Group items matching

in title, tags, annotations or url

"If that data is collected, does the child have a right to get it back? If that data is collected from very early childhood and does not belong to the child, does it make the child extra vulnerable because his or her choices and patterns of behaviour could be known to anyone who purchases the data, for example, companies or political campaigns. Depending on the privacy laws of the state in which the toys are being used, if the data is collected and kept, it breaches Article 16 of the Convention on the Rights of the Child - the right to privacy. (Though, of course, arguably this is something parents routinely do by posting pictures of their children on Facebook). "

""Privacy Not Included" is Mozilla's Christmas shopping (anti)-guide to toys and gadgets that spy on you and/or make stupid security blunders, rated by relative "creepiness," from the Nintendo Switch (a little creepy) to the Fredi Baby monitor (very creepy!). Mozilla's reviews include a detailed rationale for each ranking, including whether the product includes encryption, whether it forces a default password change, how easy to understand the documentation is, whether it shares your data for "unexpected reasons," whether it has known security vulnerabilities, whether it has parental controls and more."

"Cybersecurity experts have warned for years that malfeasance, technical breakdown or administrative incompetence could easily wreak havoc with electronic systems and could go largely or wholly undetected. This is a concern made much more urgent by Russia's cyber-attacks on political party servers and state voter registration databases in 2016 and by the risk of a repeat - or worse - in this November's midterms. "

"The revelation that encrypted email is vulnerable to a variety of devastating attacks (collectively known as "Efail") has set off a round of soul-searching by internet security researchers and other technical people -- can we save email? One way to think about Efail is that it was caused by a lack of central coordination and control over email-reading programs -- the underlying protocols are strong and robust, but they can be implemented in ways that create real problems. In particular, the ability to show HTML inside a message makes email very hard to secure:"

"The ethics of Facebook's micro-targeted advertising was thrust into the spotlight this week by a report out of Australia. The article, based on a leaked presentation, said that Facebook was able to identify teenagers at their most vulnerable, including when they feel "insecure", "worthless", "defeated" and "stressed"."

"Facebook will rely on users to report fake news despite evidence that suggests users have a difficult time assessing or identifying fake news. Teens seem to be especially vulnerable to fake news. A recent study by researchers at Stanford found that middle and high school students have a difficult time detecting fake news from real news, or detecting bias in tweets and Facebook statuses."

"To thwart such hackers, Elon Musk's OpenAI and Pennsylvania State University released a new tool this week called "cleverhans," that lets artificial intelligence researchers test how vulnerable their AI is to adversarial examples, or purposefully malicious data meant to confuse the algorithms. Once the vulnerability has been found, a defense to the attack can automatically be applied."

"A cryptocurrency is only as reliable as the technology that keeps it running, and Ethereum is learning this the hard way. An attacker has taken an estimated $60 million in Ethereum's digital money (Ether) by exploiting vulnerabilities in the Decentralized Autonomous Organization, an investment collective. The raider took advantage of a "recursive call" flaw in the DAO's code-based smart contracts, which administer the funds, to scoop up Ether many times in a single pass."

"Security Analysis of Emerging Smart Home Applications demonstrates how Samsung's SmartThings platform may be especially vulnerable to hackers. "

"Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thousands of "ghost drivers" that can monitor the drivers around them-an exploit that could be used to track Waze users in real-time. They proved it to me by tracking my own movements around San Francisco and Las Vegas over a three-day period."

"A database posted online allegedly contains the personal information of 49 million people on the Turkish citizenship database, potentially making more than half of the population of the country vulnerable to identity theft and massive privacy violations."

"The malware was delivered through multiple ad networks, and used a number of vulnerabilities, including a recently-patched flaw in Microsoft's former Flash competitor Silverlight, which was discontinued in 2013. When the infected adverts hit users, they redirect the page to servers hosting the malware, which includes the widely-used (amongst cybercriminals) Angler exploit kit. That kit then attempts to find any back door it can into the target's computer, where it will install cryptolocker-style software, which encrypts the user's hard drive and demands payment in bitcoin for the keys to unlock it."

"One of the biggest arguments against mandating backdoors in encryption is the fact that, even if you trust the United States government never to abuse that power (and who does?), other criminal hackers and foreign governments will be able to exploit the backdoor to use it themselves. A backdoor is an inherent vulnerability that other actors will attempt to find and try to use it for their own nefarious purposes as soon as they know it exists, putting all of our cybersecurity at risk. "

"Many of these cameras have no easy, networked means of getting a firmware update, either, making their zeroday bugs into foreverday bugs. Some of these bugs were simple programmer error, but Philips, ah, Philips: they shipped an Internet-connected home spycam whose default root login was admin and /ADMIN/. Security. "

"Researcher Billy Rios (previously) has extended his work on vulnerabilities in hospital drug pumps, discovering a means by which their firmware can be remotely overwritten with new code that can result in lethal overdoses for patients. "

"Durumeric leads a team of researchers at the University of Michigan that has developed scanning software called ZMap. This tool can probe the whole public Internet in under an hour, revealing information about the roughly four billion devices online. The scan results can show which sites are vulnerable to particular security flaws. In the case of FREAK, a scan was used to measure the scale of the threat before the bug was publicly announced."

"The NSA's AURORAGOLD program -- revealed in newly released Snowden docs -- used plundered internal emails to compromise nearly every mobile carrier in the world, and show that the agency had planned to introduce vulnerabilities into future improvements into mobile security. "

"But Computercop isn't security software -- quite the opposite; it's classic malware. The software, made in New York by a company that markets to law enforcement, is a badly designed keylogger that stores thingstyped into the keyboard -- potentially everything typed on the family PC -- passwords, sensitive communications, banking logins, and more, all stored on the hard drive, either in the clear, or with weak, easily broken encryption. And Computercop users are encouraged to configure the software to email dumps from the keylogger to their accounts (to spy on their children's activity), so that all those keystrokes are vulnerable to interception by anyone between your computer and your email server. "

"Security researchers have discovered a vulnerability in the system software used in millions of computers, opening the possibility that attackers could execute arbitrary commands on web servers, other Linux-based machines and even Mac computers."

"User information, including passwords, email addresses, usernames and geolocation data, was unencrypted - making it readily accessible to anyone who plugs the handset into a PC, according to a report detailing the vulnerability."