Friday, August 10, 2018

Final exam question: The default setting is “NOT SECURE.” What should your first step be?
Mallory Locklear reports:
Data leaks are par for the course these days, and the latest company to be involved in one is GoDaddy. The company, which says it’s the world’s top domain name registrar with over 18 million customers, is the subject of a new report from cybersecurity firm UpGuard that was shared exclusively with Engadget. In June, cyber risk analyst Chris Vickery discovered files containing detailed server information stored in an unsecured S3 bucket — a cloud storage service from Amazon Web Services. A look into the files revealed multiple versions of data for over 31,000 GoDaddy systems.
Read more on Engadget.




An ethical hacking tool. OR Why I remain anti-social.
New facial recognition tool tracks targets across different social networks
The Verge – The open-source program is designed for security researchers: “Today, researchers at Trustwave released a new open-source tool called Social Mapper, which uses facial recognition to track subjects across social media networks. Designed for security researchers performing social engineering attacks, the system automatically locates profiles on Facebook, Instagram, Twitter, LinkedIn, and other networks based on a name and picture. Those searches can already be performed manually, but the automated process means it can be performed far faster and for many people at once. “Performing intelligence gathering online is a time-consuming process,” Trustwave explained in a post this morning. “What if it could be automated and done on a mass scale with hundreds or thousands of individuals?” Social Mapper doesn’t require API access to social networks, a restriction that has hampered social media tracking tools like Geofeedia. Instead, the system performs automated manual searches in an instrumented browser window, then uses facial recognition to scan through the first 10 to 20 results for a match. The manual searches mean the tool can be quite slow compared to API-based scans. The developer estimates that searching a target list of 1,000 people could take more than 15 hours. The end result is a spreadsheet of confirmed accounts for each name, perfect for targeted phishing campaigns or general intelligence gathering. Trustwave’s emphasis is on ethical hacking — using phishing techniques to highlight vulnerabilities that can then be fixed — but there are few restrictions on who can use the program. Social Mapper is licensed as free software, and it’s freely available on GitHub…”




I should poll my students before showing them this.
Study – How Do Americans Feel About Online Privacy in 2018?
The Best VPN – “Concerns around online privacy have come to a head in 2018. In mid-March, The New York Times and The Guardian reported that data from 50 million Facebook profiles was harvested for data mining firm Cambridge Analytica — a number that would eventually be revised to 87 million in one of the largest data collection scandals of all time. Two months later, inboxes were flooded by a slew of privacy policy updates following the implementation of the EU’s GDPR, a privacy policy law that set guidelines for the collection and use of data. Although the law was designed to increase transparency regarding the collection of data, the updates raised user concern around how companies had been obtaining and using personal information in the past. So, with thundering headlines about data breaches and privacy loss stoking fears, just how are Americans feeling about their online privacy? To answer this question, we used Google Surveys to target 1,000 Americans of all genders and ages across the United States. Read on to see how we conducted our survey and learn more about our individual findings, or jump to view our full infographic…”




The Internet equivalent of shouting “Fire!” in a crowded theater?
Hard Questions: Where Do We Draw The Line on Free Expression?
… While we’re not bound by international human rights laws that countries have signed on to, we are a member of a global initiative that offers internet companies a framework for applying human rights principles to our platforms. We look for guidance in documents like Article 19 of the International Covenant on Civil and Political Rights (ICCPR), which set standards for when it’s appropriate to place restrictions on freedom of expression. ICCPR maintains that everyone has the right to freedom of expression — and restrictions on this right are only allowed when they are “provided by law and are necessary for: (a) the respect of the rights or reputations of others; (b) for the protection of national security or of the public order, or of public health or morals.”
… Posts that contain a credible threat of violence are perhaps the most obvious instances where restricting speech is necessary to prevent harm.
… Hate speech too can constitute harm because it creates an environment of intimidation and exclusion and in some cases may have dangerous offline implications. It is perhaps one of the most challenging of our standards to enforce because determining whether something is hate speech is so dependent on the context in which it is shared.
… It’s important to note that whether or not a Facebook post is accurate is not itself a reason to block it.


(Related)
Facebook Blocks Sharing Of 3D-Printed Gun Files On Its Platforms
… “Sharing instructions on how to print firearms using 3D printers is not allowed under our Community Standards,” Facebook said in a statement. “In line with our policies, we are removing this content from Facebook.”




Security Perspective.
Don't Fear the TSA Cutting Airport Security. Be Glad That They're Talking about It.
… We don't know enough to conclude whether this is a good idea, but it shouldn't be dismissed out of hand. We need to evaluate airport security based on concrete costs and benefits, and not continue to implement security theater based on fear. And we should applaud the agency's willingness to explore changes in the screening process.
… Over the years, I have written many essays critical of the TSA and airport security, in general. Most of it is security theater – measures that make us feel safer without improving security. For example, the liquids ban makes no sense as implemented, because there's no penalty for repeatedly trying to evade the scanners. The full-body scanners are terrible at detecting the explosive material PETN if it is well concealed – which is their whole point.
There are two basic kinds of terrorists. The amateurs will be deterred or detected by even basic security measures. The professionals will figure out how to evade even the most stringent measures. I've repeatedly said that the two things that have made flying safer since 9/11 are reinforcing the cockpit doors and persuading passengers that they need to fight back. Everything beyond that isn't worth it.




Perspective.
'Snapchat dysmorphia' is a disturbing new phenomenon where people want to look more like their filtered selfies
Instagram and Snapchat filters are the new celebrity photo, offering up unrealistic standards of beauty that might trigger people to feel unhappy with the way they look in real life.
That's according to three Boston University researchers, who published an article about body dysmorphia in the JAMA Facial Plastic Surgery medical journal this month. The article is not a study, but an overview of industry research and studies.




Free is good!
Roku is moving beyond its own platform by launching The Roku Channel on the web. This means you no longer need to own a Roku device to watch Roku’s free, ad-supported movie channel. Instead, you just need a web browser pointed at TheRokuChannel.com.


No comments: