Skip to main content

Home/ TOK Friends/ Group items tagged cybersecurity

Rss Feed Group items tagged

Javier E

Obscurity: A Better Way to Think About Your Data Than 'Privacy' - Woodrow Hartzog and E... - 1 views

  • Obscurity is the idea that when information is hard to obtain or understand, it is, to some degree, safe. Safety, here, doesn't mean inaccessible. Competent and determined data hunters armed with the right tools can always find a way to get it. Less committed folks, however, experience great effort as a deterrent.
  • Online, obscurity is created through a combination of factors. Being invisible to search engines increases obscurity. So does using privacy settings and pseudonyms. Disclosing information in coded ways that only a limited audience will grasp enhances obscurity, too
  • What obscurity draws our attention to, is that while the records were accessible to any member of the public prior to the rise of big data, more effort was required to obtain, aggregate, and publish them. In that prior context, technological constraints implicitly protected privacy interests.
  • ...9 more annotations...
  • the "you choose who to let in" narrative is powerful because it trades on traditional notions of space and boundary regulation, and further appeals to our heightened sense of individual responsibility, and, possibly even vanity. The basic message is that so long as we exercise good judgment when selecting our friends, no privacy problems will arise
  • What this appeal to status quo relations and existing privacy settings conceals is the transformative potential of Graph : new types of searching can emerge that, due to enhanced frequency and newly created associations between data points, weaken, and possibly obliterate obscurity.
  • he other dominant narrative emerging is that the Graph will simplify "stalking."
  • the stalker frame muddies the concept, implying that the problem is people with bad intentions getting our information. Determined stalkers certainly pose a threat to the obscurity of information because they represent an increased likelihood that obscure information will be found and understood.
  • Well-intentioned searches can be problematic, too.
  • It is not a stretch to assume Graph could enable searching through the content of posts a user has liked or commented on and generating categories of interests from it. For example, users could search which of their friends are interested in politics, or, perhaps, specifically, in left-wing politics.
  • In this scenario, a user who wasn't a fan of political groups or causes, didn't list political groups or causes as interests, and didn't post political stories, could still be identified as political.
  • In a system that purportedly relies upon user control, it is still unclear how and if users will be able to detect when their personal information is no longer obscure. How will they be able to anticipate the numerous different queries that might expose previously obscure information? Will users even be aware of all the composite results including their information?
  • Obscurity is a protective state that can further a number of goals, such as autonomy, self-fulfillment, socialization, and relative freedom from the abuse of power. A major task ahead is for society to determine how much obscurity citizens need to thrive.
Javier E

Concern Over Colin Powell's Hacked Emails Becomes a Fear of Being Next - The New York T... - 0 views

  • The latest hack could well spur a new rash of email deletions across the country as millions of people scan their sent mail for anything compromising, humiliating or career-destroying. It adds to the sense that everyone is vulnerable.
  • “I think more and more people are realizing that there isn’t a thing you can say in an email that isn’t likely to be hackable or discoverable at some later point,”
  • Washington may be behind other big cities in learning that lesson. Bankers on Wall Street have favored very brief emails since their conversations were splashed across front pages because of lawsuits filed after the financial crisis. In 2010, Goldman Sachs executives used the acronym “LDL,” for “let’s discuss live,” when a conversation turned at all sensitive.
  • ...3 more annotations...
  • Similar precautions have been common in Silicon Valley since a 2009 Chinese state cyberattack on servers at Google and other tech companies.
  • Hank Paulson, a former Goldman Sachs chief executive, refuses to use email. Ben S. Bernanke, a former chairman of the Federal Reserve, once set up an email account under the pseudonym Edward Quince in the hopes of greater privacy.
  • In Hollywood, a breach at Sony Pictures in 2014 spilled out gossipy secrets and persuaded film crews, actors and executives alike to adopt security measures they once considered paranoid. Studios have turned to a new class of companies with names like WatchDox that wrap screenplays with encryption, passwords and monitoring systems that can track who has access to confidential files.
Javier E

Disruptions: Internet's Sad Legacy: No More Secrets - NYTimes.com - 0 views

  • many services that claim to offer that rarest of digital commodities — privacy — don’t really deliver. Read the fine print.
  • Snapchat’s privacy page explains that private images are stored on someone’s phone — and on its own servers. “Forensically, even after they are deleted,” Snapchat says, those images can be retrieved. Whisper’s privacy page says the company owns the intellectual property, both images and text, that people post; Whisper reserves the right to sell that stuff to third parties. And Telegram, while seemingly less innocuous with its claims, nonetheless leaves out something you might want to know: someone can just take a screenshot or picture of that “private” conversation.
  • Don’t have a smartphone yet? They still know where you are and where you’ve been. The American Civil Liberties Union released a report this year that found that technologies that let governments scan license plates are being used to build databases of vehicle locations across the United States.
  • ...1 more annotation...
  • A new book by Harvey Silverglate, a lawyer in Massachusetts, titled “Three Felonies a Day,” claims the average professional in the United States commits at least three crimes every day. How? While academics, lawyers and even government officials don’t actually know how many laws exist in today’s judicial system, it’s estimated that there are from 10,000 to 300,000 federal regulations that could be enforced criminally.
Javier E

Google's ChromeOS means losing control of data, warns GNU founder Richard Stallman | Te... - 0 views

  • Stallman, a computing veteran who is a strong advocate of free software via his Free Software Foundation, warned that making extensive use of cloud computing was "worse than stupidity" because it meant a loss of control of data.
  • The risks include loss of legal rights to data if it is stored on a company's machine's rather than your own, Stallman points out: "In the US, you even lose legal rights if you store your data in a company's machines instead of your own. The police need to present you with a search warrant to get your data from you; but if they are stored in a company's server, the police can get it without showing you anything. They may not even have to give the company a search warrant."
  • "I think that marketers like "cloud computing" because it is devoid of substantive meaning. The term's meaning is not substance, it's an attitude: 'Let any Tom, Dick and Harry hold your data, let any Tom, Dick and Harry do your computing for you (and control it).' Perhaps the term 'careless computing' would suit it better."
  • ...1 more annotation...
  • as long as enough of us continue keeping our data under our own control, we can still do so. And we had better do so, or the option may disappear."
Javier E

Owner of Anonymous Hackers-for-Hire Site Steps Forward - NYTimes.com - 0 views

  • He calls himself an ethical hacker who helps companies and individuals fight back against the bad guys operating online. Over the years, Charles Tendell also has emerged as a commentator in the news media about the threat posed by overseas hackers and is a former co-host of an online radio show about security.
  • But behind the scenes, Mr. Tendell, a Colorado resident and a decorated Iraq War veteran, started a new website called Hacker’s List that allows people to anonymously post bids to hire a hacker. Many users have sought to find someone to steal an email password, break into a Facebook account or change a school grade.
  • The propensity is for people to use it as a way to search for hackers willing to break the law as opposed to doing legitimate online investigations and surveillance.
  • ...2 more annotations...
  • The lack of disclosure surrounding Hacker’s List is one reason the hackers-for-hire service has drawn considerable scorn from security consultants, who say the website is an invitation to illegal and unethical behavior.
  • It’s inappropriate for someone like Mr. Tendell, who calls himself a “white hat hacker,” to be involved in any way with an operation that potentially is profiting from illegal activity, Mr. Solomonson said.
Javier E

How to Invent a Person Online - Curtis Wallen - The Atlantic - 2 views

  • Social networks and data brokers use algorithms and probabilities to reconstruct our identities, and then try to influence the way we think and feel and make decisions.
  • t’s not an exaggeration to say everything you do online is being followed. And the more precisely a company can tailor your online experience, the more money it can make from advertisers.
  • After Edward Snowden’s leaks about NSA surveillance, Tucker and Marthews found, the frequency of these sensitive search terms declined—suggesting that Internet users have become less likely to explore "search terms that they [believe] might get them in trouble with the U.S. government." The study also found that people have become less likely to search "embarrassing" topics
  • ...7 more annotations...
  • In other words, people are doing their best to blend in with the crowd.
  • The challenge of achieving true anonymity, though, is that evading surveillance makes your behavior anomalous—and anomalies stick out. As the Japanese proverb says, "A nail that sticks out gets hammered down." Glenn Greenwald explained recently that simply using encryption can make you a target. For me, this was all the more motivation to disappear.
  • For those of us who feel confident that we have nothing to hide, the future of Internet security might not seem like a major concern. But we underestimate the many ways in which our online identities can be manipulated.
  • The U.S. Department of Defense has also figured out how influential Facebook and Twitter can be. In 2011, it announced a new “Social Media in Strategic Communication” (SMISC) program to detect and counter information the U.S. government deemed dangerous. “Since everyone is potentially an influencer on social media and is capable of spreading information,” one researcher involved in a SMISC study told The Guardian, “our work aims to identify and engage the right people at the right time on social media to help propagate information when needed.”
  • Private companies are also using personal information in hidden ways. They don’t simply learn our tastes and habits, offering us more of what want and less of what we don’t. As Michael Fertik wrote in a 2013 Scientific American article titled “The Rich See a Different Internet Than the Poor,” credit lenders have the ability to hide their offers from people who may need loans the most. And Google now has a patent to change its prices based on who’s buying. 
  • It is essentially impossible to achieve anonymity online. It requires a complete operational posture that extends from the digital to the physical. Downloading a secure messaging app and using Tor won’t all of a sudden make you “NSA-proof.” And doing it right is really, really hard.
  • Weighing these trade-offs in my day-to-day life led to a few behavioral changes, but I have a mostly normal relationship with the Internet—I deleted my Facebook account, I encrypt my emails whenever I can, and I use a handful of privacy minded browser extensions. But even those are steps many people are unwilling, or unable, to take.
Javier E

The Creepy New Wave of the Internet by Sue Halpern | The New York Review of Books - 0 views

  • as human behavior is tracked and merchandized on a massive scale, the Internet of Things creates the perfect conditions to bolster and expand the surveillance state.
  • In the world of the Internet of Things, your car, your heating system, your refrigerator, your fitness apps, your credit card, your television set, your window shades, your scale, your medications, your camera, your heart rate monitor, your electric toothbrush, and your washing machine—to say nothing of your phone—generate a continuous stream of data that resides largely out of reach of the individual but not of those willing to pay for it or in other ways commandeer it.
  • That is the point: the Internet of Things is about the “dataization” of our bodies, ourselves, and our environment. As a post on the tech website Gigaom put it, “The Internet of Things isn’t about things. It’s about cheap data.
  • ...3 more annotations...
  • the ubiquity of the Internet of Things is putting us squarely in the path of hackers, who will have almost unlimited portals into our digital lives.
  • Forbes reported that security researchers had come up with a $20 tool that was able to remotely control a car’s steering, brakes, acceleration, locks, and lights. It was an experiment that, again, showed how simple it is to manipulate and sabotage the smartest of machines, even though—but really because—a car is now, in the words of a Ford executive, a “cognitive device.”
  • a study of ten popular IoT devices by the computer company Hewlett-Packard uncovered a total of 250 security flaws among them. As Jerry Michalski, a former tech industry analyst and founder of the REX think tank, observed in a recent Pew study: “Most of the devices exposed on the internet will be vulnerable. They will also be prone to unintended consequences: they will do things nobody designed for beforehand, most of which will be undesirable.”
Javier E

Julian Assange on Living in a Surveillance Society - NYTimes.com - 0 views

  • Describing the atomic bomb (which had only two months before been used to flatten Hiroshima and Nagasaki) as an “inherently tyrannical weapon,” he predicts that it will concentrate power in the hands of the “two or three monstrous super-states” that have the advanced industrial and research bases necessary to produce it. Suppose, he asks, “that the surviving great nations make a tacit agreement never to use the atomic bomb against one another? Suppose they only use it, or the threat of it, against people who are unable to retaliate?”
  • The likely result, he concludes, will be “an epoch as horribly stable as the slave empires of antiquity.” Inventing the term, he predicts “a permanent state of ‘cold war,"’ a “peace that is no peace,” in which “the outlook for subject peoples and oppressed classes is still more hopeless.”
  • the destruction of privacy widens the existing power imbalance between the ruling factions and everyone else, leaving “the outlook for subject peoples and oppressed classes,” as Orwell wrote, “still more hopeless.
  • ...10 more annotations...
  • At present even those leading the charge against the surveillance state continue to treat the issue as if it were a political scandal that can be blamed on the corrupt policies of a few bad men who must be held accountable. It is widely hoped that all our societies need to do to fix our problems is to pass a few laws.
  • The cancer is much deeper than this. We live not only in a surveillance state, but in a surveillance society. Totalitarian surveillance is not only embodied in our governments; it is embedded in our economy, in our mundane uses of technology and in our everyday interactions.
  • The very concept of the Internet — a single, global, homogenous network that enmeshes the world — is the essence of a surveillance state. The Internet was built in a surveillance-friendly way because governments and serious players in the commercial Internet wanted it that way. There were alternatives at every step of the way. They were ignored.
  • there is an undeniable “tyrannical” side to the Internet. But the Internet is too complex to be unequivocally categorized as a “tyrannical” or a “democratic” phenomenon.
  • At their core, companies like Google and Facebook are in the same business as the U.S. government’s National Security Agency. They collect a vast amount of information about people, store it, integrate it and use it to predict individual and group behavior, which they then sell to advertisers and others. This similarity made them natural partners for the NSA
  • Unlike intelligence agencies, which eavesdrop on international telecommunications lines, the commercial surveillance complex lures billions of human beings with the promise of “free services.” Their business model is the industrial destruction of privacy. And yet even the more strident critics of NSA surveillance do not appear to be calling for an end to Google and Facebook
  • It is possible for more people to communicate and trade with others in more places in a single instant than it ever has been in history. The same developments that make our civilization easier to surveil make it harder to predict. They have made it easier for the larger part of humanity to educate itself, to race to consensus, and to compete with entrenched power groups.
  • If there is a modern analogue to Orwell’s “simple” and “democratic weapon,” which “gives claws to the weak” it is cryptography, the basis for the mathematics behind Bitcoin and the best secure communications programs. It is cheap to produce: cryptographic software can be written on a home computer. It is even cheaper to spread: software can be copied in a way that physical objects cannot. But it is also insuperable — the mathematics at the heart of modern cryptography are sound, and can withstand the might of a superpower. The same technologies that allowed the Allies to encrypt their radio communications against Axis intercepts can now be downloaded over a dial-up Internet connection and deployed with a cheap laptop.
  • It is too early to say whether the “democratizing” or the “tyrannical” side of the Internet will eventually win out. But acknowledging them — and perceiving them as the field of struggle — is the first step toward acting effectively
  • Humanity cannot now reject the Internet, but clearly we cannot surrender it either. Instead, we have to fight for it. Just as the dawn of atomic weapons inaugurated the Cold War, the manifold logic of the Internet is the key to understanding the approaching war for the intellectual center of our civilization
Javier E

British Prime Minister Suggests Banning Some Online Messaging Apps - NYTimes.com - 0 views

  • “Are we going to allow a means of communications which it simply isn’t possible to read?” Mr. Cameron said at an event on Monday, in reference to services like WhatsApp, Snapchat and other encrypted online applications. “My answer to that question is: ‘No, we must not.’ ”
  • Mr. Cameron said his first duty was to protect the country against terrorist attacks.
  • “The attacks in Paris demonstrated the scale of the threat that we face and the need to have robust powers through our intelligence and security agencies in order to keep our people safe,”
  • ...2 more annotations...
  • Mr. Cameron’s comments are part of a growing debate in Europe and the United States over whether Internet companies and telecom providers must cooperate fully with intelligence agencies, who have seen an increased use of social media by groups like the Islamic State, also known as ISIS or ISIL.
  • After the Paris attacks, European leaders, for example, called on Internet service providers to report potentially harmful online material aimed at inciting hatred or terror.
Javier E

I worked at Facebook. I know how Cambridge Analytica could have happened. - The Washing... - 0 views

  • During my 16 months at Facebook, I called many developers and demanded compliance, but I don’t recall the company conducting a single audit of a developer where the company inspected the developer’s data storage. Lawsuits and outright bans were also very rare. I believe the reason for lax enforcement was simple: Facebook didn’t want to make the public aware of huge weaknesses in its data security.
  • Concerned about the lack of protection for users, in 2012 I created a PowerPoint presentation that outlined the ways that data vulnerabilities on Facebook Platform exposed people to harm, and the various ways the company was trying to protect that data. There were many gaps that left users exposed. I also called out potential bad actors, including data brokers and foreign state actors. I sent the document to senior executives at the company but got little to no response. I had no dedicated engineers assigned to help resolve known issues, and no budget for external vendors.
  • Facebook will argue that things have changed since 2012 and that the company has much better processes in place now. If that were true, Cambridge Analytica would be small side note, a developer that Facebook shut down and sued out of existence in December 2015 when word first got out that it had violated Facebook’s policies to acquire the data of millions. Instead, it appears Facebook used the same playbook that I saw in 2012.
  • ...1 more annotation...
  • In the wake of this catastrophic violation, Mark Zuckerberg must be forced to testify before Congress and should be held accountable for the negligence of his company. Facebook has systematically failed to enforce its own policies. The only solution is external oversight.
Javier E

Yes, we should be outraged about Facebook - The Washington Post - 0 views

  • Data mining, as Burdick’s book shows, is not new. But today’s social media companies do it more extensively and more efficiently.
  • Consider an imperfect but instructive analogy. Any campaign can acquire your listed landline number. But no campaign is permitted access to your hopes, fears, worries, passions or day-to-day business by way of a phone tap. Facebook’s accumulated information may not be quite like a tap. But the company sure knows a whole lot about you.
  • We must decide when Facebook and comparable companies should be held accountable as public utilities. And when do they look more like publishers who bear responsibility for the veracity of the “information” they spread around?
  • ...1 more annotation...
  • We also need to confront conflicts between the public interest and the ways that social media companies make their profits. Where do privacy rights come in? Are they unduly blocking transparency about how political campaigns are conducted and who is financing them?
Javier E

WhatsApp urges users to update app after discovering spyware vulnerability | Technology... - 0 views

  • WhatsApp is encouraging users to update to the latest version of the app after discovering a vulnerability that allowed spyware to be injected into a user’s phone through the app’s phone call function.
  • The spyware was developed by the Israeli cyber intelligence company NSO Group, according to the Financial Times,
  • Attackers could transmit the malicious code to a target’s device by calling the user and infecting the call whether or not the recipient answered the call.
  • ...3 more annotations...
  • The spyware’s capabilities are near absolute. Once installed on a phone, the software can extract all of the data that’s already on the device (text messages, contacts, GPS location, email, browser history, etc) in addition to creating new data by using the phone’s microphone and camera to record the user’s surroundings and ambient sounds, according to a 2016 report by the New York Times.
  • NSO limits sales of its spyware, Pegasus, to state intelligence agencies
  • þffWhatsApp has about 1.5bn users around the world. The messaging app uses end-to-end encryption, making it popular and secure for activists and dissidents. The Pegasus spyware does not affect or involve the app’s encryption.
lucieperloff

Opinion | What Keeps Facebook's Election Security Chief Up at Night? - The New York Times - 0 views

  • Others, including President Trump and his campaign, have used the platform to spread false information about voting while some partisans try to undermine the public’s faith in the U.S. election system.
  • cybersecurity, which is hacking, phishing and exploiting Facebook’s technical assets. The other is influence operations, which is both foreign (Russia, Iran, China) and domestic actors manipulating public debate with disinformation or in other ways.
    • lucieperloff
       
      both different and both prevalent
  • That’s also because government organizations, civil society groups and journalists are all helping to identify this.
    • lucieperloff
       
      people are working together for the common good
  • ...8 more annotations...
  • We’ve seen Russian actors intentionally use content posted by innocent Americans. We see other people post and share content from Russian campaigns. It doesn’t mean they’re actually connected. In fact, most times they’re not.
  • Influence operations are essentially weaponized uncertainty.
  • One of the most effective countermeasures in all of this is an informed public.
  • And there are so many opportunities to leverage that complexity to run a perception hack. A perception hack is an attempt to create a perception that there is a large scale influence operation when in fact there is no evidence to support it.
  • It’s our job to keep this debate as authentic as possible by putting more information and context out there. We can force pages that are pushing information to disclose who is behind them
  • We are living through a historic election with so many complex pieces to monitor. The piece that I and my team can help with is that we can make sure we secure this debate.
  • My counterpart at Twitter says I call him more than his mother does. We’re spending lots of time and exchanging information to try and stay ahead of this.
  • Between 2016 and next week we’ll have worked to protect more than 200 elections across the world. It’s critical to focus on next week, but we also have to remember Myanmar has an election five days later.
peterconnelly

Zero trust vs. zero-knowledge proof: What's the difference? - 0 views

  • zero-knowledge proof
  • Zero trust is a security framework that requires users and devices to be authenticated, authorized and continuously validated over time. Each user and device is tied to a set of granular controls it must adhere to when communicating with other users, devices and systems within a secure network.
  • The idea is to place applications and services into logically created secure zones.
  • ...5 more annotations...
  • Related Expert Q&A
  • This methodology involves one party proving it has information it claims is true and a second party that wants to verify that the first party's information is indeed true. With a zero-knowledge proof system, the proving party does not transmit any secretive information that could substantiate whether what it claims is true.
  • – SearchSecurity
  • A zero-knowledge proof requires no real knowledge or secret information to prove the claim.
  • Zero-knowledge proofs are used in modern cybersecurity in situations where one system claims to possess sensitive data yet does not want to transmit that data to prove it to another system.
1 - 20 of 24 Next ›
Showing 20 items per page