CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping.
People often ask me why do you trash devs? Weren't you dev yourself? Yes, but I don't trash them and here is why: I've lived in dev through a shortage of devs and every young person dreamed of building stuff, so I taught them that they have to be diligent in their deeds and think out of the box, instead of repeating other ppl mistakes. Now it was time to move to cybersecurity with the same purpose - I want to make profession better and as a result things to become more secure for our own sake.
Profit is a sole driver for any for profit corporation, so when you see some companies claim that they are solving your problem, improving your quality of life, making something convenient for you and all of that for free, beware they might be misleading you. Some might be playing long game, using that feature as bait, but the ultimate goal is to sell your attention to advertisers. This feature won't see daylight unless it can show ROI. Now, think about smart cars and other smart devices.
My friends in cybersecurity community, here is interesting challenge for you. I grabbed swag data blocker from one of the vendors at cybersecurity conference, tested at home using OMG malicious cable detector, by plugging security key into data blocker and then into OMG tool. OMG light up, as seen in the picture, I popped data blocker open and data pins are not soldered on one side. How? Any ideas. Here is the image, vendor name blocked, it's not their fault.
"Data is the new oil" has become a cliche, but the surveillance economy is no trivial topic.
For this edition of the #ProtonPrivacyReadingList, we're sharing a comprehensive study into big data by Wolfie Christl and Sarah Spiekermann.
The book is "Networks of Control," you can find it here: https://www.facultas.at/verlag/rws/networks_of_control
For a quick introduction to Christl's work, check out his seminar on the consequences of the commercial use of consumer data: https://www.youtube.com/watch?v=nn2vP2j8Wao
Did that occur to you that girl who talks to a bunch of other people in marketing materials for Apples Vision Pro(probably other VR headset as well) the only one wearing a headset, so that she can clearly see other people's faces. But what about other people? Didn't they want to see her face too? It's all the same when they portray people taking calls and the caller on the other side never wears a headset. So what's the point of face to face call when face is actually obstructed by VR headset.
Privacy Isn't Dead. Far From It. https://www.eff.org/deeplinks/2024/02/privacy-isnt-dead-far-it
iPhone apps are collecting quite some A LOT OF user private data. Extremely verbose, allowing to fingerprint, perhaps even track users.
Context from my works. About privacy risks of light data: https://blog.lukaszolejnik.com/ambient-light-sensor-privacy-constraints-gdpr-data-protection-by-design-gdpr-state-of-the-art/
Risks of battery information: https://blog.lukaszolejnik.com/battery-status-not-included-assessing-privacy-in-w3c-web-standards/
Data source: https://twitter.com/mysk_co/status/1753960043450356137
DEF CON was canceled.
After a great 25 year relationship Caesars abruptly terminated their contract with #DEFCON, leaving us with no venue for DC 32, and just about seven months to Con!
We don’t know why Caesars canceled us, they won’t say beyond it being a strategy change unrelated to anything that DEF CON or our community has done. The parting is confusing, but amicable.
We immediately scrambled a venue strike team to Las Vegas. Floors were walked. Meetings were held. Hands were shook and options weighed. When the smoke cleared, the field narrowed to one obvious choice.
W00T! DEF CON Is UN-CANCELED!
DEF CON 32 will still be August 8-11 2024, but now held at the Las Vegas Convention Center (LVCC) with workshops and training at the Sahara.
We started a live FAQ section on the Forums where we will be updating as we get info. The FAQ’s here: https://forum.defcon.org/node/248358, and DT’s full post is here: https://forum.defcon.org/node/248360
P.S. We made shirts and stickers: https://shop.defcon.org
Let's talk about deepfakes, those are alteration of media files, most common videos, with the goal to alter person's identify. I recently came across a really good article summarizing state of deepfakes back in 2022, fast forward 2 years of development in AI industry and now it's even scarier how those could be used to deceive people. Rise of deepfakes poses significant threat to our personal privacy, that's why it's important to protect our #privacy https://insights.sei.cmu.edu/blog/how-easy-is-it-to-make-and-detect-a-deepfake/
Developers on GitHub, man in the middle is a serious threat, but servers are being updated regularly too. So if you received warning message telling you that remote host identification has changed when you trying to connect to GitHub, please don't just blindly follow tutorials that guiding you to delete offending host from known_hosts file, verify authenticity of that fingerprint here https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
If you look at legal landscape of privacy you'll find that there is a significant misunderstanding of what privacy is and confusion of privacy with anonymity. Most privacy laws cover your personal information while do not protect tidbits of information about what you were doing online. Simple example streaming providers recommend movies based on what you watched or opened, that information might tell a lot about your interests/hobbies and won't be protected by laws on the books. #punkprivacy
Well apparently OpenAI stated that without copyrighted materials they won't be able to train their ChatGPT models, or as they say those models won't meet needs of today's citizens. Looks like a hypocrisy to me, large company with lot's of money in the bank, wants creators to forfeit their rights and then charge them for use of their models. No comments ... https://www.theguardian.com/technology/2024/jan/08/ai-tools-chatgpt-copyrighted-material-openai
Google continues to build its massive surveillance empire under the sinister guise of “privacy.” In its latest iteration on #Android, Google
lets you opt into their “Ad Topics,” which roughly translated means, “Let Google be the gatekeeper of all your data.” (1/4)
Everyone, I'd like to share some exciting news. Since grownups don't typically have advent calendars I've tasked my team at IonTec Software LLC to create one with lot's of activities targeted to help people protect their privacy in a fight against surveillance capitalism. It's bite size chunks of activities which will open on designated day for next 12 days until Christmas, why wait take an action: https://punkprivacy.com/ Merry Christmas #privacy #punkprivacy
Tusky is looking for contributors!
The #Tusky team has lost a few contributors this year for various reasons, and we need your help building a kick-ass Mastodon app!
While we would also appreciate more technical contributors, we are specifically looking for:
- a person who can manage or help with our social account
- a project manager who can help us draft a Code of Conduct
Please help us spread the word 😊
You car might be spying on you! Biggest problem with privacy laws in US is that plaintiffs have to prove damage from sale of information, that they deemed private, like SMS messages(they are not, don't make that mistake). Essentially extortion that happens 5 years down the road after some threat actor connected dots from sets of data they purchased legally or stole from tech company can't be proved as it has not happened yet. Surveillance capitalism in action. #privacy https://therecord.media/class-action-lawsuit-cars-text-messages-privacy
Hey folks, it looks like AI buzzword is back into fashion. Today Whitehouse released a fact sheet about AI executive order. I am no lawyer do not take any advice from me, and this is not a legal advice. What is interesting is approach to privacy in that EO, statements looks good from marketing standpoint, but do nothing. You can track individuals from anonymized datasets, no PII needed thus you can build model of a person without need to name them. https://www.whitehouse.gov/briefing-room/statements-releases/2023/10/30/fact-sheet-president-biden-issues-executive-order-on-safe-secure-and-trustworthy-artificial-intelligence/
@phil looks like you are giving some advice from ISC2 Cybersecurity Congress stage, nice!
Experienced technology entrepreneur on the quest for ethics and privacy. Follow #punkprivacy tag to get regular privacy tips. You can also follow @ethiork account to get information about progress of Ethiork project that enables people to own their data and protect their privacy.