Group items tagged

This website provides a few instructions on how to increase your safety downloading apps from the app store. It also provides links to other websites which show the safety score of an app. Since most people (including myself) don't think twice about downloading any app that looks interesting, this is useful information to have.

"A factory refurbished Thinkpad shipped with Windows 7 and a scheduler app that ran once a day, collecting usage data about what you do with your computer and exfiltrating it to an analytics company. "

This reminds me just a bit of the Mary, Queen of Scots, story. Helpful messages that are actually covers for malicious intent.

Recently China blocked the Facebook app "Whatsapp," and I find this interesting because by the decision of their government, they can decide your intake of content from the outside world and where to cut it off. Some parts of this relate to Cryptography because people have become very creative in getting around firewalls and accessing blocked sites anyways.

What really stood out to me about this article was that they said the NSA actually pays more attention to those people who use encryption. So, in order to protect ourselves and also avoid prying NSA eyes, we should encourage people to stand in solidarity with encryption. I thought this was really interesting because I always thought that encryption would undoubtedly make everything more secure, but here they're saying that it actually attracts attention (which isn't necessarily a good thing).

When I was a kid, I read an issue of Superman in which he faces Batman's villain, the Joker. At one point, the Joker tells Superman that he's kidnapped all of Superman's best friends (Lois Lane, Jimmy Olsen, and so on) and locked them inside lead-lined caskets, hidden throughout Metropolis. Since the caskets are air-tight, they only have an hour to live, and Superman can't find them because his x-ray vision can't see through lead! That's what the Joker said. Actually, since Superman can't see through lead, those caskets *stood out* when he scanned the city with his x-ray vision, and he rescued all his friends in short order. Same basic idea.

You can find anything on the Internet: http://goodcomics.comicbookresources.com/wp-content/uploads/2009/09/superjoker6.jpg.

An app circulated among the protesters in Hong Kong that supposedly was for coordinating protest efforts, but was in reality a phishing attack that would track keystrokes, messages, and identity information of devices it was installed on. Many signs point to the Chinese government as the origin of the malware, though. Not the first time a government has done something like planting spies and monitoring protestors. We saw this in Little Brother too, with the DHS spies on the Xnet.

I found this article interesting because it actually mentions the "firesheep" add-on we discussed during class as well as the encryption of our data.

Good find. It's important to note that this piece is from 2011, shortly after the Firesheep controversy. As far as I can tell, HTTPS use is now mandatory, at least on Facebook.com. I don't know about the Facebook app, however. That might be something to look into.

At a New York state elementary school, teachers can use a behavior-monitoring app to compile information on which children have positive attitudes and which act out. In Georgia, some high school cafeterias are using a biometric identification system to let students pay for lunch by scanning the palms of their hands at the checkout line.

Interesting that ~35% of 1000 surveyed have upped the strength of their passwords, but only 6% turned on two-factor ID, which was a major cause of the iCloud hacks going undetected for so long.

It seems that two-factor authentication would not have prevented those iCloud hacks (according to this piece: http://www.tuaw.com/2014/09/02/think-iclouds-two-factor-authentication-protects-your-privacy/), but since Apple has now changed the triggers for two-factor to include things like iCloud access, two-factor will be more helpful going forward. So it is a little surprising that more people haven't enabled it.

I'm also reminded of the ACLU's Chris Soghoian's point (https://www.aclu.org/blog/technology-and-liberty/lessons-celebrity-icloud-photo-breach) that one reason people have crappy Apple passwords is that Apple makes you use your password so darn often. I know I get frustrated when I have to enter my (crazy long) Apple password on my iPhone just to download a free app.

This article discusses the faults in former deputy director of the CIA Michael Morell's statement that the use of encrypted apps made it difficult to stop terrorists. Claims that encrypted communications put them out of reach was false - there had been no change in al Qaeda tactics. Also, author Howard points out that there isn't a clear dichotomy between privacy and security.

We need to really pay attention to how many different apps and resources we have connected to big sites like facebook, and google. Heck, Apple as a whole essentially has our entire lives on record. Don't link everything to facebook or google, and maybe consider diversifying your technology.

Companies don't require a warrant to conduct data searches of their customers. The safest way to ensure that your data remains private while using services from a company is to use client based end to end encryption.