You are viewing 'privacy'
May 19, 2016 - Posted by Zach Holt to
These days, it’s difficult to discuss security without mentioning privacy. As the amount of data being collected on everything from social media to advertising to medical records shows no signs of stopping, commercial entities and malicious actors alike increasingly look to these information gold mines as sources of data ripe for the taking. The use of this information can be leveraged in a number of ways, from simple customer demographics to highly targeted advertising campaigns, or even something more malicious. After all, wouldn’t a mailing list of recently hacked retailers make for some potentially vulnerable users?
Improving email security and privacy
It’s been a little over two years since Edward Snowden broke news about massive government surveillance in the United States and abroad. Since then, major applications have begun tightening security. It was made well known that the government has the ability to read your emails and listen to your phone calls by getting a court order or a subpoena and paying a small fee.
So, what changes have been enacted on the digital front? In this blog I’m going to focus on one area in particular, email.
Before mid-2013 emails were, for the most part, unencrypted, passed in clear text, and stored in clear text. After Snowden, changes started to occur almost immediately. The question is how far have they come?
a. Perfect Forward Secrecy (Nov 2014)
b. Transport Layer Security (TLS) (inbound and outbound as of Nov 2014)
c. Two-factor Authentication (Oct 2014). You have to enable this for... read more >
NCSAM Week 4: Your Evolving Digital Life
Week 4 of National Cyber Security Awareness Month (NCSAM) discusses “Your Evolving Digital Life.” With the Internet becoming more and more integrated in our daily lives, we are opening ourselves up to new threats and challenges. To illustrate my point, let’s discuss a Facebook example while applying the Operations security (OPSEC) process.
OPSEC is a term that originated with the U.S. military. OPSEC is a process that determines if information obtained by adversaries could be interpreted to be useful to them, and using the appropriate measures to eliminate or minimize the exploitation of that information. Simply stated, OPSEC is the protection of information so that it cannot be used against you by your enemies. As our digital lives evolve, we need to be sure to practice good OPSEC.
If we look at the OPSEC process, you can see how it can be applied to how we handle our digital lives. The OPSEC process... read more >
Don’t let IoT insecurity be the death of you and me
There has been a lot of news regarding Internet of Things (IoT) security lately. Perhaps the biggest news in cybersecurity in awhile came from Wired last week in their story, “Hackers Remotely Kill a Jeep on the Highway – With Me In It”. Car hacking is a topic close to the security risks we covered recently in my post, “The (Not So) Secure Smart City of Tomorrow”.
In recent years, almost everything that can be connected to the Internet has been shown to be vulnerable: home security systems, baby monitors, cars, manufacturing equipment, home entertainment networks, and the list goes on. And when it comes to transportation systems, it’s not just cars that are being found... read more >
“The telescreen received and transmitted simultaneously. Any sound… above the level of a very low whisper, would be picked up by it… There was of course no way of knowing whether you were being watched at any given moment.” – Nineteen Eighty-Four by George Orwell, published in 1949
“In Russia, TV watches you!” – comedian Yakov Smirnoff, circa 1984
Be very afraid. Again.
Siri, Apple’s digital assistant program for the iPhone, once had to be explicitly activated before it would listen and accept commands. But in iOS version 8, Siri can be set to an “always listen” mode.
iPhones, iPads, Android phones and Chromebooks can now be configured to listen for an “... read more >