Cybersecurity, Online Privacy, & Big Data

  • Google Updates Enabling Dishonest Behavior Policy

    Spyware and technology used for intimate partner surveillance including but not limited to spyware/malware that can be used to monitor texts, phone calls, or browsing history; GPS trackers specifically marketed to spy or track someone without their consent; promotion of surveillance equipment (cameras, audio recorders, dash cams, nanny cams) marketed with the express purpose of spying.

    Wowzers! Maybe the Goog is turning over a new leaf? Else looking for a way to keep much of that market cornered?

  • @toby
    Google isn't changing anything but rules against their competition (as you pointed out).

    Privacy is a thing of the past if you use technology in your daily life. Tracking me is a joke, I don't go many places, except grocery store & pharmacy.

    If the trackers are onto my Amazon purchasing and other internet sellers, then they know I am a utilitarian by nature and don't buy much other than the basic necessities of life.

    If they sell this information and profit from it, then I should get a share. I think I will Copyright myself. I could use the extra do re mi.

  • Twitter Hacked - Again

    Twitter's security holes are now the nation's problem

    Wednesday’s Twitter hack has exposed a gaping weakness for the U.S. and its most powerful leaders — their reliance on a private company to secure their communications with the public.

    The latest bipartisan uproar comes as intelligence officials warn that foreign government hackers and trolls are using social networks to stir up controversy and spread disinformation ahead of November’s elections. This misuse of Facebook, Twitter and other large platforms, which reached a zenith during the 2016 presidential campaign, has led to extensive congressional oversight.

    And we're acting surprised? Like this is new information?

    Senate Intel Committee Releases Bipartisan Report on Russia’s Use of Social Media .

    The thing is.... I can empathize with Twitter. Nothing is secure against dedicated attackers given enough time, funding, and motivation. Nothing is absolute. The war is lost before the first battle. Hence, all one can do is to do their best to raise the bar sufficiently high enough to make the costs outweigh the benefits and hope the bad guys set their sites on softer targets. But Twitter? Google? Facebook? Ho man! Those guys are continually under siege. Despite hiring the best and the brightest security engineers it should be no surprise the bad guys win one every once in a while.

    So what to do? Well, the obvious "solution" is to legislate. It is what politicians do. Or at least supposed to be doing. Since these companies have already hired the cream of the crop and, with some notable exception, making best faith efforts to thwart said black hats, I doubt legislation is the answer. At best, maybe a bit of PPP to give us a warm fuzzy feeling and something the politards can puff up their chests about and act like they're actually doing something.

    Yep. Color me jade.

  • @toby said in Online Privacy, Security & Big Data:

    So what to do?

    What to do? Well, the first thing is to stop believing anything you see on Twitter, Failbook, or any other online source.

    Yeah, okay, that works for you and me, but how do we stop the great unwashed (or whatever the current descriptor is) from believing what they see on their Twitter feeds or FB pages?

    Answer? Sorry, there is no answer. They will continue to believe whatever Trump's media buddies feed them. All we can do is whatever we can to encourage sane people to vote in November.

    Edit to add: And I ain't even American.

  • @David-Harris The issue is much larger than he who must not be named as this is happening globally - Germany, France, UK, Jamaica - grossly skewing and disrupting world politics and global stability. I guess we may take some small comfort in that it is not as bad as last US presidential circus. Yet. Either that or the bad actors have become even yet more sophisticated and not been discovered/caught. Yet.

    Ah, the drama of the 24x7 click bait stream....

  • Solarium Hack

    We Can Take Advantage of the Russian Hack. Here’s How

    The more complex and ultimately more disturbing lesson is that, as currently structured, neither the federal government nor even the most sophisticated corporations can repel expertly crafted foreign cyberattacks.

    That’s the bad news. The good news is that we can halt cyber mischief by other countries, but it will take bolder action than is currently on the table.

    Which, of course, is the same old song and dance we always get from "the powers that be" whenever something like this happens. Hopefully this time egregious enough to elicit a response a bit more proactive than the usual spin from the talking heads.

    I am hoping the incoming administration is able to restore enough of some semblance of normalcy with our allies that we, the World, UN or whatever are able to censure Russia (& other bad actors, e.g. China) in a meaningful manner that does not also prompt WWIII.

  • Now that our bromance with authoritarian dictators is over seems we're both ready and willing to stop ignoring and/or making excuses for North Korea. I was aware of North Korea's government sponsored cyber warfare/terrorism but thought it a distant third to China and Russia. Not. Turns out now Cyber Public Enemy #1.

    North Korean hackers are ‘the world’s leading bank robbers,’ U.S. charges

    Federal prosecutors on Wednesday announced charges against three North Korean government hackers accused of participating in a wide range of cyberattacks, including the destructive 2014 assault on Sony Pictures Entertainment hack, the global WannaCry ransomware attack in 2017 and a range of digital bank heists.

    The newly unsealed indictment, building on earlier charges against Park for his alleged role in Pyongyang’s cyberattacks, adds new information about multiple criminal schemes, including a series of breaches of banks targeting more than $1.2 billion; infections of ATMs with malware that allowed unlimited withdrawals; digital extortion schemes using ransomware; and the development and distribution of fake, malware-laden cryptocurrency apps that opened backdoors into victims’ computer networks.

    And on a related note, US-CERT Cybersecurity and Infrastructure Security Agency (CISA) has several advisories hitting my inbox this morning on the cryptocurrency front. I will just list them below in case any of you are into crypto. If so, I advise reviewing the full notices. A search on any of the strings below should get you there.

    • AA21-048A: AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
    • AR21-048A: MAR-10322463-1.v1 - AppleJeus: Celas Trade Pro
    • AR21-048E: MAR-10322463-5.v1 - AppleJeus: CoinGoTrade
    • AR21-048G: MAR-10322463-7.v1 - AppleJeus: Ants2Whale
    • AR21-048C: MAR-10322463-3.v1 - AppleJeus: Union Crypto
    • AR21-048F: MAR-10322463-6.v1 - AppleJeus: Dorusio

    Be interesting to see what shakes out in the wash. And rinse. Repeat? Inquiring minds are curious.

    Update: Couple more additions just hit my inbox:

    • AR21-048D: MAR-10322463-4.v1 - AppleJeus: Kupay Wallet
    • AR21-048B: MAR-10322463-2.v1 - AppleJeus: JMT Trading

Log in to reply