Thursday, May 24, 2018

Alexa - Busted for Eavesdropping

A Portland family contacted Amazon to investigate after they say a private conversation in their home was recorded by Amazon's Alexa -- the voice-controlled smart speaker -- and that the recorded audio was sent to the phone of a random person in Seattle, who was in the family’s contact list.

"My husband and I would joke and say I'd bet these devices are listening to what we're saying," said Danielle, who did not want us to use her last name.

Every room in her family home was wired with the Amazon devices to control her home's heat, lights and security system.

But Danielle said two weeks ago their love for Alexa changed with an alarming phone call. "The person on the other line said, 'unplug your Alexa devices right now,'" she said. "'You're being hacked.'"

That person was one of her husband's employees, calling from Seattle.

"We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'no you didn't!' And the (recipient of the message) said 'You sat there talking about hardwood floors.' And we said, 'oh gosh, you really did hear us.'" more

General Data Protection Regulation (GDPR), or D-Day for Data

Effective, Friday, May 25, 2018

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.

It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. more
  • This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
  • This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
  • The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data. more
GDPR in a nutshell.
GDPR explanation from Mozilla.

How to encrypt your entire life in less than an hour

Quincy Larson has written an excellent article on how to protect your digital privacy. Worth reading. Worth doing. ~Kevin

“Only the paranoid survive.” — Andy Grove

And Grove isn’t the only powerful person urging caution. Even the director of the FBI — the same official who recently paid hackers a million dollars to unlock a shooter’s iPhone — is encouraging everyone to cover their webcams.

But you obey the law. What do you have to worry about? As the motto of the United Kingdom’s surveillance program reminds us, “If you’ve got nothing to hide, you’ve got nothing to fear.”

Well, law-abiding citizens do have reason to fear. They do have reasons to secure their devices, their files, and their communications with loved ones.
“If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” — Cardinal Richelieu in 1641
In this article, I will show you how you can protect yourself by leveraging state-of-the-art encryption. In a single sitting, you can make great strides toward securing your privacy. more

Wednesday, May 23, 2018

Dumpster Diving…A Treasure Trove

From the book, What You Don't Know... Your Guide to Achieving "Knowledge Advantage" in the Information Age!

"Valuable Open Source information is thrown away every day, waiting to be collected by the thoughtful researcher. Dubbed “dumpster diving,” or “trash picking” a wastebasket becomes a friend to researchers and a foe of anyone you are collecting on...

How useful dumpster diving is can be readily seen by the fact that a highly-placed US intelligence official was convicted and sentenced to life in prison for working with Moscow operatives. He had thoughtlessly thrown away key clues to his betrayal, not thinking they would end up on a prosecutor’s desk. Expecting anything to be buried forever in a trash heap can be a major mistake...

In the United States the Supreme Court has said that, as a general rule, things left in trash cans curbside are considered “abandoned” and are there for the taking."

Related: Confidential Paperwork Security

Infographic - The History of Privacy

Click to enlarge.

Tuesday, May 22, 2018

How Domestic Abusers Use Smartphones to Spy on Their Partners

There’s more creepy spyware out there than you think — and regulating it is a legal and technological challenge.

More and more people who commit violence against their intimate partners are using technology to make their victims’ lives worse...

News media, academic researchers, and victim advocates have long acknowledged the threat of spyware in domestic abuse situations. But our research (conducted with our students) brings to light the ease with which spyware can be deployed by abusers, and the broad scope of software usable as spyware...

Installing powerful spyware is just a few clicks away. Search on the web for “track my girlfriend” and you’ll find plentiful links to software, how-to guides, and forums all aimed at making it easy for abusers to spy on victims. (Protection advice is also available.) All the tools an abuser needs are present on Google and Apple’s app stores; installation is as simple as grabbing the victim’s device, typing the password (possibly stolen), and downloading an app. Many such apps require a fee, but in some cases, you can spy free of charge.

And our research shows that current anti-malware programs most often don’t identify such software as problematic. (ours does) more

Click the "our research" link above for the research paper. ~Kevin

Secretly Recording a Witness Gets Two Arrested

NH - Two Tolles Street residents were arrested Monday morning, charged with secretly recording a witness’ private conversation from a previous investigation, police said.

The charges stem from Aug. 3, 2017, when members of the Special Investigations Division learned a witness's private conversation from a previous investigation involving Bellino and Madison may have been recorded without the witness's consent.

Zachary Madison, 27, was charged with wiretapping, a Class B felony, Brittney Bellino, 25, was charged with conspiracy to commit wiretapping during their arrest about 9:40 a.m. Both charges are Class B felonies. more

Darwin Award to Another Spycam'er Who Shot Himself

MA - A Taunton man faces allegations that he placed a small recording device in a preschool bathroom with the intent of filming the women who worked there.

Darin McNeil, 48, was arrested at the Learning Experience on Main Street on May 18 by Foxborough Police and charged with possession of a device for wiretapping, attempting to conduct secret sexual surveillance, and unlawful wiretapping...

Police responded to a report of a shiny object found in a hat placed on a shelf across from a toilet in a staff bathroom at the preschool around midday on May 18. Once officers were given the item, it was determined that it was an audio and video recorder with a small USB connection that is designed to look like a pen, according to a police report.

Video from the pen allegedly showed a worker at the Learning Experience in the bathroom and a man placing the device where it was found. The man was identified as McNeil, who was an electrician doing some work at the daycare. more

Security Installer Turned Spycam'er... again

LA - Police are looking for Jules Chauvin, the owner of Telecom Security Solutions in West Monroe.

Chauvin allegedly installed cameras in the victim's business in West Monroe.

According to police, a victim contacted them on May 7th saying she was being watched without her consent by the man who installed her security system. Police say the victim fears that Chauvin may be watching other people as well.

Police ask that anyone who feels that they may be a victim of video voyeurism to contact the police department. more

This isn't the first time a security installer got caught installing spycams...

Largest Ever Women’s Rally Protests Spycam Pornography

Some 12,000 women gathered in Seoul on Saturday to protest against the “discriminatory treatment” of cases involving male and female victims of digital and online sexual violence, including spy-cam pornography. The event was the biggest women’s rights rally in Korea’s recent history...

According to 2016 data from the Korean National Police Agency, some 5,184 sexual harassment cases including those that involved spy-cam footage -- illegally uploaded video footage created using hidden cameras in public spaces such as public toilets -- were reported that year. More than 80 percent of the victims were women.

Furthermore, more than 7,300 requests were made to remove revenge porn that was uploaded by victims’ ex-romantic partners. more

Phone Companies Know Your Location 24/7 - and they're selling it.

via Krebs on Security 
Your mobile phone is giving away your approximate location all day long.

This isn't exactly a secret: It has to share this data with your mobile provider constantly to provide better call quality and to route any emergency 911 calls straight to your location.

But now, the major mobile providers in the United States -- AT&T, Sprint, T-Mobile and Verizon -- are selling this location information to third party companies -- in real time -- without your consent or a court order, and with apparently zero accountability for how this data will be used, stored, shared or protected. 

It may be tough to put a price on one's location privacy, but here's something of which you can be sure: The mobile carriers are selling data about where you are at any time, without your consent, to third-parties for probably far less than you might be willing to pay to secure it. more

Monday, May 21, 2018

"Secure" Cell Phone Spyware Springs a Leak

At least one server used by an app for parents to monitor their teenagers' phone activity has leaked tens of thousands of accounts of both parents and children.

The mobile app, TeenSafe, bills itself as a "secure" monitoring app for iOS and Android, which lets parents view their child's text messages and location, monitor who they're calling and when, access their web browsing history, and find out which apps they have installed.

Although teen monitoring apps are controversial and privacy-invasive, the company says it doesn't require parents to obtain the consent of their children. more

Tuesday, May 15, 2018

IBM Bans Removable Drives and Shows World's Smallest Computer

IBM has allegedly issued a worldwide ban against the the use of removable drives, including Flash, USB, and SD cards, to transfer data.

This new policy is being instituted to prevent confidential and sensitive information from being leaked due to misplaced or unsecured storage devices.

According to a report by TheRegister, IBM's global chief Information security officer Shamla Naidoo issued an advisory stating that the company “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).” This advisory further stated that this policy is already in effect for some departments, but will be further enforced throughout the entire company. more


Today, IBM will be showing off the world's smallest computer at its Think 2018 conference. This computer is the size of a grain of salt, contains a million transistors, and only costs .10 to manufacture.

This micro computer is being unveiled as part of IBM's crypto-anchors initiative, which are digital fingerprints that can be embedded in products such as medicine, cell phones, toys, watches, and even wine to detect counterfeit products. With product fraud costing the global economy $600 billion dollars a year, IBM is hoping crypto-anchors can help stem the tide of fraudulent products and counterfeit drugs...

FutureWatch: Within the next five years, cryptographic anchors — such as ink dots or tiny computers smaller than a grain of salt — will be embedded in everyday objects and devices. more

Friday, May 11, 2018

Cell Phone Problems Predicted in 1919

Click to enlarge.
The Pocket Telephone: When Will it Ring?
Published in The Daily Mirror Mar. 5, 1919

Social Meddling on Social Media

The massive trove of Facebook ads House Intelligence Committee Democrats released Tuesday provides a stunning look into the true sophistication of the Russian government’s digital operations during the presidential election. 

...a swath of empirical and visual evidence of Russia’s disinformation campaign, in the form of more than 3,000 incredibly specific and inflammatory ads purchased by an Internet troll farm sponsored by the Kremlin.

The ads clearly show how Russia weaponized social media, the senior Democrat on the panel investigating Moscow’s interference in the presidential election said. more