Posts Tagged ‘security’

Opinion | 7 Simple Ways to Protect Your Digital Privacy

September 30, 2019

QT:{{”
“How: A browser extension like uBlock Origin blocks ads and the data they collect. The uBlock Origin extension also prevents malware from running in your browser and gives you an easy way to turn the ad blocking off when you want to support sites you know are secure. Combine uBlock with Privacy Badger, which blocks trackers, and ads won’t follow you around as much. To slow down stalker ads even more, disable interest-based ads from Apple, Facebook, Google and Twitter. A lot of websites offer means to opt out of data collection, but you need to do so manually. Simple Opt Out has direct links to opt-out instructions for major sites like Netflix, Reddit and more. Doing this won’t eliminate the problem completely, but it will significantly cut down on the amount of data collected.

You should also install the HTTPS Everywhere extension. HTTPS Everywhere automatically directs you to the secure version of a site when the site supports that, making it difficult for an attacker — especially if you’re on public Wi-Fi at a coffee shop, airport or hotel — to digitally eavesdrop on what you’re doing.

Some people may want to use a virtual private network (VPN), but it’s not necessary for everyone. If you frequently connect to public Wi-Fi, a VPN is useful because it adds a layer of security to your browsing when HTTPS isn’t available. It can also provide some privacy from your internet service provider and help minimize tracking based on your IP address. But all your internet activity still flows through the VPN provider’s servers, so in using a VPN you’re choosing to trust that company over your ISP not to store or sell your data. Make sure you understand the pros and cons first, but if you want a VPN, Wirecutter recommends IVPN.”
“}}
Opinion | 7 Simple Ways to Protect Your Digital Privacy
https://www.nytimes.com/2019/05/06/opinion/7-simple-ways-to-protect-your-digital-privacy.html

SKS Keyserver Network Under Attack

July 5, 2019

a good example of a hypothetical attack that now becomes real

https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f QT:{{”
“The number one use of OpenPGP today is to verify downloaded packages for Linux-based operating systems, usually using a software tool called GnuPG. If someone were to poison a vendor’s public certificate and upload it to the keyserver network, the next time a system administrator refreshed their keyring from the keyserver network the vendor’s now-poisoned certificate would be downloaded. At that point upgrades become impossible because the authenticity of downloaded packages cannot be verified. Even downloading the vendor’s certificate and re-importing it would be of no use, because GnuPG would choke trying to import the new certificate. It is not hard to imagine how motivated adversaries could employ this against a Linux-based computer network.”
“}}

How North Korea’s Hackers Became Dangerously Good

July 1, 2018

QT:{{”
“Once you have been selected to get into the cyber unit, you receive a title that makes you a special citizen, and you don’t have to worry about food and the basic necessities,” says a defector familiar with North Korea’s cyber training.”
“}}

https://www.wsj.com/articles/how-north-koreas-hackers-became-dangerously-good-1524150416

Spam: A Shadow History of the Internet Excerpt, Part 1: Scientific American

June 28, 2018

https://www.amazon.com/Spam-Shadow-History-Internet-Infrastructures-ebook/dp/B00C4UU2E8

Spam: A Shadow History of the Internet [excerpt, Part 1]: Scientific
American http://www.scientificamerican.com/article.cfm?id=spam-shadow-history-of-internet-excerpt-part-one

discusses naive bayes

The Teens Who Hacked Microsoft’s Xbox Empire—And Went Too Far | WIRED

May 14, 2018

https://www.wired.com/story/xbox-underground-videogame-hackers/

Google’s New Super-Secure Email Is Designed For High-Profile Targets. Would It Have Protected Hillary’s Campaign?

October 28, 2017

QT:{{"

“The Advanced Protection Program incorporates a physical security key (a small USB or wireless device that costs around $25) to protect against phishing. The key, which participants need to buy themselves, uses public-key cryptography and digital signatures. Without the key, even someone with your password would be unable to access your account. Advanced Protection limits your Google data access to only Google apps and adds additional safeguards in the account recovery process to prevent someone from social engineering their way into your account. It also performs additional scans on files and attachments to ensure no malware is piggybacking on the download.”
"}}

#Google’s New Super-Secure Email Is Designed For High-Profile Targets http://www.Slate.com/blogs/future_tense/2017/10/17/google_introduces_super_secure_email_to_prevent_high_profile_hacks_could.html Appears to be open to all. Anyone tried this?

Artificial intelligence just made guessing your password a whole lot easier

September 22, 2017

#AI just made guessing your password…easier
http://www.ScienceMag.org/news/2017/09/artificial-intelligence-just-made-guessing-your-password-whole-lot-easier rather Number cracked raises #security/#privacy concerns HT @Rozowsky

QT:{{”
The new study aimed to speed this up by applying deep learning, a brain-inspired approach at the cutting edge of AI. Researchers at Stevens Institute of Technology in Hoboken, New Jersey, started with a so-called generative adversarial network, or GAN, which comprises two artificial neural networks. A “generator” attempts to produce artificial outputs (like images) that resemble real examples (actual photos), while a “discriminator” tries to detect real from fake. They help refine each other until the generator becomes a skilled counterfeiter.
“}}

We’re committed to your security

September 17, 2017

http://links.e.lastpass.com/ctt?kn=1&ms=NTQ4ODM4MTcS1&r=MTk4NDYzMjg3MDcwS0&b=0&j=MTI0NDc3NjcwMwS2&mt=1&rt=0

https://www.equifaxsecurity2017.com/

QT:{{”
As you may have heard, Equifax, one of the three largest credit monitoring bureaus in the U.S., announced a data breach at the company that may have affected 143 million U.S. consumers. The breach included social security numbers, birth dates, addresses, credit card numbers as well as other personal information.
“}}

Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency

September 5, 2017

Identity Thieves Hijack Cellphone Accounts to Go After Virtual
Currency https://www.nytimes.com/2017/08/21/business/dealbook/phone-hack-bitcoin-virtual-currency.html Problematic #privacy loophole w/ #2factor

QT::{{”
“Hackers have discovered that one of the most central elements of online security — the mobile phone number — is also one of the easiest to steal.
In a growing number of online attacks, hackers have been calling up Verizon, T-Mobile U.S., Sprint and AT&T and asking them to transfer control of a victim’s phone number to a device under the control of the hackers.
“}}

cybersecurity story

August 5, 2017

The absent-minded prof in the news…!

http://www.nature.com/news/cybersecurity-for-the-travelling-scientist-1.22379

Cybersecurity for the travelling scientist

Virtual private networks, tracking apps and ‘burner’ laptops: how to protect sensitive data when you take your research on the road.

Brian Owens

02 August 2017

QT:{{”
Mark Gerstein has had his fair share of scares when it comes to losing track of his electronic devices — and, along with them, access to his private information and research data.

“I’m very security conscious, but also a bit of an absent-minded professor,” says Gerstein, a bioinformatician at Yale University in New Haven, Connecticut.

He recalls one trip to Boston, Massachusetts, when he left his phone in a taxi, and watched it get farther and farther away on the tracking app on his iPad while he ran after the car in vain. Luckily, Gerstein was able to contact the taxi company, and eventually watched his phone make the return journey to his pocket.

Gerstein’s story had a happy ending, but all too often, hardware lost on the road is lost for good.
“}}