Mega Ordered to Hand Over Users' Details to U.S. Court - TorrentFreakwho uploads to hav... - 0 views
-
" Andy on May 12, 2016 C: 28 News Mega, the cloud storage site founded by Kim Dotcom, has been ordered to hand the IP addresses and personal details of some of its users to a U.S. court. The ruling follows the uploading of sensitive documents to Mega following a hack on a foreign government computer system. Speaking with TorrentFreak, Mega chairman Stephen Hall expressed concerns over the process."
-
" Andy on May 12, 2016 C: 28 News Mega, the cloud storage site founded by Kim Dotcom, has been ordered to hand the IP addresses and personal details of some of its users to a U.S. court. The ruling follows the uploading of sensitive documents to Mega following a hack on a foreign government computer system. Speaking with TorrentFreak, Mega chairman Stephen Hall expressed concerns over the process."
Phone call metadata does betray sensitive details about your life - study | T... - 0 views
Hackers Prove Fingerprints Are Not Secure, Now What? | nsnbc international - 0 views
-
The Office of Personnel Management (OPM) recently revealed that an estimated 5.6 million government employees were affected by the hack; and not 1.1 million as previously assumed.
-
Samuel Schumach, spokesman for the OPM, said: “As part of the government’s ongoing work to notify individuals affected by the theft of background investigation records, the Office of Personnel Management and the Department of Defense have been analyzing impacted data to verify its quality and completeness. Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million.” This endeavor expended the use of the Department of Defense (DoD), the Department of Homeland Security (DHS), the National Security Agency (NSA), and the Pentagon. Schumer added that “if, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.” However, we do not need to wait for the future for fingerprint data to be misused and coveted by hackers.
-
Look no further than the security flaws in Samsung’s new Galaxy 5 smartphone as was demonstrated by researchers at Security Research Labs (SRL) showing how fingerprints, iris scans and other biometric identifiers could be fabricated and yet authenticated by the Apple Touch ID fingerprints scanner. The shocking part of this demonstration is that this hack was achieved less than 2 days after the technology was released to the public by Apple. Ben Schlabs, researcher for SRL explained: “We expected we’d be able to spoof the S5’s Finger Scanner, but I hoped it would at least be a challenge. The S5 Finger Scanner feature offers nothing new except—because of the way it is implemented in this Android device—slightly higher risk than that already posed by previous devices.” Schlabs and other researchers discovered that “the S5 has no mechanism requiring a password when encountering a large number of incorrect finger swipes.” By rebotting the smartphone, Schlabs could force “the handset to accept an unlimited number of incorrect swipes without requiring users to enter a password [and] the S5 fingerprint authenticator [could] be associated with sensitive banking or payment apps such as PayPal.”
- ...1 more annotation...
Popular Security Software Came Under Relentless NSA and GCHQ Attacks - The Intercept - 0 views
-
The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products. British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
-
The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
-
The requested warrant, provided under Section 5 of the U.K.’s 1994 Intelligence Services Act, must be renewed by a government minister every six months. The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The request seeks authorization for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”
- ...9 more annotations...
A basic encryption strategy for storing sensitive data | ITworld - 0 views
-
"To safely store your data in a database, you'd start by generating a strong secret key value in a byte array. This is best generated programmatically. This single key can be used to encrypt all of the data you'd like to store. "
-
"To safely store your data in a database, you'd start by generating a strong secret key value in a byte array. This is best generated programmatically. This single key can be used to encrypt all of the data you'd like to store. "
Internet providers will soon need permission to share your web browsing history - The V... - 1 views
He Was a Hacker for the NSA and He Was Willing to Talk. I Was Willing to Listen. - 2 views
-
he message arrived at night and consisted of three words: “Good evening sir!” The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained — with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world — how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA’s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept. There is no Miss Manners for exchanging pleasantries with a man the government has trained to be the digital equivalent of a Navy SEAL. Though I had initiated the contact, I was wary of how he might respond. The hacker had publicly expressed a visceral dislike for Snowden and had accused The Intercept of jeopardizing lives by publishing classified information. One of his memos outlined the ways the NSA reroutes (or “shapes”) the internet traffic of entire countries, and another memo was titled “I Hunt Sysadmins.” I felt sure he could hack anyone’s computer, including mine. Good evening sir!
-
The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained — with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world — how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA’s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept. There is no Miss Manners for exchanging pleasantries with a man the government has trained to be the digital equivalent of a Navy SEAL. Though I had initiated the contact, I was wary of how he might respond. The hacker had publicly expressed a visceral dislike for Snowden and had accused The Intercept of jeopardizing lives by publishing classified information. One of his memos outlined the ways the NSA reroutes (or “shapes”) the internet traffic of entire countries, and another memo was titled “I Hunt Sysadmins.” I felt sure he could hack anyone’s computer, including mine.
-
I got lucky with the hacker, because he recently left the agency for the cybersecurity industry; it would be his choice to talk, not the NSA’s. Fortunately, speaking out is his second nature.
- ...7 more annotations...
Net Censorship Comes Before the EU Parliament | La Quadrature du Net - 1 views
-
[ Last Spring, the European Commissioner for Home Affairs, Cecilia Malmström, presented a proposal for a directive to combat child exploitation. Unfortunately, this very important and sensitive matter is used to introduce dangerous provisions regarding Internet blocking, which could pave the way for a wider censorship of the Internet in Europe. The EU Parliament must absolutely reject this Trojan horse and uphold the fundamental rights of EU citizens ...]
Box extends its enterprise playbook, but users are still at the center | CITEworld - 0 views
-
The 47,000 developers making almost two billion API calls to the Box platform per month are a good start, Levie says, but Box needs to go further and do more to customize its platform to help push this user-centric, everything-everywhere-always model at larger and larger enterprises.
-
Box for Industries is comprised of three parts: A Box-tailored core service offering, a selection of partner apps, and the implementation services to combine the two of those into something that ideally can be used by any enterprise in any vertical.
-
Box is announcing solutions for three specific industries: Retail, healthcare, and media/entertainment. For retail, that includes vendor collaboration (helping vendors work with manufacturers and distributors), digital asset management, and retail store enablement.
- ...6 more annotations...
-
This will be very interesting. Looks like Box is betting their future on the success of integrating Microsoft Office 365 into the Box Productivity Cloud Service. Which competes directly with the Microsoft Office 365 - OneDrive Cloud Productivity Platform. Honestly, I don't see how this can ever work out for Box. Microsoft has them ripe for the plucking. And they have pulled it off on the eve of Box's expected IPO. "Box CEO Aaron Levie may not be able to talk about the cloud storage and collaboration company's forthcoming IPO, but he still took the stage at the company's biggest BoxWorks conference yet, with 5,000 attendees. Featured Resource Presented by Citrix Systems 10 essential elements for a secure enterprise mobility strategy Best practices for protecting sensitive business information while making people productive from LEARN MORE Levie discussed the future of the business and make some announcements -- including the beta of a Box integration with the Windows version of Microsoft Office 365; the introduction of Box Workflow, a tool coming in 2015 for creating repeatable workflows on the platform; and the unveiling of Box for Industries, an initiative to tailor Box solutions for specific industry use-cases. And if that wasn't enough, Box also announced a partnership with service firm Accenture to push the platform in large enterprises. The unifying factor for the announcements made at BoxWorks, Levie said, is that users expect their data to follow them everywhere, at home and at work. That means that Box has to think about enterprise from the user outwards, putting them at the center of the appified universe -- in effect, building an ecosystem of tools that support the things employees already use."
10 important tips for living a multi-platform life | CITEworld - 0 views
-
"With the rise of different mobile platforms and content ecosystems over the past decade, the technology world is becoming increasingly fragmented. Fifteen years ago, there were only a handful of platforms that mattered -- Windows PCs, Macs, and perhaps Linux on the desktop, and primarily BlackBerry in the mobile space. Today, the number is far greater -- Windows (further divided into the pre- and post-Windows 8 offerings), OS X, Linux, Chrome OS, Android (in many varying incarnations), iOS, Windows Phone, BlackBerry, Amazon's Kindle and Fire products, to name the most common. Each of these platforms has become increasingly insular, making lock-in to a specific vendor, device, or OS much more common. Featured Resource Presented by Citrix Systems 10 essential elements for a secure enterprise mobility strategy Best practices for protecting sensitive business information while making people productive from LEARN MORE Although it is possible to switch from an iPhone to Android, or from Windows to Mac, there is often a trade-off in making the switch. Apps, music, ebooks, and other content may need to be re-purchased. There will likely be some learning curve. The offerings in the new ecosystem -- apps or content -- may not match the experience to which we've become accustomed, and some may not be available at all. Here's some guidance on how to switch platforms."
Huddle: Consumer cloud services causing 'security time-bomb' for enterprises | ZDNet - 0 views
-
"AN FRANCISCO -- As more employees continue to access consumer cloud accounts at work (regardless of IT rules), the enterprise world is about to reach a breaking point, based on a new report. Quite simply, U.K. cloud collaboration company Huddle described the trend as a "security time-bomb." At least 38 percent of U.S. office workers are said to have admitted to storing work documents on personal cloud tools and services, while a whopping 91 percent of workers added they use personal devices (i.e. USB drives) to store and share sensitive company documents. Huddle argued that this means enterprise and government organizations are at severe risk of losing both data intellectual property forever as this fragmentation continues. The London-headquartered company published its first State of the Enterprise assessment report amid the official opening of its San Francisco offices on Thursday morning as Huddle branches out to attract a U.S. customer base. "Legacy technologies create barriers to how we want to work," said Mitchell. Huddle produces a team-based collaboration platform designed for large teams within enterprises storing content securely and individually. The idea behind Huddle is to replace personal USB drives and "dumb file storage" platforms with open-security models and folder-based content. As the cloud-based storage and collaboration market grows, it looks like Huddle will be aiming to take on the likes of Box, Google Drive, Microsoft SkyDrive, and Dropbox, among others. Huddle is framing itself as different in that it constructs a single network for working and collaborating beyond a firewall, removing VPN complexities with single, company-wide login. Huddle CEO Alastair Mitchell described during an inaugural media presentation that its customers are replacing legacy technologies, calling out SharePoint and Outlook in particular as users move content collaboration out of email. "Legacy technologies create barriers to how we want to work," sai
Canada Joins World Powers in Spying on Smartphone and Download Data | WIRED [# ! chk di... - 0 views
How browser extensions steal logins & browsing habits; conduct corporate espionage / Bo... - 0 views
-
"Seemingly harmless browser extensions that generate emojis, enlarge thumbnails, help you debug Javascript errors and other common utilities routinely run secret background processes that collect and retransmit your login credentials, private URLs that grant access to sensitive files, corporate secrets, full PDFs and other personally identifying, potentially compromising data."
Database of 4 million Adult Friend Finder users leaked for all to see | Ars Technica [#... - 0 views
-
"by Dan Goodin - May 22, 2015 3:00 pm UTC Share Tweet 51 E-mail addresses, sexual orientations, and other sensitive details from almost four million AdultFriendFinder.com subscribers have been leaked onto the Internet following a hack that rooted the casual dating service, security researchers said."
Secure File Transfer | Linux Journal - 0 views
The Supreme Court's Groundbreaking Privacy Victory for the Digital Age | American Civil... - 0 views
-
The Supreme Court on Friday handed down what is arguably the most consequential privacy decision of the digital age, ruling that police need a warrant before they can seize people’s sensitive location information stored by cellphone companies. The case specifically concerns the privacy of cellphone location data, but the ruling has broad implications for government access to all manner of information collected about people and stored by the purveyors of popular technologies. In its decision, the court rejects the government’s expansive argument that people lose their privacy rights merely by using those technologies. Carpenter v. U.S., which was argued by the ACLU, involves Timothy Carpenter, who was convicted in 2013 of a string of burglaries in Detroit. To tie Carpenter to the burglaries, FBI agents obtained — without seeking a warrant — months’ worth of his location information from Carpenter’s cellphone company. They got almost 13,000 data points tracking Carpenter’s whereabouts during that period, revealing where he slept, when he attended church, and much more. Indeed, as Chief Justice John Roberts wrote in Friday’s decision, “when the Government tracks the location of a cell phone it achieves near perfect surveillance, as if it had attached an ankle monitor to the phone’s user.”.
-
The ACLU argued the agents had violated Carpenter’s Fourth Amendment rights when they obtained such detailed records without a warrant based on probable cause. In a decision written by Chief Justice John Roberts, the Supreme Court agreed, recognizing that the Fourth Amendment must apply to records of such unprecedented breadth and sensitivity: Mapping a cell phone’s location over the course of 127 days provides an all-encompassing record of the holder’s whereabouts. As with GPS information, the timestamped data provides an intimate window into a person’s life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations.’
-
The government’s argument that it needed no warrant for these records extends far beyond cellphone location information, to any data generated by modern technologies and held by private companies rather than in our own homes or pockets. To make their case, government lawyers relied on an outdated, 1970s-era legal doctrine that says that once someone shares information with a “third party” — in Carpenter’s case, a cellphone company — that data is no longer protected by the Fourth Amendment. The Supreme Court made abundantly clear that this doctrine has its limits and cannot serve as a carte blanche for the government seizure of any data of its choosing without judicial oversight.
- ...1 more annotation...
Save Firefox! | Electronic Frontier Foundation - 0 views
-
The World Wide Web Consortium (W3C), once the force for open standards that kept browsers from locking publishers to their proprietary capabilities, has changed its mission. Since 2013, the organization has provided a forum where today's dominant browser companies and the dominant entertainment companies can collaborate on a system to let our browsers control our behavior, rather than the other way. This system, "Encrypted Media Extensions" (EME) uses standards-defined code to funnel video into a proprietary container called a "Content Decryption Module." For a new browser to support this new video streaming standard -- which major studios and cable operators are pushing for -- it would have to convince those entertainment companies or one of their partners to let them have a CDM, or this part of the "open" Web would not display in their new browser. This is the opposite of every W3C standard to date: once, all you needed to do to render content sent by a server was follow the standard, not get permission. If browsers had needed permission to render a page at the launch of Mozilla, the publishers would have frozen out this new, pop-up-blocking upstart. Kiss Firefox goodbye, in other words.
-
The W3C didn't have to do this. No copyright law says that making a video gives you the right to tell people who legally watch it how they must configure their equipment. But because of the design of EME, copyright holders will be able to use the law to shut down any new browser that tries to render the video without their permission. That's because EME is designed to trigger liability under section 1201 of the Digital Millennium Copyright Act (DMCA), which says that removing a digital lock that controls access to a copyrighted work without permission is an offense, even if the person removing the lock has the right to the content it restricts. In other words, once a video is sent with EME, a new company that unlocks it for its users can be sued, even if the users do nothing illegal with that video. We proposed that the W3C could protect new browsers by making their members promise not to use the DMCA to attack new entrants in the market, an idea supported by a diverse group of W3C members, but the W3C executive overruled us saying the work would go forward with no safeguards for future competition. It's even worse than at first glance. The DMCA isn't limited to the USA: the US Trade Representative has spread DMCA-like rules to virtually every country that does business with America. Worse still: the DMCA is also routinely used by companies to threaten and silence security researchers who reveal embarrassing defects in their products. The W3C also declined to require its members to protect security researchers who discover flaws in EME, leaving every Web user vulnerable to vulnerabilities whose disclosure can only safely take place if the affected company decides to permit it.
-
The W3C needs credibility with people who care about the open Web and innovation in order to be viable. They are sensitive to this kind of criticism. We empathize. There are lots of good people working there, people who genuinely, passionately want the Web to stay open to everyone, and to be safe for its users. But the organization made a terrible decision when it opted to provide a home for EME, and an even worse one when it overruled its own members and declined protection for security research and new competitors. It needs to hear from you now. Please share this post, and spread the word. Help the W3C be the organization it is meant to be.
Metacrap - 1 views
-
Metadata is "data about data" -- information like keywords, page-length, title, word-count, abstract, location, SKU, ISBN, and so on.
-
If everyone would subscribe to such a system and create good metadata for the purposes of describing their goods, services and information, it would be a trivial matter to search the Internet for highly qualified, context-sensitive results: a fan could find all the downloadable music in a given genre, a manufacturer could efficiently discover suppliers, travelers could easily choose a hotel room for an upcoming trip. A world of exhaustive, reliable metadata would be a utopia. It's also a pipe-dream, founded on self-delusion, nerd hubris and hysterically inflated market opportunities.
Five Reasons Why the Amazon Kindle Fire Will Light Up Enterprises | ZDNet - 2 views
-
Android developers are being attracted to the Amazon tablet and making it their highest priority. 49% of North American developers are very interested in building for the Fire, according to an Appcelerator survey, ahead of second-place Samsung Galaxy Tab.
-
According to a recent survey, 77% of tablets used in the enterprise are purchased and paid for by employees via Bring Your Own Device plans.
-
Consumers, in other words. Who by and large remain extremely price-sensitive. For the cost of equipping mom and dad with $499 iPads, one could equip the parents, two kids and even the family dog, too, with five $199 Kindle Fires. This is why there are studies like Retrevo’s that show more people planning to to buy a Kindle Fire than an iPad this Christmas. Or why DisplaySearch expects 6 million Fires to be shipped (versus 9-11 million iPads).
- ...1 more annotation...