krebs   605

« earlier    

Plant Your Flag, Mark Your Territory — Krebs on Security
Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked. But increasingly, adherents to this mantra are finding out the hard way that if you don’t plant your flag online, fraudsters and identity thieves may do it for you.
The crux of the problem is that while most types of customer accounts these days can be managed online, the process of tying one’s account number to a specific email address and/or mobile device typically involves supplying personal data that can easily be found or purchased online — such as Social Security numbers, birthdays and addresses.
security  privacy  banking  krebs  taxes  mail  SSN  credit_cards  credit_freeze  seniors 
15 days ago by rgl7194
AT&T, Sprint, Verizon to Stop Sharing Customer Location Data With Third Parties — Krebs on Security
In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, AT&T, Sprint and Verizon now say they are terminating location data sharing agreements with third parties.
At issue are companies known in the wireless industry as “location aggregators,” entities that manage requests for real-time customer location data for a variety of purposes, such as roadside assistance and emergency response. These aggregators are supposed to obtain customer consent before divulging such information, but several recent incidents show that this third-party trust model is fundamentally broken.
On May 10, 2018, The New York Times broke the story that a little-known data broker named Securus was selling local police forces around the country the ability to look up the precise location of any cell phone across all of the major U.S. mobile networks.
cellphones  location_services  data  krebs  sharing 
22 days ago by rgl7194
Supreme Court: Police Need Warrant for Mobile Location Data — Krebs on Security
The U.S. Supreme Court today ruled that the government needs to obtain a court-ordered warrant to gather location data on mobile device users. The decision is a major development for privacy rights, but experts say it may have limited bearing on the selling of real-time customer location data by the wireless carriers to third-party companies.
At issue is Carpenter v. United States, which challenged a legal theory the Supreme Court outlined more than 40 years ago known as the “third-party doctrine.” The doctrine holds that people who voluntarily give information to third parties — such as banks, phone companies, email providers or Internet service providers (ISPs) — have “no reasonable expectation of privacy.”
gov2.0  SCOTUS  police  legal  krebs  location_services  cellphones 
23 days ago by rgl7194
Security Trade-Offs in the New EU Privacy Law — Krebs on Security
On two occasions this past year I’ve published stories here warning about the prospect that new European privacy regulations could result in more spams and scams ending up in your inbox. This post explains in a question and answer format some of the reasoning that went into that prediction, and responds to many of the criticisms leveled against it.
Before we get to the Q&A, a bit of background is in order. On May 25, 2018 the General Data Protection Regulation (GDPR) takes effect. The law, enacted by the European Parliament, requires companies to get affirmative consent for any personal information they collect on people within the European Union. Organizations that violate the GDPR could face fines of up to four percent of global annual revenues.
security  privacy  GDPR  europe  gov2.0  krebs 
27 days ago by rgl7194
Dot-cm Typosquatting Sites Visited 12M Times So Far in 2018 — Krebs on Security
A story published here last week warned readers about a vast network of potentially malicious Web sites ending in “.cm” that mimic some of the world’s most popular Internet destinations (e.g. espn[dot]cm, aol[dot]cm and itunes[dot].cm) in a bid to bombard visitors with fake security alerts that can lock up one’s computer. If that piece lacked one key detail it was insight into just how many people were mistyping .com and ending up at one of these so-called “typosquatting” domains.
On March 30, an eagle-eyed reader noted that four years of access logs for the entire network of more than 1,000 dot-cm typosquatting domains were available for download directly from the typosquatting network’s own hosting provider. The logs — which include detailed records of how many people visited the sites over the past three years and from where — were deleted shortly after that comment was posted here, but not before KrebsOnSecurity managed to grab a copy of the entire archive for analysis.
URL  security  privacy  krebs 
27 days ago by rgl7194
Omitting the “o” in .com Could Be Costly — Krebs on Security
Take care when typing a domain name into a browser address bar, because it’s far too easy to fat-finger a key and wind up somewhere you don’t want to go. For example, if you try to visit some of the most popular destinations on the Web but omit the “o” in .com (and type .cm instead), there’s a good chance your browser will be bombarded with malware alerts and other misleading messages — potentially even causing your computer to lock up completely. As it happens, many of these domains appear tied to a marketing company whose CEO is a convicted felon and once self-proclaimed “Spam King.”
Matthew Chambers is a security professional and researcher in Atlanta. Earlier this month Chambers penned a post on his personal blog detailing what he found after several users he looks after accidentally mistyped different domains — such as espn[dot]cm.
Chambers said the user who visited that domain told him that after typing in he quickly had his computer screen filled with alerts about malware and countless other pop-ups. Security logs for that user’s system revealed the user had actually typed espn[dot]cm, but when Chambers reviewed the source code at that Web page he found an innocuous placeholder content page instead.
URL  security  privacy  krebs 
27 days ago by rgl7194
How to Fight Mobile Number Port-out Scams — Krebs on Security
T-Mobile, AT&T and other mobile carriers are reminding customers to take advantage of free services that can block identity thieves from easily “porting” your mobile number out to another provider, which allows crooks to intercept your calls and messages while your phone goes dark. Tips for minimizing the risk of number porting fraud are available below for customers of all four major mobile providers, including Sprint and Verizon.
Unauthorized mobile phone number porting is not a new problem, but T-Mobile said it began alerting customers about it earlier this month because the company has seen a recent uptick in fraudulent requests to have customer phone numbers ported over to another mobile provider’s network.
security  mobile  privacy  krebs  cellphones 
29 days ago by rgl7194
Intensive follow-up testing doesn't help fight colorectal cancer
"[T]here is now a considerable body of evidence that imaging and CEA testing more often than every year does little to improve survival in a meaningful way."
7 weeks ago by cpoetter
Strunz - Griechische Eier
Erinnern Sie sich? Omega 3 produziert Muskeln. Omega 3 produziert ungeahnte Ausdauer (Zugvögel, News vom 05.11.2014 ), Omega 3 verhindert Prostata-Krebs, Omega 3 verhindert den plötzlichen Herztod und so weiter, und so weiter.
Eier  Ei  Omega3  Qualität  Freiland-Eier  Bezugsquelle  Leopoldplatz-Markt  Hilfe  gegen  Krebs  Prostata 
9 weeks ago by snearch
Security Trade-Offs in the New EU Privacy Law
I can say without hesitation that an overwhelming percentage of that research has been possible thanks to data included in public WHOIS registration records.

Is the current WHOIS system outdated, antiquated and in need of an update? Perhaps. But scrapping the current system without establishing anything in between while laboring under the largely untested belief that in doing so we will achieve some kind of privacy utopia seems myopic.

If opponents of the current WHOIS system are being intellectually honest, they will make the following argument and stick to it: By restricting access to information currently available in the WHOIS system, whatever losses or negative consequences on security we may suffer as a result will be worth the cost in terms of added privacy. That’s an argument I can respect, if not agree with.
security  krebs  internet  secondary-effects  GDPR 
9 weeks ago by chriskrycho
A Sobering Look at Fake Online Reviews — Krebs on Security
In 2016, KrebsOnSecurity exposed a network of phony Web sites and fake online reviews that funneled those seeking help for drug and alcohol addiction toward rehab centers that were secretly affiliated with the Church of Scientology. Not long after the story ran, that network of bogus reviews disappeared from the Web. Over the past few months, however, the same prolific purveyor of these phantom sites and reviews appears to be back at it again, enlisting the help of Internet users and paying people $25-$35 for each fake listing.
Sometime in March 2018, ads began appearing on Craigslist promoting part-time “social media assistant” jobs, in which interested applicants are directed to sign up for positions at seorehabs[dot]com. This site promotes itself as “leaders in addiction recovery consulting,” explaining that assistants can earn a minimum of $25 just for creating individual Google for Business listings tied to a few dozen generic-sounding addiction recovery center names, such as “Integra Addiction Center,” and “First Exit Recovery.”
review  fake  krebs  internet 
12 weeks ago by rgl7194
Daring Fireball: Brian Krebs on 'Security Questions' and Facebook Surveys
Brian Krebs...
Krebs is right (as usual), but at the end of his post he points to the real problem — the fact that so many websites, particularly banks, still rely on questions like these for verifying your identity. It’s not secure at all.
security  facebook  privacy  q&a  krebs  data  daring_fireball 
april 2018 by rgl7194
Don’t Give Away Historic Details About Yourself — Krebs on Security
Social media sites are littered with seemingly innocuous little quizzes, games and surveys urging people to reminisce about specific topics, such as “What was your first job,” or “What was your first car?” The problem with participating in these informal surveys is that in doing so you may be inadvertently giving away the answers to “secret questions” that can be used to unlock access to a host of your online identities and accounts.
I’m willing to bet that a good percentage of regular readers here would never respond — honestly or otherwise — to such questionnaires (except perhaps to chide others for responding). But I thought it was worth mentioning because certain social networks — particularly Facebook — seem positively overrun with these data-harvesting schemes. What’s more, I’m constantly asking friends and family members to stop participating in these quizzes and to stop urging their contacts to do the same.
security  facebook  privacy  q&a  krebs  data 
april 2018 by rgl7194
Panera accused security researcher of “scam” when he reported a major flaw | Ars Technica
Panera didn't fix flaw for 8 months; 37 million records were allegedly exposed.
Eight months ago, Panera Bread was notified of a security flaw that was leaking customer information to anyone who knew where to look for it. But the company failed to fix the flaw until this week after the breach was made public in a report suggesting that it affected 37 million customer records.
Panera Bread said this week that the leak affected fewer than 10,000 consumers and that it has been fixed. But security reporter Brian Krebs and the security researcher who notified Panera of the breach last year disputed that account. They say that millions of customer records were available online and that they remained available at publicly accessible URLs after Panera said the flaw was fixed. Those URLs appear to have finally been scrubbed of the customer information, as they now produce error messages instead of customer data.
restaurants  security  privacy  scam  data  breach  krebs 
april 2018 by rgl7194 breach could have impacted millions - Malwarebytes Labs | Malwarebytes Labs
Customers who signed up for a account in order to order fast-casual baked goods may want to guard their dough. Security researcher Brian Krebs reported yesterday that the website for the bakery chain leaked millions of customer records, including names, emails, physical addresses, birthdays, and the last four digits of customers’ credit card numbers.
Until Monday, millions of customer data points were accessible on the site as plain text—an oversight that Krebs maintains left data exposed for at least eight months. While Panera was contacted by security researcher Dylan Houlihan back in August 2017 about the leak, it appears they did not take action to fix it, despite reassurances they were working on a resolution.
Once Krebs notified Panera about the breach, the company took its website offline for a brief period of time. When the site came back online, the customer data was no longer available.
restaurants  security  privacy  scam  data  breach  krebs 
april 2018 by rgl7194

« earlier    

related tags

0day  10.13  2fa  amazon  anabol  anabole_diät  antibiotikaresistenz  artenvielfalt  article  atm  authentication  award  banking  bezugsquelle  biologie  birthday  botnet  bots  breach  brian  browser  bug  business  bücher  c  cancer  career  cellphones  chemotherapie  college  comic  corporate  cpu  credit  credit_cards  credit_freeze  credit_report  creditcards  creditfreeze  crime  crispr  cryptocurrency  cxo  cybercrime  cybersecurity  daring_fireball  data  ddos  details  donation  drugs  ecommerce  ei  eier  election  email  encryption  equifax  europe  facebook  fail  fake  fasten  fastening  fcc  feedly  feil_dr._wolfgang  finances  fitness  flash  flying  forschung  fraud  freeze  freiland-eier  games  gdpr  gegen  genetik  germany  geschmackssinn  glyphosat  gov2.0  graphic_novel  hack  hacking  hilfe  historic  history  hochdosistherapie  hom  html5  i18n  iarc  identity  identity_theft  ifttt  immun  influence  infosec  infusion  instapaper  interaktion  internet  iot  irs  isp  jackpot  javascript  jhu  jobs  k2  ketogene_diät  ketose  keylogger  koch  kontakte  krack  krankheit  krebsonsecurity  legal  leopoldplatz-markt  linux  location_services  mac  macos  mail  malware  manipulation  meltdown_spectre  methadon  minecraft  mobile  money  mum  nacktmull  nahrungsergänzungsmittel  news  nytimes  omega3  passwords  phishing  police  politics  privacy  propaganda  pros  prostata  q&a  qualität  restaurants  review  robocalls  root  russia  scam  scanning  scotus  secondary-effects  security  seniors  sharing  social  social_engineering  social_security  socialmedia  south_america  spam  ssn  stoffwechsel  swatting  taxes  technology  telemarketing  theft  tobuy  tod  twitter  ukraine  unicode  url  villainy  vitamin  vpn  web  wi-fi  windows  wissenschaft  yahoo  übergewicht 

Copy this bookmark: