Skip to main content

Home/ Future of the Web/ Group items tagged sensitive

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Gonzalo San Gil, PhD.

Mega Ordered to Hand Over Users' Details to U.S. Court - TorrentFreakwho uploads to hav... - 0 views

torrentfreak.com/rs-details-to-u-s-court-160512

mega ordered hand users details u s nz Kazakhstanhacking

shared by Gonzalo San Gil, PhD. on 13 May 16 - No Cached
  • Gonzalo San Gil, PhD. on 13 May 16
     
    " Andy on May 12, 2016 C: 28 News Mega, the cloud storage site founded by Kim Dotcom, has been ordered to hand the IP addresses and personal details of some of its users to a U.S. court. The ruling follows the uploading of sensitive documents to Mega following a hack on a foreign government computer system. Speaking with TorrentFreak, Mega chairman Stephen Hall expressed concerns over the process."
  • Gonzalo San Gil, PhD. on 13 May 16
     
    " Andy on May 12, 2016 C: 28 News Mega, the cloud storage site founded by Kim Dotcom, has been ordered to hand the IP addresses and personal details of some of its users to a U.S. court. The ruling follows the uploading of sensitive documents to Mega following a hack on a foreign government computer system. Speaking with TorrentFreak, Mega chairman Stephen Hall expressed concerns over the process."
Gonzalo San Gil, PhD.

Phone call metadata does betray sensitive details about your life - study | T... - 0 views

www.theguardian.com/...-details-about-your-life-study

phone metadata sensitive details life study technology unveil democracy betrayal

shared by Gonzalo San Gil, PhD. on 18 Mar 14 - No Cached
  • Gonzalo San Gil, PhD. on 18 Mar 14
     
    "dentities of cannabis grower, woman seeking an abortion and MS sufferer inferred in study that confirms danger of widespread access to metadata"
Paul Merrell

Hackers Prove Fingerprints Are Not Secure, Now What? | nsnbc international - 0 views

nsnbc.me/...prints-are-not-secure-now-what

surveillance state OPM-computer-breach fingerprints iPhone Galaxy Android

shared by Paul Merrell on 24 Sep 15 - No Cached
  • The Office of Personnel Management (OPM) recently revealed that an estimated 5.6 million government employees were affected by the hack; and not 1.1 million as previously assumed.
  • Samuel Schumach, spokesman for the OPM, said: “As part of the government’s ongoing work to notify individuals affected by the theft of background investigation records, the Office of Personnel Management and the Department of Defense have been analyzing impacted data to verify its quality and completeness. Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million.” This endeavor expended the use of the Department of Defense (DoD), the Department of Homeland Security (DHS), the National Security Agency (NSA), and the Pentagon. Schumer added that “if, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.” However, we do not need to wait for the future for fingerprint data to be misused and coveted by hackers.
  • Look no further than the security flaws in Samsung’s new Galaxy 5 smartphone as was demonstrated by researchers at Security Research Labs (SRL) showing how fingerprints, iris scans and other biometric identifiers could be fabricated and yet authenticated by the Apple Touch ID fingerprints scanner. The shocking part of this demonstration is that this hack was achieved less than 2 days after the technology was released to the public by Apple. Ben Schlabs, researcher for SRL explained: “We expected we’d be able to spoof the S5’s Finger Scanner, but I hoped it would at least be a challenge. The S5 Finger Scanner feature offers nothing new except—because of the way it is implemented in this Android device—slightly higher risk than that already posed by previous devices.” Schlabs and other researchers discovered that “the S5 has no mechanism requiring a password when encountering a large number of incorrect finger swipes.” By rebotting the smartphone, Schlabs could force “the handset to accept an unlimited number of incorrect swipes without requiring users to enter a password [and] the S5 fingerprint authenticator [could] be associated with sensitive banking or payment apps such as PayPal.”
  • ...1 more annotation...
  • Schlab said: “Perhaps most concerning is that Samsung does not seem to have learned from what others have done less poorly. Not only is it possible to spoof the fingerprint authentication even after the device has been turned off, but the implementation also allows for seemingly unlimited authentication attempts without ever requiring a password. Incorporation of fingerprint authentication into highly sensitive apps such as PayPal gives a would-be attacker an even greater incentive to learn the simple skill of fingerprint spoofing.” Last year Hackers from the Chaos Computer Club (CCC) proved Apple wrong when the corporation insisted that their new iPhone 5S fingerprint sensor is “a convenient and highly secure way to access your phone.” CCC stated that it is as easy as stealing a fingerprint from a drinking glass – and anyone can do it.
Paul Merrell

Popular Security Software Came Under Relentless NSA and GCHQ Attacks - The Intercept - 0 views

firstlook.org/...nsa-gchq-targeted-kaspersky

surveillance state NSA GCHQ anti-virus-software

shared by Paul Merrell on 23 Jun 15 - No Cached
  • The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products. British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
  • The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
  • The requested warrant, provided under Section 5 of the U.K.’s 1994 Intelligence Services Act, must be renewed by a government minister every six months. The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The request seeks authorization for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”
  • ...9 more annotations...
  • The NSA, like GCHQ, has studied Kaspersky Lab’s software for weaknesses. In 2008, an NSA research team discovered that Kaspersky software was transmitting sensitive user information back to the company’s servers, which could easily be intercepted and employed to track users, according to a draft of a top-secret report. The information was embedded in “User-Agent” strings included in the headers of Hypertext Transfer Protocol, or HTTP, requests. Such headers are typically sent at the beginning of a web request to identify the type of software and computer issuing the request.
  • According to the draft report, NSA researchers found that the strings could be used to uniquely identify the computing devices belonging to Kaspersky customers. They determined that “Kaspersky User-Agent strings contain encoded versions of the Kaspersky serial numbers and that part of the User-Agent string can be used as a machine identifier.” They also noted that the “User-Agent” strings may contain “information about services contracted for or configurations.” Such data could be used to passively track a computer to determine if a target is running Kaspersky software and thus potentially susceptible to a particular attack without risking detection.
  • Another way the NSA targets foreign anti-virus companies appears to be to monitor their email traffic for reports of new vulnerabilities and malware. A 2010 presentation on “Project CAMBERDADA” shows the content of an email flagging a malware file, which was sent to various anti-virus companies by François Picard of the Montréal-based consulting and web hosting company NewRoma. The presentation of the email suggests that the NSA is reading such messages to discover new flaws in anti-virus software. Picard, contacted by The Intercept, was unaware his email had fallen into the hands of the NSA. He said that he regularly sends out notification of new viruses and malware to anti-virus companies, and that he likely sent the email in question to at least two dozen such outfits. He also said he never sends such notifications to government agencies. “It is strange the NSA would show an email like mine in a presentation,” he added.
  • The NSA presentation goes on to state that its signals intelligence yields about 10 new “potentially malicious files per day for malware triage.” This is a tiny fraction of the hostile software that is processed. Kaspersky says it detects 325,000 new malicious files every day, and an internal GCHQ document indicates that its own system “collect[s] around 100,000,000 malware events per day.” After obtaining the files, the NSA analysts “[c]heck Kaspersky AV to see if they continue to let any of these virus files through their Anti-Virus product.” The NSA’s Tailored Access Operations unit “can repurpose the malware,” presumably before the anti-virus software has been updated to defend against the threat.
  • The Project CAMBERDADA presentation lists 23 additional AV companies from all over the world under “More Targets!” Those companies include Check Point software, a pioneering maker of corporate firewalls based Israel, whose government is a U.S. ally. Notably omitted are the American anti-virus brands McAfee and Symantec and the British company Sophos.
  • As government spies have sought to evade anti-virus software, the anti-virus firms themselves have exposed malware created by government spies. Among them, Kaspersky appears to be the sharpest thorn in the side of government hackers. In the past few years, the company has proven to be a prolific hunter of state-sponsored malware, playing a role in the discovery and/or analysis of various pieces of malware reportedly linked to government hackers, including the superviruses Flame, which Kaspersky flagged in 2012; Gauss, also detected in 2012; Stuxnet, discovered by another company in 2010; and Regin, revealed by Symantec. In February, the Russian firm announced its biggest find yet: the “Equation Group,” an organization that has deployed espionage tools widely believed to have been created by the NSA and hidden on hard drives from leading brands, according to Kaspersky. In a report, the company called it “the most advanced threat actor we have seen” and “probably one of the most sophisticated cyber attack groups in the world.”
  • Hacks deployed by the Equation Group operated undetected for as long as 14 to 19 years, burrowing into the hard drive firmware of sensitive computer systems around the world, according to Kaspersky. Governments, militaries, technology companies, nuclear research centers, media outlets and financial institutions in 30 countries were among those reportedly infected. Kaspersky estimates that the Equation Group could have implants in tens of thousands of computers, but documents published last year by The Intercept suggest the NSA was scaling up their implant capabilities to potentially infect millions of computers with malware. Kaspersky’s adversarial relationship with Western intelligence services is sometimes framed in more sinister terms; the firm has been accused of working too closely with the Russian intelligence service FSB. That accusation is partly due to the company’s apparent success in uncovering NSA malware, and partly due to the fact that its founder, Eugene Kaspersky, was educated by a KGB-backed school in the 1980s before working for the Russian military.
  • Kaspersky has repeatedly denied the insinuations and accusations. In a recent blog post, responding to a Bloomberg article, he complained that his company was being subjected to “sensationalist … conspiracy theories,” sarcastically noting that “for some reason they forgot our reports” on an array of malware that trace back to Russian developers. He continued, “It’s very hard for a company with Russian roots to become successful in the U.S., European and other markets. Nobody trusts us — by default.”
  • Documents published with this article: Kaspersky User-Agent Strings — NSA Project CAMBERDADA — NSA NDIST — GCHQ’s Developing Cyber Defence Mission GCHQ Application for Renewal of Warrant GPW/1160 Software Reverse Engineering — GCHQ Reverse Engineering — GCHQ Wiki Malware Analysis & Reverse Engineering — ACNO Skill Levels — GCHQ
Gonzalo San Gil, PhD.

A basic encryption strategy for storing sensitive data | ITworld - 0 views

www.itworld.com/...trategy-storing-sensitive-data

basic encryption strategy storing sensitive data

shared by Gonzalo San Gil, PhD. on 21 Aug 14 - No Cached
  • Gonzalo San Gil, PhD. on 21 Aug 14
     
    "To safely store your data in a database, you'd start by generating a strong secret key value in a byte array. This is best generated programmatically. This single key can be used to encrypt all of the data you'd like to store. "
  • Gonzalo San Gil, PhD. on 21 Aug 14
     
    "To safely store your data in a database, you'd start by generating a strong secret key value in a byte array. This is best generated programmatically. This single key can be used to encrypt all of the data you'd like to store. "
Gonzalo San Gil, PhD.

Internet providers will soon need permission to share your web browsing history - The V... - 1 views

www.theverge.com/...fcc-passes-isp-privacy-rules

IFTTT ISP need users people opt-in reveal third partirs your web www browsing history

shared by Gonzalo San Gil, PhD. on 29 Oct 16 - No Cached
  • Gonzalo San Gil, PhD. on 29 Oct 16
     
    "New privacy rules require opting-in to sensitive sharing by Jacob Kastrenakes Oct 27, 2016, 10:41a "
Paul Merrell

He Was a Hacker for the NSA and He Was Willing to Talk. I Was Willing to Listen. - 2 views

theintercept.com/...o-talk-i-was-willing-to-listen

surveillance state NSA-hacker-interview

shared by Paul Merrell on 03 Jul 16 - No Cached
  • he message arrived at night and consisted of three words: “Good evening sir!” The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained — with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world — how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA’s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept. There is no Miss Manners for exchanging pleasantries with a man the government has trained to be the digital equivalent of a Navy SEAL. Though I had initiated the contact, I was wary of how he might respond. The hacker had publicly expressed a visceral dislike for Snowden and had accused The Intercept of jeopardizing lives by publishing classified information. One of his memos outlined the ways the NSA reroutes (or “shapes”) the internet traffic of entire countries, and another memo was titled “I Hunt Sysadmins.” I felt sure he could hack anyone’s computer, including mine. Good evening sir!
  • The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained — with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world — how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA’s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept. There is no Miss Manners for exchanging pleasantries with a man the government has trained to be the digital equivalent of a Navy SEAL. Though I had initiated the contact, I was wary of how he might respond. The hacker had publicly expressed a visceral dislike for Snowden and had accused The Intercept of jeopardizing lives by publishing classified information. One of his memos outlined the ways the NSA reroutes (or “shapes”) the internet traffic of entire countries, and another memo was titled “I Hunt Sysadmins.” I felt sure he could hack anyone’s computer, including mine.
  • I got lucky with the hacker, because he recently left the agency for the cybersecurity industry; it would be his choice to talk, not the NSA’s. Fortunately, speaking out is his second nature.
  • ...7 more annotations...
  • He agreed to a video chat that turned into a three-hour discussion sprawling from the ethics of surveillance to the downsides of home improvements and the difficulty of securing your laptop.
  • In recent years, two developments have helped make hacking for the government a lot more attractive than hacking for yourself. First, the Department of Justice has cracked down on freelance hacking, whether it be altruistic or malignant. If the DOJ doesn’t like the way you hack, you are going to jail. Meanwhile, hackers have been warmly invited to deploy their transgressive impulses in service to the homeland, because the NSA and other federal agencies have turned themselves into licensed hives of breaking into other people’s computers. For many, it’s a techno sandbox of irresistible delights, according to Gabriella Coleman, a professor at McGill University who studies hackers. “The NSA is a very exciting place for hackers because you have unlimited resources, you have some of the best talent in the world, whether it’s cryptographers or mathematicians or hackers,” she said. “It is just too intellectually exciting not to go there.”
  • The Lamb’s memos on cool ways to hunt sysadmins triggered a strong reaction when I wrote about them in 2014 with my colleague Ryan Gallagher. The memos explained how the NSA tracks down the email and Facebook accounts of systems administrators who oversee computer networks. After plundering their accounts, the NSA can impersonate the admins to get into their computer networks and pilfer the data flowing through them. As the Lamb wrote, “sys admins generally are not my end target. My end target is the extremist/terrorist or government official that happens to be using the network … who better to target than the person that already has the ‘keys to the kingdom’?” Another of his NSA memos, “Network Shaping 101,” used Yemen as a theoretical case study for secretly redirecting the entirety of a country’s internet traffic to NSA servers.
  • “If I turn the tables on you,” I asked the Lamb, “and say, OK, you’re a target for all kinds of people for all kinds of reasons. How do you feel about being a target and that kind of justification being used to justify getting all of your credentials and the keys to your kingdom?” The Lamb smiled. “There is no real safe, sacred ground on the internet,” he replied. “Whatever you do on the internet is an attack surface of some sort and is just something that you live with. Any time that I do something on the internet, yeah, that is on the back of my mind. Anyone from a script kiddie to some random hacker to some other foreign intelligence service, each with their different capabilities — what could they be doing to me?”
  • “You know, the situation is what it is,” he said. “There are protocols that were designed years ago before anybody had any care about security, because when they were developed, nobody was foreseeing that they would be taken advantage of. … A lot of people on the internet seem to approach the problem [with the attitude of] ‘I’m just going to walk naked outside of my house and hope that nobody looks at me.’ From a security perspective, is that a good way to go about thinking? No, horrible … There are good ways to be more secure on the internet. But do most people use Tor? No. Do most people use Signal? No. Do most people use insecure things that most people can hack? Yes. Is that a bash against the intelligence community that people use stuff that’s easily exploitable? That’s a hard argument for me to make.”
  • I mentioned that lots of people, including Snowden, are now working on the problem of how to make the internet more secure, yet he seemed to do the opposite at the NSA by trying to find ways to track and identify people who use Tor and other anonymizers. Would he consider working on the other side of things? He wouldn’t rule it out, he said, but dismally suggested the game was over as far as having a liberating and safe internet, because our laptops and smartphones will betray us no matter what we do with them. “There’s the old adage that the only secure computer is one that is turned off, buried in a box ten feet underground, and never turned on,” he said. “From a user perspective, someone trying to find holes by day and then just live on the internet by night, there’s the expectation [that] if somebody wants to have access to your computer bad enough, they’re going to get it. Whether that’s an intelligence agency or a cybercrimes syndicate, whoever that is, it’s probably going to happen.”
  • There are precautions one can take, and I did that with the Lamb. When we had our video chat, I used a computer that had been wiped clean of everything except its operating system and essential applications. Afterward, it was wiped clean again. My concern was that the Lamb might use the session to obtain data from or about the computer I was using; there are a lot of things he might have tried, if he was in a scheming mood. At the end of our three hours together, I mentioned to him that I had taken these precautions—and he approved. “That’s fair,” he said. “I’m glad you have that appreciation. … From a perspective of a journalist who has access to classified information, it would be remiss to think you’re not a target of foreign intelligence services.” He was telling me the U.S. government should be the least of my worries. He was trying to help me. Documents published with this article: Tracking Targets Through Proxies & Anonymizers Network Shaping 101 Shaping Diagram I Hunt Sys Admins (first published in 2014)
Gonzalo San Gil, PhD.

Net Censorship Comes Before the EU Parliament | La Quadrature du Net - 1 views

www.laquadrature.net/...comes-before-the-eu-parliament

European Parlament uses Child Exploitation as excuse for censorship Trojan Horse Internet Defend Citizens' Rights

shared by Gonzalo San Gil, PhD. on 12 Jan 11 - No Cached
  • Gonzalo San Gil, PhD. on 12 Jan 11
     
    [ Last Spring, the European Commissioner for Home Affairs, Cecilia Malmström, presented a proposal for a directive to combat child exploitation. Unfortunately, this very important and sensitive matter is used to introduce dangerous provisions regarding Internet blocking, which could pave the way for a wider censorship of the Internet in Europe. The EU Parliament must absolutely reject this Trojan horse and uphold the fundamental rights of EU citizens ...]
Gary Edwards

Box extends its enterprise playbook, but users are still at the center | CITEworld - 0 views

www.citeworld.com/...boxworks2014.html

wordSDK Office-365

shared by Gary Edwards on 03 Sep 14 - No Cached
  • The 47,000 developers making almost two billion API calls to the Box platform per month are a good start, Levie says, but Box needs to go further and do more to customize its platform to help push this user-centric, everything-everywhere-always model at larger and larger enterprises. 
  • Box for Industries is comprised of three parts: A Box-tailored core service offering, a selection of partner apps, and the implementation services to combine the two of those into something that ideally can be used by any enterprise in any vertical. 
  • Box is announcing solutions for three specific industries: Retail, healthcare, and media/entertainment. For retail, that includes vendor collaboration (helping vendors work with manufacturers and distributors), digital asset management, and retail store enablement.
  • ...6 more annotations...
  • Ted Blosser, senior vice president of Box Platform, also took the stage to show off how managing digital assets benefit from a just-announced metadata template capability that lets you pre-define custom fields so a store's back-office can flag, say, a new jacket as "blue" or "red." Those metadata tags can be pushed to a custom app running on a retail associate's iPad, so you can sort by color, line, or inventory level. Metadata plus Box Workflows equals a powerful content platform for retail that keeps people in sync with their content across geographies and devices, or so the company is hoping. 
  • It's the same collaboration model that cloud storage vendors have been pushing, but customized for very specific verticals, which is exactly the sales pitch that Box wants you to come away with. And developers must be cheering -- Box is going to help them sell their apps to previously inaccessible markets. 
  • More on the standard enterprise side, the so-named Box + Office 365 (previewed a few months back) currently only supports the Windows desktop versions of the productivity suite, but Levie promises web and Mac integrations are on the way. It's pretty basic, but potentially handy for the enterprises that Box supports.
  • The crux of the Office 365 announcement is that people expect that their data will follow them from device to device and from app to app. If people want their Box files and storage in Jive, Box needs to support Jive. And if enterprises are using Microsoft Office 365 to work with their documents -- and they are -- then Box needs to support that too. It's easier than it used to be, Levie says, thanks to Satya Nadella's push for a more open Microsoft. 
  • "We are quite confident that this is the kind of future they're building towards," Levie says -- but just in case, he urged BoxWorks attendees to tweet at Nadella and encourage him to help Box speed development along. 
  • Box SVP of Enterprise Annie Pearl came on stage to discuss how Box Workflow can be used to improve the ways people work with their content in the real world of business. It's worth noting that Box had a workflow tool previously, but it was relatively primitive and seems to have only existed to tick the box -- it didn't really go beyond assigning tasks and soliciting approvals.
  • Gary Edwards on 03 Sep 14
     
    This will be very interesting. Looks like Box is betting their future on the success of integrating Microsoft Office 365 into the Box Productivity Cloud Service. Which competes directly with the Microsoft Office 365 - OneDrive Cloud Productivity Platform. Honestly, I don't see how this can ever work out for Box. Microsoft has them ripe for the plucking. And they have pulled it off on the eve of Box's expected IPO. "Box CEO Aaron Levie may not be able to talk about the cloud storage and collaboration company's forthcoming IPO, but he still took the stage at the company's biggest BoxWorks conference yet, with 5,000 attendees. Featured Resource Presented by Citrix Systems 10 essential elements for a secure enterprise mobility strategy Best practices for protecting sensitive business information while making people productive from LEARN MORE Levie discussed the future of the business and make some announcements -- including the beta of a Box integration with the Windows version of Microsoft Office 365; the introduction of Box Workflow, a tool coming in 2015 for creating repeatable workflows on the platform; and the unveiling of Box for Industries, an initiative to tailor Box solutions for specific industry use-cases. And if that wasn't enough, Box also announced a partnership with service firm Accenture to push the platform in large enterprises. The unifying factor for the announcements made at BoxWorks, Levie said, is that users expect their data to follow them everywhere, at home and at work. That means that Box has to think about enterprise from the user outwards, putting them at the center of the appified universe -- in effect, building an ecosystem of tools that support the things employees already use."
Gary Edwards

10 important tips for living a multi-platform life | CITEworld - 0 views

www.citeworld.com/...ing-a-multi-platform-life.html

multi-platform

shared by Gary Edwards on 03 Sep 14 - No Cached
  • Gary Edwards on 03 Sep 14
     
    "With the rise of different mobile platforms and content ecosystems over the past decade, the technology world is becoming increasingly fragmented. Fifteen years ago, there were only a handful of platforms that mattered -- Windows PCs, Macs, and perhaps Linux on the desktop, and primarily BlackBerry in the mobile space. Today, the number is far greater -- Windows (further divided into the pre- and post-Windows 8 offerings), OS X, Linux, Chrome OS, Android (in many varying incarnations), iOS, Windows Phone, BlackBerry, Amazon's Kindle and Fire products, to name the most common. Each of these platforms has become increasingly insular, making lock-in to a specific vendor, device, or OS much more common.  Featured Resource Presented by Citrix Systems 10 essential elements for a secure enterprise mobility strategy Best practices for protecting sensitive business information while making people productive from LEARN MORE Although it is possible to switch from an iPhone to Android, or from Windows to Mac, there is often a trade-off in making the switch. Apps, music, ebooks, and other content may need to be re-purchased. There will likely be some learning curve. The offerings in the new ecosystem -- apps or content -- may not match the experience to which we've become accustomed, and some may not be available at all.  Here's some guidance on how to switch platforms."
Gary Edwards

Huddle: Consumer cloud services causing 'security time-bomb' for enterprises | ZDNet - 0 views

www.zdnet.com/omb-for-enterprises-7000016132

huddle wordSDK Office-365

shared by Gary Edwards on 04 Sep 14 - No Cached
  • Gary Edwards on 04 Sep 14
     
    "AN FRANCISCO -- As more employees continue to access consumer cloud accounts at work (regardless of IT rules), the enterprise world is about to reach a breaking point, based on a new report. Quite simply, U.K. cloud collaboration company Huddle described the trend as a "security time-bomb." At least 38 percent of U.S. office workers are said to have admitted to storing work documents on personal cloud tools and services, while a whopping 91 percent of workers added they use personal devices (i.e. USB drives) to store and share sensitive company documents. Huddle argued that this means enterprise and government organizations are at severe risk of losing both data intellectual property forever as this fragmentation continues. The London-headquartered company published its first State of the Enterprise assessment report amid the official opening of its San Francisco offices on Thursday morning as Huddle branches out to attract a U.S. customer base. "Legacy technologies create barriers to how we want to work," said Mitchell. Huddle produces a team-based collaboration platform designed for large teams within enterprises storing content securely and individually. The idea behind Huddle is to replace personal USB drives and "dumb file storage" platforms with open-security models and folder-based content. As the cloud-based storage and collaboration market grows, it looks like Huddle will be aiming to take on the likes of Box, Google Drive, Microsoft SkyDrive, and Dropbox, among others. Huddle is framing itself as different in that it constructs a single network for working and collaborating beyond a firewall, removing VPN complexities with single, company-wide login. Huddle CEO Alastair Mitchell described during an inaugural media presentation that its customers are replacing legacy technologies, calling out SharePoint and Outlook in particular as users move content collaboration out of email. "Legacy technologies create barriers to how we want to work," sai
Gonzalo San Gil, PhD.

Canada Joins World Powers in Spying on Smartphone and Download Data | WIRED [# ! chk di... - 0 views

www.wired.com/...pying-smartphone-download-data

Canada joins spying countries why they don't come together for mankind welfare politics deception democracy betrayal

shared by Gonzalo San Gil, PhD. on 29 Jan 15 - No Cached
    • Gonzalo San Gil, PhD.
      Gonzalo San Gil, PhD. on 29 Jan 15
       
      # ! ... and why Countries don't 'Join' efforts for every@ne's welfare and Planet Care?
  • Gonzalo San Gil, PhD. on 29 Jan 15
     
    [... On Monday, a new report was released, based on leaked documents from Edward Snowden, showing that Canadian intelligence agencies-part of the Five Eyes spying conglomerate that includes the US, the UK, Australia and New Zealand-partnered with UK spies to siphon sensitive data...]
Gonzalo San Gil, PhD.

How browser extensions steal logins & browsing habits; conduct corporate espionage / Bo... - 0 views

boingboing.net/...rowser-extensions-steal-a.html

browser extensions conduct espionage logins browsing habits

shared by Gonzalo San Gil, PhD. on 22 Nov 15 - No Cached
  • Gonzalo San Gil, PhD. on 22 Nov 15
     
    "Seemingly harmless browser extensions that generate emojis, enlarge thumbnails, help you debug Javascript errors and other common utilities routinely run secret background processes that collect and retransmit your login credentials, private URLs that grant access to sensitive files, corporate secrets, full PDFs and other personally identifying, potentially compromising data."
Gonzalo San Gil, PhD.

Database of 4 million Adult Friend Finder users leaked for all to see | Ars Technica [#... - 0 views

arstechnica.com/...er-users-leaked-for-all-to-see

database million friend finder users leaked leaks business world plenty of bored gossipers or coward opportunists

shared by Gonzalo San Gil, PhD. on 29 Nov 15 - No Cached
  • Gonzalo San Gil, PhD. on 29 Nov 15
     
    "by Dan Goodin - May 22, 2015 3:00 pm UTC Share Tweet 51 E-mail addresses, sexual orientations, and other sensitive details from almost four million AdultFriendFinder.com subscribers have been leaked onto the Internet following a hack that rooted the casual dating service, security researchers said."
Gonzalo San Gil, PhD.

Secure File Transfer | Linux Journal - 0 views

www.linuxjournal.com/...secure-file-transfer

secure file transfer linux journal network Internet

shared by Gonzalo San Gil, PhD. on 28 Mar 16 - No Cached
  • Gonzalo San Gil, PhD. on 28 Mar 16
     
    "File transfer between Linux systems (and perhaps all POSIX systems in general) is in some ways a neglected subject. The arcane protocols in common use are far from secure, and the SSH replacements offer too much power and complexity. Servers holding highly sensitive data... "
Paul Merrell

The Supreme Court's Groundbreaking Privacy Victory for the Digital Age | American Civil... - 0 views

www.aclu.org/...ng-privacy-victory-digital-age

privacy rights 4th-Amendment litigation Supreme-Court

shared by Paul Merrell on 23 Jun 18 - No Cached
  • The Supreme Court on Friday handed down what is arguably the most consequential privacy decision of the digital age, ruling that police need a warrant before they can seize people’s sensitive location information stored by cellphone companies. The case specifically concerns the privacy of cellphone location data, but the ruling has broad implications for government access to all manner of information collected about people and stored by the purveyors of popular technologies. In its decision, the court rejects the government’s expansive argument that people lose their privacy rights merely by using those technologies. Carpenter v. U.S., which was argued by the ACLU, involves Timothy Carpenter, who was convicted in 2013 of a string of burglaries in Detroit. To tie Carpenter to the burglaries, FBI agents obtained — without seeking a warrant — months’ worth of his location information from Carpenter’s cellphone company. They got almost 13,000 data points tracking Carpenter’s whereabouts during that period, revealing where he slept, when he attended church, and much more. Indeed, as Chief Justice John Roberts wrote in Friday’s decision, “when the Government tracks the location of a cell phone it achieves near perfect surveillance, as if it had attached an ankle monitor to the phone’s user.”.
  • The ACLU argued the agents had violated Carpenter’s Fourth Amendment rights when they obtained such detailed records without a warrant based on probable cause. In a decision written by Chief Justice John Roberts, the Supreme Court agreed, recognizing that the Fourth Amendment must apply to records of such unprecedented breadth and sensitivity: Mapping a cell phone’s location over the course of 127 days provides an all-encompassing record of the holder’s whereabouts. As with GPS information, the timestamped data provides an intimate window into a person’s life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations.’
  • The government’s argument that it needed no warrant for these records extends far beyond cellphone location information, to any data generated by modern technologies and held by private companies rather than in our own homes or pockets. To make their case, government lawyers relied on an outdated, 1970s-era legal doctrine that says that once someone shares information with a “third party” — in Carpenter’s case, a cellphone company — that data is no longer protected by the Fourth Amendment. The Supreme Court made abundantly clear that this doctrine has its limits and cannot serve as a carte blanche for the government seizure of any data of its choosing without judicial oversight.
  • ...1 more annotation...
  • While the decision extends in the immediate term only to historical cellphone location data, the Supreme Court’s reasoning opens the door to the protection of the many other kinds of data generated by popular technologies. Today’s decision provides a groundbreaking update to privacy rights that the digital age has rendered vulnerable to abuse by the government’s appetite for surveillance. It recognizes that “cell phones and the services they provide are ‘such a pervasive and insistent part of daily life’ that carrying one is indispensable to participation in modern society.” And it helps ensure that we don’t have to give up those rights if we want to participate in modern life. 
Paul Merrell

Save Firefox! | Electronic Frontier Foundation - 0 views

www.eff.org/...save-firefox

W3C web-standards CDM encrypted-media-extensions EME DRM

shared by Paul Merrell on 29 May 16 - No Cached
  • The World Wide Web Consortium (W3C), once the force for open standards that kept browsers from locking publishers to their proprietary capabilities, has changed its mission. Since 2013, the organization has provided a forum where today's dominant browser companies and the dominant entertainment companies can collaborate on a system to let our browsers control our behavior, rather than the other way. This system, "Encrypted Media Extensions" (EME) uses standards-defined code to funnel video into a proprietary container called a "Content Decryption Module." For a new browser to support this new video streaming standard -- which major studios and cable operators are pushing for -- it would have to convince those entertainment companies or one of their partners to let them have a CDM, or this part of the "open" Web would not display in their new browser. This is the opposite of every W3C standard to date: once, all you needed to do to render content sent by a server was follow the standard, not get permission. If browsers had needed permission to render a page at the launch of Mozilla, the publishers would have frozen out this new, pop-up-blocking upstart. Kiss Firefox goodbye, in other words.
  • The W3C didn't have to do this. No copyright law says that making a video gives you the right to tell people who legally watch it how they must configure their equipment. But because of the design of EME, copyright holders will be able to use the law to shut down any new browser that tries to render the video without their permission. That's because EME is designed to trigger liability under section 1201 of the Digital Millennium Copyright Act (DMCA), which says that removing a digital lock that controls access to a copyrighted work without permission is an offense, even if the person removing the lock has the right to the content it restricts. In other words, once a video is sent with EME, a new company that unlocks it for its users can be sued, even if the users do nothing illegal with that video. We proposed that the W3C could protect new browsers by making their members promise not to use the DMCA to attack new entrants in the market, an idea supported by a diverse group of W3C members, but the W3C executive overruled us saying the work would go forward with no safeguards for future competition. It's even worse than at first glance. The DMCA isn't limited to the USA: the US Trade Representative has spread DMCA-like rules to virtually every country that does business with America. Worse still: the DMCA is also routinely used by companies to threaten and silence security researchers who reveal embarrassing defects in their products. The W3C also declined to require its members to protect security researchers who discover flaws in EME, leaving every Web user vulnerable to vulnerabilities whose disclosure can only safely take place if the affected company decides to permit it.
  • The W3C needs credibility with people who care about the open Web and innovation in order to be viable. They are sensitive to this kind of criticism. We empathize. There are lots of good people working there, people who genuinely, passionately want the Web to stay open to everyone, and to be safe for its users. But the organization made a terrible decision when it opted to provide a home for EME, and an even worse one when it overruled its own members and declined protection for security research and new competitors. It needs to hear from you now. Please share this post, and spread the word. Help the W3C be the organization it is meant to be.
Paul Merrell

Metacrap - 1 views

www.well.com/...metacrap.htm

metadata

shared by Paul Merrell on 30 Jan 12 - Cached
  • Metadata is "data about data" -- information like keywords, page-length, title, word-count, abstract, location, SKU, ISBN, and so on.
  • If everyone would subscribe to such a system and create good metadata for the purposes of describing their goods, services and information, it would be a trivial matter to search the Internet for highly qualified, context-sensitive results: a fan could find all the downloadable music in a given genre, a manufacturer could efficiently discover suppliers, travelers could easily choose a hotel room for an upcoming trip. A world of exhaustive, reliable metadata would be a utopia. It's also a pipe-dream, founded on self-delusion, nerd hubris and hysterically inflated market opportunities.
Paul Merrell

Five Reasons Why the Amazon Kindle Fire Will Light Up Enterprises | ZDNet - 2 views

www.zdnet.com/...1971

android IPAD

shared by Paul Merrell on 20 Nov 11 - No Cached
  • Android developers are being attracted to the Amazon tablet and making it their highest priority. 49% of North American developers are very interested in building for the Fire, according to an Appcelerator survey, ahead of second-place Samsung Galaxy Tab.
  • According to a recent survey, 77% of tablets used in the enterprise are purchased and paid for by employees via Bring Your Own Device plans.
  • Consumers, in other words. Who by and large remain extremely price-sensitive. For the cost of equipping mom and dad with $499 iPads, one could equip the parents, two kids and even the family dog, too, with five $199 Kindle Fires. This is why there are studies like Retrevo’s that show more people planning to to buy a Kindle Fire than an iPad this Christmas. Or why DisplaySearch expects 6 million Fires to be shipped (versus 9-11 million iPads).
  • ...1 more annotation...
  • In an IBM-sponsored survey of 4,000 IT pros worldwide released last week, 70% said they plan to deploy apps for Android devices, versus 49% for iPhone and iPad, 35% for Windows 7, and 25% for BlackBerry.
1 - 20 of 47 Next › Last »
Showing 20 items per page