Infosec & Privacy

Abstract: Telling users to ‘avoid clicking bad links’ still isn’t working by David C. - Technical Director for Platforms Research and Principal Architect - NCSC (UK) Why organisations should avoid ‘blame and fear’, and instead use technical measures to manage the threat from phishing. Infosec tenets simply don’t work Advising users not to click on bad link: users frequently need to click on links from unfamiliar domains to do their job, and being able to spot a phish is not their job...

[First published on September 05, 2016] I am ditching WhatsApp, following Facebook’s decision to begin harvesting data from its messaging service. Even though Motherboard claims “it may be possible to prevent WhatsApp to give your phone number to Facebook” (LOL) WhatsApp will still harvest your metadata. “Sharing metadata with Facebook still exposes users to significant risks,” says Claire Gartland, consumer protection counsel for the Electronic Privacy Information Center. “Facebook will have data indicating who WhatsApp users communicate with and how frequently, and connecting WhatsApp users with their social media accounts and broader online activity, associations, political affiliations, and more....

Vu sur le site de l’ANSSI: Accompagnant la prise de conscience généralisée du besoin de sécuriser ses communications électroniques, de nombreuses applications de messagerie (quasi) instantanée ont fait leur apparition sur les ordiphones. Toutes annoncent un haut niveau de sécurité, laissant ainsi l’utilisateur dans le doute, vis-à-vis du niveau réel de sécurité à escompter. Donc, que privilégier entre Signal, Telegram ou XMPP? Je ne cite pas WhatsApp/Facecrook à dessein, hein....

Lowyat reported on Oct. 30, 2017 that a total of 46.2 Million Malaysian phone numbers were exposed, and the dataset included IC numbers, addresses, IMSI, IMEI and SIM numbers as well. Check yourself out Head over to SayaKenaHack.com, the dedicated website created by Keith Rozario and check if your details are part of the breach.

Knowing it and getting used to it: surveillance apathy turns out to be more worrisome than the proper lack of understanding online surveillanc. You may be sick of worrying about online privacy, but surveillance apathy is also a problem. We all seem worried about privacy. Though it’s not only privacy itself we should be concerned about: it’s also our attitudes towards privacy that are important. When we stop caring about our digital privacy, we witness surveillance apathy....

A brief history of GnuPG: vital to online security but free and underfunded Donate to GnuPG. Most people have never heard of the software that makes up the machinery of the internet. Outside developer circles, its authors receive little reward for their efforts, in terms of either money or public recognition. One example is the encryption software GNU Privacy Guard (also known as GnuPG and GPG), and its authors are regularly forced to fundraise to continue the project....

China has largely blocked the WhatsApp messaging app, the latest move by Beijing to step up surveillance ahead of a big Communist Party gathering next month. The disabling in mainland China of the Facebook-owned app is a setback for the social media giant, whose chief executive, Mark Zuckerberg, has been pushing to re-enter the Chinese market, and has been studying the Chinese language intensively. WhatsApp was the last of Facebook products to still be available in mainland China; the company’s main social media service has been blocked in China since 2009, and its Instagram image-sharing app is also unavailable....

Personal data isn’t the new oil - it is toxic waste. Companies should: Create as little as, Regularly clean it, Store it securely – Terence Eden on Twitter

Minority Report is set in 2054, but Palantir is putting pre-crime into operation now. Peter Thiel’s CIA-backed, data-mining firm honed its ‘crime predicting’ techniques against insurgents in Iraq. The same methods are now being sold to police departments. Palantir watches everything you do and predicts what you will do next in order to stop it. As of 2013, its client list included the CIA, the FBI, the NSA, the Centre for Disease Control, the Marine Corps, the Air Force, Special Operations Command, West Point and the IRS....

The 21 suspected government users of RCS by Hacking Team Hacking Team, also known as HT S.r.l., is a Milan-based company that describes itself as the “first to propose an offensive solution for cyber investigations". Their flagship Remote Control System (RCS)1 product, billed “the hacking suite for governmental interception,” is a suite of remote monitoring implants (i.e., spyware) sold exclusively to government agencies worldwide. We suspect that twenty-one governments are using Hacking Team’s RCS spyware....