68 posts tagged with privacy and security. (View popular tags)
Displaying 1 through 50 of 68. Subscribe:

18 million reasons to go to two-factor authentication

German authorities have discovered yet another giant database of hacked passwords. The German Federal Office for Information Security says it will have a website allowing people to check if their accounts are affected up and running by Monday. Some 3 million Germans are believed affected; there is no indication that the impact is limited to Germans or Germany. A link to an ARD article on the case is here, in German.
posted by rhombus on Apr 4, 2014 - 26 comments

 

Snowden To Address Audience in First Live Q&A, Days After EU Testimony

The good news is that there are solutions. The weakness of mass surveillance is that it can very easily be made much more expensive through changes in technical standards: pervasive end-to-end encryption can quickly make indiscriminate surveillance impossible on a cost-effective basis. The result is that governments are likely to fall back to traditional, targeted surveillance founded upon an individualized suspicion. Governments cannot risk the discovery of their exploits by simply throwing attacks at every “endpoint,” or computer processor on the end of a network connection, in the world. Mass surveillance, passive surveillance, relies upon unencrypted or weakly encrypted communications at the global network level.

Edward Snowden submits written testimony to an EU committee investigating mass surveillance, and answers questions. The testimony takes place 3 days ahead of his highly anticipated SXSW appearance, to take place later today. Snowden is expected to speak about privacy, security, mass surveillance programs, free speech and whistle-blowing in a rare remote video appearance before a live audience.
Kansas Congressman Mike Pompeo finds this “deeply troubling” in a letter he's sent to the organizers of the conference.

Meanwhile, people who wish to #asksnowden questions can use the hashtag on Twitter. The talk is to take place at 12pm PT, today.
posted by fantodstic on Mar 10, 2014 - 89 comments

Security Sunday

Ars Technica reports on malicious extensions on the Chrome web browser, which install advertising-based malware that hijack links and inject ad content. Further speech recognition exploits (source) leave open the opportunity for malicious sites to record sound captured by the user's web browser without permission.
posted by Blazecock Pileon on Jan 26, 2014 - 30 comments

Privacy is not an end in itself

"In 1967, The Public Interest, then a leading venue for highbrow policy debate, published a provocative essay by Paul Baran, one of the fathers of the data transmission method known as packet switching [and agent of RAND]. Titled “The Future Computer Utility," the essay speculated that someday a few big, centralized computers would provide 'information processing … the same way one now buys electricity. Highly sensitive personal and important business information will be stored in many of the contemplated systems … At present, nothing more than trust—or, at best, a lack of technical sophistication—stands in the way of a would-be eavesdropper.' To read Baran’s essay (just one of the many on utility computing published at the time) is to realize that our contemporary privacy problem is not contemporary. It’s not just a consequence of Mark Zuckerberg’s selling his soul and our profiles to the NSA. The problem was recognized early on, and little was done about it... It’s not enough for a website to prompt us to decide who should see our data. Instead it should reawaken our own imaginations. Designed right, sites would not nudge citizens to either guard or share their private information but would reveal the hidden political dimensions to various acts of information sharing." -- MIT Technology Review on The Real Privacy Problem
posted by Potomac Avenue on Nov 12, 2013 - 17 comments

Aviator

Aviator, a web browser from WhiteHat Security. [more inside]
posted by chunking express on Oct 30, 2013 - 53 comments

"Everyone being held was a US citizen."

But that didn't prevent On the Media producer Sarah Abdurrahman and several members of her family and friends from being detained at a Canadian-US border while on the way home from a wedding. The story is all the more frightening as it details Sarah's inability to get any answers about policy from the Border Patrol, including the name of the officers who held her.
posted by Eyeveex on Sep 23, 2013 - 92 comments

All Your ***** Belong To Us

Google knows almost every wi-fi password. Of course this means that the NSA also has access to them. Apple might not be much better.
posted by blue shadows on Sep 16, 2013 - 97 comments

Cookieless Monster

Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting [pdf]. From the 2013 IEEE Symposium on Security and Privacy, this article examines "how web-based device fingerprinting currently works on the Internet. By analyzing the code of three popular browser-fingerprinting code providers, we reveal the techniques that allow websites to track users without the need of client-side identifiers [i.e. cookies]." [more inside]
posted by paleyellowwithorange on Aug 28, 2013 - 33 comments

Possible FBI infiltration of TOR

In a crackdown that FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network has been compromised, including the e-mail counterpart of TOR deep web, TORmail. FreedomWeb, an Irish company known for providing hosting for Tor "hidden services" -- services reached over the Tor anonymized/encrypted network -- has shut down after its owner, Eric Eoin Marques, was arrested over allegations that he had facilitated the spread of child pornography. [more inside]
posted by whyareyouatriangle on Aug 4, 2013 - 126 comments

Inside joke! Obscure meme reference!

The Pew Internet And American Life Project has a new report out on Teens, Social Media, and Privacy. danah boyd comments:
My favorite finding of Pew’s is that 58% of teens cloak their messages either through inside jokes or other obscure references, with more older teens (62%) engaging in this practice than younger teens (46%).
[more inside]
posted by the man of twists and turns on Jun 5, 2013 - 51 comments

"what kind of surveillance society we should be fighting for"

Practical Ethics: Enlightened Surveillance?
Surrendering on surveillance might be the least bad option – of all likely civil liberty encroachments, this seemed the less damaging and hardest to resist. But that’s an overly defensive way of phrasing it – if ubiquitous surveillance and lack of privacy are the trends of the future, we shouldn’t just begrudgingly accept them, but demand that society gets the most possible out of them.
[more inside]
posted by the man of twists and turns on Apr 18, 2013 - 23 comments

Mark Zuckerberg's Hoodie

It is June 2, 2010 and Mark Zuckerberg is sweating. He’s wearing his hoodie—he’s always wearing his hoodie—and he’s on stage and either the lights or the questions are too hot. … “Do you want to take off the hoodie?” asks Kara Swisher.
“I never take off the hoodie.”
The varied cultural resonances of an unassuming garment.
posted by the mad poster! on Jan 29, 2013 - 157 comments

You’re not anonymous

Sumit Suman recently visited a site, did not sign up for anything, did not connect via social media, but got a personal email from the site the next day. Here’s how they did it.
posted by Foci for Analysis on Dec 12, 2012 - 52 comments

Nothing to hide?

Why Privacy Matters, Even If You Have Nothing To Hide, by Daniel J. Solove
The nothing-to-hide argument pervades discussions about privacy. The data-security expert Bruce Schneier calls it the "most common retort against privacy advocates." ... To evaluate the nothing-to-hide argument, we should begin by looking at how its adherents understand privacy. Nearly every law or policy involving privacy depends upon a particular understanding of what privacy is. The way problems are conceived has a tremendous impact on the legal and policy solutions used to solve them.
[more inside]
posted by the man of twists and turns on Dec 9, 2012 - 67 comments

The age of the password has come to an end...

Mat Honan of Wired has a covetableTwitter username (@mat). Recently hackers tore his digital world apart in an attempt to commandeer it. Now he reflects: The age of the password has come to an end; we just haven’t realized it yet. And no one has figured out what will take its place. What we can say for sure is this: Access to our data can no longer hinge on secrets—a string of characters, 10 strings of characters, the answers to 50 questions—that only we’re supposed to know. The Internet doesn’t do secrets. Everyone is a few clicks away from knowing everything.
posted by rongorongo on Nov 16, 2012 - 75 comments

WoW indeed

Steganographic information (account ID, a timestamp and the IP address of the current realm) is secretly embedded in World of Warcraft screen shots. Via Schneier.
posted by unSane on Sep 13, 2012 - 34 comments

Cisco called, they want their Internet back

Introducing Cisco Connect Cloud! Now available mandatory for Linksys Smart Wi-Fi Routers, Cisco Connect Cloud gives you almost anybody anytime, anywhere access to your home network.
posted by flabdablet on Jun 30, 2012 - 67 comments

Logging out of Facebook is not enough

Logging out of Facebook is not enough - Nik Cubrilovic demonstrates how, even after logging out, Facebook tracks every page you visit on sites that integrate Facebook services [via]
posted by Blazecock Pileon on Sep 27, 2011 - 123 comments

Why the world is scared of hacktivists

They’re watching. And they can bring you down: Why the world is scared of hacktivists. [Via]
posted by homunculus on Sep 25, 2011 - 94 comments

Backdoor, yeah, yeah, snicker, snicker.

You may already be screwed. And not in the good way you were hoping for. MeFi kink favourite, FetLife has been ignoring a longstanding security and privacy compromise. (nsfw)
posted by rodgerd on Aug 9, 2011 - 63 comments

"...nor shall be compelled in any criminal case to be a witness against himself..."

Public interests will be harmed absent requiring defendants to make available unencrypted contents in circumstances like these. Failing to compel Ms. Fricosu amounts to a concession to her and potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible.

The "if you were innocent, you'd have nothing to hide" argument rears its head, in a big way. [more inside]
posted by fifthrider on Jul 11, 2011 - 215 comments

Bring It On.

An anonymous hacking outfit called "Gnosis" has infiltrated Gawker Media, hijacking the front page and leaking the company's internal chat logs, source code, and content databases along with the usernames, email addresses, and passwords of over 1.3 million users (including Gawker staff). The attack, which was motivated by what the group describes as the "outright arrogance" with which the company's bloggers taunted anonymous imageboard 4chan (semi-previously), affects every site in the Gawker network, including Gizmodo, Kotaku, Lifehacker, Jezebel, Deadspin, Jalopnik, and io9. While most of the leaked passwords are encrypted, more than 200,000 of the simpler ones in the torrent file have been cracked, and the links between account names and email addresses are in plaintext for all to see. Since the integrity of Gawker's encryption methods remains in doubt, it is recommended that anyone who has ever registered an account on any Gawker property change their passwords immediately, especially if the same log-in information is used for other services.
posted by Rhaomi on Dec 12, 2010 - 312 comments

Can you imagine 50 people a day, I said 50 people a day? Friends, they may think its a movement.

Nov. 24 is National Opt-out Day from airport back-scatter scanners Time to call BS on TSA's kabuki theater of airport security: "As public anger grows over the TSA's body scanners and intrusive new airport pat-down procedure, a Web site is urging travelers to "opt out" from the body scanners and instead choose to have a pat-down in public view, so that everyone can "see for themselves how the government treats law-abiding citizens." OptOutDay.com declares November 24 to be the day when air travelers should refuse to submit to a full body scan and choose the enhanced pat-down -- an option many travelers have described as little short of a molestation."
posted by TDIpod on Nov 10, 2010 - 395 comments

Typical pre-alpha bugginess, or embarrassing beginner mistakes?

Late yesterday the much-hyped "privacy aware, personally controlled" Diaspora social network platform (discussed previously) published its open-source developer release. "Feel free to try to get it running on your machines and use it," the team urged, "but we give no guarantees. We know there are security holes and bugs, and your data is not yet fully exportable." The Register's initial report is less than rosy: Code for open-source Facebook littered with landmines
posted by The Winsome Parker Lewis on Sep 17, 2010 - 58 comments

Position-based quantum cryptography theoretically proved

Our results open a fascinating new direction for position-based security in cryptography where security of protocols is solely based on the laws of physics and proofs of security do not require any pre-existing infrastructure.
posted by Joe Beese on Aug 8, 2010 - 47 comments

Anonymous Buzzkill

A worrisome set of posts from Princeton University's 'Freedom to Tinker" Blog:
In many situations, it may be far easier to unmask apparently anonymous online speakers than they, I, or many others in the policy community have appreciated. Today, I'll tell a story that helps explain what I mean. Second post: what BoingBoing knows about John Doe. Third, and most concerning post: The traceability of an online anonymous comment. Related post: a well researched review of the privacy concerns around the roll-out of, and push-back against, Google Buzz.
posted by Rumple on Feb 18, 2010 - 41 comments

What Does DHS Know About You?

What Does DHS Know About You? A lot. [more inside]
posted by chunking express on Oct 5, 2009 - 50 comments

And like that... he's gone

Gone Forever: What Does It Take to Really Disappear?
posted by homunculus on Aug 17, 2009 - 98 comments

Neurosecurity

Neurosecurity: security and privacy for neural devices. "An increasing number of neural implantable devices will become available in the near future due to advances in neural engineering. This discipline holds the potential to improve many patients' lives dramatically by offering improved—and in some cases entirely new—forms of rehabilitation for conditions ranging from missing limbs to degenerative cognitive diseases. The use of standard engineering practices, medical trials, and neuroethical evaluations during the design process can create systems that are safe and that follow ethical guidelines; unfortunately, none of these disciplines currently ensure that neural devices are robust against adversarial entities trying to exploit these devices to alter, block, or eavesdrop on neural signals. The authors define 'neurosecurity'—a version of computer science security principles and methods applied to neural engineering—and discuss why neurosecurity should be a critical consideration in the design of future neural devices." [Via Mind Hacks]
posted by homunculus on Jul 8, 2009 - 22 comments

Watch Lists

ACLU Watch List Counter: U.S. Terror List Now Exceeds 900,000 Names. That's an awful lot of terrorists. More Privacy and Surveillance Filter: Bruce Schneier on The Myth of the 'Transparent Society', Glenn Greenwald on The Banality of the Surveillance State, and Stephen Colbert on AT & Treason. [more inside]
posted by homunculus on Mar 8, 2008 - 46 comments

"Leaving no trace [of our daily lives] is nearly impossible."

The Anonymity Experiment. Is it possible to hide in plain sight? Privacy-minded people have long warned of a world in which an individual’s every action leaves a trace, in which corporations and governments can peer at will into your life with a few keystrokes on a computer. Now one of the people in charge of information-gathering for the U.S. government says, essentially, that such a world has arrived.
posted by amyms on Feb 16, 2008 - 44 comments

Sears Wants To Hack Your Computer

Online communities to become more 'all-encompassing.' If you join the SHC community on Sears.com, all web traffic to and from your computer thereafter will be copied and sent to a third party marketing research firm - including, for example, your secure sessions with your bank! The Sears.com proxy will send your logins and passwords along with a cleartext copy of all the supposedly secure data. But wait, it gets better: you can only view the true TOS once the proxy has already been installed. [more inside]
posted by ikkyu2 on Jan 3, 2008 - 70 comments

Amazing discoveries in plain-text Tor exit traffic.

This is an ironic tale of the consequences of inept application of cryptographic tools. Or is it? Dan Egerstad, a Swedish hacker, gained access to hundreds of computer network accounts around the world, belonging to various embassies, corporations and other organizations. How did he do it? Very easily: by sniffing exit traffic on his Tor nodes. [more inside]
posted by Anything on Dec 4, 2007 - 27 comments

You and I were/weren't meant to fly....

The U.S. Department of Homeland Security is proposing new rules regarding passenger pre-screening both domestically and internationally. Interestingly, this includes flights that overfly the continental US without ever touching the ground. [more inside]
posted by never used baby shoes on Oct 12, 2007 - 40 comments

The kids are allright

This is what happens when paranoia overwhelms common sense. A high school in NY state banned backpacks and bags from the student body. The whole situation reached a critical mass when a security guard pulled a young woman out of class because she had a small purse. He asked her if she was on her period. Way to humiliate teenagers. [more inside]
posted by wuwei on Oct 7, 2007 - 78 comments

The Age of Disaster Capitalism

The Age of Disaster Capitalism [more inside]
posted by y2karl on Sep 12, 2007 - 124 comments

Geek Squad Steals Porn?

Using a computer set to auto-screencast, The Consumerist catches a Geek Squad technician copying porn from a client's computer to a thumbdrive, and they've got video and logfiles (CSV) to prove it. Also, the Geek Squad CEO responds, and an anonymous Geek Squad tech confesses that this is not an uncommon practice: "stealing customers' nudie pics was an easter egg hunt." Consumerist users suggest that this practice might not be limited to Geek Squad. Via.
posted by charmston on Jul 6, 2007 - 73 comments

Big Brother is Watching You. On CCTV.

George Orwell, Big Brother is watching your house. With CCTV. Perhaps the Surveillance Camera Players could put on a performance there. It looks like Britain really is becoming a surveillance society. [Via Digg.]
posted by homunculus on Apr 2, 2007 - 44 comments

FTC imposes $10M fine against ChoicePoint for data breach

FTC imposes $10M fine against ChoicePoint for data breach The U.S. Federal Trade Commission has fined ChoicePoint $10 million for a data breach that allowed identity thieves posing as legitimate businesses to steal social security numbers, credit reports, and other data from nearly 140,000 people. This is the largest fine ever levied by the FTC. ChoicePoint also has to set up a 'trust fund' for people victimized by identity thieves. From the article: 'As part of its agreement with the FTC, ChoicePoint will also have to submit to comprehensive security audits every two years for the next 20 years.'" BusinessWeek has additional info. Perhaps there might be hope for individual privacy after all. Let's all keep our fingers crossed.
posted by mk1gti on Jan 26, 2006 - 22 comments

Mohan also declined to say how often or in what volume CBP might be opening mail.

Private Mail--Not. ...Goodman, an 81-year-old retired University of Kansas history professor, received a letter from his friend in the Philippines that had been opened and resealed with a strip of dark green tape bearing the words “by Border Protection” and carrying the official Homeland Security seal. ...the agency can, will and does open mail coming to U.S. citizens that originates from a foreign country whenever it’s deemed necessary. ...
posted by amberglow on Jan 6, 2006 - 54 comments

Because there just haven't been enough government scandals lately...

Federal surveillance of over a hundred homes, businesses, mosques, warehouses and other sites has been conducted without warrants, according to a new USNews report. Indications are that the persons so targeted were US citizens. "In numerous cases, the monitoring required investigators to go on to the property under surveillance, although no search warrants or court orders were ever obtained, according to those with knowledge of the program. Some participants were threatened with loss of their jobs when they questioned the legality of the operation, according to these accounts."
posted by darkstar on Dec 23, 2005 - 131 comments

Echelon: 60 Minutes discussion

Echelon This is what we know--or do not know--about NSA prgram called Echelon, from 60 Minute show (TV) in 2000. If we assume this what had been going on and there were some sort of restraints for internal spying, then what is going on now? This evening I had heard on radio that the White House claimed that only calls going in and out of the country might be monitored. But this early interview suggests that such calls were monitored previous to the "new" approach. Why were legal restraints put in place calling for judicial hearings? Because of spying abuse done under Nixon. Those restraints are now removed.
posted by Postroad on Dec 19, 2005 - 158 comments

Stealing Osama's Identity

Security, the TSA, and the No-Fly List You would think that our National Security apparatus would be like the TV series "24", with the most ingenious and sophisticated technology available. You would be wrong. Disclaimer: TSA is not an intelligent intelligence agency. Here's a blurb from the resume of the designer(Kenneth Mack) of the application the airline industry uses for *PDF* managing their employee data and the cross-checking them with the no-fly list:
- Sr. Developer: Developed a program [for Goddard Technologies] that uses the "No-Fly List" Excel spreadsheet, provided by the FAA and the database of badged employees to permute the name combinations. It takes into consideration multiple first and middle names, with Soundex and the various "initial" combinations. This program reduced the time for comparison from 3 days to 10 minutes.
The scary yet interesting part of all of this is that the No-Fly List is nothing more than a password-protected spreadsheet (see this PDF). One would guess our Government's geeks would know that it's a bad idea to send email attachments containing social security numbers and dates of birth, unencrypted, over the internets, even if they might be terrorists.
posted by rzklkng on Jul 15, 2005 - 30 comments

Who is watching Big Brother?

Who is watching Big Brother? Last week, the Australian Privacy Foundation held its annual Big Brother Awards, with biometric passports winning the prestigious "Orwell" for the most invasive technology (other countries' Big Brother Awards here). Not long before, Privacy International and the Electronic Privacy Information Center released their 7th Annual Survey on the state of privacy in sixty countries, claiming that threats to personal privacy have reached a level that is dangerous to fundamental human rights. Are we edging closer to Room 101?
posted by UbuRoivas on Nov 29, 2004 - 6 comments

crime

Identity theft is epidemic.
posted by semmi on Oct 25, 2004 - 17 comments

Intercepting E-Mail

E-mail snooping is legal. A U.S. federal appeals court set an unsettling precedent last week by ruling (PDF) that an e-mail provider did not break the law when he copied and read e-mail messages sent to customers through his server.
posted by homunculus on Jul 7, 2004 - 15 comments

RFID: Taking Away Your Privacy One Product at a Time

We've discussed it before, but RFID, that fun-loving little radio transmitter that can be attached to everything from that stereo system to a carton of milk, is plowing ahead faster than you can say "unregulated." Earlier this year, Wal-Mart issued a mandate that required its top 100 suppliers to include RFIDs on their merchandise by 2005, bringing new meaning to the phrase "panties in a bunch." (Incidentally, Wal-Mart was also the benign corporation that ushered in bar codes for mass consumption in the late 70s and early 80s.) With no regulations on the table, the New York Times reports that the Defense Department plans to issue a statement requiring all suppliers to use RFID. Hitachi has even offered to put it in your currency. Imagine a store a few years from now that can track all of the objects in your cart, and that, thanks to a microscopic RFID stuck to your shoe when you slide through the doors, can determine how many seconds you or your children react to a display. Imagine a world that tracks exactly where each one of your dollar bills go. (So much for the anonymity of johns and porn enthusiasts.) Is this the kind of world we want to abdicate to large retail corporations? Is this the kind of information that governments or private institutions are entitled to know? Discuss.
posted by ed on Sep 29, 2003 - 96 comments

Universal Surveillance, Inc.

RFID tagging and tracking plans (mirror 1, mirror 2) With the tag line "Identify Any Object Anywhere Automatically", this group (the MIT Auto-ID Center) is leading the way into our bold new future of total tracking. {Originally uncovered by CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering)}
posted by Irontom on Jul 8, 2003 - 18 comments

Big Brother Is Watching You...Idiotically

Nominate the world's stupidest security procedure. UK-based watchdog group, Privacy International, is accepting nominations until March 15th from the general public about the most annoying and invasive security measures with the lowest effectiveness in protecting individual safety. What would you nominate?
posted by jonp72 on Mar 6, 2003 - 19 comments

Red Alert!!

At InfoSecuity 2002, an annual corporate security conference, new "computer forensics" software is on display, including software "that allows corporate IT folks to research employees' criminal histories, credit information, financial asset details, friends and associates. "

The software is called Red Alert 2.0, and more specifically the research software is an optional subscription based add-on called Intelligent Information Dossier plus. Isn't this tantamount to your employer spying on your private life, in real time?

As I work for a very large military contractor myself, I could easily see something like this being used where I work. Would you feel comfortable working for a company that uses this sort of intrusive software?
posted by SweetJesus on Dec 13, 2002 - 21 comments

Page: 1 2