osi_info_program + security   207

Fitness app Strava lights up staff at military bases - BBC News
Many years ago, operational security was a relatively simple matter of not being physically overheard by the enemy.

Think of the British WWII poster with the slogan "Careless Talk Costs Lives".

Well, no more. Our modern electronic age means that we all move around with a number of "signatures"; we send and receive a variety of signals, all of which can be tracked. And as the episode with the exercise tracker shows, you do not need to be an American or Russian spy to be able to see and analyse these signals.

Russian troops have been tracked in Ukraine or in Syria by studying their social media interactions or geo-location data from their mobile phone images.

Each piece of evidence is a fragment, but when added together it could pose a significant risk to security - in this case highlighting the location of formerly secret bases or undisclosed patterns of military activity.
gps  data  strava  heatmap  security  ee 
january 2018 by osi_info_program
Chinese woman discovers that her iPhone X can be unlocked by her friend’s face
According to Jiangsu Broadcasting Corporation, Yan, a woman from Nanjing, China, was offered two refunds from Apple after her colleague managed to unlock both her iPhone X that had faulty facial recognition function.

It wasn’t just a fluke either, as her colleague was able to unlock both devices on every attempt.

The two women are not related to each other.
china  facialrecognition  iphone  security  km 
january 2018 by osi_info_program
Launching WhoWasInCommand.com – a power tool for investigating security forces – Security Force Monitor
WhoWasInCommand.com makes it fast and easy to find detailed information about the chain of command, areas of operation, commanders and bases of the police, military and other security forces of a country and discover links to alleged human rights violations.

This platform is a unique resource containing a level of detailed data about security forces that has never existed before. It’s the result of an enormous amount of work – and would not have been possible without extensive advice and help from civil society partners. We hope that you find this new tool useful.
humanrights  ee  grantee  security  police  accountability 
november 2017 by osi_info_program
AccuWeather caught sending user location data, even when location sharing is off
A security researcher has found that the popular weather app sends private location data without the user's explicit permission to a firm designed to monetize user locations.
security  location  apps  km 
august 2017 by osi_info_program
The Million Dollar Dissident: NSO Group's iPhone Zero-Days used against a UAE Human Rights Defender - The Citizen Lab
Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a “Nobel Prize for human rights”). On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product. NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management.
human_rights  ee  security  apple  activism  citizenlab 
august 2016 by osi_info_program
New Manual: Holistic Security | Tactical Technology Collective
In the past, different aspects of human rights defenders' security (digital, physical and psycho-social) have tended to be treated separately, as if they existed in isolation. The holistic approach, however, recognises that they are deeply interrelated and need to be taken together when developing a comprehensive security strategy.
human_rights  tacticaltech  security  ee 
july 2016 by osi_info_program
Government agencies keep sacrificing cash to zombie IT systems, GAO finds | Ars Technica
A new Government Accountability Office report has called out some of these systems as being so archaic that they're consuming increasingly larger portions of agencies' IT budgets just for operation and maintenance. As the breach at the Office of Personnel Management demonstrated, old systems are also a security risk—particularly when they've been "updated" with now-unsupported versions of Windows Server and Internet and database components that were end-of-life'd by their creators years ago.
software  GAO  UnitedStates  security 
may 2016 by osi_info_program
Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People | WIRED
Mountain View is home to WhatsApp, an online messaging service now owned by tech giant Facebook, that has grown into one of the world’s most important applications. More than a billion people trade messages, make phone calls, send photos, and swap videos using the service. This means that only Facebook itself runs a larger self-contained communications network. And today, the enigmatic founders of WhatsApp, Brian Acton and Jan Koum, together with a high-minded coder and cryptographer who goes by the pseudonym Moxie Marlinspike, revealed that the company has added end-to-end encryption to every form of communication on its service.
encryption  security  WhatsApp  facebook  moxin_marlinspike  ds 
april 2016 by osi_info_program
Reporta, a new app, offers journalists a lifeline in hazardous situations | Poynter.
new security app blowing up the libtech security groups on non-transparent app development
data  security  ee 
october 2015 by osi_info_program
Interview: Shane Harris, Author Of '@War' (NPR All Things Considered)
Shane Harris interviewed about his new book, "@War: The Rise of the Military-Internet Complex." The book looks cyberspace as war's "fifth domain" (after land, sea, air and space). Harris covers topics like the NSA, the role of cyber warfare in the Iraq troop surge of 2007, China's "rampant" espionage on American corporations — and the U.S. government's strategy of playing the victim.
cybersecurity  security 
november 2014 by osi_info_program
New Citizen Lab Report: Human Rights NGOs Face Persistent Computer Espionage Attacks
(November 11, 2014) – The report, entitled “Communities @ Risk: Targeted Digital Threats Against Civil Society,” involved 10 civil society groups that enrolled as study subjects over a period of four years. Among the main findings of “Communities @ Risk,” Citizen Lab researchers found that the technical sophistication of even the most successful attacks against CSOs tends to be low. Instead, attackers put more significant time and effort into crafting legitimate-looking email messages or other “lures” designed to bait targets into opening attachments or clicking on links (also known as social engineering). The content for these lures is often derived from information gathered from previous breaches of individuals in their organization or partners in their wider communities. Constant use of socially engineered attacks as bait erodes trust among those communities and creates disincentives around using the very communication technologies that are often seen as CSOs’ greatest asset.

The report argues that solving the problem will require major efforts among several stakeholders, from the foundations that fund civil society, to the private sector, to governments.
security  civilsociety 
november 2014 by osi_info_program
Cyber Failures Spark Search for New Security Approach | SecurityWeek.Com
The old notion of using anti-virus software, which updates itself based on new malware "signatures," is rapidly losing credence.

A 2012 study by the security firm Imperva said most software only detected around five percent of malware. Another firm, FireEye, concluded last year that 82 percent of malware disappears after one hour and 70 percent exists just once.

"With the half-life of malware being so short, we can draw the conclusion that the function signature-based AV (anti-virus) serves has become more akin to ghost hunting than threat detection and prevention," said a blog post by FireEye's Zheng Bu and Rob Rachwald.

Ullrich said that over time, companies need to invest more in information security and develop strategies before the problems subside.

"Security will never prevent every single breach," he said. "You want to keep it at a manageable level, to stay in business. That's what security is all about."
security 
may 2014 by osi_info_program
The 10 Coolest Security Startups Of 2013 (So Far)
Listsicles are annoying, and "cool" is not really what seems crucial in the question of security, but here's an interesting rundown of (one view) of the state of commercial security industry.
security  commercial 
november 2013 by osi_info_program
Just Security
A new blog about law, rights, and US national security
nsa  surveillance  security 
september 2013 by osi_info_program
The NSA's Secret Campaign to Crack, Undermine Internet Encryption - ProPublica
What's New Here

The NSA has secretly and successfully worked to break many types of encryption, the widely used technology that is supposed to make it impossible to read intercepted communications.
Referring to the NSA's efforts, a 2010 British document stated: "Vast amounts of encrypted Internet data are now exploitable." Another British memo said: "Those not already briefed were gobsmacked!"
The NSA has worked with American and foreign tech companies to introduce weaknesses into commercial encryption products, allowing backdoor access to data that users believe is secure.
The NSA has deliberately weakened the international encryption standards adopted by developers around the globe.
nsa  privacy  security  surveillance 
september 2013 by osi_info_program
UK Court Censors Security Researchers for Reverse Engineering Publicly Available Software
EFF examines the ruling of a UK court barring two well-respected academic researchers from presenting the results of their work describing fundamental flaws in car lock systems at the upcoming USENIX security conference in Washington, DC. In the court's view, the researchers failed to demonstrate that the software they used, Tango Programmer, did not contain confidential business secrets. The court argued that with "the security of millions of cars" at stake, academic freedom had to take a back seat.
security  eff  academia  research  censorship  uk  law 
august 2013 by osi_info_program
VPN Services That Take Your Anonymity Seriously, 2013 Edition | TorrentFreak
Prompted by a high-profile case of an individual using an ‘anonymous’ VPN that turned out to offer less than expected protection, TorrentFreak decided to ask a selection of VPN companies some tough questions.
VPN  privacy  anonymity  security 
june 2013 by osi_info_program
New Legal Guide to Digital Security for Arab Human Rights Activists - Global Voices Advocacy
The Association for Freedom of Thought and Expression, in Egypt, has issued a “legal guide to digital security” as part of its digital freedoms program. The guide was produced for campaigners and human rights activists and lawyers interested in digital freedom of expression and the confidentiality of communications and information stored on mobile phones, computers or any other device used to store or distribute data or information.
security 
april 2013 by osi_info_program
Bruce Schneier Facts
more stuff we think is funny (or at least I do)
security  jh 
april 2013 by osi_info_program
Bruce Schneier: On Security Awareness Training - Dark Reading
"...training users in security is generally a waste of time and that the money can be spent better elsewhere."
security  training 
march 2013 by osi_info_program
Information Security Coalition
Winners from the ISC's security grants competition
security  isc  tools 
march 2013 by osi_info_program
Blog by alleged (ex-)TSA screener
This blog purports to be an insider's story of airport screening, TSA style. It's either true or very, very brilliant satire.
surveillance  security  travel 
december 2012 by osi_info_program
« earlier      
per page:    204080120160

related tags

30c3  Aadhar  aaronswartz  academia  accesstocommunications  accountability  aclu  activism  afghanistan  airgaps  akamai  aljazeera  amazon  amnesty  analysis  android  anonymity  anonymous  apple  applebaum  apps  assange  australia  bankdata  bh  Big  bigdata  BigData;  Bigdata;  BigData;cyber  biometrics  books  border  border_measures  bruce_schneier  cablegate  caucasus  ccc  cctv  cdt  censorship  certification_authority  china  chrome  circumvention  citizenlab  civilsociety  climatechange  cloud  cloudcomputing  commercial  competition  corporate  crypto  customs  cyber  cybercrime  cybersecurity  cyberwar  darius  data  data-driven_journalism  Data;  datamashups  dataprotection  dataretention  datavisualisation  david  dc  democracy;  diaspora  digest  digest1217  digest?  digital  dns  drm  dropbox  ds  economics  education;  ee  eff  egypt  email  en  encryption  estonia  eu  evoting  facebook  facebook_messages  facialrecognition  fbi  filesharing  filetype:pdf  finance  financialdata  firefox  firesheep  floss  FOE  food  foss  foursquare  france  freedomhouse  freeexpression  future  GAO  genetics  geodata  geolocation  germany  Gillmor  google  governance  government  gps  grantee  gsm  hackers  hacking  hacktivism  hadopi  handbook  harrassment  healthcare  healthcare;  heatmap  hjd  hrdi  html5  https  humanrights  human_rights  icann  identity  IETF  india  intelligence;  interception  internet  internetfreedomtm  internetgovernance  internetofthings  internet_governance  interview  IoT  iphone  ipv6  iran  iraq  isc  israel  jamaica  janet  JC  jerzy  jh  journalism  km  lavabit  law  liveblog  location  longview  malaysia;  martus  media  media:document  medical_devices  microsoft  military  mobile  mobilephone  monitoring  moxin_marlinspike  mozilla  national  NationalID  neural_nets  news  nsa  nsa_backdoors  op-ed  oped  openleaks  opensource  osf  partners  phishing  podcast  police  policy  privacy  regulation  report  research  rfid  roma  russia  schneier  science  security  silent_circle  skype  smartmeters  smartphones  social  socialnetworks  software  sovereignty  spam  SSL  state  strava  stuxnet  surveillance  Tactical  tacticaltech  talks  TEch  technology  threestrikes  tld  tools  tor  training  transparency  transportation;  travel  trends  trust  trusted_computing  twitter  uber  uefi  uk  un  UnitedStates  universalID  us  usa  ushahidi  vf  virus  VPN  walledgarden  washingtonpost  web2.0  WhatsApp  whistleblower  whistleblowing  wi-fi  wifi  wikileaks  women  zimmerman  _DC 

Copy this bookmark:



description:


tags: