Samsung Warns its "Smart TV" Listens to Every Word

Samsung has confirmed that its "smart TV" sets are listening to customers' every word, and the company is warning customers not to speak about personal information while near the TV sets.

The company revealed that the voice activation feature on its smart TVs will capture all nearby conversations. The TV sets can share the information, including sensitive data, with Samsung as well as third-party services...

Samsung has now issued a new statement clarifying how the voice activation feature works. "If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search," Samsung said in a statement. "At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV." more

How to make your smart-ass TV dumb, by making it deaf and blind. ~Kevin

Security Director Alert: Must See Video About Printer Security

My team and I have been giving the IT folks nightmares about this for years. 
Now, you can too!
Watch this... 
~Kevin

At a time when hacking dominates much of the news, HP is turning to Mr. Robot himself to highlight its new security platform designed to protect business printers. The Palo Alto-based company has tapped Christian Slater for a year-long digital series called "The Wolf" in order to draw attention to cybersecurity in the workplace.

"Sheep never realize a wolf's around until it's too late. Then they do exactly what the wolf expects them to do. They run into each other, they fall down—they become dinner. Time to eat," says a spectacled Mr. Slater in the series' 30-second trailer.


The first six-minute episode shows the actor lurking outside offices, sending sheep cartoons to oblivious workers, crashing birthday parties and sending suspicious spa gift certificates via email. At one point, he even howls. more

Security Director Alert: Site Seeing In China - Not All Sites Can Be Seen

Traveling to China? 

Need to connect with specific websites?

Check to see if you will be able to connect.

The New York Times is an example of one popular site which is blocked.

Fortunately, GreatFire.org has a work-around for this, and other helpful tips.

Check here for our 20 additional traveler's tips. ~Kevin

Personal Security: Your Internet Vanishing Act May Begin Here

Just FYI...
I have not tested this. Use at your own risk.
Remember... If it's "free" you're not the consumer, you're the product.
~Kevin
 
via Dan Misener, for CBC New
With all the fake news, toxic speech, and online scams out there, you might be feeling like now is a good time to scale back your online footprint. 

There's a new tool that promises to help you do just that — by essentially deleting yourself from the internet.

It's called Deseat.me, and it does one thing and one thing only — it displays a list of all the online services you've ever signed up for.

So if you had a MySpace account in the early 2000s, it'll probably show up in Deseat. If you created an avatar in Second Life, it's likely to show up as well. And of course, so will things like your Facebook or Twitter accounts...

To use Deseat.me, you first log in using a Google account. Then, once it knows your email address, it can find any accounts that have been linked in any way to that Google account.

Now, it will ask for some things which may sound creepy — it will not only ask to view your email address, but also to view your email messages and settings. Based on my experience, Deseat.me scans through your email archives to find sign-up confirmation messages from various services. more

Business Espionage: The Darknet - Where Industrial Trade Secrets are Sold

Ludwig Sandell, Dignato AS general manager, expressed his concern over how the darknet is a place where sensitive industrial trade secrets can be exchanged without repercussions.

To be more precise, he feels there are multiple local companies affected by espionage, which could significantly hurt their business if these details fall into the wrong hands...

...industrial trade secrets of a Norwegian wind power project run by Statoil are up for grabs on the darknet as we speak. The data itself was found on a memory stick – which was either lost or stolen – and includes vital measurement information. For the company itself, having that information leak to the public could spell the end of their business rather quickly. more

Are your company secrets for sale on the darknet?
Hire a service to find out. ~Kevin

Iceland's Pirate Party Prepares for Power

The party that could be on the cusp of winning Iceland’s national elections on Saturday didn’t exist four years ago.

Its members are a collection of anarchists, hackers, libertarians and web geeks. It sets policy through online polls – and thinks the government should do the same. It wants to make Iceland “a Switzerland of bits,” free of digital snooping. 

It has offered Edward Snowden a new place to call home. And then there’s the name: in this land of Vikings, the Pirate Party may soon be king...

The Pirates, they say, are less about any specific ideology than they are about a belief that the West’s creaking political systems can be hacked to give citizens a greater say in their democracy. more

IoT Takes Down the Net — "Wow, didn't see that coming."

If you followed this blog you would have. The topic has been in the Scrapbook for years.

The IoT insecurity trend has been building for a long time. Few paid attention. When it knocked out the Internet people start taking notice.

Let's review a few of the old posts. Then, imagine a month without the electrical grid.

2009 Video over IP. Convenient, but not secure.
2011 Security Director Alert: Unsecured Webcams Hacked
2011 Man Hacks 100+ Webcams and Makes Blackmail Videos
2011 Scared of SCADA? You will be now...
2012 SpyCam Story #647 - Unintended Exhibitionists
2013 Shodan - The Scary Search Engine
2013 Baby Cam Hackers Can See You, Hear You, and Talk to You... and Your Kids
2013 The Ratters - men who spy on women through their webcams
2013 Spybusters Tip #972 - Own a Foscam camera? There is a security update for you!
2015 Is Your Home Security System Putting You at Risk? ...news at eleven.
2015 Some Top Baby Monitors Lack Basic Security Features
2016 FutureWatch - Keep Your Eye on IoT - The Encryption Debate is a Distraction
2016 Do You Have an IoT in the Workplace Policy? (you need one)
2016 Security Alert: Your Security Camera May Have Friends You Don't Know About
2016 Your New IoT Ding-Dong Can Open Your Wi-Fi... to hackers
2016 Security Director Alert - 46,000 Internet-accessible Video Recorders Hackable
2016 Mom Alerted - Daughters' Bedroom Nanny Cam Streaming on Internet
2016 Hackers Infect Army of Cameras, DVRs for Massive Internet Attacks 

Lawmakers, force the manufacturers of these devices to a higher security standard. ~Kevin

ESCAPE THE NET: A 5-step guide to going MIA online

How do I erase myself from the internet? With growing concerns over online privacy and government surveillance, what was once a seemingly unthinkable question is now becoming more common...

The answer, as you may have guessed, is not so simple. As the saying goes, the internet is forever, and smart, dedicated stalkers will always be able to track you down. But if you're committed — and patient — you can come awfully close to removing your digital footprint. Here's how to do it.

Step 1: Delete your social, shopping and entertainment accounts.

Step 2: Search for yourself and cut any remaining ties.

Step 3: Remove outdated search results.

Step 4: Clear your information from data collection sites.

Step 5: Contact your phone company, unsubscribe from mailing lists and delete your email accounts.
(details on each step here)

Congratulations, you no longer exist online. Right? Well, actually ... you probably still do. It's incredibly hard to fully delete your presence on the internet, but by following these steps, you've come as close as you possibly can.

How to Delete Your Private Conversations from Google

Google could have a record of everything you have said around it for years, and you can listen to it yourself.

The company quietly records many of the conversations that people have around its products. 

The feature works as a way of letting people search with their voice, and storing those recordings presumably lets Google improve its language recognition tools as well as the results that it gives to people.

But it also comes with an easy way of listening to and deleting all of the information that it collects. That’s done through a special page that brings together the information that Google has on you.

It’s found by heading to Google’s history page and looking at the long list of recordings. The company has a specific audio page and another for activity on the web, which will show you everywhere Google has a record of you being on the internet. more

Facebook Surveillance Would Make Santa Jealous, or...

...98 personal data points that Facebook uses to target ads to you...

Say you’re scrolling through your Facebook Newsfeed and you encounter an ad so eerily well-suited, it seems someone has possibly read your brain.

Maybe your mother’s birthday is coming up, and Facebook’s showing ads for her local florist. Or maybe you just made a joke aloud about wanting a Jeep, and Instagram’s promoting Chrysler dealerships.

Whatever the subject, you’ve seen ads like this. You’ve wondered — maybe worried — how they found their way to you...

While you’re logged onto Facebook, for instance, the network can see virtually every other website you visit. Even when you’re logged off, Facebook knows much of your browsing: It’s alerted every time you load a page with a “Like” or “share” button, or an advertisement sourced from its Atlas network. Facebook also provides publishers with a piece of code, called Facebook Pixel, that they (and by extension, Facebook) can use to log their Facebook-using visitors. more

It Just Got Harder to Spy on Your Spouse Online

Joseph Zhang became suspicious of his wife Catherine’s online activities, so he installed software called WebWatcher on their home computer in Ohio to track her. The fallout was not just a divorce, but a landmark court ruling that could have long-term implications for both users and makers of so-called spyware.

According to an appeals court in Cincinnati, the maker of the spyware used by Zhang violated federal and state wire-tapping laws by intercepting the messages of a Florida man, Javier Luis, who had been communicating with Catherine in an America Online chatroom called “Metaphysics.”

The legal case begin in 2010 not long after Zhang used messages captured with the spyware to obtain leverage in divorce proceedings, even though a court said the relationship between his wife and Luis was “apparently platonic.” more

Privacy Guidebook for Eavesdropping on Americans Draws Flack

A privacy update to 1982 Defense Department rules for conducting surveillance on Americans contains a loophole...

that lets the National Security Agency continue eavesdropping on a wide swath of online conversations, critics say.

"DOD Manual 5240.01: Procedures Governing the Conduct of DOD Intelligence Activities" was last issued when all email addresses could fit in a Parent Teacher Association-sized directory. The new rules reflect a shift in intelligence gathering from bugging an individual’s phone to netting communications in bulk from the global internet...

It remains to be seen, or unseen, how U.S. spies are following the new data-handling guidelines in practice when scanning networks. 

On Wednesday, Defense officials declined to comment on internet cable-tapping. more

Mom Alerted - Daughters' Bedroom Nanny Cam Streaming on Internet

A mother from Texas was horrified to learn that the cameras she used to keep watch on her 8-year-old girls had been hacked and were being live streamed on the internet.

She made the appalling discovery after she found a screenshot posted by another woman on a Facebook group for Houston Mothers, who was trying to alert mothers after stumbling across a free app ‘Live Camera Viewer.’ ...

According to security experts, her private cameras had been hacked by accessing the household’s IP address through her daughter’s iPad whilst she was playing a video game, and was consequently live streamed to an online feed.

The feed, which is sorted according to the number of ‘likes’ that users give, had been available since July, and had 571 ‘likes,’ meaning at least that many people had been watching it over the course of the stream.  more

Spybuster Tip # 845: How to Give Google Amnesia

Did you know, you can tell Google to forget everything you said to it, searched on it, and watched on YouTube?

Visit your Web and Activity Page.

• Look for the three dots in the upper right corner. Click on them.
• Then, click on Delete Web & App Activity. 
• Click Advanced. 
• Click Select Date.

You can take it from there!
~Kevin

NSA's Untangling the Web, A Guide to Internet Research

Want to learn how to search like a spy? 
This 600+ page tome will help you do it.

Untangling the Web, A Guide to Internet Research – has just been declassified, to satisfy a Freedom of Information Request. Download the irony here.

(Originally posted in 2013. Back by popular demand.)

The End of "A Little Bird Told Me"

At Twitter’s behest, US intelligence agencies have lost access to Dataminr, a company that turns social media data into an advanced notification system, according to the Wall Street Journal. While that may sound like a win for privacy, it’s a bit more complicated in practice.

The move leaves government officials without a valuable tool. Somewhat less clear is what sort of stand, if any, Twitter is taking...

“From the government perspective, it’s a good tool, because it gives real-time alerts to things that are happening before anyone really knows what’s going on,” says Aki Peritz, a former CIA counterterrorism expert and current adjunct professor at American University. “We want to allow law enforcement and the intelligence services to know bad things are happening in real time.” more

Twitter Slapped With Class-Action Lawsuit for Eavesdropping on Direct Messages

Twitter has been slapped with a proposed class action lawsuit, which alleges that the service uses URL shorteners in violation of the Electronic Communications Privacy Act and California’s privacy law.

According to court documents filed Monday, Texas resident Wilford Raney brought the complaint to federal court in San Francisco, citing that although “Twitter represents that its users can ‘talk privately,’ Twitter ‘surreptitiously eavesdrops on its users private direct message communications.”
The complaint alleges that Twitter “intercepts, reads, and at times, even alters the message” as soon as someone sends a direct message. more

Surf Like A Spy

The default state of Internet privacy is a travesty. But if you're willing to work hard, you can experience the next best thing to absolute Internet anonymity...

1. Find a safe country
First, you would have to be physically located in a country that doesn't try its hardest to spy on you. Your best option is to find a country with good Internet connectivity that doesn't have enough resources to monitor everything its citizens are doing...

2. Get an anonymizing operating system
Next, you'll need an anonymizing operating system that runs on a resettable virtual machine running on secure portable media. The portable media device should use hardware-based encryption or a secure software-based encryption program. One of the top products on that list is Ironkey Workspace...

3. Connect anonymously
Next, you'll need to connect to the Internet using an anonymous method. The best approach would probably be to jump around random, different, open wireless networks, public or otherwise, as much as possible, rarely repeating at the same connection point. Barring that method, you would probably want to use a device built for anonymous wireless connections, like ProxyGambit...

4. Use Tor
Whatever Live OS and Internet connection method you use, make sure to go with an anonymizing browser, such as a Tor-enabled browser...

5. Don't use plug-ins
It's very important to remember that many of today's browser plug-ins, particularly the most popular ones, leave clues that reveal your identity and location. Don't use them if you want to preserve your anonymity.

6. Stick with HTTP/S
Don't use any protocols other than HTTP or HTTPS. Typically, other protocols advertise your identity or location. When working with HTTPS, use only handpicked, trusted certification authorities that don't issue "fake" identity certificates.

7. Avoid the usual applications
Don't install or use normal productivity software, like word processors or spreadsheets. They, too, will often "dial home" each time they're started and reveal information.

8. Set up burner accounts
You'll need a different email address, password, password question answers, and identity information for each website if you take the risk of creating logon accounts. This particular solution is not only for privacy nuts and should already be practiced by everyone already.

9. Never use credit cards
If you plan to buy anything on the Internet, you can't use a normal credit card and stay anonymous. You can try to use online money transfer services such as PayPal, but most have records that can be stolen or subpoenaed. Better, use an e-currency such as bitcoin or one of its competitors...

Each of these anonymizing methods can be defeated, but the more of them you add to your privacy solution, the harder it will be for another person or group to identify you... more

Spy Virus Linked to Israel Targeted Hotels Used for Iran Nuclear Talks

When a leading cybersecurity firm discovered it had been hacked last year by a virus widely believed to be used by Israeli spies, it wanted to know who else was on the hit list. It checked millions of computers world-wide and three luxury European hotels popped up. The other hotels the firm tested, thousands in all, were clean.

Researchers at the firm, Kaspersky Lab, weren't sure what to make of the results. Then they realized what the three hotels had in common. Each was targeted before hosting high-stakes negotiations between Iran and world powers over curtailing Tehran's nuclear program. more

Spybuster Tip # 732: Know what else is going on in your hotel before you make the decision to use their Internet service.

Privacy Tip #572 - Get Out of the Directories

techlicious.com recently provided some excellent help for increasing your on-line privacy...

Spokeo
Search your name on the site (if that doesn't work, try your maiden or former name), and choose the state where you live. Click the appropriate street to find your specific listing and copy the URL.

Go to the opt-out page, paste the URL, and enter your email address to remove the listing. You may have multiple listings on Spokeo if you have moved or changed your name, and will need to return to the opt-out page to remove each one.

PeopleSmart
Start on this opt-out page (not the main PeopleSmart homepage) to "manage" (aka remove or update) your listing. Once you select the listing, click on the work info that applies to you (if it's not the correct information, just skip the step and proceed).

When you reach Define Your Privacy Preferences, deselect all checks under "Contact Information" and "Work Information." Select "Apply these settings to other people search websites" and then submit.

MyLife
To remove your member profile, email privacy@mylife.com or call 1-888-704-1900. The company claims that it takes up to 10 days to process a request. If your info still appears after 10 days, don't hesitate to persist, and call or email again.

Intelius
The opt-out page will prompt you to verify your identification by attaching a scan of a driver's license, passport, military ID, state ID, or employee ID from a state agency. The photo and driver's license number should be crossed out. A notarized statement of your identity is also acceptable.

Enter in an email address to receive a confirmation when your info has been removed, and type in any additional records found on the site in the Additional Information field.

You can also fax your ID verification to 425-974-6194, or mail a copy to Intelius Consumer Affairs, P.O. Box 808, Bothell, WA 98041-0808.