AMX, a provider of audio-visual conferencing gear used in sensitive government and military locations, has removed a “deliberate” backdoor in one of its central controller system products.
Tag Archives: Privacy
Google Challenges Number of Android Devices Affected by Linux Flaw
Google has patched Android against a critical Linux kernel vulnerability, and said the number of affected Android devices has been exaggerated.
Privacy on the Internet: There is no such thing as a free lunch
This is a reprint of The elusive “P” which appeared in the January 2016 issue of Indian Management.
There is no such thing as a free lunch, truly.
As we increasingly traverse the virtual realm, we are putting at stake a crucial aspect—our much-treasured privacy.
There is not a lot of privacy on the Internet today. Every place you go – websites, social networks, apps – all know your IP address and where you are located, which they can correlate with your demographics, age, gender, and the websites that you visit. Social networks can even tell advertisers what your political leanings are and which religion you practice, and the Internet knows which books you read, which cosmetics you use, and whether or not you are pregnant, getting married or divorced. At the end of the day, search engine companies and Internet Service Providers know everything about you. With the up-rise of the Internet of Things, Internet-connected devices can dig even deeper into our lives. Our cars remember when we drove where, how fast we went, and what music we were listening to, while our smart watch can tell us more about our health than our doctors can. Privacy is a thing of the past.
A trade-off between convenience and privacy
In our day-to-day usage of the Internet, each of us are either making a conscious or unconscious trade-off between convenience and privacy.
One example of this can be seen in Gmail, the hugely popular email service used by nearly one billion people around the world. Most people will, but others might not recognize that they receive advertisements which are somewhat related to the subject of their emails. This is due to the fact that the subjects of a user’s emails are sent to various advertising engines to come up with relevant content to serve back to the Gmail user. For someone who sent an email with ‘vacation’ in the subject line, this may result in the user receiving ads with flight offers during the following days.
As a consumer searching for different things on the Internet, you are likely making the connection that advertisements that you see are based on the searches you have recently made. This is the result of targeted advertisements, which can simultaneously provide true value and can also cause problems or be embarrassing. For example, if a family shares one computer, certain family members may not want their parents or children knowing about their search history. This becomes difficult to avoid with targeted ads, since the ads displayed are related to search items that were originally intended to be confidential.
Taking this a step further, we also need to start thinking about the advancement of our smart devices. One big enabler of privacy violations is geographic tracking embedded in everyone’s devices — from our smartphones to our cars. As geotracking becomes an everyday feature in cars, people can effortlessly follow their spouse or child while they are driving, keeping track of their speed, location and driving habits. While this could potentially encourage safe driving, it could also have negative effects on those who don’t want to be surveilled. What’s more, the data collected by a car could be sold to insurance companies that will refuse payment in the case that an accident was caused by speeding.
For the most part, people may understand the risks that come along with the development of smart devices. However, when feeding companies with mass amounts of data collected by these devices, users continue to make a conscious trade-off that results in the loss of their personal privacy.
Free software and the lure of fast click-through agreements
One of the reasons why people so easily and willingly give up their privacy is that most of the software they download comes with no price tag attached to it. Back in the 90s, software was sold in stores and was fairly expensive for the average consumer. Now that the majority of software is downloaded online and is distributed largely free of charge, the products come with a price tag of a different kind — the infringement on consumers’ privacy and security. This issue is heightened by the fact that many people don’t take the time to read through their software’s click-through agreements.
The real question is this: What does a user receive in exchange for giving up their privacy? Additionally, are they willing to lose the convenience that software and apps provide if they want to keep their privacy intact?
Certain services of trusted companies can serve very useful purposes, such as free email services, search, text messaging, social networking, health monitoring, or child safety; and targeted advertising by social networks, search engines and other web services is not seen as risky. The more an app or web service knows about you, such as your location, your interests, your contacts, the better they can target you. Some people prefer seeing targeted ads, as the ads displayed become increasingly relevant for them, while others find targeted advertising to be, to a certain extent, an invasion of privacy.
The only way to completely prevent being spied on in today’s day and age would be to not use the Internet nor smart devices and free services that access sensitive data in order to target ads.
There are, however, tools in the market, like browser-add-ons that provide consumers with information on web interactions with social media sites, advertising networks that share data, and the analytics used to improve a website. Clever technology can identify these from either cookies or programming code that is embedded in the website. There are also apps for mobile users helping them understand which data apps can access and which ad networks they serve.
A joint effort needed between industry and politics
Although there are solutions available, it cannot be solely the consumer’s burden to determine how to navigate the trade-off between privacy and convenience. It’s not possible for users to stay 100% informed about what happens to their data, as most companies simply don’t communicate these things to their customer base. To combat this issue, companies should focus on increasing their transparency, making their privacy agreements easy to the average user to understand, and putting significant effort into educating their customers. Politicians will also need to determine just how far companies can legally go with the collection and distribution of user data.
Facebook adds Built-in Tor Support for its Android App
Rejoice for Privacy Lovers!
Facebook today took a surprising move by announcing that it is bringing the free anonymizing software TOR support to its Android app, almost two years after the social network planned to make Facebook available directly over Tor network.
<!– adsense –>
Yes. Believe it or not, the Android version of the popular Facebook application now supports the Tor
‘Context’ shapes American attitudes towards privacy
A new survey has revealed that when it comes to making a decision on information sharing and privacy, context plays an important part for many Americans.
The post ‘Context’ shapes American attitudes towards privacy appeared first on We Live Security.
Critical Yahoo Mail Flaw Patched, $10K Bounty Paid
A researcher earned a $10,000 bounty from Yahoo for a stored cross-site scripting vulnerability in Yahoo Mail.
LastPass Mitigates Newly Disclosed Phishing Attack
LastPass has mitigated the effects of a new phishing attack presented this weekend at ShmooCon.
Prevent strangers from using your Wi-Fi network
If you’re running an open Wi-Fi network, you’re opening yourself up to risk in several ways.
- You could be liable for crimes someone commits using your network: it’s your Wi-Fi network, so it’s your name that will show up when the police start looking.
- You’re exposing your PC or mobile devices to hackers:if anyone can join your network, they can find all the other devices connected to it too.
- You could be paying for other people’s use of bandwidth:if you thought your data plan was expensive, imagine what it could look like if your neighbors start streaming movies at your expense.
- You could be violating the terms of services from your Internet Service Provider: they are selling their connection to you, not your neighborhood.
Basic ways to secure your home Wi-Fi:
Most of these security measures can be done by connecting to your router’s settings.
- Change your network name: Don’t use any personally identifiable names for your home network, like your own name or business name. It just makes it easier for someone to target you specifically. Use something that’s random or private.
- Use WPA2 encryption: Your router likely has settings for various forms of encryption, but stick with WPA2, the strongest variant.
- Make sure you use a strong password:Use a long password, at least 20 characters long. That seems long, but you can write it down on a sticker and place it on the router itself.
These basic tricks should help you keep your home Wi-Fi network safe from uninvited guests…
Six things to think about in the new year
Here are six things to think about for this year, with business security strategy top of mind…
1. Artificial Intelligence keeping us safe online
Artificial intelligence and machine learning isn’t just about robot dogs and self-driving cars. The latest AVG Business anti-malware products contain a number of sophisticated neural learning and cloud-data collection techniques designed to catch malware earlier and more often. Expect to hear more through 2016 about how artificial intelligence will help transform security solutions to help keep malware at bay.
2. Certificate Authorities: beginning of the end
SSL continued to be a big talking point in 2015 with further vulnerabilities being disclosed. This year the debate will continue around certification, development of new open standards and easier choices for website owners. Every news story about certificate mismanagement, security mishaps, and data breaches puts Certificate Authorities under increasing scrutiny. For many small businesses, the website owners paying a Certificate Authority and submitting themselves to what can sometimes be an arduous verification and checking process, is cumbersome and unnecessary.
This is where technical alternatives like Let’s Encrypt (currently in beta) are bound to flourish.
Additionally, Google’s Certificate Transparency project will continue to identify rogue SSL Certificates through detections built into modern day web browsers, as Google continues to hold Certificate Authorities to account – helping keep us all safer.Lastly, with the promise of other solutions such as the Internet Society’s proposed DANE protocol, offering the ability for any website owner to validate their own SSL certificate and therefore bypass a Certificate Authority altogether, 2016 will be an interesting year to watch!
3. Malvertising, Ad Networks: shape up, or ship out
Malvertising is what happens when malware is served up to innocent web site visitors; it’s happening all too frequently and is caused by questionable third party relationships and the poor security of some online advertising networks. At the root of this problem is the “attack surface” of ever-growing, ever-complex advertising and tracking “scripts” provided by ad networks and included by publishers (often blindly) on their websites. The scripts are slowing the browsing experience and anyone who has installed an ad blocker recently will tell you they can’t believe how fast their favourite websites are now loading. Research conducted by The New York Times showed that for many popular mobile news websites, more than half of the bandwidth used comes from serving up ads. That’s more data from loading the ads, scripts and tracking codes, than the content you can see and read on the page!
Whatever the solution, one thing is for certain, Ad Networks need to shape up and address their security, otherwise 2016 may well be remembered as the year of Malvertising.
4. Augmenting passwords with extra security steps in 2016
The need for strong passwords isn’t going anywhere in 2016. There were reminders in 2015 that even having the world’s longest smartphone passcode doesn’t mean someone can’t figure it out.
This year, there will be growing use of extra steps to make accessing data safer. In 2015, Yahoo announced a security solution using mobile devices rather than a password for access, and we even saw Google include Smart Lock features that can use the presence of other nearby devices to unlock your smartphone. Two-factor authentication – using two steps and ‘something you have and something you know’ to verify someone’s identity – will continue to be popular for use by many cloud-based providers looking to avoid data breaches.
5. The Internet of Things needs security by design
Every device seems to be getting smart – in the home and in the office. You’re likely going to be using your smartphone as a “lifestyle remote” to control a growing array of devices. Being able to set the office temperature remotely, or turn on the kettle in the communal kitchen without leaving your desk may sound helpful, but the devices have the potential to give up WiFi keys. Every unprotected device that is connected to a network is open to hacking. Cyber criminals are probing hardware, scanning the airwaves, and harvesting passwords and other personal identity data from wherever they can. So the advice is simple: every connected innovation needs to be included in your business-wide security.
6. Update and upgrade or face the financial and legal consequences?
Upgrading and updating all your software, devices, gadgets and equipment remains a vital business issue. The Internet of Things is raising new questions about who is responsible for what in a legal sense. Who owns data? What happens when machines take “autonomous” decisions? Who is liable if something goes wrong? To take one extreme example, a police officer pulled over one of Google’s driverless cars in November for causing a traffic jam on one Californian highway by driving too slowly. Again, the lesson is clear. The simple rule this year is to ensure that your business software and systems are always using the latest update. Your life may not depend on it, but your livelihood might.
So these are my six “thinking points” as we head into 2016.
Here at AVG, we look forward to helping you keep security front and center for your business this year. For more information on AVG Business security solutions that keep devices, data and people protected every day, across the globe, visit http://www.avg.com/internet-security-business.
Questions Linger as Juniper Removes Backdoored Dual_EC RNG
Juniper Networks has removed the backdoored Dual_EC DRBG algorithm from its ScreenOS operating system, but new developments show Juniper deployed Dual_EC long after it was known to be backdoored.