Making Sense of Security

Securing your Digital World.

Making Sense of Security
Browsing:

Category: Protection

Two-Step Verification

The process of authentication, or proving who you are, is key to protecting your information, such as your email, social media, or online banking accounts. You may not realize it, but there are three different ways to prove who you are: what you know, such as a password, what you have, such as your driver’s license, and some part of you, such as your fingerprint. Each one of these methods has advantages and disadvantages. The most common authentication method is passwords, which are something you know. Unfortunately, using passwords just by themselves is proving to be more and more Read more…


Next on the regulatory review roll

It can be one of the biggest expenditures a consumer makes. It’s a uniquely sensitive transaction. And it’s covered by an FTC Rule. We’re talking about funerals and the FTC has just announced that as part of its ongoing regulatory review process, it’s taking another look at the Funeral Industry Practices Rule. In effect since 1984 and last amended in 1994, the Funeral Rule is designed to protect consumers from deception and unfairness. In promulgating the Rule, the FTC observed that shopping for funeral goods and services is different from other purchases. Consumers may lack familiarity with the transaction. Read more…


Google software glitch sent some users’ videos to strangers

Google has said a software bug resulted in some users’ personal videos being emailed to strangers. The flaw affected users of Google Photos who requested to export their data in late November. For four days the export tool wrongly added videos to unrelated users’ archives. As a result, private videos may have been sent to strangers, while downloaded archives may not have been complete. “We are notifying people about a bug that may have affected users who used Google Takeout to export their Google Photos content between November 21 and November 25,” a Google spokesperson said. “These users may Read more…


NIST tests methods of recovering data from smashed smartphones

by John E Dunn Smash it, submerge it in water, and perhaps shoot it for good measure – just three of the methods criminals use to permanently erase digital evidence from smartphones. And yet, as many criminals have found out to their cost, reducing a device to a pile of smashed plastic and glass means nothing if the internal memory chips remain in working order. The forensic engineers who help police gather evidence understand this even if it’s not always been clear which methods are the most effective as extracting data accurately enough for it to meet standards of Read more…


Twitter hands over student’s account to his college

by Lisa Vaas No, we do not police the social media activity of our students, a New York university said last week, and yes, we have a sense of humor – remember the banana we taped to the wall in the student union and then posted on Instagram? That was part of a Twitter stream posted by the State University of New York (SUNY) College at Geneseo, defending itself after a student’s parody account of the college – originally called @SUNYGenseeo, switched to NOT SUNY Geneseo, and now renamed geneseo’s #1 fan – was hijacked. The account’s rightful owner Read more…


Google’s Super Bowl ad will make you cry. Or wince.

by Lisa Vaas “How to not forget,” is typed into a Google search bar. That’s the simple way that Google started its Super Bowl ad, which featured an elderly man’s voice as he asked Google Assistant to help him remember details about his late wife. [youtube https://www.youtube.com/watch?v=6xSxXiHwMrg?version=3&rel=1&fs=1&autohide=2&showsearch=0&showinfo=1&iv_load_policy=1&wmode=transparent&w=775&h=436] The narrator laughs as the ad goes on to show a photo of a younger, moustachioed version of himself with “Loretta.” “Remember, Loretta hated my moustache,” he says in a way that makes the viewer think that the man is sitting around with his friends or family, sweetly reminiscing. But while you Read more…


FTC alleges deception in “unbiased” review site’s ratings and rankings

Top picks, star ratings, in-depth reviews. Many consumers don’t buy anything without consulting third-party review sites or checking out the opinions of other customers. But how often are those ratings the product of buying and selling between the “independent” site and companies willing to pay for better play? And are those reviews really from satisfied customers or are they from employees acting on instructions to stuff the ballot box with five-star ratings? Those are the allegations in a lawsuit against LendEDU, a site the FTC says falsely claimed to offer “objective” evaluations of financial products. Does the proposed settlement Read more…


Apple proposes simple security upgrade for SMS 2FA codes

by John E Dunn Apple engineers think they’ve come up with a simple way to make SMS two-factor authentication (2FA) one-time codes less susceptible to phishing attacks: agree a common text format so their use can be automated without the need for risky user interaction. The concept proposed by the company’s Safari WebKit team is that apps such as mobile browsers will automatically process SMS text codes as they are received, submitting them to the correct website. This dodges today’s hazard that phishing websites can first fool people into entering their password and username, before asking them to submit Read more…


FTC warns VoIP providers that help robocallers: we can and will sue

by Lisa Vaas How many illegal robocalls do you get? As in, those spoofed numbers made to look like a neighbor’s calling, calls coming in even though you’re on the National Do Not Call Registry, scammers trying to get you to cough up your personal information? However many you get, it’s too much, since nearly all robocalls are illegal. And we already know that as of September 2019, the number of robocalls flooding US phones was 200 million per day. Would it be any comfort at all to learn that the US Federal Trade Commission (FTC) has growled at Read more…


Free webinar for businesses focuses on tax identity theft and cybersecurity

We know you’re busy with the business of your business. But we’re hoping for an hour of your time. Why? It’s tax season and tax identity thieves, government imposters, and cyber criminals are out in force. Find out how to help thwart them so you can keep focused on your bottom line.   On Tuesday, February 4, join a free webinar, “Protecting Sensitive Business and Customer Information: Practical Data Security Practices for Your Business.” Hear from the FTC and IRS about identity theft, the latest imposter scams targeting businesses, and creating a data security plan to protect your customers, employees, Read more…


Fraudsters posed as art dealer, bilked museum for millions

by Lisa Vaas “We got scammed!” said a London art dealer after business email compromise (BEC) scammers inserted themselves into a months-long conversation about the sale of a £2.4 million (USD $3.1 million) John Constable painting, spoofing their emails to make it look like the messages came from Simon C. Dickinson Ltd. “No, we got scammed,” said the Dutch museum Rijksmuseum Twenthe, which now has the work by the 19th century English landscape painter and whose money got whisked away by fraudsters who transferred the funds to a Hong Kong account. According to Claims Journal, lawyers for the two Read more…


Google launches open-source security key project, OpenSK

by Danny Bradbury Interested in using hardware security keys to log into online services more securely? Well, now you can make your own from scratch, thanks to an open-source project that Google announced last week. Google has released an open-source implementation called OpenSK. It’s a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key. FIDO is a standard for secure online access via a browser that goes beyond passwords. There are three modern flavours of it: Universal Second Factor (U2F), Universal Authentication Factor (UAF), and Read more…


Monday review – the hot 25 stories of the week

by Naked Security writer Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time. Monday 27 January 2020 Tuesday 28 January 2020 Wednesday 29 January 2020 Thursday 30 January 2020 Friday 31 January 2020 News, straight to your inbox Would you like to keep up with all the stories we write? Why not sign up for our daily newsletter to make sure you don’t miss anything. You can easily unsubscribe if you decide you no longer want it. Latest Naked Security Live video [youtube https://www.youtube.com/watch?v=LGRpsYb9ZKs?version=3&rel=0&fs=1&autohide=2&showsearch=0&showinfo=1&iv_load_policy=1&wmode=transparent&w=775&h=436] (Watch directly on YouTube if Read more…


Will we just accept our loss of privacy, or has the techlash already begun? | Alan Rusbridger

Probably too late to ask, but was the past year the moment we lost our technological innocence? The Alexa in the corner of the kitchen monitoring your every word? The location-betraying device in your pocket? The dozen trackers on that web page you just opened? The thought that a 5G network could, in some hazily understood way, be hardwired back to Beijing? The spooky use of live facial recognition on CCTV cameras across London. With privacy there have been so many landmarks in the past 12 months. The $5bn Federal Trade Commission fine on Facebook to settle the Cambridge Read more…


Serious Security – How ‘special case’ code blew a hole in OpenSMTPD

by Paul Ducklin If there’s one open source project with an unashamedly clear focus on security, it’s the OpenBSD operating system. In its own words, its efforts “emphasize portability, standardization, correctness, proactive security and integrated cryptography.” Indeed, numerous sub-projects under the OpenBSD umbrella have become well-known cybersecurity names in their own right, notably OpenSSH – which ships with almost every Linux distribution and, since Windows 10, with Windows – and LibreSSL. There’s also OpenSMTPD, a mail server that aims to allow “ordinary machines to exchange emails with other systems speaking the SMTP protocol”, for example to let you run Read more…


UN hacked via unpatched SharePoint server

by Danny Bradbury The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. Then it failed to tell anyone, even though it produced a damning internal report. The news emerged after an anonymous IT employee leaked the information to The New Humanitarian, which is a UN-founded publication that became independent in 2015 to report on the global aid community. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the “entire domain” was probably compromised by an attacker who was lurking Read more…


US Interior Dept extends drone grounding over foreign hacking fears

by John E Dunn Now can’t be an easy time to be a professional drone pilot working for the US Department of the Interior (DOI). After years of enthusiastic expansion, in November 2019 the agency announced the temporary grounding of its fleet of Unmanned Aircraft Systems (UAS) over hacking fears unnamed sources claimed were connected to their manufacture in China or use of Chinese parts. This week, the DOI doubled down on that order, with Secretary of the Interior David Bernhardt signing a follow-up that will keep the agency’s drones on the ground for another 30 days until a Read more…


Financial tech firms disagree on ban of customer data screen-scraping

by Lisa Vaas For years, financial technology (fintech) companies have used screen-scraping to retrieve customers’ financial data with their consent. Think lenders, financial management apps, personal finance dashboards, and accounting products doing useful things: like, say, your budgeting app will use screen-scraping to get at the incoming and outgoing transactions in your bank account, using the information to power its analysis… …putting your privacy, passcode and other security information in danger of getting lost along the way. Because of those potential dangers to people’s privacy and data, many in fintech are urging the Australian government to follow in the Read more…


Jeff Bezos met FBI investigators in 2019 over alleged Saudi hack

Jeff Bezos met federal investigators in April 2019 after they received information about the alleged hack of the billionaire’s mobile phone by Saudi Arabia, the Guardian has been told. Bezos was interviewed by investigators at a time when the FBI was conducting an investigation into the Israeli technology company NSO Group, according to a person who was present at the meeting. Reuters first reported on Thursday that the FBI was investigating the role of NSO in possible hacks of US residents and companies, citing four people familiar with the inquiry. Reuters also reported that the FBI had met Bezos Read more…


Facebook to pay $550m to settle face-tagging suit

by Lisa Vaas A class-action lawsuit against Facebook for scanning a user’s face in photos and offering tagging suggestions looks like it’s finally done churning through the courts. The upshot: it will pay $550 million to settle the suit, Facebook disclosed in its quarterly earnings report on Wednesday. Filed in 2015, plaintiffs had claimed that the platform violated the strictest biometric privacy law in the land – Illinois’s Biometric Information Privacy Act (BIPA) – with its tag suggestions tool. Facebook started using that tool in 2015 to automatically recognize people’s faces in photos and suggest to their friends that Read more…


S2 Ep24: Tinder, angry customers and weleakinfo takedown – Naked Security Podcast

by Alice Duckett This week we discuss 70,000 images being stolen from Tinder, the weleakinfo.com FBI bust and how Sonos annoyed its longstanding customers. Host Anna Brading is joined by Sophos experts Mark Stockley, Greg Iddon and producer Alice Duckett. Listen now! LISTEN NOW Click-and-drag on the soundwaves below to skip to any point in the podcast. View Original Source Article HERE


Trello exposed! Search turns up huge trove of private data

by John E Dunn Hands up who’s used the increasingly popular online collaboration platform Trello? Trello is great for organising to-do lists and for coordinating team tasks. But it has its downsides too. While the default for Trello boards is set to ‘private’, many users set them to ‘public’ which means that anyone can see what’s posted there. Not only that, search engines such as Google index public Trello boards, making it simple for anyone to uncover the boards’ contents using a specialised type of search called a ‘dork’. And it’s surprising how much sensitive data there is. Our Read more…


Null and VoIP: FTC reminds service providers of the letter of the law

We usually wouldn’t suggest you read someone else’s mail, but FTC staff just sent letters to 19 providers of VoIP telephone services and the underlying message about the breadth of liability for consumer protection violations is relevant to other businesses. In many contexts, VoIP offers substantial benefits to consumers. But when it comes to robocalls and deceptive telemarketing pitches, VoIP can be a fraudster’s best friend. That’s because the technology allows scammers to blast out millions of illegal calls for very little money. Last month the FTC and Ohio Attorney General amended a pending lawsuit to name as a Read more…


Facebook knows a lot about your online habits – here’s how to stop it

by Danny Bradbury Facebook is rolling out a global tool to help you understand what other sites and apps tell it about your activities, to make it forget what they’ve shared in the past, and to control what they share in the future. It’s called Off-Facebook Activity, and it’s part of the company’s effort to appear more privacy-friendly to its users. This article looks at how to use it. Facebook first launched its Off-Facebook Activity feature in August 2019, making it available in a few select markets at first. It shows you what third-party sites and apps share data Read more…


Employers can’t force you to get microchipped, Indiana reps say

by Lisa Vaas You’ve got two choices, employee: a) let us slide a syringe between your thumb and index finger so we can inject a rice-sized microchip into your hand that can be used as a swipe card to open doors, clock in, operate printers or buy junk out of the snack machine, or b) find another job. An improbable scenario? Yes. It doesn’t happen – at least not if employees say no… For now. And the US state of Indiana wants to make sure it stays that way. Last week, the state House of Representatives unanimously passed legislation Read more…


Government spyware company spied on hundreds of innocent people

by Lisa Vaas In March 2019, researchers with a group called Security Without Borders – a non-profit that often investigates threats against dissidents and human rights defenders – identified more than 20 government spyware apps squatting in plain sight, pretending to be harmless, vanilla apps on Google’s Play store. Those apps – which were just a decoy through which government spyware called Exodus was installed on targets’ phones – were anything but harmless. In a two-stage process, they snorted up lists of installed apps, browsing history, contact lists from numerous apps, text messages – including encrypted texts – location Read more…


Apple patches critical bugs on iPhone and Mac – update now!

by Paul Ducklin Apple has just announced its latest round of security updates. As usual, Apple’s fixes arrived unheralded, given the company’s insistence that security fixes are best handled simply by publishing them when they’re ready, rather than following any sort of formal schedule. Not everyone agrees – Microsoft has followed its Patch Tuesday process for many years (updates arrives on the second Tuesday of every month), for example, and Firefox has its own Fortytwosday calendar (major updates arrive every 42 days, i.e. six weeks, on a Tuesday). But Apple’s theory seems to be that security updates fall into Read more…


Intel promises fix after researchers reveal ‘CacheOut’ CPU flaws

by John E Dunn Forget the infamous Meltdown and Spectre chip flaws from 2018, the problem that’s tying down Intel’s patching team these days is a more recent class of side channel vulnerabilities known collectively as ZombieLoad. These relate to a data leakage problem called Microarchitectural Data Sampling (MDS) affecting Intel’s speculative execution technology introduced in the late 1990s to improve chip performance. ZombieLoad is also what Naked Security likes to call a BWAIN, or Bug With an Impressive Name. BWAINs are everywhere with side-channel issues in microprocessor hardware proving particularly good at generating new ones. ZombieLoad was originally Read more…


Anatomy of a “free” gift – how online surveys can harm your digital health

by Paul Ducklin Over the weekend, we received a short, sweet and simple note. It arrived by email, but the crooks could easily – and for all we know, did – use the same content in an SMS or text message: We weren’t tempted, not least because of the giveaway HTTP link – which was a fortunate blunder by the sender, because the redirector site they were using immediately transferred us to a more legitimate-looking HTTPS page, complete with security padlock. (Remember: a web certificate and padlock doesn’t vouch for what’s actually on a web page – it’s called Read more…


Let’s make ransomware MORE illegal, says Maryland

by Lisa Vaas The oft-attacked city of Baltimore not only uses mind-bogglingly bad data storage. Its home state, Maryland, also knows how to swiftly propose mind-bogglingly bad legislation that would outlaw possession of ransomware and put researchers in jeopardy of prosecution. It is, of course, already a crime to use the data/systems-paralyzing malware in a way that costs victims money, but proposed legislation, Senate Bill 30, would criminalize mere possession. It’s not supposed to keep researchers from responsibly researching or disclosing vulnerabilities, but like other, similar “let’s make malware more illegal” bills before it, SB 30’s attempts to protect Read more…


Fraud spike prompts Chrome developer lock-out

by Danny Bradbury Google Chrome extension developers have been left high and dry for weeks as the company struggles to cope with a spike in fraud on the Chrome Web Store. In an announcement posted to the Chromium extensions Google Group on 24 January, an Extensions Developer Advocate said: Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users. Due to the scale of this abuse, we have temporarily disabled publishing paid items. This is a temporary measure meant to stem this Read more…


15 NFL teams’ Twitter hijacked in lead-up to the Super Bowl

by Lisa Vaas The cybercriminal group OurMine has struck again, claiming responsibility for hijacking and defacing the Twitter accounts of the US National Football League (NFL) and 15 of its teams. The timing is pointed: The attacks hit during this, the media-hectic week that leads up to Sunday’s Super Bowl Championship, which will pit the 49ers against the Chiefs. OurMine has a long history of hijacking high profile accounts to turn them into billboards to advertise its so-called security “services” and/or to vandalize pages, like it did to BuzzFeed back in the group’s busy-beaver year of 2016. OurMine has Read more…


5 ways to be a bit safer this Data Privacy Day

by Paul Ducklin Today is Data Privacy Day. As we say every year, Data Privacy Day is more than just a 24-hour period when you try to keep safe online. It’s a day to think about changes you can make in your digital life that will keep you safer today, and tomorrow, and the day after, and the day after that. So here are five things you can start doing today for your own and for everyone else’s good. 1. Pick proper passwords. We’re hoping that this is old news for most of you: sort out your passwords and Read more…


What will they say at “You Don’t Say”?

You Don’t Say: An FTC Workshop on Voice Cloning Technologies convenes today, January 28, 2020, at 12:30 ET to consider the consumer protection implications of voice cloning technologies. If you aren’t able to attend in person, watch the webcast to hear what experts on the subject are saying. A LIVE WEBCAST link will activate just before the start time. In addition, FTC staff will be tweeting from @FTC using the hashtag #voicecloningFTC.   View Original Source Article HERE


States sue over rules that allow release of 3D-printed gun blueprints

by Lisa Vaas A coalition of states is suing the Trump administration in an effort to stop it from making it easier for people to make 3D-printed guns. Specifically, top law enforcement officials are trying to keep the administration from allowing people to post blueprints online to print what are sometimes called “ghost guns”: unregistered, untraceable firearms that are tough to detect, even with a metal detector. The lawsuit was filed in Seattle on Thursday. The office for Washington state Attorney General Bob Ferguson said in an announcement that the lawsuit has been brought by attorneys general in 20 Read more…


Facial recognition firm sued for scraping 3 billion faceprints

by Lisa Vaas New York facial recognition startup Clearview AI – which has amassed a huge database of more than three billion images scraped from employment sites, news sites, educational sites, and social networks including Facebook, YouTube, Twitter, Instagram and Venmo – is being sued in a potential class action lawsuit that claims the company gobbled up photos out of “pure greed” to sell to law enforcement. The complaint (posted courtesy of ZDNet) was filed in Illinois, which has the nation’s strictest biometrics privacy law – the Biometric Information Privacy Act (BIPA). The suit against Clearview was just one Read more…


Cisco patches bugs in security admin center and Webex

by Danny Bradbury Cisco has patched a critical bug that could give attackers unauthorised access to Firepower Management Centre (FMC), the device that controls all of its security products. Cisco’s FMC is an administrative controller for the company’s network security products, giving administrators access to firewalls, application controllers, intrusion prevention, URL filtering, and malware protection systems. According to the company’s advisory, issued on 22 January, the vulnerability could allow a remote attacker to execute administrative commands on the device after bypassing authentication. The problem lies in how the FMC handles authentication responses from Lightweight Directory Access Protocol (LDAP) servers. Read more…


Mozilla bans Firefox extensions for executing remote code

by John E Dunn Every time it looks as if Mozilla is getting on top of the problem of malicious or risky extensions, it finds itself having to step in to block another batch. In the latest action, noticed by a ZDNet reporter, Mozilla banned 197 extensions, 129 of which were published by one B2B software developer, 2Ring. The nature of the banned extensions is difficult to say – Mozilla lists them on Bugzilla using only the IDs they used on addons.mozilla.org (AMO) – however, 2Ring’s products appear to be designed for organisations using Cisco telephony and other software Read more…


Boris Johnson gets final warning with Huawei 5G verdict imminent

Former ministers have sounded their final warnings to Boris Johnson about the Chinese telecoms firm Huawei ahead of his expected decision on whether it will play a part in the UK’s 5G network. The prime minister will chair a meeting of the national security council (NSC) later on Tuesday before making a judgment on the firm’s future in the country after months of concern around security, including from the US president, Donald Trump. A number of former senior government figures and MPs voiced concerns just hours before the meeting, urging that if Huawei is involved in rolling out the Read more…


Cardplanet mastermind pleads guilty to credit card fraud

by Danny Bradbury Aleksai Burkov, a Russian cybercriminal responsible for over $20m in credit card fraud, pleaded guilty last week for access device fraud, identity theft, computer intrusion, wire fraud, and money laundering, after being indicted four years ago for operating a carding website called Cardplanet. This website, which ran from 2009 until 2013, served as a forum for cybercriminals to buy and sell credit card details stolen from victims. It facilitated the sale of over 150,000 cards that criminals then used in fraudulent transactions totalling at least $20m, according to the indictment. Burkov, who lived in Tyumen and Read more…


Tinder to get panic button, catfish-fighting facial recognition

by Lisa Vaas In an effort to keep users safe – and when it comes to Tinder or other dating apps, that means keeping them from being raped, murdered or even, in one horrific case, dismembered – Tinder is incorporating a panic button into the app, as well as Artificial Intelligence (AI)-enabled photo recognition to help stop catfishing. A catfish is an online swindler who sets up a bogus persona on social media, particularly to fleece somebody in a romance scam. It’s also used by a rogue’s gallery of predators. Like, for instance, the guy who pretended he was Read more…


Instagram CEO’s homes were targetted by SWATters

by John E Dunn The US has no central system for recording SWATting attacks, but there is growing evidence the problem is going from bad to worse. According to The New York Times, the latest victim was Instagram CEO Adam Mosseri, whose houses in New York and San Francisco were surrounded in early November by heavily armed SWAT (Special Weapons and Tactics) teams after hoax phone calls claimed hostages were being held there. After what is described as “tense, hours-long standoffs” the police realised there were no hostages and so the incident wad filed along with the lengthening list Read more…


New York wants to ban taxpayer-funded ransomware payments

by Lisa Vaas New York state senators have proposed two bills that would require government agencies to tell ransomware attackers to get lost. The first bill, S7246, was proposed by Senator Phil Boyle on 14 January. The bill would keep government hands out of taxpayers’ pockets, restricting the use of taxpayer moneys when it comes to small cities or towns – with populations under 1 million – paying off attackers with tax money. If passed, it would also set up a $5 million fund to help overhaul the IT infrastructures of such small towns. From the bill, now under Read more…


Monday review – the hot 21 stories of the week

by Naked Security writer Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time. Monday 20 January 2020 Tuesday 21 January 2020 Wednesday 22 January 2020 Thursday 23 January 2020 Friday 24 January 2020 Latest Naked Security podcast LISTEN NOW Click-and-drag on the soundwaves below to skip to any point in the podcast. News, straight to your inbox Would you like to keep up with all the stories we write? Why not sign up for our daily newsletter to make sure you don’t miss anything. You can easily unsubscribe if Read more…


Dark Web

Overview You may have heard the term “Dark Web” used by others or in the media and wondered “what is the Dark Web?” or “should I be doing anything about it?”. Today we explain what the Dark Web is and what it means to you. What Is It? The Dark Web consists of systems on the Internet designed for communicating or sharing information securely and anonymously. There is no single “Dark Web”; it is not something like Facebook where it’s run by a single organization. Instead, the Dark Web is collections of different systems and networks managed by different Read more…


Google finds privacy holes in Safari’s ITP anti-tracking system

by John E Dunn Far from protecting the security and privacy of Safari users as advertised, Apple’s much-vaunted Intelligent Tracking Prevention (ITP) could leave them exposed to a raft of privacy issues, including – ironically – being tracked. That’s the surprising conclusion of a group of Google researchers who this week published a short but sharp proof-of-concept analysis of the flaws they found in ITP, some of which were recently fixed while others, they suggest, present more fundamental problems. Based on machine learning, ITP was added to Safari in 2017, since when it has been revised several times up Read more…


Protestors petition equity firm over .org buyout

by Danny Bradbury The street outside ICANN’s offices in Playa Vista, California, may be a little more crowded than normal. People worried about the .org top-level domain will be there protesting its sale to a private equity firm. They’ll be handing over a petition signed by over 21,000 people to the Internet Corporation for Assigned Names and Numbers (ICANN). They’re worried about the sale of .org to Ethos Capital, a new private equity firm that could profit from a new-found ability to increase the price that it charges for .org domains. Created in 1985, .org is one of the Read more…


9th Methbot suspect arrested in massive clickfraud ring

by Lisa Vaas New York police have arrested yet another man suspected of running the clickfraud factory known as Methbot: a farm of 1,900 data servers rented to host 5,000 bogus websites and to concoct fictional traffic coming from fake visitors, thereby running up profits from advertising fraud. Methbot got its name from White Ops, the bot mitigation firm that discovered the Russian/Kazakhstani cyberforgery ring in 2016. In 2018, the US busted eight men from Russia and Kazakhstan, accusing them of running the vast ad-fraud scheme, which milked a total of $36 million from advertisers. Two of the eight Read more…


Privacy watchdog throws wider net to protect children online

by Lisa Vaas Each day in the US, more than 3,000 15- to 18-year-olds attempt suicide. According to the US Center for Disease Control and Prevention (CDC), it’s the second most prevalent cause of death among adolescents aged 15-19 years. Online services could help to prevent that and other types of harm that are befalling kids, but they aren’t doing enough, the UK’s data watchdog says. It’s high time that social media sites, online games and children’s streaming services start weaving protection for kids into every aspect of design, according to the UK’s Information Commissioner’s Office (ICO). On Tuesday, Read more…


Securely Disposing Mobile Devices

Overview Mobile devices, such as smartphones, smart watches, and tablets, continue to advance and innovate at an astonishing rate. As a result, some people replace their mobile devices as frequently as every year. Unfortunately, people often do not realize how much personal data is on these devices. Below we cover what may be on your mobile device and how you should securely wipe it before disposing of it. If your mobile device was issued to you by your employer, or has any work data stored on it, be sure to check with your supervisor about proper backup and disposal Read more…