Wikipedia’s Switch to HTTPS Has Successfully Fought
Government Censorship
… Determining how
to prevent these acts of censorship has long been a priority for the non-profit
Wikimedia Foundation, and thanks to new research from the Harvard Center for Internet and
Society, the foundation seems to have found a solution: encryption.
… when you try to
connect to a website using HTTPS, your browser will first ask the web server to
identify itself. Then the server will
send its unique public key which is used by the browser to create and encrypt a
session key. This session key is then
sent back to the server which it decrypts with its private key. Now all data sent between the browser and server
is encrypted for the remainder of the session.
In short, HTTPS prevents governments and others from
seeing the specific page users are visiting.
Did they think hackers would not notice?
Synaptics warns that fingerprint spoofing makes laptops
vulnerable
… Synaptics, which
makes fingerprint identification sensors and touchpad technology, earlier this
month issued a warning that some computer makers, seeking to save about 25 cents per machine, have chosen to use
insecure smartphone fingerprint sensors instead of more secure laptop sensors,
said Godfrey Cheng, vice president of product for the Santa Clara, Calif.-based
company, in an interview with VentureBeat.
“Fingerprint identification has taken off because it is
secure and convenient when it’s done right,” he said. “When it’s not secure all
of the way through, then that’s an exposure that an attacker can exploit.”
The smartphone fingerprint sensors typically use
unencrypted methods to store and send the fingerprint to a central processing
unit (CPU) for processing. That makes
the data vulnerable to snooping software and other hacks. Synaptics sensors, by contrast, use encryption
and a secondary host processor to do the recognition work.
This sounds like a consulting service waiting to be
organized and monetized.
India's Ethical Hackers Rewarded Abroad, Ignored at Home
Kanishk Sajnani did not
receive so much as a thank you from a major Indian airline when he contacted
them with alarming news -- he had hacked their website and could book flights
anywhere in the world for free.
It was a familiar tale for India's army of "ethical
hackers", who earn millions protecting foreign corporations and global
tech giants from cyber attacks but are largely ignored at home, their skills
and altruism misunderstood or distrusted.
India produces more ethical hackers -- those who break into
computer networks to expose, rather than exploit, weaknesses -- than anywhere
else in the world.
The latest data from BugCrowd, a
global hacking network, showed Indians raked in the most "bug
bounties" -- rewards for red-flagging security loopholes.
Facebook, which has long tapped hacker talent,
paid more to Indian researchers in the first half of 2016 than any other
researchers.
Indians outnumbered all other bug hunters on HackerOne,
another registry of around 100,000 hackers.
I hope so. As I get
older, I find myself saying “I forget” more and more. At least I think I do, I can’t remember.
David Kravets reports:
On May 30, two suspects accused
of extorting the so-called “Queen of Snapchat” as part of a sex-tape scandal
are scheduled to appear in a Florida court. But as wild as the premise sounds, primarily
the accused need only to answer a simple question on this visit. Miami-Dade Circuit Judge Charles Johnson wants
an explanation as to why Hencha
Voigt and her then boyfriend, Wesley Victor, can’t remember the
passcodes to their mobile phones.
If he doesn’t believe them or if
they remain silent, the two suspects face possible contempt charges and
indefinite jail time for refusing a court order to unlock their phones so
prosecutors can examine text messages. Their
defense to that order, however, rests on an unsettled area of law. Voigt and Victor maintain that a court
order requiring them to unlock an encrypted device is a breach of the Fifth
Amendment right to be free from compelled self-incrimination.
If things don’t go their way in
court Tuesday, the duo certainly wouldn’t be the first ones ordered to prison
for failing to abide by a judge’s decryption order. They likely won’t be the last
ones, either.
Read more on Ars
Technica.
A simple tool Mr. Anonymous never considered, because it
didn’t exist 32+ years ago.
As the debate about re-identification of “anonymized” data
rages on, this story may be of interest:
A Dutch woman has managed to
trace her donor father using commercial dna banks in the US, the Volkskrant
reports on Tuesday. Emi Stikkelman, 32,
sent three dna samples to dna banks, where a match was found with an Australian
woman. Together with family history
researcher Els Leijs, she was able to put together a family tree and finally
identify her biological father. Normal
dna banks use 20 key markers but commercial agencies can use thousands,
allowing them to cast a much wider net of potential relatives, the paper said. Leijs uses commercial data banks such as
Family Tree, Ancestry and 23andMe which are particularly popular in the US and
have been set up to allow people to trace their heritage. ‘Almost all Americans have roots outside the
US, in Europe and Africa,’ she said.
Read more on DutchNews.nl.
Perspective.
Think back to 2007. A young U.S. senator named Barack
Obama announced his candidacy for president. The housing bubble started to burst. Apple released the first iPhone.
It wasn’t long ago and, yet, in technology terms, it’s
almost an eternity — ride- or hotel-sharing companies didn’t exist yet and the
first generation of social media platforms were just hitting the mainstream. So much has changed since then. We’ve seen it here at PwC, as well. During the past decade, we surveyed the
leaders at the world’s largest companies annually through our Global Digital IQ Survey, tracking their evolving sentiments,
priorities, and challenges of how they’re using technology to transform their
own businesses.
… So one would
expect that today’s companies have a much better Digital IQ than they did way
back in 2007, right? The answer,
surprisingly, is no.
Our latest survey, which polled 2,216 executives at
companies with annual revenue of more than $500 million, found executives’
confidence in their organization’s digital abilities is actually at the lowest
it has been since we started tracking. Just 52% of executives rated their Digital IQ
as strong, down 15% from the year before.
Job search tools.
For the Computer Security toolkit. Detect phishing links.
For the research toolkit?
Is there a ‘classroom’ version? I think that’s what my students have…
No comments:
Post a Comment