"As privacy scholar Josh Fairfield says, while some dismiss privacy concerns by saying they have nothing to hide, we shouldn't accept that argument from anyone wearing clothes. Or anyone who closes the bathroom door, locks her home or car, or uses password-protected accounts. Or anyone who benefits from rules and norms that protect secrecy and confidentiality, prohibit government overreach, and give us recourse if others intrude upon our seclusion, publicly disclose embarrassing private facts, depict us in a false light, or appropriate our image or likeness. "
"iTunes phishing scams
Compromised phones or computers
Celebrity passwords/emails as part of a larger password dump (such as the Adobe hack)
Mobile-phone or computer-repair individuals abusing access
Password reset questions guess
Brute force"
""Privacy Not Included" is Mozilla's Christmas shopping (anti)-guide to toys and gadgets that spy on you and/or make stupid security blunders, rated by relative "creepiness," from the Nintendo Switch (a little creepy) to the Fredi Baby monitor (very creepy!).
Mozilla's reviews include a detailed rationale for each ranking, including whether the product includes encryption, whether it forces a default password change, how easy to understand the documentation is, whether it shares your data for "unexpected reasons," whether it has known security vulnerabilities, whether it has parental controls and more."
"It happened when Hello Kitty's fan site, SanrioTown.com, had its database accessed in late 2015. Here's the catch - it wasn't hacked. According to security researcher Chris Vickery of Kromtech, no hack was necessary. Vickery stated that pretty much anyone could access, "…first and last names, birthday…, gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers…," and more."
Justin Engler and Paul Vines will demo a robot called the Robotic Reconfigurable Button Basher (R2B2) at Defcon; it can work its way through every numeric screen-lock Android password in 19 hours.
"They aren't limited by human notions of attention; they can watch everyone at the same time. So while it may be true that using encryption is something the NSA takes special note of, not using it doesn't mean you'll be noticed less. The best defense is to use secure services, even if it might be a red flag. Think of it this way: you're providing cover for those who need encryption to stay alive."
"While biometrics may not be the long term alternative to passwords, they are safer to use. Rather than seeing them as separate methods to identify that you are who you say you are, they should instead be viewed as complementary methods that can be used together to verify an individual."
"With all the personal data it collects, your wrist-mounted wearable computer is almost definitely going to betray you at some point, whether that's a reminder to get up and do another 5,000 steps this afternoon or accidentally giving away your ATM PIN. According to a new paper, ominously titled "Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN" it is surprisingly simple to determine your PIN or password by reverse-engineering motion sensor data from a smartwatch or fitness tracker."
"Taken as a whole, the information Google collects about users is shockingly complete. The company can mine your emails and Drive documents, track your browsing history, track the videos you watch on YouTube, obtain your WiFi passwords and much more."
"But Computercop isn't security software -- quite the opposite; it's classic malware. The software, made in New York by a company that markets to law enforcement, is a badly designed keylogger that stores thingstyped into the keyboard -- potentially everything typed on the family PC -- passwords, sensitive communications, banking logins, and more, all stored on the hard drive, either in the clear, or with weak, easily broken encryption. And Computercop users are encouraged to configure the software to email dumps from the keylogger to their accounts (to spy on their children's activity), so that all those keystrokes are vulnerable to interception by anyone between your computer and your email server. "
"This story is getting squrrelier and squrrelier. Yes, security companies love to hype the threat to sell their products and services. But this goes further: single-handedly trying to create a panic, and then profiting off that panic."
"At 221 of the Fortune 500 companies, Fortune magazine's list of the the top 500 U.S. public corporations ranked by gross revenue, employees' credentials are posted publicly online for hackers to steal and reuse in cyberattacks, according to new research from the web intelligence firm Recorded Future. "
"She recounts the moment when her 13-year-old son Jacob - now 16 - was sent to isolation for refusing to register his fingerprint to use the school canteen.
"I went to school and said that I didn't give my consent. As a parent I want to be clear that the decisions I make that affect my children are in their best interests."