Privacy   203828

« earlier    

Who Is Afraid of More Spams and Scams? — Krebs on Security
Security researchers who rely on data included in Web site domain name records to combat spammers and scammers will likely lose access to that information for at least six months starting at the end of May 2018, under a new proposal that seeks to bring the system in line with new European privacy laws. The result, some experts warn, will likely mean more spams and scams landing in your inbox.
On May 25, the General Data Protection Regulation (GDPR) takes effect. The law, enacted by the European Parliament, requires companies to get affirmative consent for any personal information they collect on people within the European Union. Organizations that violate the GDPR could face fines of up to four percent of global annual revenues.
In response, the Internet Corporation for Assigned Names and Numbers (ICANN) — the nonprofit entity that manages the global domain name system — has proposed redacting key bits of personal data from WHOIS, the system for querying databases that store the registered users of domain names and blocks of Internet address ranges (IP addresses).
internet  standards  security  privacy  data  GDPR  europe 
2 hours ago by rgl7194
Effortless Slippage - e-flux Architecture - e-flux
For about as long as there has been a networked world there have been people adorning it with the accessories and ephemera of the nation-state. Some of these gestures were more of a literal attempt to translate the borders of the world onto the net, such as ARPANet legend Jon Postel's decision to assign two-character ISO country codes to every nation as top-level domains. Postel assumed a future of domain names functioning more like folder directories or physical mailing addresses—the website of IBM offices in Armonk, NY might live at "IBM.Armonk.NY.US"—rather than the linguistic hacks and poetics they're used for now.
geography  web  maps  privacy 
2 hours ago by mookieproof
Here's the Status of Meltdown and Spectre Mitigations in Windows
Yesterday's Patch Tuesday release included fixes for the latest Spectre vulnerability, known as Spectre variant 4, or SpectreNG.
These patches are currently not available for all Windows versions, though, and all mitigations are disabled by default.
Only Windows 10, Windows Server 2016, Windows 7, and Windows Server 2008 R2 have received SpectreNG patches.
Meltdown and Spectre patching is a mess
Furthermore, because of a constant stream of Meltdown and Spectre patching that has been going on for the last six months, it's been getting harder and harder for users to keep track of what patches they've received, what patch needs manual intervention, and which ones cause issues.
To help system administrators with these confusing issues, Microsoft has published a table yesterday that contains the status of each of the Meltdown and Spectre patches it released since January 3, this year.
meltdown_spectre  browser  bug  cpu  javascript  linux  mac  privacy  security  windows 
4 hours ago by rgl7194
Think You’ve Got Your Credit Freezes Covered? Think Again. — Krebs on Security
I spent a few days last week speaking at and attending a conference on responding to identity theft. The forum was held in Florida, one of the major epicenters for identity fraud complaints in United States. One gripe I heard from several presenters was that identity thieves increasingly are finding ways to open new mobile phone accounts in the names of people who have already frozen their credit files with the big-three credit bureaus. Here’s a look at what may be going on, and how you can protect yourself.
Carrie Kerskie is director of the Identity Fraud Institute at Hodges University in Naples. A big part of her job is helping local residents respond to identity theft and fraud complaints. Kerskie said she’s had multiple victims in her area recently complain of having cell phone accounts opened in their names even though they had already frozen their credit files at the big three credit bureaus — Equifax, Experian and Trans Union (as well as distant fourth bureau Innovis).
credit_freeze  credit_report  equifax  identity_theft  privacy  security 
4 hours ago by rgl7194
Detecting Laptop Tampering - Schneier on Security
Micah Lee ran a two-year experiment designed to detect whether or not his laptop was ever tampered with. The results are inconclusive, but demonstrate how difficult it can be to detect laptop tampering.
security  privacy  computers  research 
4 hours ago by rgl7194
Computer Alarm that Triggers When Lid Is Opened - Schneier on Security
"Do Not Disturb" is a Macintosh app that send an alert when the lid is opened. The idea is to detect computer tampering.
Wired article:
Do Not Disturb goes a step further than just the push notification. Using the Do Not Disturb iOS app, a notified user can send themselves a picture snapped with the laptop's webcam to catch the perpetrator in the act, or they can shut down the computer remotely. The app can also be configured to take more custom actions like sending an email, recording screen activity, and keeping logs of commands executed on the machine.
Can someone please make one of these for Windows?
apps  mac  security  privacy 
4 hours ago by rgl7194
Securing Elections - Schneier on Security
Elections serve two purposes. The first, and obvious, purpose is to accurately choose the winner. But the second is equally important: to convince the loser. To the extent that an election system is not transparently and auditably accurate, it fails in that second purpose. Our election systems are failing, and we need to fix them.
Today, we conduct our elections on computers. Our registration lists are in computer databases. We vote on computerized voting machines. And our tabulation and reporting is done on computers. We do this for a lot of good reasons, but a side effect is that elections now have all the insecurities inherent in computers. The only way to reliably protect elections from both malice and accident is to use something that is not hackable or unreliable at scale; the best way to do that is to back up as much of the system as possible with paper.
security  privacy  election  gov2.0  politics 
4 hours ago by rgl7194
HTTP Injector Apps Are Becoming a Popular Method to Obtain Free Internet Access
"HTTP injector" apps traded in public Telegram channels are becoming a popular method of gaining free Internet access on mobile devices.
Such apps work by modifying HTTP headers on network requests with malicious code that tricks "captive portals" into giving the user access to the Internet.
Captive portals are the temporary web pages that some mobile telcos or private WiFi networks show users when trying to access the Internet, sometimes asking for a password or urging the user to recharge his SIM card's credit.
HTTP/S  free  internet  hack  security  privacy 
4 hours ago by rgl7194
Dot-cm Typosquatting Sites Visited 12M Times So Far in 2018 — Krebs on Security
A story published here last week warned readers about a vast network of potentially malicious Web sites ending in “.cm” that mimic some of the world’s most popular Internet destinations (e.g. espn[dot]cm, aol[dot]cm and itunes[dot].cm) in a bid to bombard visitors with fake security alerts that can lock up one’s computer. If that piece lacked one key detail it was insight into just how many people were mistyping .com and ending up at one of these so-called “typosquatting” domains.
On March 30, an eagle-eyed reader noted that four years of access logs for the entire network of more than 1,000 dot-cm typosquatting domains were available for download directly from the typosquatting network’s own hosting provider. The logs — which include detailed records of how many people visited the sites over the past three years and from where — were deleted shortly after that comment was posted here, but not before KrebsOnSecurity managed to grab a copy of the entire archive for analysis.
URL  security  privacy  krebs 
4 hours ago by rgl7194
Omitting the “o” in .com Could Be Costly — Krebs on Security
Take care when typing a domain name into a browser address bar, because it’s far too easy to fat-finger a key and wind up somewhere you don’t want to go. For example, if you try to visit some of the most popular destinations on the Web but omit the “o” in .com (and type .cm instead), there’s a good chance your browser will be bombarded with malware alerts and other misleading messages — potentially even causing your computer to lock up completely. As it happens, many of these domains appear tied to a marketing company whose CEO is a convicted felon and once self-proclaimed “Spam King.”
Matthew Chambers is a security professional and researcher in Atlanta. Earlier this month Chambers penned a post on his personal blog detailing what he found after several users he looks after accidentally mistyped different domains — such as espn[dot]cm.
Chambers said the user who visited that domain told him that after typing in he quickly had his computer screen filled with alerts about malware and countless other pop-ups. Security logs for that user’s system revealed the user had actually typed espn[dot]cm, but when Chambers reviewed the source code at that Web page he found an innocuous placeholder content page instead.
URL  security  privacy  krebs 
4 hours ago by rgl7194

« earlier    

related tags

10.13  10.14  351  acceptableusepolicy  ad-blocker  ads  afspraken  ai  alternative  alternatives  apfs  apple  appleid  apps  audio  backup  ballot  biometrics  blockchain  blogs  browser  bug  cables  california  cellphones  charger  children  china  chrome  cloud  computers  coppa  cortana  cpu  credit_freeze  credit_report  cyberlaw  cybersecurity  data  data_brokers  data_ethics  datasets  death  debian  digital  digital_commerce  digital_ethics  dns  do_not_call  drive  edtech  education  election  email  encrypted  encryption  equifax  ethics  europe  export  facebook  firewall  free  gadgets  gdpr  geography  gmail  google  gov2.0  guardian  guide  hack  hacking  higher_education  howto  http/s  humor  identity_theft  infosec  internet  internet_of_things  ios12  iot  iphone  iste18  itunes  javascript  k12cybersecure  krebs  law  learninganalytics  legal  libraries  linux  lists  location  mac  macos  malware  maps  marketing  medical  meltdown_spectre  mit  mobile  monitor  monitoring  network  networking  newyorker  nsa  office  onlineservice  opensource  passwords  paypal  personal  phishing  phone  police  policy  politics  politie  practical  preview  privacy  privacykit  privacykitforbusiness  privacynotice  privacypolicy  programmatic  proxy  pureos  recommendations  reddit  registry  research  resources  robocalls  safety  security  shadow_brokers  sharing  smime  snitch  snowden  social  socialjustice  socialmedia  software  solid  spam  spying  standards  statistics  studentdata  sync  tech  technology  telemarketing  timbernerslee  tools  tos  travel  trust  url  usa  usb  utilities  violence  voice  vpn  web  wechat  wi-fi  wikileaks  windows  windows10  wwdc  x509  zuckerberg 

Copy this bookmark: