Showing posts with label data. Show all posts
Showing posts with label data. Show all posts

Thursday, February 1, 2024

So Much Data Even Spies Are Struggling to Find Secrets

Spying used to be all about secrets. Increasingly, it’s about what’s hiding in plain sight.

A staggering amount of data, from Facebook posts and YouTube clips to location pings from mobile phones and car apps, sits in the open internet, available to anyone who looks. US intelligence agencies have struggled for years to tap into such data, which they refer to as open-source intelligence, or OSINT. But that’s starting to change.

In October the Office of the Director of National Intelligence, which oversees all the nation’s intelligence agencies, brought in longtime analyst and cyber expert Jason Barrett to help with the US intelligence community’s approach to OSINT. His immediate task will be to help develop the intelligence community’s national OSINT strategy, which will focus on coordination, data acquisition and the development of tools to improve its approach to this type of intelligence work. ODNI expects to implement the plan in the coming months, according to a spokesperson. more

Wednesday, February 9, 2022

The Unnerving Rise of Video Games that Spy on You

Tech conglomerate Tencent caused a stir last year with the announcement that it would comply with China’s directive to incorporate facial recognition technology into its games in the country.  

The move was in line with China’s strict gaming regulation policies, which impose limits on how much time minors can spend playing video games—an effort to curb addictive behavior, since gaming is labeled by the state as “spiritual opium."

...video games are a natural medium for tracking, and researchers have long argued that large data sets about players’ in-game activities are a rich resource in understanding player psychology and cognition. more

Monday, June 8, 2020

Lawsuit Disputes Google's Private or Incognito Mode

Search engine behemoth Google found itself in the middle of a proposed class action lawsuit filed in California for invading the privacy of users even when they are browsing the web in what is called the private or incognito mode.

The $5 billion class action suit alleges that the tech giant collects user's data by tracking his activity on the web even in the private mode through Google Analytics, Google Ad Manager and website plug-ins, a Reuters report said.

Users normally login through the incognito mode assuming that it's safe as their search history isn't being tracked. The petitioners have alleged that Google collects the private data even as the users are under the impression that their data is safe and that amounts to misrepresentation. more

Friday, October 25, 2019

Racoon Steals Data for $200. per Month - Cute

A new kind of easy to use trojan malware is gaining popularity among cyber criminals, providing them with simple means of stealing credit card data, passwords and cryptocurrency -- and it has already infected hundreds of thousands of Windows users around the world.

Raccoon Stealer first appeared in April this year and has quickly risen to become one of the most talked-about malware services in underground forums.

Researchers at Cybereason have been monitoring Raccoon since it first emerged, and note that while not sophisticated, it is aggressively marketed to potential criminal users, providing them with an easy-to-use back end, along with bulletproof hosting and 24/7 support -- all for $200 a month. more

Wednesday, January 9, 2019

Who Are You...Online - Become an OSINT Awesome and Find Out

We are going to show you how to research yourself and discover what information is publicly known about you...

You will not find all the information on a single website. Instead you start with one website, learn some details, then use those details to search on and learn from other sites. Then you combine and compare results to create a profile or dossier of your subject. 
A good place to start is with search engines such as Google, Bing, or DuckDuckGo. Each of these have indexed different information about you...

Start by typing your name in quotes, but after that expand your search...

Examples include:
“FirstName LastName” > What information can I find online about this person
“Firstname Lastname@” > Find possible email addresses associated with this person
“Firstname lastname” filetype:doc > Any word documents that contain this person’s name
more
sing-a-long

Thursday, December 13, 2018

Your Mobile Device Could Spill Its Guts (and worse) Get You Arrested

Last year, over 29,000 travelers had their devices searched at the US border.

A new report by the Department of Homeland Security’s internal watchdog has concluded that the agency does not always adequately delete data seized as part of a border search of electronic devices, among other concerns.

According to a new 24-page document released Tuesday by DHS’ Office of Inspector General, investigators found that some USB sticks, containing data copied from electronic devices searched at the border, "had not been deleted after the searches were completed."...

Federal authorities do not need a warrant to examine a phone or a computer seized at the border. They rely on what’s known as the "border doctrine"—the legal idea that warrants are not required to conduct a search at the border. This legal theory has been generally recognized by courts... more

Spybuster Tip #841: Device searches occur (even more often) when entering (or leaving) certain foreign countries. If you need to take your mobile device on a trip you should consider doing a data extraction on your device, before you leave... and before they do it for you.
  1. To be sure you are not carrying data that you can't afford to loose.
  2. To be sure you are not carrying contraband data (porn, propaganda, etc.).
    Remember, even erased data can be exhumed by them.
  3. To document the actually data you are taking—to counter false accusations.
Learn more here. Upon returning a spyware detection inspection is also recommended.

Thursday, July 26, 2018

Trust No One, or Life-locked

via Kreb's on Security...
Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. 

The company just fixed a vulnerability on its site that allowed anyone with a Web browser to index email addresses associated with millions of customer accounts, or to unsubscribe users from all communications from the company.

The upshot of this weakness is that cyber criminals could harvest the data and use it in targeted phishing campaigns that spoof LifeLock’s brand. more

If you use LifeLock carefully check future emails using their name before clicking on anything. Also, check occasionally to make sure you haven't been unsubscribed. ~Kevin

Thursday, May 24, 2018

General Data Protection Regulation (GDPR), or D-Day for Data

Effective, Friday, May 25, 2018

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.

It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. more
  • This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
  • This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
  • The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data. more
GDPR in a nutshell.
GDPR explanation from Mozilla.

How to encrypt your entire life in less than an hour

Quincy Larson has written an excellent article on how to protect your digital privacy. Worth reading. Worth doing. ~Kevin

“Only the paranoid survive.” — Andy Grove

And Grove isn’t the only powerful person urging caution. Even the director of the FBI — the same official who recently paid hackers a million dollars to unlock a shooter’s iPhone — is encouraging everyone to cover their webcams.

But you obey the law. What do you have to worry about? As the motto of the United Kingdom’s surveillance program reminds us, “If you’ve got nothing to hide, you’ve got nothing to fear.”

Well, law-abiding citizens do have reason to fear. They do have reasons to secure their devices, their files, and their communications with loved ones.
“If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” — Cardinal Richelieu in 1641
In this article, I will show you how you can protect yourself by leveraging state-of-the-art encryption. In a single sitting, you can make great strides toward securing your privacy. more

Tuesday, April 10, 2018

Thumbs Down, or How to Delete Your Facebook Account Permanently

Presented as a service to our privacy conscious readers and clients...

If you are looking for how to delete your Facebook account permanently or deleting anything from your Facebook account here is a 2018 guide.

Facebook has remained the primary and most commonly used social networking platform for users across the world. At the same time, the social network giant has been in the news lately amid Cambridge Analytica scandal and for archiving personal data of users including call and text logs of its Android app users.

But, the fact is that unauthorized use of user content like posts, messages, pictures, and videos by Facebook is nothing new. However, it is a relatively new revelation that even the content that we believe is removed is actually not permanently deleted. So, what can be done in this situation? more

Sunday, March 11, 2018

Has Your Information Been Compromised? Check Here to See

via peerlyst.com
"We build NoSecrets to inform the public that their information is being traded and sold not just on the dark web, but between data brokering companies."

Do data brokers hold information about you that they should not hold, thus putting you at risk?

You can check here.

Friday, June 16, 2017

Android Malware - Steals Personal Data, Then Covers its Tracks

A new variant of Android malware is making rounds in the Google Play store and it is bad news all around.

According to Trend Micro, a Trojan dubbed Xavier, which is embedded in more than 800 applications on Android’s app store, clandestinely steals and leaks personal data.

Mobile malware is not new to the Android platform, but Xavier is a little more clever. It downloads codes from a remote server, executes them, and uses a string encryption, Internet data encryption, emulator detection, and a self-protect mechanism to cover its tracks. more

Thursday, April 20, 2017

Bose Knows... what you're listening to.

At least that's the claim of a proposed class-action lawsuit filed late Tuesday in Illinois that accuses the high-end audio equipment maker of spying on its users and selling information about their listening habits without permission.

The main plaintiff in the case is Kyle Zak, who bought a $350 pair of wireless Bose headphones last month. He registered the headphones, giving the company his name and email address, as well as the headphone serial number. And he download the Bose Connect app, which the company said would make the headphones more useful by adding functions such as the ability to customize the level of noise cancellation in the headphones.

But it turns out the app was also telling Bose a lot more about Zak than he bargained for. more

The Zak attack is a cautionary tale. Perhaps we should all create alter egos to nullify this type of privacy invasion. ~Kevin

Monday, March 13, 2017

Another Leak of Security Clearance Files (WTF?!?!)

via zdnet.com...
An unsecured backup drive has exposed thousands of US Air Force documents, including highly sensitive personnel files on senior and high-ranking officers.

Security researchers found that the gigabytes of files were accessible to anyone because the internet-connected backup drive was not password protected.

The files, reviewed by ZDNet, contained a range of personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers. Another file lists the security clearance levels of hundreds of other officers, some of whom possess "top secret" clearance, and access to sensitive compartmented information and codeword-level clearance.

Phone numbers and contact information of staff and their spouses, as well as other sensitive and private personal information, were found in several other spreadsheets.

The drive is understood to belong to a lieutenant colonel... more

The device has since been taken offline and it is unclear if anyone other than members of the MacKeeper Research Team had access to the files or how long they were available. more

Enough is enough!!! 
Make information security a top priority, wherever you work, right now! 
(My security clearance info was stolen during the OMB hack of 2015. I'm still pissed.) ~Kevin

Thursday, December 8, 2016

Chatty Kathy's Grandkids May be Criminals

Internet-connected toys pose privacy risks to children, and their parents often aren’t aware, according to advocacy groups for children and consumers.

A complaint filed Tuesday with the Federal Trade Commission alleges that two talking dolls—My Friend Cayla and I-Que Intelligent Robot, both made by Genesis Toys Inc.—collect and use personal information from children in violation of rules prohibiting unfair and deceptive practices.

The complaint was drafted by several groups, including the Campaign for a Commercial Free Childhood, a coalition of groups dedicated to ending child-targeted marketing, and Consumers Union. The groups also filed complaints with data protection, consumer protection and product safety regulators for the European Union, France, the Netherlands, Belgium, Ireland and Norway. more grandma

Friday, October 28, 2016

AT&T Requires Police to Hide Hemisphere Phone Spying

AT&T built a powerful phone surveillance tool for police, called Hemisphere. Every day, AT&T adds four billion call records to Hemisphere, making it one of the largest known reservoirs of communications metadata that the government uses to spy on us. Law enforcement officials kept Hemisphere “under the radar” for many years—hidden from courts, legislators, and the general public—until the New York Times exposed the program in 2013...

New documents published by The Daily Beast earlier this week reveal that AT&T required this corrosive secrecy. Specifically, the contract AT&T prepared for police seeking access to Hemisphere provides:
[T]he Government agency agrees not to use the data as evidence in any judicial or administrative proceedings unless there is no other available and admissible probative evidence. The Government Agency shall make every effort to insure that information provided by the Contractor is non-attributable to AT&T if the data is provided to a third-party.
In other words, the first rule of Hemisphere is: you do not talk about Hemisphere. more

Wednesday, September 21, 2016

Photons FUBAR Eavesdropping

In a first, scientists have successfully teleported a photon – particle of light – over a distance of six kilometres, an advance that may enable secure communication without having to worry about eavesdropping.

Researchers at the University of Calgary in Canada, led by professor Wolfgang Tittel, set a new record for distance of transferring a quantum state by teleportation, using fibre optics cable infrastructure.

“Such a network will enable secure communication without having to worry about eavesdropping, and allow distant quantum computers to connect,” said Tittel.

The experiment is based on the entanglement property of quantum mechanics, also known as “spooky action at a distance” – a property so mysterious that not even German physicist Albert Einstein could come to terms with it. more

Friday, August 12, 2016

"DiskFiltration" - Siphons Data Even When Computers are Disconnected from the Internet.

Researchers have devised a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet to prevent the leakage of sensitive information it stores. 

The method has been dubbed "DiskFiltration" by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive's actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data.

By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone. The technique has a range of six feet and a speed of 180 bits per minute, fast enough to steal a 4,096-bit key in about 25 minutes. more

Solution: Upgrade to a solid state drive.

Friday, August 5, 2016

Smartphone Security Alert - "Juice Jacking" or... Getting your phone's brain drained at the airport,

“Juice-jacking” as the new travel scam is called, targets desperate travelers in need of a charge. Daniel Smith, a security researcher at Radware explains how this works.

“Attackers can use fake charging stations to trick unsuspecting users into plugging in their device. Once the device is plugged in the user’s data and photos could be downloaded or malware can be written onto the device.”

Hackers can download anything that is on your phone since the charging port is doubling as a data port. We’re talking passwords, emails, photos, messages, and even banking and other personal information via apps.

How to Prevent Juice-Jacking 
“Don’t use public charging stations. more

Solutions...
  • This is a tiny and lightweight external battery that is easy to travel with: Amazon.com
  • Plug into your laptop to charge your phone if you’re traveling with one and don’t have an external charger. 
  • If you absolutely need to use public charging stations you can block the data transfer using SyncStop ($19.99).

Wednesday, June 29, 2016

Spy Alert #734: The Olympic Games Warning

If Zika, political instability and contaminated water weren’t enough,

U.S. intelligence officials are warning Americans traveling to the August Olympic Games in Rio and other destinations abroad that proprietary information stored on electronic devices is at high risk for theft by spies and cyber criminals who are increasingly targeting global events as troughs rich in valuable intelligence.

Bill Evanina, the nation’s chief counter-intelligence executive, is urging travelers to carry “clean’’ devices, free of potentially valuable archives that could be tapped for economic advantage, personal data or security information.

Just as the Olympics draw the world’s most talented athletes, Evanina said the games and other international events represent a "great playground’’ for government intelligence services and criminals, if only because of the “sheer number of devices.’’ more