Thirteen cryptography leaders and pioneers published a paper warning of the economic and social pitfalls associated with the government’s desire for “exceptional access” to cryptographic keys.
Tag Archives: Privacy
Windows 10 Wi-Fi Sense could be a privacy problem
Windows 10 is here and it has unleashed a wave of new features and tools for its users. One of which is Wi-Fi Sense, a multi-purpose feature designed to make connecting to the Internet a breeze from Windows Phones.
As explained on the Windows Phone feature page, it does this by:
- Automatically connecting you to crowdsourced open Wi-Fi networks it knows about.
- Accepting a Wi-Fi network’s terms of use on your behalf and providing additional info for you to networks that require it.
- Letting you exchange password-protected Wi-Fi network access with your contacts to give and get Internet access without seeing each other’s Wi-Fi network passwords.
While these are potentially convenient features to use, I have security and privacy concerns regarding their implementation.
It goes without saying, that automatically connecting to open Wi-Fi networks is a bad idea. As we’ve explained several times before, not all free or open Wi-Fi networks are secure and others can be deliberately malicious. Accessing the Internet on these hotspots can lead to your traffic being intercepted by an attacker, known as a ‘man in the middle’ attack.
Accepting a Wi-Fi network’s terms of use automatically on your behalf seems like an equally bad idea to me. Before we even consider what terms Wi-Fi sense may be agreeing to on your behalf, we don’t even know if the landing page is legitimate or encrypted.
As a human, being prompted for an email address or other personal details gives us a chance to assess the trustworthiness of a provider and make a judgement. Wi-Fi Sense takes this decision making away and will seemingly hand over your information to any network asking for it. This could be a privacy concern.
The last feature, sharing Wi-Fi passwords with your contacts is a little less concerning but it is dependent on complete trust within your contacts.
In combination with the other two features, receiving a network key from a contact could cause you to automatically connect to a malicious network and potentially put you at risk.
How to disable Wi-Fi Sense
Disabling Wi-Fi Sense is simple. On your Windows 10 device go to Settings > Wi-Fi > Wi-Fi Sense.
Tips for safe Wi-Fi Usage
When it comes to surfing the web from your phone, there are generally two things that should concern you:
Wi-Fi-Hacking: Wi-Fi hacking is the most common threat when it comes to public Wi-Fi. When you connect to an public Wi-Fi network (i.e. coffee shop, airport, or hotel), others maybe able to intercept your Internet traffic, collecting your passwords, private photos, emails, browser cookies and a lot more personal info.
Wi-Fi tracking is the second big issue. Currently specialized software solutions allow virtually anybody to use your phone’s Wi-Fi signal, to track your location and in some instances identify you. Wi-Fi tracking is even more worrying as most smartphone users have their Wi-Fi on all the time. This is increasingly an issue as retailers can use your Wi-Fi signal to track how you move around stores or around the city and even identify who you are. And that’s not all, if you keep your Wi-Fi open all the time hackers can trick your phone into connecting to a fake Wi-Fi hotspot.
At the AVG Innovation Lab in Amsterdam, we developed AVG Wi-Fi Assistant to help combat both of these problems.
VPN Technology
AVG Wi-Fi Assistant can encrypt all the data coming and going from your device helping to ensure that even if someone is snooping on your traffic, that your data is still secured.
Wi-Fi Automation
To help prevent the Wi-Fi tracking issue detailed above, AVG Wi-Fi Assistant prevents your device from automatically joining public Wi-Fi networks by turning off your Wi-Fi when you’re not using it. This helps to keep you safe from trackers.
Here is Tony Anscombe with more tips on securing your Wi-Fi connection from an Android device.
Video
How to keep your mobile while using public Wi-Fi
T-Mobile received the most US data requisition requests
Telco T-Mobile’s US arm received more data requests than its larger peers in 2014.
The post T-Mobile received the most US data requisition requests appeared first on We Live Security.
What data do you protect on your phone?
With over 100 million installs of AVG AntiVirus for Android, we help a huge number of people protect their devices and their data. One of the popular tools in our app is the “App Locker”.
By analyzing a sample of anonymized user data, we’ve learned which information users want to protect the most and have discovered how app updates actually make us more aware of our privacy than before.
Messaging Apps come out on top
When it comes to data that people want to keep private, nothing beats personal messages. Four of the top five most locked apps were messaging apps with WhatsApp the most popular.
Personal data
As one might expect, after messaging apps, social networking and photo apps were the next most locked. People have a clear understanding that they want to keep their personal life private and take steps to the data stored within these apps
The Privacy Window
Once installed, it’s easy to forget how an app may have access to sensitive data or personal files. We’ve seen that one thing that causes us to remember these permissions are updates. We understood this to mean that there is privacy window in which we all think about apps and their permissions.
Our apps allow us to turn our smartphones into incredibly powerful devices that do everything for us. In return though, we give apps, and their developers access to our data and our lives. To use Instagram, for example, we must first allow it access to our pictures.
This means that each app carefully creates a unique and personal experience for each user, they also become private things that perhaps we don’t want to share.
That’s the idea behind the App Locker feature in AVG AntiVirus for Android. Available as part of the PRO product, App Locker is designed to help you decide what you would like to keep private and password protected.
It could be your messages or even, an app that you don’t want your child to use when they have your device, it’s entirely up to you.
Download AVG AntiVirus for Android today.
Is the blockchain the next big thing in banking?
Late last year, it emerged that that two major Dutch banks ABN Amro and ING were running trials of blockchain technology on their trading desks. The move follows reports that international banking group Santander was testing the viability of moving their international payments infrastructure to the blockchain.
The move to the blockchain, which Santander estimated could save banks as much as $20 billion a year in infrastructural costs, would be a landmark endorsement of the technology behind cryptocurrencies such as Bitcoin.
While it seems that the move may now not go ahead, it is still a significant step for financial institutions that have gone largely unchanged in decades. What we are witnessing is the first large scale reaction from a bank in the face of new technology that threatens their industry, Bitcoin has revealed how outdated the existing financial infrastructure is, and banks realize this.
What is the blockchain?
Many people confuse blockchain with Bitcoin. While Bitcoin is a cryptocurrency, blockchain is the ledger system that tracks and manages every transaction made. The blockchain is mostly known for being the ledger system used by Bitcoin.
The blockchain is essentially a record of all Bitcoin transactions in history. They are recorded live and stored chronologically in “blocks” so that if you followed the chain through to the end, it would return to the first ever Bitcoin transaction.
You can see the blockchain in action here, with a live scrolling list of all transactions made in Bitcoin shown in real time.
https://blockchain.info/new-transactions
Why move to the blockchain?
What’s interesting about the blockchain is that it is entirely transparent. The sender and recipient of every transaction is known. But the blockchain also grants pseudo anonymity, while the details of the transactions are shown, there is no way to trace the identity of the account holders.
As well as improved privacy, the blockchain allows end users to save money on international financial transactions, move money around instantly and securely.
Security is another important benefit of the blockchain. While a traditional bank has a small number of servers processing transactions, when using the blockchain, the legwork is split between thousands of computers around the world.
Naturally, having such a large bank of computers do the processing makes the blockchain incredibly secure. With each computer managing only a tiny fraction of the transactions, in order to successfully hack the ledger, hundreds, if not thousands, of computers would need to be successfully breached. On top of this, it means that banks no longer need to foot the bill for server maintenance and security.
What does this mean for Bitcoin?
With blockchain technology on the brink of mainstream adoption, where does that leave Bitcoin? Unfortunately for fans of the cryptocurrency, the traded volumes are still too small to really support its case as a viable alternative to traditional currency.
However, volumes are growing slowly over time and while early adopters such as Silkroad have brought negative press associations, they are also paving a way for legitimate business use – a proof of concept.
While we may have to wait some time to see either blockchain or Bitcoin adopted by mainstream industry and finance, the news that major corporations are investigating the applications of blockchain technology is a very positive sign.
I believe that in a few years’ time, blockchain will be the de-facto method for ledgering transactions and that businesses and banks will no longer ‘own’ how their clients move money but instead battle to be the platform of choice for blockchain transactions.
Eastern England councils in slew of data breach errors
A series of more than 160 data breaches have struck local authorities in Norfolk, Suffolk and Cambridgeshire over the past year, according to new reports.
The post Eastern England councils in slew of data breach errors appeared first on We Live Security.
ICANN policy changes trigger privacy concerns
Internet name authority ICANN has unsettled privacy advocates after a new working group document flagged changes to the way domain proxy services can operate.
The post ICANN policy changes trigger privacy concerns appeared first on We Live Security.
NIST Drops Weak Dual_EC RNG From Official Recommendations
NIST officially has removed the controversial and compromised Dual_EC_DRBG from its list of recommended algorithms for generating random numbers.
Threatpost News Wrap, June 26, 2015
Dennis Fisher and Mike Mimoso talk about the Cisco default SSH keys, more details of the OPM data breach, the Adobe 0-day and why we never hear about bad APT groups, only the really good ones.
Will your next password be an emoji?
Emoji’s such as smiley faces and others pictographs used commonly by many people nowadays have been put forward as a possible replacement to the humble password or PIN by a British start-up called Intelligent Environments.
As reported in The Guardian recently, the concept lends itself to our natural ability to remember pictures much more vividly than standard characters like letters and numbers.
Add to that research that shows 64% of millennials are using Emoji’s almost exclusively in their communication, and one wonders if this trend just might have some merit in the future.
The method proposed is that instead of entering your password or PIN, instead you would select a sequence of 4 Emoji pictures from a possible set of 44. The math behind this says that an Emoji “password” would therefore be one out of a possible 3,748,096 combinations.
However, the question of whether this would be more secure over the standard password, and in particular a 4-digit PIN is open for debate.
While technically your 4-digit PIN is only one from a combination of 10,000 choices, the implementation on your mobile device tends to be much more secure, by the fact that incorrect attempts will result in gradually increasing timeouts – making it much more difficult and impractical to crack easily.
And consider that, just as with passwords, it is possible that people will select Emoji sequences that are quite predictable. For example, selecting Emoji’s that tell a common story, like a Man, a love heart, a Woman, and a bunch of flowers; it’s quite possible people will end up selecting popular Emoji versions of the 1234 PIN equivalent.
On the positive side, think of how hard writing down your Emjoi “password” is going to be for those of us who aren’t artistically gifted.
If you are concerned about only using a 4-digit PIN on your mobile device, however, there are options you can change:
- On iPhone/iPad you can switch off the “Simple Passcode” option under settings and select a much longer password which is great if you’ve got the TouchID fingerprint reader.
- For Android users, depending on the version you have, you can select from PIN, Password, and also Smart Lock features. Using the Pattern option (where you draw a pattern on the screen) is not recommended as the smudge marks you leave on the screen can be enough to give it away!
For more information keeping your mobile device safe, check out the video below 6 Tips to Secure your Android Phone video.
Video
6 Tips to Secure Your Android Phone
Until next time, stay safe out there.
