New Internet-Privacy Bill to address Ad Tracking or Online-Data Collection

digital-ad industry says that if it passes it could mean ‘Facebook won’t be free’

Tennessee Congresswoman Martha Blackburn says she wants to give consumers control of their internet experience.

She’s introduced a bill — the “BROWSER Act” — that would require internet users to actively opt in to say yes to any sort of ad tracking or online-data collection.

“Facebook won’t be free,” said Scott Howe, CEO of the data company Acxiom. Acxiom collects consumer data on millions of Americans — where they live and the kinds of things they shop for — that marketers and media companies use to target consumers and deliver more-relevant ads. So it’s looking out for any legislation in this realm closely.
Continue reading New Internet-Privacy Bill to address Ad Tracking or Online-Data Collection

Advertisements

Researchers find over 100 spying Tor nodes

Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites

When it comes to accessing public websites, Tor has an intrinsic security problem: though the nodes between your computer and the public internet are unable to see where the traffic is coming from or going to, the final hop in the network (known as an exit node) gets to know what webserver you are connecting to. Continue reading Researchers find over 100 spying Tor nodes

Richard Stallman discusses Copyright at UofC

Richard Stallman lecturing about copyright at University of Calgary on 2009-02-03. Free/Libre formats & raw footage can be found here, as per Stallman’s request. (Transcode-SR1 contains wireless mic audio.)

Links

How to encrypt your Android Device

WARNING:

  • Once Encrypted you CANNOT go back to unencrypted status.
  • You may also notice a slight performance hit as your device will be using extra resources to encrypt and decrypt your data as needed.
  • If you interrupt the process you WILL lose some or all of the data on your device so let it finish before doing anything.

Basically, encrypting you device scrambles up all your files on your device and makes them unreadable unless you unlock your device with your password or pin; without these your device is unusable and your data is fully locked from anyone.

Some recent legal rulings have suggested that encryption can protect against warrantless searches. The California Supreme Court has ruled that police officers can lawfully search your cell phone without a warrant if it’s taken from you during arrest – but they would require a warrant if it was encrypted. A Canadian court has also ruled that phones can be searched without a warrant as long as they’re unencrypted.

Continue reading How to encrypt your Android Device

Identity and privacy at risk on new internet

Boil it all down and last week’s Black Hat conference in Las Vegas discussed just two things – identity and privacy in cyberspace. Both are at risk as the internet enters a period of massive expansion.

IT managers need to deal with these issues in the light of the increasing volume and subtlety of attacks by ill-intentioned people.

Identity and privacy are two sides of the same coin. For the internet to work, everything connected to it requires a unique identifier, known as an internet address or uniform resource locator (URL). This allows network routers, which act as postmasters, to direct messages to the right address.

The internet was designed to be flexible. This makes it possible for people to pretend to own someone else’s address and thus to divert traffic elsewhere, or even to take over the address.

In addition, many people want to hide their identities and activities on the internet for both legitimate and illegitimate reasons. Continue reading Identity and privacy at risk on new internet

Over a Billion Internet Passwords Hacked

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information.

“Companies that rely on user names and passwords have to develop a sense of urgency about changing this,” said Avivah Litan, a security analyst at the research firm Gartner. “Until they do, criminals will just keep stockpiling people’s credentials.”

Websites inside Russia had been hacked, too, and Mr. Holden said he saw no connection between the hackers and the Russian government. He said he planned to alert law enforcement after making the research public, though the Russian government has not historically pursued accused hackers.

So far, the criminals have not sold many of the records online. Instead, they appear to be using the stolen information to send spam on social networks like Twitter at the behest of other groups, collecting fees for their work.

Big Data Is Just a Big Scam

The newly emergent “big data” meme has never been defined in any meaningful and definitive way. It’s the most amorphous new buzz-term that I’ve seen for a decade. It’s one of those “eye of the beholder” terms used to liven up a seminar and eventually soak investors.

Let’s start by asking what does big data mean? Lots of data? More data than you can handle? Amorphous data? Out of control data? Useful data for analysis? Useless data? Information overload?

If you read enough about big data, it is all of the above and more. The key is not the data, but the challenge of how to handle the data and what to do with the data itself.

In other words, how can we make this huge pile of data, that we have managed to accumulate, be useful in new and profitable ways? The data pools can come from anywhere via various computing mechanisms such as Facebook posts, NSA logs, mailing lists, customers, etc.

I would argue that most readers of this column are themselves repositories of big data. I just bought a 3 Terabyte drive for backup. I have a lot of data to back up! Big data!

From what I can tell, what Big Data does best is spy on individuals.

A useful tool I can imagine would be a big data analysis tool that the police could use to find you guilty of some random crime by going through your files. Or at least find something that would embarrass you. Big data!

This all harkens back to a comment made by a former CEO of American Express, who told an audience that if the company wanted to (and this applies to all credit card companies) it could use your personal buying habits and tendencies to put together a complete dossier and definitely tell if you are having an affair or not. Big data!

None of this sounds good or healthy for the society. Jumping to conclusions, making assumptions, acting on false assumptions. Hounding the public with useless advertisements.

Full Article

Microsoft Releases Security Update For Internet Explorer 0Day Exploit

LOS ANGELES (AP) — Microsoft is releasing a security update for Internet Explorer that closes a gap that allowed attackers to take complete control of a computer. It also issued the update to Windows XP users, despite dropping support for the older operating system last month.

The update will go live at 10 a.m. Pacific time Thursday.

Adrienne Hall, general manager of Microsoft Trustworthy Computing, said in a statement that the company decided to fix the problem quickly for all customers, saying it takes the security of its products “incredibly seriously.”

Microsoft reported the problem Saturday, saying it was aware of “limited, targeted attacks” and that the vulnerability affected Internet Explorer versions 6 through 11

The company said users with automatic updates enabled don’t need to take any action.

New Cisco managed security services detects hackers, zero-day threats

Cisco announced a new managed threat detection service that collects real-time telemetry from a customer’s network, alerts the enterprise’s IT team when a threat has entered the network and offers guidance for remediation.

The new Cisco managed security services offering, Managed Threat Defense (MTD), begins with a Hadoop 2.0 cluster that enterprises deploy within their networks. The minimum footprint is a two-rack Cisco Unified Computing System comprised of 30 servers.

“The cluster is ingesting various forms of telemetry — like NetFlow — as well as full packets [captured at data center and Internet ingress and egress points],” said Pablo Salazar, manager within the Cisco Security Solutions organization. “[The cluster] ingests full packets and stores them for forensic purposes, as well as extracts metadata which we use for analytics.”

Metadata from the Hadoop cluster traverses a VPN link to Cisco’s 24-by-7 security operation centers (SOCs) where Cisco engineers detect threats by applying a variety of Cisco’s behavioral analysis and threat detection technologies, as well as using threat intelligence data collected and analyzed by Cisco’s Security Intelligence Operations.

“This operationalizes anomaly detection,” said Bryan Palma, senior vice president of Cisco Security Services. “We don’t tell customers an incident might have happened. We tell them when it happened, what it is and what they need to do to take remediation.”

Complete Story