would use a software program to download the entire contents of the
victims’ Apple iCloud backups.” [Exactly
what the FBI did in the San Bernadino case. Bob]
Local.
There’s nothing much new in here if you’ve
followed this stuff for years, but some folks still need a reminder
and wake-up call not to tolerate this type of insider wrongdoing:
U.S. police officers in Denver, Colorado are only lightly punished if caught using confidential criminal databases for personal reasons like finding out a woman’s phone number, a police watchdog wrote in a report released Tuesday.
According to the monitor, this allows the abuse to continue.
Read more on TeleSur.
[From
the article:
Independent Monitor Nicholas Mitchell said 25
Denver officers have been punished for inappropriate use of the
databases since 2006. Most of them received reprimands rather than
the harsher penalties.
[The
Annual Report was releases yesterday:
https://www.denvergov.org/content/denvergov/en/office-of-the-independent-monitor.html
What ISPs can see, the FBI can obtain.
A Canadian reader sent along a link to this paper.
What
ISPs Can See Clarifying the technical landscape of
the broadband privacy debate
Authors: Aaron Rieke, David Robinson, and Harlan
Yu
© 2016 Upturn. Licensed under a Creative Commons
Attribution 4.0 International License.
From the Introduction:
In 2015, the Federal Communications Commission (FCC) reclassified
broadband Internet service providers (ISPs) as common carriers under
Title II of the Communications Act.1
This shift triggered a statutory mandate for the FCC to protect the
privacy of broadband Internet subscribers’ information.2
The FCC is now considering how to craft new rules to clarify the
privacy obligations of broadband providers.3
Last week, the Institute for Information Security & Privacy at
Georgia Tech released a working paper whose senior author is
Professor Peter Swire, entitled “Online Privacy and ISPs.”4
The paper describes itself as a “factual and descriptive
foundation” for the FCC as the Commission considers how to approach
broadband privacy.5
The paper suggests that certain technical factors limit ISPs’
visibility into their subscribers’ online activities. It also
highlights the data collection practices of other (non-ISP) players
in the Internet ecosystem.6
We believe that the Swire paper, although
technically accurate in most of its particulars, could leave readers
with some mistaken impressions about what broadband ISPs can see. We
offer this report as a complement to the Swire paper, and an
alternative, technically expert assessment of the present and
potential future monitoring capabilities available to ISPs.
We observe that:
1. Truly pervasive encryption on the
Internet is still a long way off.
The fraction of total Internet traffic that’s
encrypted is a poor proxy for the privacy interests of a typical
user. Many sites still don’t encrypt: for example, in each of
three key categories that we examined (health, news, and shopping),
more than 85% of the top 50 sites still fail to encrypt browsing by
default. This long tail of unencrypted web traffic allows ISPs to
see when their users research medical conditions, seek advice about
debt, or shop for any of a wide gamut of consumer products.
2. Even with HTTPS, ISPs can still see the
domains that their subscribers visit. This type of metadata
can be very revealing, especially over time. And ISPs are already
known to look at this data — for example, some ISPs analyze DNS
query information for justified network management purposes,
including identifying which of their users are accessing domain names
indicative of malware infection.
3. Encrypted Internet traffic itself can
be surprisingly revealing. In recent years, computer
science researchers have demonstrated that network
operators can learn a surprising amount about the contents of
encrypted traffic without breaking or weakening encryption.
By examining the features of network traffic — like the size,
timing and destination of the encrypted packets — it is possible to
uniquely identify certain web page visits or otherwise obtain
information about what the traffic contains.
4. VPNs are poorly adopted, and can
provide incomplete protection.
VPNs have been commercially available for years, but
they are used sparsely in the United States, for a range of reasons
we describe below.
We agree that public policy needs to be built on
an accurate technical foundation, and we believe that thoughtful
policies, especially those related to Internet technologies, should
be reasonably robust to foreseeable technical developments.
We intend for this report to assist policymakers,
advocates, and the general public as they consider the technical
capabilities of broadband ISPs, and the broader technical context
within which this policy debate is happening. This paper does not,
however, take a position on any question of public policy.
(Related) This is why you feel like you are being
followed by hordes of marketers.
How
Marketers Track Your Behaviors When You’re Offline
You know that marketers and retailers track you
online; cookies, social logins, canvas
fingerprinting, and all sorts of other technologies make it easy
for companies to keep track of what you do, not only on their site,
but all over the Internet.
But did you know that these same companies are
monitoring what you do offline, too? Here are some of the
interesting strategies they use to connect your online and offline
lives.
From a purely business model perspective, how much
could Apple save each year if it did not have to respond to the tens
of thousands of requests/warrants/subpoenas from (not just US) law
enforcement?
Apple
Actively Working to 'Double Down' on iCloud Encryption
Apple is working to further harden iCloud security
so that even it won't be able to access user information stored on
its data servers, The
Wall Street Journal has reported.
… Currently, data kept on the cloud service is
accessible by Apple using a key, which is used for restoring account
information if, for example, a user forgets their password. Apple's
access also allows the company to provide relevant information it has
to law enforcement agencies that approach it with proper, legal
requests.
However, Apple appears to be concerned that
keeping a copy of the key means it could be compromised by hackers or
that the company could be legally compelled to turn it over to
governments.
(Related) Does Google have better lawyers than
Apple or are they closer to President Obama?
Google
reveals 77 percent of its online traffic is encrypted
Google is disclosing how much of the traffic to
its search engine and other services is being protected from hackers
as part of its push to encrypt all online activity.
Encryption shields 77 percent of the requests sent
from around the world to Google’s data centers, up from 52 percent
at the end of 2013, according to company statistics released Tuesday.
… In August 2014, Google revised its secret
formula for ranking websites in its search order to boost those that
automatically encrypted their services. The change meant websites
risked being demoted in Google’s search results and losing visitors
if they didn’t embrace encryption.
… Nearly 96 percent of Google’s unencrypted
traffic comes from mobile devices.
(Related) Attention terrorists?
Encrypted
messaging app Peerio launches on Android and iOS
Startup Peerio
today announced the availability of its encrypted messaging app on
both iOS and Android. They’re a long time coming; Peerio first
launched in January 2015, but it’s only been available on desktop,
and the alpha and beta testing for the mobile apps — which support
cloud storage, group chat, and offline read access — have been
going on for several months. Now the iOS app is on the App
Store, and the Android app is on the Google Play Store.
Plus, all
the code for the app is available for anyone to inspect on
GitHub under an open source GPL license.
Have we become so lazy we no longer go out for
dinner? Or is it too easy to have dinner come to us?
Uber For
Food Launches Standalone UberEATS App And It's Expanding To A Dozen
More Cities
Last December, Uber launched UberEATS, the
company's standalone app for food delivery, and it is now available
on Android and iOS.
… The app is initially available to users in
San Francisco, Los Angeles, Houston, Chicago and Toronto, where it
will deliver food ordered from the customers' favorite local
restaurants whatever time of the day and whatever day of the week.
UberEATS will also launch in more cities such as
New York, Dallas, Austin, Atlanta, Seattle, Washington, Paris and
Melbourne in the weeks ahead.
… The app offers different meals with varying
prices. Instant Delivery pricing options would usually range from $8
to $12.
The Instant Delivery feature has a curated menu
that includes four to five daily specials. The
feature promises to deliver food in less than 10 minutes.
(Related) If Google becomes the “go to” site
for all transportation, they control entry into these markets.
Google Maps
goes beyond Uber, adds Ola, Hailo and more car services to its app
Google
reportedly is working on building its own Uber competitor,
and while some believe this will come in the form of a fleet of
autonomous
cars, there is a more immediate option for how Google can
position itself more prominently in Uber’s world: by searching and
aggregating everything that the wider on-demand transport landscape
has to offer.
Today, Google announced
its navigation app Google Maps will be adding a new car services tab
as a complement to its walking, driving and public transportation
directions. It will show fares and riding options from a number of
providers in addition to Uber.
Once upon a time, you could walk to the corner
store and the human behind the counter would greet you by name. Now
you Uber to Walmart and only your iPhone knows who you are.
Amazon
Files To Patent Pay-by-Selfie System
If Amazon manages to follow through on its recent
application to the U.S. Patent & Trademark Office, its customers
might one day be able to verify purchases via action-oriented
selfies. According to the patent application filed Thursday, Amazon
has developed an image-based authentication system that uses facial
recognition technology and sensors to detect an action like blinking
to verify a user's identity during a transaction.
… A survey of 10,000 consumers conducted by
MasterCard found that more than half -- 53 percent -- forgot
important passwords "more than once a week." The
subsequent process needed to reset their passwords typically took
more than 10 minutes, according to the survey. [This
is why I have always advocated writing down your passwords – and
then making certain that list stays with you. Bob]
Didn't they learn from the Internet Explorer
lawsuits?
Microsoft
upgraded users to Windows 10 without their OK
Although I've seen sporadic reports of forced
Windows 10 upgrades appearing out of the blue for several weeks now,
the complaints really started piling up Friday evening. More
and more
Windows 7 and 8.1 customers are complaining that Microsoft upgraded
their computers to Windows 10 -- and they didn't do anything to bring
it on.
One of the most important technologies ever?
How
Bitcoin’s Blockchain Is Making the World More Secure
The blockchain
is an essential part of how most major
cryptocurrencies work, including Bitcoin. But it’s also
esoteric and can be hard to understand. Even when you think you’ve
got it, it can still trip you up.
In its most
distilled form, the blockchain is a chronological ledger of every
transaction that ever happened. Records are stored in
cryptographically-verifiable chunks, called “blocks”, which are
then “chained” together. Ergo, the blockchain.
This ledger is shared between people on the
Bitcoin
network, which essentially prevents people from spending coins they
don’t have. It also prevents coins from being spent twice.
But while Bitcoin has yet to become a
mainstream currency — and probably never will — the concept
of a blockchain is having success in other fields, such as e-voting
and finance. In many ways, the blockchain
is more successful than Bitcoin ever will be, and it’s certainly
going to impact your day-to-day life in the near future.
This would make my job much easier and increase my
income! Thanks Dilbert!
No comments:
Post a Comment