Hard Disks As Microphones: The Newest Privacy Intrusion Vector

March 12, 2019 by Marc Handelman in Demise of Privacy, Information Security

via the inimitable Thomas Claburn, writing at El Reg and detailing the latest privacy intrusion vector: Physical Hard Disk Drives (HDD) (not applicable to SSD's). Just astonishing. H/T

"Our research demonstrates that the mechanical components in magnetic hard disk drives behave as microphones with sufficient precision to extract and parse human speech," their paper, obtained by The Register ahead of its formal publication, stated. "These un-intentional microphones sense speech with high enough fidelity for the Shazam service to recognize a song recorded through the hard drive." - via Thomas Claburn, writing at El Reg

The Three

January 10, 2019 by Marc Handelman in Feet of Clay, Information Security, CPNI, Demise of Privacy, Mobile Networks, Mobile Telephony, Mobile Security

Three US Based Mobile Providers Still Selling User Location Data

The bad news was delivered to me on Tuesday afternoon by this outstanding post by Jon Brodkin, reporting for Ars Technica. Read it and weep my friends, as they will know you by your location... Think it's time to move to a dumb phone from your current leaky smartphone? Think again Binky, as your location can still be determined and sold (if only from triangulated tower geography when your phone mpves from cell to cell and registers with the tower).

"In June 2018, all four major US wireless carriers pledged to stop selling their mobile customers' location information to third-party data brokers. The carriers were pressured into making the change after a security problem leaked the real-time location of US cell phone users. But an investigation by Motherboard found that "T-Mobile, Sprint, and AT&T are [still] selling access to their customers' location data and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country." - via Jon Brodkin, reporting for Ars Technica*

PBS Frontline, The Facebook Dilemma: Parts One And Two

November 13, 2018 by Marc Handelman in Facebookery, Demise of Privacy, Information Security, MustView

Bye-Bye, DNA - Hello GSK (and others)

July 28, 2018 by Marc Handelman in Demise of Privacy, Privacy Prophylaxis, Privacy, Corporate Accountability, Corporate Corruption, Corporate Evil, Identity Management, Information Security, Information Sharing, Information Technology

via The Outline's author, Paris Martineau, comes this tale of opt-in/opt-out, GlaxoSmithKline 23andMe. and of course, The Goods - , your DNA. Of which, results in a nagging question: Why would I (or you for that matter), agree to hand over my uniquely identifying DNA data to a commercial enterprise (that only answers to it's shareholders, and only has it's best interests in mind) to use as they see fit? Oh, and a couple of other questions: Do you trust a big-pharma corporation with your own personal Map of Life? What about the future use of that data, once it's in the slipstream of artificially intelligent genetic-testing-reliant health insurance companies? Food for Thought or just Paranoia? You be the judge; after all, it's your DNA, right?

"In short, most — if not all — of the information 23andMe has on its users has probably been shared with someone that isn’t 23andMe itself, and money might have even changed hands. Which is all perfectly within the company’s rights to do, since they agreed to it (probably blindly) when they signed up." - via The Outline author Paris Martineau in the well crafted post 'How To Sign Away The Rights To Your DNA'

The Exploitations of Password Managers, Web Tracker Edition

June 27, 2018 by Marc Handelman in Web Security, Web Tracking, Information Security, Demise of Privacy

via Martin Brinkmann writing at his eponymous blog: gHacks Technology News, tells the tale of Password Manager Exploitation by nefarious-minded Web Trackers. Certainly Wednesday's MustRead, yes?

'Research from Princeton's Center for Information Technology Policy suggest that newly discovered web trackers exploit password managers to track users.' - via Martin Brinkmann at gHacks.net

Greg Ferenstein's 'The Birth and Death of Privacy' →

June 02, 2018 by Marc Handelman in Demise of Privacy, Information Security, Must Read

Greg Ferenstein's well crafted post - in which, he details the Birth and Death of Privacy - today's Must Read.

Buys your location data, doesn't seek permission... Time to call your attorney!

AT&T, Verizon, T-Mobile, AT&T, Sprint: We're Selling Your Location Data To Prison Tech Company. Nothing To See Here!

May 17, 2018 by Marc Handelman in Blatant Stupidity, Privacy, Or Lack Thereof, Demise of Privacy, Information Security

via Zack Whittaker, writing at ZDNet's Zero Day, exposes the selling of mobile device location data (for all customers) to a prison technology-focused organization monikered 'Securus. Where's the consent? H/T

MoviePass Screws-the-Pooch →

March 11, 2018 by Marc Handelman in Blatant Stupidity, Information Security, Privacy, Demise of Privacy

Well - dammit - I was wrong... Early last week I made the error in a post on Monday 2018/03/05, in which I managed to scribble this diatribe: To Wit, "Easily the most egregiously moronic idea I've heard this month (and it's only 5 days in(!)" ...

Well, that declaration has been overshadowed in our highly-read Observed-Stupidity-In-Security-And-Privacy-News-Department by a bottom-of-the-sea-deeply-ignorant statement uttered by MoviePass CEO Mitch Lowe regarding his extraordinary pleasure at tracking users within the company's MoviePass iPhone and Android apps (see below).

'The update comes after CEO Mitch Lowe made comments at the Entertainment Finance Forum in Los Angeles last week, claiming that the company was tracking users’ locations. “We watch how you drive from home to the movies. We watch where you go afterwards,” commented Lowe, according to a report from Media Play News. - via Chaim Gartenberg, writing at The Verge

Bravado? Misplaced Confidence? Hairplugs too-tight? Too Much Campari before dinner? I think not, just simple, unmitigated and blatant stupidity...

Perhaps a leadership change is in order, eh MoviePass? At least, the company did manage to (allegedly) remove the tracking-bits from the product and resissue the apps in the apropos app stores. Of course, there is always bad news with this type of mea culpa: In a statement made to Engadget, the company claimed they are still planning to use location data marketing to enhance their revenue stream. Ah, yes, the old Give It To 'Em, Then Take It Away gambit. Oh Joy!

Ubuntu, The Collector →

February 17, 2018 by Marc Handelman in Data Leakage, Linux, Linux Security, Must Read, Information Security, Demise of Privacy, Privacy

Martin Brinkmann, writing at gHacks, illuminates the questionable data gathering efforts by Canonical, producers of Ubuntu Linux. Read Martin's concise examination of the issue, of which - most certainly - is Today's Must Read.

Every Step You Take, Every Move You Make... The Litany of Android Tracking

February 01, 2018 by Marc Handelman in Bad Form, Demise of Privacy, Information Security, User Tracking

via David Yanofsky writing at Quartz - comes this disturbing revelation of deep-tracking behaviors in use by Google and exhibited by Google's Android phones whilst in use. Apparently, Bad Behavior is tolerated (and a business requirement) in Mountain View... Today's Must Read.

Mobile Games Surveilling Signals, The Litany

January 03, 2018 by Marc Handelman in Demise of Privacy, Information Security, Surveillance

Sapna Maheshwari, reporting at the New York Times, exposes the nefarious surveillance practices of certain miscreant mobile game developers with a sui generis litany of sordid misdoings...

'“We have to be really careful as we have more devices capturing more information in living rooms and bedrooms and on the street and in other people’s homes that the public is not blindsided and surprised by things,” said Dave Morgan, the founder and chief executive of Simulmedia, which works with advertisers on targeted TV ads. “It’s not what’s legal. It is what’s not creepy.”' - via Sapna Maheshwari, writing at the New York Times

Tracking

November 24, 2017 by Marc Handelman in Demise of Privacy

Tracking 1x10^7.

Microsoft Corporation, Law Breakers →

October 19, 2017 by Marc Handelman in Demise of Privacy, Privacy

Apparently, it's those pesky Dutch again... All-caught-up in Microsoft Corporation (NasdaqGS:MSFT) privacy related Windows 10 matters; via the inimitable Peter Bright.

The Canticle of Google, Authentic Hubris →

October 13, 2017 by Marc Handelman in Corporate Evil, Demise of Privacy, Information Security

‘... give you complete peace of mind while using your Mini. ‘

All Your Base Are Belong To Uber →

October 09, 2017 by Marc Handelman in Demise of Privacy, Information Security, Blatant Stupidity

The Big Secret, Dammit, Now Everybody Knows...

Mozilla Foundation To Begin Collecting User Browsing Data

September 06, 2017 by Marc Handelman in Web Security, Privacy, Network Security, Information Security, Blatant Stupidity, Demise of Privacy

via gHacks author Martin Brinkmann, comes the astonishing tale of deeply flawed user data management at Mozilla Foundation. Along with the Foundation' Firefox browser Resource and Web Extension data leakage woes, now comes a highly user antagonistic decision to commence collecting user browsing data in an opt-out decision tree. Truly this weeks evidence that Blatant Stupidity still exists in the browser world.

"Mozilla's Georg Fritzsche published information on the plan to collect additional data yesterday on the Mozilla Governance group. In it, he describes the issue that Mozilla engineers face currently. While Firefox may collect the data when users opt-in, Mozilla believes that the data is biased and that only data collecting with opt-out would provide unbiased data that the engineers can work with. Questions that this data may help answer include "which top sites are users visiting", "which sites using Flash does a user encounter", and "which sites does a user see heavy Jank on" according to Fritzsche." excerpt via Martin Brinkmann writing at gHacks

BSides London 2017, Andi Hudson's 'Ignorance is Bliss - Does Privacy Matter?' →

July 31, 2017 by Marc Handelman in BSides, Conferences, Education, Information Security, Demise of Privacy, Privacy

NCCOE Heralds Release of NIST SP 1800-8 Securing Wireless Infusion Pumps

May 09, 2017 by Marc Handelman in All is Information, Control Systems, Defensive Infosec, Demise of Privacy, Hardware Security, Health Care Security, Health, Information Security, Medical Device Security, NIST NCCoE, NIST

The National Institute of Standards and Technology (NIST) National Center for Cybersecurity Excellence (NCCOE) has released it's latest draft medical device related security document, entitled 'NIST Special Publication 1800-8 Cybersecurity Special Publication 1800-8 Securing Wireless Infusion Pumps - In Healthcare Delivery Organizations'. Authored by Gavin O'Brien, Sallie Edwards, Kevin Littlefield, Neil McNab, Sue Wang and Kangmin Zheng - the document is available as either a PDF or web-based artifact. Enjoy.

"Medical devices, such as infusion pumps, were once standalone instruments that interacted only with the patient or medical provider. With technological improvements designed to enhance patient care, these devices now connect wirelessly to a variety of systems, networks, and other tools within a healthcare delivery organization (HDO) – ultimately contributing to the Internet of Medical Things (IoMT)." - via the National Center for Cybersecurity Excellence (NCCOE)

Microsoft Owned LinkedIn Creepy New Bluetooth Feature →

April 21, 2017 by Marc Handelman in All is Information, Blatant Stupidity, Demise of Privacy, Tracking, Information Security

Further proof that the End-Of-The-World-Is-Near: Microsoft Corporation's (NasdaqGS: MSFT) LinkedIn just released a new update for the Company's already slightly-suspicious mobile app that permits Bluetooth connectivity (for location tracking) to fellow LinkedIn members. Reportedly, the feature does not require the app to be running... What could possibly go wrong?

Suit of Bose →

April 20, 2017 by Marc Handelman in All is Information, Awareness, Common Sense, Communications, Data Security, Demise of Privacy, Devices, Information Security, Signals, Privacy, 18 U.S.C. §§ 2510-2522

News of an interesting privacy related lawsuit, via Fortune writer Jeff John Roberts, is now swirling around personal electronics manufacturer Bose Corporation. Apparently, collecting data (and a viloation of the so-called Wire Tap Act (Codified in 18 U.S.C. §§ 2510-2522)) - through a companion app to the company's best-in-class noise canceling headphones, and the misuse thereof, is the gist... Stay Tuned. Hat Tip

"The complaint accuses Boston-based Bose of violating the WireTap Act and a variety of state privacy laws, adding that a person's audio history can include a window into a person's life and views. "Indeed, one’s personal audio selections – including music, radio broadcast, Podcast, and lecture choices – provide an incredible amount of insight into his or her personality, behavior, political views, and personal identity," says the complaint, noting a person's audio history may contain files like LGBT podcasts or Muslim call-to-prayer recordings." - via Fortune writer Jeff John Roberts