"The FBI has interpreted its NSL authority to encompass the websites we read, the Web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs," said Nicholas Merrill, who was president of Calyx Internet Access in New York when he received the NSL targeting one of his customers in 2004.
Farid Mheir's insight:
Snowden leaks revealed the many different ways NSA surveillance was using. As part of the investigations that followed the leaked, the National Security Letter (NSL) was uncovered and was very well presented in the documentary "United States of Secrets" (PBS Frontline, see http://sco.lt/6kuPfV), which I highly recommend if you want more details about what it is and how far reaching it can be.
WHY THIS IS IMPORTANT
Companies must be aware that this exists when going with cloud services and when they use digital communications in general. With proper encryption of data at rest and in transit, they should feel more secure that their data remains private, NSL letters or not.
That being said, NSL covers mostly metadata which is not encrypted and which can reveal much about a person or group. At this point in time, I am not aware of a good method to protect against that.
When it’s hundreds of thousands of children including their names, genders and birthdates, that’s off the charts. When it includes their parents as well – along with their home address – and you can link the two and emphatically say “Here is 9 year old Mary, I know where she lives and I have other personally identifiable information about her parents (including their password and security question)”, I start to run out of superlatives to even describe how bad that is.
Farid Mheir's insight:
This security expert performs an investigation into the VTECH security breach that revealed 4.8M user accounts and children photos and chat logs.
There is no indecision in saying that, in the contemporaneous stage of internet, one cannot benefit the luxury of privacy. It is becoming somewhat impossible with the development in technology. You may get the impression that it is safe to save all of your personal data and information which comprise all of your pictures, videos and other documents in Google Drive
Farid Mheir's insight:
A good reminder of the different ways that Google gathers data about us via its many online solutions, including search and advertising but increasingly via other methods too: Android, Email, etc.
Under a cloud passport, a traveller's identity and biometrics data would be stored in a cloud, so passengers would no longer need to carry their passports and risk having them lost or stolen. DFAT says 38,718 passports were registered as lost or stolen in 2014-15, consistent with the 38,689 reported missing the previous year.
Farid Mheir's insight:
Part of a brainstorming exercise by the Foreign Affairs Minister of Australia.
WHY THIS IS IMPORTANT
Not having to carry papers and documents with you is always a good idea. We do it for our personal information and contacts, our emails, calendars, documents and pictures, and soon with our money (apple pay, google wallet, etc.). Moving to the cloud for your government identification makes perfect sense as well.
Security will need to be bullet proof, but given the number of stolen or lost passports (due mostly to human error I am sure), I would bet that technology would do a much better job.
Concerning privacy and global surveillance, that's a different story...
Yes indeed, all good points - but I don't see them as showstoppers but rather as technical constraints, that may ultimately the solution impractical until cloud access maturity is there. But I thought it is a great example of digital transformation, no? ;-)
SIRI MAY BE your personal assistant. But your voice is not the only one she listens to. As a group of French researchers have discovered, Siri also helpfully obeys the orders of any hacker who talks to her—even, in some cases, one who’s silently transmitting those commands via radio from as far as 16 feet away.
Farid Mheir's insight:
This article describes a research experiment where radio waves were used to control a phone - from a distance of up to 16 feet - to make phone calls, visit websites or other activities that may profit a thief.
WHY THIS IS IMPORTANT
As we carry cell phones everywhere with us, we extend the digital threat that we are exposed to. Having someone access our phone from 16 feet may not appear to be much of a threat, it may in fact be very useful in crowded environments as the article states.
Moreover we've seen from the Snowden leaks that NSA has been creating remote hacking solutions to read keyboard keystrokes from a distance - or remote control the camera or microphone. As we carry digital devices with us - now it is phones and watches, but soon implants will come - this further opens threats to our digital selves. Let's be careful!
How a teen hacker used social engineering to get into the email account of the CIA director.
Farid Mheir's insight:
Explains how a teenager was able to fool VErizon and AOL employees into giving him access to CIA director email account.
This shows that the weak link in all of our technology remains the people. The solution thus is not more technology or information security restrictions (because everyone will bypass them anyways), but rather better education and technology that is transparent so that people don't bypass it or make insecure by their actions.
The next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead. Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.
Farid Mheir's insight:
Boarding pass barcodes contain a lot of private and personally identifiable information. Krebs provides an account of what that information allows you to find on the boarding pass holder.
WHY THIS IS IMPORTANT
Very private information is often stored in plain sites on things that we do not even think about trowing in the garbage. Let's be careful!
The niche of extreme privacy and extreme secrecy will grow, as user and organizations are willing to pay a premium for security and privacy. Blackberry had the upper hand in this, not sure where they'll be in the future but it would make sense for them to consolidate this emerging market.
Also read: https://gigaom.com/2015/03/02/silent-circle-shows-off-more-powerful-blackphone-2-privacy-phone/
Privacy is a serious consideration for anyone that uses digital products, services and social networks. LinkedIn recently made it possible for its users to download an archive of all the information it has about you. After all, it is our data: we should be able to get retrieve it easily. Below is a screengrab of all the information LinkedIn has emailed back to me when I placed my request.
Farid Mheir's insight:
A recent post of mine on the information that LinkedIn allows you to download, and the other information it does not let you to download.
WHY THIS IS IMPORTANT
All the data transparency and privacy policies of social networks and cloud providers often hides a lots of very private and personal information. It raises the questions on how to access this information, in world where more and more of our lives is in the hands of others without our knowledge (but often with our consent).
Learn how LinkedIn protects our members and businesses. Read our best practices and tips to keep your information safe.
Farid Mheir's insight:
In a recent post, LinkedIn shared how their security experts roam the dark web to capture all passwords that have been breached and compares them to their users. If a stolen password is found, LinkedIn automatically resets the user password to protect the account.
WHY THIS IS IMPORTANT
This practice shows that large cloud service providers have security practices that are way more evolved than most corporations. Indeed I do not know any company that protects its systems in a way that LinkedIn claims to be doing here. It demonstrates how important security is to these cloud providers and the level of protection their users have against hackers. I often feel that my information is safer on cloud services than it is on my own laptop.
Privacy, on the other hand, is a different matter altogether.
Praetorian tracking all IoT devices in Austin, Texas running on ZigBee protocol, similar to the Shodan scanner.
Farid Mheir's insight:
A project has been devised to map all internet of things devices in the Austin Texas area, and identify vulnerabilities. Cool demonstrations of what you can do with a drone and some technology skills.
You need to work on formatting of your replies. This is one giant sentence. Remember the requirements. You need a 2-3 sentence summary, at least 1 sentence of IR implications and 1 sentence about your thoughts.
The other shoe just dropped. The hackers who breached the cheating site AshleyMadison.com appeared to make good on their threat to expose customer data on Tuesday, dumping the stolen information online.
Farid Mheir's insight:
A review of what we know about the data breach.
WHY IS THIS IMPORTANT
Interesting to see how pirates distribute their loot and wha constitutes valuable information, other than credit card numbers.
What is most interesting here I believe are these stats:
- thousands of fake female profiles
- 90-95% of actual users are male
Speaks volume on the anonymity of the Internet and the lack of reliable information out there.
Tens of millions of people have lost their private information in data breaches over the past few years. But what happens after that—how the data are leveraged for financial gain—remains murky.
Farid Mheir's insight:
Reporter has gone to dark web to find out that user information of quality is worth almost 100$.
WHY THIS IS IMPORTANT?
There is an opportunity for a company to start charging higher fees to collect and protect your digital identity. Today it seems Apple may be gearing towards that model: you pay more for its services than Google, Amazon, Facebook and others but they - as far as we know - do not sell your data.
Reporter has gone to dark web to find out that user information of quality is worth almost 100$.
WHY THIS IS IMPORTANT?
There is an opportunity for a company to start charging higher fees to collect and protect your digital identity. Today it seems Apple may be gearing towards that model: you pay more for its services than Google, Amazon, Facebook and others but they - as far as we know - do not sell your data.
Here's an inside look at the crazy business models ruling the hacking world, where hackers can make more than $80,000 a month by infecting people's computers.
10 local and cloud-based contenders make passwords stronger and online life easier for Windows, OS X, iOS, Android, BlackBerry, and Windows Phone users
Farid Mheir's insight:
Great review of essential tools in everyone's computer and mobile phone.WHY THIS IS IMPORTANTStrong password are our only protection for our digital lives and yet to many people still rely on simple and easy to guess ones. I wrote about this many times before http://www.scoop.it/t/digital-transformation-of-businesses?q=password, and this article provides links and ratings for different solutions on the market.And by the way, when possible, always turn on two-factor authentication : see http://sco.lt/6DAZgv
Bruce Schneier, American cryptographer, computer security and privacy specialist, will be coming to Google to talk about his new book: "Data and Goliath: The...
Farid Mheir's insight:
Bruce Schneier is a legend in the security and privacy world and he explains in a 30 minute talk (20min if you listen at 1.5x speed ;-) the content of his new book. He makes me want to read it (good job I guess) but also closes with an interesting analogy: data is the pollution of the information age.
WHY THIS IS IMPORTANT
Bruce raises the issue of privacy but also ventures into solutions, which is rare because it is a difficult subject with no straight answer. He makes the case that there is duality in producing data and analyzing it: it is both useful and dangerous. Every company is faced with the questions that Bruce raises.
Three years ago, on May 28th 2012, we announced the discovery of a malware known as Flame. At the same time we published our FAQ, CrySyS Lab posted their thorough analysis of sKyWIper. A few days earlier, Maher CERT published IOCs for Flamer. In short, Flame, sKyWIper and Flamer are different names for the same threat, which took the world by surprise as the first major discovery after Stuxnet and Duqu.
Since the discovery of Flame, we reported on many other advanced malware platforms, including Regin and Equation, yet Flame remains special in terms of being one of the most complex, surprising and innovative malware campaigns we have ever seen.
Looking back at the discovery of Flame, here are some lessons we learned.
Farid Mheir's insight:
A short account of the level of sophistication that computer viruses have achieved. And a video that pleades for the need to keep computers secure.
How strong are your passwords? Here's an analysis of 10 million via @wpengine
Farid Mheir's insight:
This analysis is very in depth and looks at many different angles to show how and why we pick simple passwords. I continue to be amazed by the lack of proper passwords being used by people in general.
This study is recent but I assume things may change quite rapidly and solutions such as lastpass or password box are helping change this trend.
Also I assume this applies well to the USA but may be different in Canada, Quebec and elsewhere due to differences in language and culture.
If you are viewing online porn in 2015, even in Incognito mode, you should expect that at some point your browsing history will be publicly released and attached to your name.
Farid Mheir's insight:
Beyond the catchy title, this short post highlights some very important links to help you determine if your browser sessions are safe Mine are not it seems...
A handful of purchases can unmask an anonymous credit card record
Farid Mheir's insight:
The article describes MIT research that proves anonymous data provides sufficient information to identify you when merged with location, date and other purchase data. There is no privacy when Big Data is mined.
There are things you can do—easy, free things!—to ward off the many entities (some nefarious, some just nosy) that want to steal your passwords, to know what websites you're looking at, or to gauge whether you're associating with someone who's on their list.
Farid Mheir's insight:
Read this article, then force your kids to read it too, then explain it to them. I know I will.
US and British intelligence agencies undertake every effort imaginable to crack all types of encrypted Internet communication. The cloud, it seems, is full of holes. The good news: New Snowden documents show that some forms of encryption still cause problems for the NSA.
To get content containing either thought or leadership enter:
To get content containing both thought and leadership enter:
To get content containing the expression thought leadership enter:
You can enter several keywords and you can refine them whenever you want. Our suggestion engine uses more signals but entering a few keywords here will rapidly give you great content to curate.
Snowden leaks revealed the many different ways NSA surveillance was using. As part of the investigations that followed the leaked, the National Security Letter (NSL) was uncovered and was very well presented in the documentary "United States of Secrets" (PBS Frontline, see http://sco.lt/6kuPfV), which I highly recommend if you want more details about what it is and how far reaching it can be.
WHY THIS IS IMPORTANT
Companies must be aware that this exists when going with cloud services and when they use digital communications in general. With proper encryption of data at rest and in transit, they should feel more secure that their data remains private, NSL letters or not.
That being said, NSL covers mostly metadata which is not encrypted and which can reveal much about a person or group. At this point in time, I am not aware of a good method to protect against that.