Jump to content

Search the Community

Showing results for tags 'data'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 71 results

  1. What is going on As you may have heard already, because of brexit, Google is moving UK citizens data from the Northern Ireland data controller to the US one (Google LLC). Leaving the EU, UK citizens are not protected anymore by GDPR, and while this may be unfair, Google is legally allowed to do it. The problem Even if I'm an Italian citizen and I live in Italy, a few days ago I received this email from them: What's wrong with it? The point is that I'm an Italian citizen, living in Italy. I have nothing to do with UK (even if I lived there for a few years in the past, my account was created from Italy). Why do they mention "UK leaving EU" to me, if I don't live in UK? I tried to contact them multiple times on their @Google account on Twitter, but I got no reply at all. I tried to search online and it looks like I'm not alone, they are doing this to many other people: https://support.google.com/accounts/thread/29317992?hl=en&authuser=1 Looking for help What should I do? Is this legally allowed? If there was an easy way to complain with them, I would have done it already, but I've tried to search on their website (even googling it... no pun intended) but I couldn't find a single contact form to report this issue and of course they are ignoring both Twitter and that forum I linked previously. Should I report them to the Privacy Authority? If yes, how? Full text of the email Here is the full text of the email I received: We’re improving our Terms of Service and making them easier for you to understand. The changes will take effect on 31 March 2020, and they won’t impact the way that you use Google services. And, because the United Kingdom (UK) is leaving the European Union (EU), Google LLC will now be the service provider and the data controller responsible for your information and for complying with applicable privacy laws for UK consumer users. For more details, we’ve provided a summary of the key changes and Frequently asked questions. And the next time that you visit Google, you’ll have the chance to review and accept the new Terms. At a glance, here’s what this update means for you: • Improved readability: While our Terms remain a legal document, we’ve done our best to make them easier to understand, including by adding links to useful information and providing definitions. • Better communication: We’ve clearly explained when we’ll make changes to our services (like adding or removing a feature) and when we’ll restrict or end a user’s access. And we’ll do more to notify you when a change negatively impacts your experience on our services. • Adding Google Chrome, Google Chrome OS and Google Drive to the Terms: Our improved Terms now cover Google Chrome, Google Chrome OS and Google Drive, which also have service-specific terms and policies to help you understand what’s unique to those services. • Your service provider and data controller is now Google LLC: Because the UK is leaving the EU, we’ve updated our Terms so that a United States-based company, Google LLC, is now your service provider instead of Google Ireland Limited. Google LLC will also become the data controller responsible for your information and complying with applicable privacy laws. We’re making similar changes to the Terms of Service for YouTube, YouTube Paid Services and Google Play. These changes to our Terms and privacy policy don’t affect your privacy settings or the way that we treat your information (see the privacy policy for details). As a reminder, you can always visit your Google Account to review your privacy settings and manage how your data is used. If you’re the guardian of a child under the age required to manage their own Google Account and you use Family Link to manage their use of Google services, please note that when you accept our new Terms, you do so on their behalf as well, and you may want to discuss these changes with them. And of course, if you don’t agree to our new Terms and what we can expect from each other as you use our services, you can find more information about your options in our Frequently asked questions. Thank you for using Google’s services. Your Google team Source
  2. GOOGLE KEEPS A SCARY AMOUNT OF DATA ON YOU HERE'S HOW TO FIND AND DELETE IT Everything you do online when you're signed into Google, and even some stuff when you aren't, becomes a part of your Google profile, but you can wipe the slate clean with these steps. Google collects a staggering amount of personal information about its users -- possibly even more than you realize. Google remembers every search you perform and every YouTube video you watch. Whether you have an iPhone ( $870 at Walmart ) or Android phone, Google Maps logs everywhere you go, the route you take to get there, when you arrive and what time you leave -- even if you never open the app. When you really take a look at everything Google knows about you, the results can be shocking -- maybe even a little frightening. Thankfully, there are a few things you can do about it. As a spate of data leaks and privacy violations continues to weaken the public's trust in big tech companies, Google has responded by creating a privacy hub that lets you access, delete and limit the data Google collects on you. Navigating all the various settings can get confusing, however, and it's not always clear what you're giving Google permission to do. What's worse, whenever you make a change that would restrict how much or for how long Google tracks you, Google warns that its services won't work as well without unfettered access to your data. How true that may be isn't very clear. Despite Google's best efforts to increase transparency, recent revelations that the search giant was secretly sharing users' private data with third-party advertisers have challenged the public's trust in the company, whose Google Home ( $79 at Walmart ) and Google Nest lines of smart speakers seek to put microphones and cameras in the most private of settings -- your home. We're going to cut through all the clutter and show you how to access the private data Google has on you, as well as how to delete some or all of it. Then we're going to help you find the right balance between your privacy and the Google services you rely on by choosing settings that limit Google's access to your information without impairing your experience. Find out what private information Google considers 'public' Chances are, Google has your name, a photo of your face, your birthday, gender, other email addresses you use, your password and phone number. Some of this is listed as public information (not your password, of course). Here's how to see what Google shares with the world about you. 1. Open a browser window and navigate to your your Google Account page. 2. Type your Google username (with or without "@gmail.com"). 3. From the menu bar, choose Personal info and review the information. You can change or delete your photo, name, birthday, gender, password, other emails and phone number. 4. If you'd like to see what information of yours is available publicly, scroll to the bottom and select Go to About me. 5. You can then back out and make changes. There's currently no way to make your account private. Take a look at Google's record of your online activity If you want to see the motherlode of data Google has on you, follow these steps to find it, review it, delete it or set it to automatically delete after a period of time. If your goal is to exert more control over your data but you still want Google services like search and maps to personalize your results, we recommend setting your data to autodelete after three months. Otherwise, feel free to delete all your data and set Google to stop tracking you. For most of the day-to-day things you do with Google you won't even notice the difference. 1. Sign into your Google Account and choose Data & Personalization from the navigation bar. 2. To see a list of all your activity that Google has logged, scroll to Activity controls and select Web & App Activity. 3. If you want Google to stop tracking your web and image searches, browser history, map searches and directions, and interactions with Google Assistant, uncheck both boxes. Otherwise, move on to step 4. 4. Next, click Manage Activity. This page displays all the information Google has collected on you from the activities mentioned in the previous step, all the way back to the day you created your account. 5. To set Google to automatically delete this kind of data either every three or every 18 months, select Choose to delete automatically and pick the timeframe you feel most comfortable with. Google will delete any current data older than the timeframe you specify, for example, if you choose three months, any information older than three months will be deleted immediately. 6. If you'd rather delete part of all of your activity history manually, on the navigation bar choose Delete activity by and choose either Last hour, Last day, All time or Custom range. 7. Once you choose an autodelete setting or manually select which data you want deleted, a popup will appear and ask you to confirm. Select Delete or Confirm. To make sure your new settings took, head back to Manage Activity (step 4) and make sure whatever's there (if you deleted it all there should be nothing) only goes back the three or 18 months you selected in step 5. Access Google's record of your location history Perhaps even more offputting than Google knowing what recipes you've been cooking, what vacation it looks like you're planning or how often you check the Powerball numbers, the precision of Google's record of your whereabouts can be downright chilling, even if you never do anything you shouldn't. Just the fact that if you're signed into Google Maps on a mobile device, Google's eyes are watching your every move is about enough to make you want to leave your phone at home. Thankfully, that's unnecessary. Here's how to access, manage and delete your Google location data: 1. Sign into your Google Account and choose Data & Personalization from the navigation bar. 2. To see a list of all your location data that Google has logged, scroll to Activity controls and select Location History. 3. If you want Google to stop tracking your location, turn off the toggle on this page. 4. Next, click Manage Activity. This page displays all the location information Google has collected on you as a timeline and a map, including places you've visited, the route you took there and back, as well as frequency and dates of visits. 5. To permanently delete all location history, click on the trash can icon and choose Delete Location History when prompted. 6. To set Google to automatically delete this kind of data either every three or every 18 months, select the gear icon and choose Automatically delete Location History then pick the timeframe you feel most comfortable with. Google will delete any current data older than the timeframe you specify. For example, if you choose three months, any information older than three months will be deleted immediately. To make sure your location data really disappeared, start over with Activity Controls in step 2, then after Manage Activity in step 4, make sure the timeline in the upper left corner is empty and there are no dots on the map indicating your previous locations. Source Image Courtesy & Thanks
  3. IBM said its cloud and cognitive software revenue -- which includes Red Hat -- was up 8.7% to $7.2 billion. IBM published its fourth quarter financial results on Tuesday, with a full quarter of Red Hat now in the fold. The company is showing signs of a return to growth, although year-over-year revenues were up just slightly for the quarter and still down overall for 2019. For Q4, IBM reported a non-GAAP EPS of $4.71 on revenue of $21.8 billion, up 0.1% year-over-year. Analysts were expecting earnings of $4.68 per share on revenue of $21.64 billion. For the full FY 2019, non-GAAP earnings per share came to $12.81 on revenues of $77.1 billion, down 3.1 year-over-year. The fiscal results are in line with analyst estimates. Shares of IBM were up nearly 5% after hours. "We ended 2019 on a strong note, returning to overall revenue growth in the quarter, led by accelerated cloud performance," said IBM chief executive Ginni Rometty. "Looking ahead, this positions us for sustained revenue growth in 2020 as we continue to help our clients shift their mission-critical workloads to the hybrid cloud and scale their efforts to become a cognitive enterprise." Cloud and cognitive software revenue -- which includes Red Hat -- was up 8.7% to $7.2 billion. Red Hat specifically contributed $573 million to IBM's cloud and software sales. Meanwhile, systems revenue climbed 16% led by the IBM Z, IBM's smaller footprint mainframe that utilizes design thinking. Storage systems showed growth but technology services revenue in the quarter fell 4.8%. Global business services sales were down 0.6%. IBM said cloud revenue was $21.2 billion for fiscal 2019, up 11%. Going forward, a goal for IBM will be capitalizing on the expected growth in enterprise software investments. In its latest IT spending forecast, research firm Gartner suggests that software will be the main driver for spending over 2020, reaching 10.5 percent growth. As for the outlook, IBM said it is on track to deliver non-GAAP earnings of at least $13.35 a share with free cash flow of about $12.5 billion for fiscal 2020. "After completing the acquisition of Red Hat, and with strong free cash flow and disciplined financial management, we significantly deleveraged in the second half," said James Kavanaugh, IBM 's chief financial officer. Source
  4. Car smash-and-grab ends with loss of payroll details for 20,000 employees Facebook has lost a copy of the personal details of 29,000 of its employees after hard drives containing unencrypted payroll information were stolen from an employee's car. The antisocial network said it is in the process of informing those who were exposed, though so far there is no indication of the purloined details being used for fraud, it is claimed. "We worked with law enforcement as they investigated a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it," a Facebook spokesperson told The Register. "We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information. "Out of an abundance of caution, we have notified the current and former employees whose information we believe was stored on the equipment – people who were on our US payroll in 2018 – and are offering them free identity theft and credit monitoring services. This theft impacts current and former Facebook employees only and no Facebook user data was involved." A report from Bloomberg today cites an internal email explaining that last month an employee in the payroll department had their car broken into and, among the items stolen, were unencrypted hard drives containing corporate records. The report also notes that the worker was not authorized to have the drive in their car, and has been disciplined. The lifted records were said to include employee names, bank account numbers, and partial social security numbers. So far, Facebook has yet to file a data breach notification with the state of California, as is required by law. This is certainly a unique situation for Facebook, as the data-slurping biz usually finds itself on the other side of egregious violations of personal privacy. Facebook has made something of a custom out of letting outside developers play fast and loose with user profile information. Source
  5. A year ago, we asked some of the most prominent smart home device makers if they have given customer data to governments. The results were mixed. The big three smart home device makers — Amazon, Facebook and Google (which includes Nest) — all disclosed in their transparency reports if and when governments demand customer data. Apple said it didn't need a report, as the data it collects was anonymized. As for the rest, none had published their government data-demand figures. In the year that's past, the smart home market has grown rapidly, but the remaining device makers have made little to no progress on disclosing their figures. And in some cases, it got worse. Smart home and other internet-connected devices may be convenient and accessible, but they collect vast amounts of information on you and your home. Smart locks know when someone enters your house, and smart doorbells can capture their face. Smart TVs know which programs you watch and some smart speakers know what you're interested in. Many smart devices collect data when they're not in use — and some collect data points you may not even think about, like your wireless network information, for example — and send them back to the manufacturers, ostensibly to make the gadgets — and your home — smarter. Because the data is stored in the cloud by the devices manufacturers, law enforcement and government agencies can demand those companies turn over that data to solve crimes. But as the amount of data collection increases, companies are not being transparent about the data demands they receive. All we have are anecdotal reports — and there are plenty: Police obtained Amazon Echo data to help solve a murder; Fitbit turned over data that was used to charge a man with murder; Samsung helped catch a sex predator who watched child abuse imagery; Nest gave up surveillance footage to help jail gang members; and recent reporting on Amazon-owned Ring shows close links between the smart home device maker and law enforcement. Here's what we found. Smart lock and doorbell maker August gave the exact same statement as last year, that it "does not currently have a transparency report and we have never received any National Security Letters or orders for user content or non-content information under the Foreign Intelligence Surveillance Act (FISA)." But August spokesperson Stephanie Ng would not comment on the number of non-national security requests — subpoenas, warrants and court orders — that the company has received, only that it complies with "all laws" when it receives a legal demand. Roomba maker iRobot said, as it did last year, that it has "not received" any government demands for data. "iRobot does not plan to issue a transparency report at this time," but it may consider publishing a report "should iRobot receive a government request for customer data." Arlo, a former Netgear smart home division that spun out in 2018, did not respond to a request for comment. Netgear, which still has some smart home technology, said it does "not publicly disclose a transparency report." Amazon-owned Ring, whose cooperation with law enforcement has drawn ire from lawmakers and faced questions over its ability to protect users' privacy, said last year it planned to release a transparency report in the future, but did not say when. This time around, Ring spokesperson Yassi Shahmiri would not comment and stopped responding to repeated follow-up emails. Honeywell spokesperson Megan McGovern would not comment and referred questions to Resideo, the smart home division Honeywell spun out a year ago. Resideo's Bruce Anderson did not comment. And just as last year, Samsung, a maker of smart devices and internet-connected televisions and other appliances, also did not respond to a request for comment. On the whole, the companies' responses were largely the same as last year. But smart switch and sensor maker Ecobee, which last year promised to publish a transparency report "at the end of 2018," did not follow through with its promise. When we asked why, Ecobee spokesperson Kristen Johnson did not respond to repeated requests for comment. Based on the best available data, August, iRobot, Ring and the rest of the smart home device makers have hundreds of millions of users and customers around the world, with the potential to give governments vast troves of data — and users and customers are none the wiser. Transparency reports may not be perfect, and some are less transparent than others. But if big companies — even after bruising headlines and claims of co-operation with surveillance states — disclose their figures, there's little excuse for the smaller companies. This time around, some companies fared better than their rivals. But for anyone mindful of their privacy, you can — and should — expect better. Source
  6. India has proposed groundbreaking new rules that would require companies to garner consent from citizens in the country before collecting and processing their personal data. But at the same time, the new rules also state that companies would have to hand over “non-personal” data of their users to the government, and New Delhi would also hold the power to collect any data of its citizens without consent, thereby bypassing the laws applicable to everyone else, to serve sovereignty and larger public interest. The new rules, proposed in “Personal Data Protection Bill 2019,” a copy of which leaked on Tuesday, would permit New Delhi to “exempt any agency of government from application of Act in the interest of sovereignty and integrity of India, the security of the state, friendly relations with foreign states, public order.” If the bill passes — and it is expected to be discussed in the parliament in the coming weeks — select controversial laws drafted more than a decade ago would remain unchanged. Another proposed rule would grant New Delhi the power to ask any “data fiduciary or data processor” to hand over “anonymized” “non-personal data” for the purpose of better governance, among others. New Delhi’s new bill — which was passed by the Union Cabinet last week, but has yet to be formally shared with the public — could create new challenges for Google, Facebook, Twitter, ByteDance’s TikTok and other companies that are already facing some regulatory heat in the nation. India conceptualized this bill two years ago and in the years since, it has undergone significant changes. An earlier draft of the bill that was formally made public last year had stated that the Indian government must not have the ability to collect or process personal data of its citizens, unless a lawful procedure was followed. Ambiguity over who the Indian government considers an “intermediary” or a “social media” platform, or a “social media intermediary” are yet to be fully resolved, however. In the latest version, the bill appears to not include payment services, internet service providers, search engines, online encyclopedias, email services and online storage services as “social media intermediaries.” One of the proposed rules, that is directly aimed at Facebook, Twitter, and any other social media company that enables “interaction between two or more users,” requires them to give their users an option to verify their identity and then publicly have such status displayed on their profile — similar to the blue tick that Facebook and Twitter reserve for celebrities and other accounts of public interest. Last week news outlet Reuters reported portions of the bill, citing unnamed sources. The report claimed that India was proposing the voluntary identity-verification requirement to curb the spread of false information. As social media companies grapple with the spread of false information, that have resulted in at least 30 deaths in India, the Narendra Modi-led government, which itself is a big consumer of social media platforms, has sought to take measures to address several issues. Over the last two years, the Indian government has asked WhatsApp, which has amassed more than 400 million users in India, to “bring traceability” to its platform in a move that would allow the authority to identify the people who are spreading the information. WhatsApp has insisted that any such move would require breaking encryption, which would compromise the privacy and security of more than a billion people globally. The bill has not specifically cited government’s desires to contain false information for this proposal, however. Instead the bill insists that this would bring more “transparency and accountability.” Some critics have expressed concerns over the proposed rules. Udbhav Tiwari, a public policy advisor at Mozilla, said New Delhi’s bill would “represent new, significant threats to Indians’ privacy. If Indians are to be truly protected, it is urgent that parliament reviews and addresses these dangerous provisions before they become law.” Indian news site MediaNama has outlined several more changes in this Twitter thread. Source
  7. Cyber-security company Trend Micro says the personal data of thousands of its customers has been exposed by a rogue member of staff. The company says an employee sold information from its customer-support database, including names and phone numbers, to a third party. It became suspicious after customers started receiving phone calls from scammers posing as Trend Micro staff. The company says it has contacted those whose details were exposed. Trend Micro said it believed approximately 70,000 of its 12 million customers had been affected. "It's every security firm's nightmare for something like this to occur," cyber-expert and writer Graham Cluley told BBC News. "You can have all the security in place to prevent external hackers getting in but that doesn't stop internal staff from taking data and using it for nefarious purposes," he said. "If a cyber-security firm like Trend Micro can fall victim to a security breach, it can happen to any company." Trend Micro provides cyber-security and anti-virus tools to consumers, businesses and organisations around the world. In August 2019, it received reports many users of its home security software had been receiving scam phone calls. The scammers knew so much information about their targets that Trend Micro suspected its customer support database had been breached. It later found out its systems had not been attacked over the internet and it was instead facing a "malicious insider threat". "The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent," the company said in a blog post. "Our investigation revealed that this employee sold the stolen information to a currently unknown third-party malicious actor." The company said it was working with police and the employee in question had been fired. It said its customer-support staff would never call people "unexpectedly". "If a support call is to be made, it will be scheduled in advance. If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro support using our official contact details below," the company said. Liability A UK ruling that suggests companies can be held responsible if their own staff leak data is currently being challenged by supermarket chain Morrison's. In 2014, an internal auditor at the retailer stole the data, including salary and bank details, of nearly 100,000 staff and posted it online. Andrew Skelton was jailed for eight years in 2015 after being found guilty at Bradford Crown Court of fraud, securing unauthorised access to computer material and disclosing personal data. However, a group legal action also found the supermarket responsible for the actions of its staff. The retailer is currently challenging the ruling at the UK's Supreme Court. Source
  8. Quito big deal A street in Ecuador. That car is probably in the database... IF YOU'RE EVER asked the population of Ecuador in a pub quiz, the answer is somewhere in the region of 17 million people. That number is quite awkward, as an enormous leak exposed by ZDNet and vpnMentor has uncovered a database with information on 20.8 million Ecuadorian citizens. The reason for this discrepancy is twofold: duplicates and the deceased. Otherwise, if you live in Ecuador, then the chances are that you're on this list. The site was able to find records for Ecuadorian premier Lenin Moreno and even Julian Assange, who until recently called the country's UK embassy his home away from home. More worryingly, it also contains the information of some 6.7 million children - some born as recently as spring. The data, spread across multiple Elasticsearch indexes, contain information such as names, addresses marital status, cedulas (national ID number), job information, phone numbers, education levels, family relationships, civil registration data, financial and work information and car ownership. How much data is on each person varies depending on the data set: ZDNet found seven million financial records and 2.5 million car-centric ones. But this data is particularly worrying, given that it can be tied to a citizen's address giving burglars a map to the richest people and their cars. How did all of this leak? It appears the data came from both government and private sources. The link seems to be an analytics firm called Novaestrat. On its website it claims that users can "make financial decisions with updated information of the entire Ecuadorian financial system." The database was secured last week, but it wasn't as straightforward as you'd hope. Novaestrat has no email address or phone number listed, and the support forum was broken. In the end, vpnMentor only has success via Ecuador's Computer Emergency Response Team. Of course, just fixing the leak doesn't mean the data isn't already in the wrong hands. Ecuadorian citizens may want to look out for suspicious emails, or even more suspicious people at their doors for the foreseeable future. Source
  9. New court documents reveal the government is investigating the Capital One hacker for 30+ other breaches. Paige A. Thompson, the hacker accused of breaching US bank Capital One, is also believed to have stolen data from more than 30 other companies, US prosecutors said in new court documents filed today and obtained by ZDNet. "The government's investigation over the last two weeks has revealed that Thompson's theft of Capital One's data was only one part of her criminal conduct," US officials said in a memorandum for extending Thompson's detention period. "The servers seized from Thompson's bedroom during the search of Thompson's residence, include not only data stolen from Capital One, but also multiple terabytes of data stolen by Thompson from more than 30 other companies, educational institutions, and other entities." US prosecutors said the "data varies significantly in both type and amount," but, based on currently available information, "much of the data appears not to be data containing personal identifying information." Government hasn't identified/notified all victims US officials said the investigation is still ongoing and the FB is still trying to identify all the companies from where Thompson stole data they found on her home server. "The government expects to add an additional charge against Thompson based upon each such theft of data, as the victims are identified and notified," prosecutors said. The court documents don't list the names of any of the other 30+ companies that Thompson is believed to have hacked. However, according to previous media reports, this list might include companies such as Unicredit, Vodafone, Ford, Michigan State University, and the Ohio Department of Transportation. Thompson, a former Amazon engineer, is believed to have breached AWS servers belonging to Capital One and the additional 30+ companies, from where she took proprietary information that she later stored on her home server. From Capital One alone, Thompson is believed to have taken the personal data of over 106 million Americans and Canadians. After her arrest, Thompson told investigators that she did not sell or share any of the stolen data. In the new court documents, US officials said they haven't found any evidence to suggest that Thompson lied, which might reduce the extent of the 30+ breaches that she is accused. As for the Capital One accusations, the US government believes it has a rock-solid case. "The evidence that Thompson committed this crime is overwhelming," officials said. The court documents filed today, which argue for continuing to detain Thompson, also detail three stalking allegations, threats to "shoot up" a company's office, and threats to commit "suicide by cop" by pulling a fake gun on an officer and force the officer to shoot back. The US government also noted that Thompson's past behavior appears to be related to "a significant history of mental health problems." Source
  10. Abandoning the tech giant's services, like Gmail, maps and Chrome, offers some privacy gains, but it's not easy to do. A hearty few are taking the ultimate step to keep their files and online life safe from prying eyes: turning off Google entirely. SAN FRANCISCO – In the small South Carolina town of Newberry, Bob’s Red Mill muesli cereal is hard to come by. That presents a challenge for resident Gregory Kelly, who can’t get enough of the stuff. He’d rather not truck the 40 miles or so to Columbia to stock up on it, but he’s also loath to buy it from the company’s website, which he says is riddled with tracking software from Google. His privacy being paramount, Kelly grudgingly chooses to head into Columbia every so often, rather than cede his data to Google or turn over his purchase history to another online retailer. “I’m just not sure why Google needs to know what breakfast cereal I eat,” the 51-year-old said. Kelly is one of a hearty few who are taking the ultimate step to keep their files and online life safe from prying eyes: turning off Google entirely. That means eschewing some of the most popular services on the Web, including Gmail, Google search, Google Maps, the Chrome browser, Android mobile operating software and even YouTube. Such never-Googlers are pushing friends and family to give up the search and advertising titan, while others are taking to social media to get the word out. Online guides have sprouted up to help consumers untangle themselves from Google. These intrepid Web users say they’d rather deal with daily inconveniences than give up more of their data. That means setting up permanent vacation responders on Gmail and telling friends to resend files or video links that don’t require Google software. More than that, it takes a lot of discipline. People like Kelly are trying to build barriers to Google and other tech giants largely due to increasing concerns about the massive data collection. A series of privacy scandals showing how these companies collect and use consumer data has raised alarm bells for many people about how much they’ve traded for customization and targeted ads. For example, a Washington Post investigation last month found more than 11,000 requests for tracking cookies in just one week of Web use on Google’s Chrome browser. As a result, more consumers are taking measures to wrest greater control of their personal data, like deleting Facebook and its photo-sharing app Instagram. About 15%of U.S. households’ primary shoppers never shop on Amazon, according to Kantar ShopperScape data. Some Amazon Echo and Google voice-activated speakers have landed in the trash. And some consumers are saving photos and other personal documents to external hard drives, rather than on Google or Apple’s clouds. Brands are jumping on the trend, advertising what they say are superior privacy controls. At the CES 2019 tech conference this year, Apple promised in a billboard above Las Vegas that “What Happens on Your iPhone, Stays on Your iPhone,” though many apps siphon data from the phones and track users. And DuckDuckGo, a privacy-oriented search engine, said daily average searches have grown to 42.4 million, from 23.5 million a year earlier — although still a small fraction of Google’s. Over the past few months, Jim Lantz of Spokane, Wash., has been systematically eliminating Google products from his online life, spurred by reports of how the Silicon Valley company collects and distributes customer data. That’s included scanning lengthy privacy agreements and researching websites’ legal statements. “It’s quite the challenge figuring out what they own,” said the wholesale sales manager. “I don’t want to give up every ounce of myself over to Google,” he said. “At least I can make it hard for them.” Google in May unveiled new features it said would help users protect more of their data, including storing more of it on personal devices rather than in cloud computing centers, and giving people more control over how and when tracking software, or cookies, is deployed. And the Web search giant is offering ways to permanently erase data, including search and location history. No data on how many consumers may be phasing out Google is readily available, and the company didn’t provide figures on how many have deleted its apps. “We want to help people understand and control their data, even if they want to leave Google,” said spokesman Aaron Stein. He pointed to Google’s service allowing consumers to download information stored with the company for their use elsewhere. Joshua Greenbaum of Berkeley, Calif., said he pays about $100 per year to use Microsoft Office 365 software that he says has better privacy protections than Google’s. “I am giving up more than I am getting” from Google, said the 61-year-old tech consultant who started scaling back his Google usage a couple of years ago when advertisements began appearing in his Gmail account. “With Gmail they get your e-mail, with Android real-time location and app usage, with Maps more location data, with Google Wallet that can see into your finances, with Google Docs your personal and work history, Chrome gives your online history, your location,” Greenbaum said. “I started asking myself what other data could they get to.” All that consumer data is precisely the reason Google may be in the cross hairs of the Justice Department, which this year took initial steps toward a potential antitrust investigation, the Post reported. The House is preparing its own probe of Google and Facebook amid comments from President Donald Trump that the government should be “suing” them. Users say that it’s difficult to eliminate using Google completely. Greenbaum still maintains a Gmail account “for spam,” he said, and finds that YouTube is all but unavoidable if he wants to watch videos online. For him, “the improvement is mostly in the category of self-righteousness,” he said. Not so for Janet Vertesi, a Princeton University sociology professor, who in her private life has avoided Google since 2012. She said it’s a matter of being able to control her own data, which Google automatically shares across its many properties. Data collected in Gmail, for instance, is supplied to the mapping software, whether a consumer uses Google Maps or not. “I want to know where my data goes,” Vertesi said. That sometimes involves asking people to turn off their voice assistants in their homes or re-send documents in a format other than Google Docs, she said. Tech firms like Google say the data helps drive more personal advertisements, which are beneficial to consumers, and underwrite products that would otherwise not be free, like e-mail and photo storage programs. The European Commission this year fined Google $1.7 billion over allegations that the company thwarted rivals from working with other companies that had deals with Google. Source
  11. (Reuters) - Amazon.com Inc has a promotion for U.S. shoppers on Prime Day, the 48-hour marketing blitz that started Monday: Earn $10 of credit if you let Amazon track the websites you visit. The deal is for new installations of the Amazon Assistant, a comparison-shopping tool that customers can add to their web browsers. It fetches Amazon’s price for products that users see on Walmart.com, Target.com and elsewhere. In order to work, the assistant needs access to users’ web activity, including the links and some page content they view. The catch, as Amazon explains in the fine print, is the company can use this data to improve its general marketing, products and services, unrelated to the shopping assistant. The terms underscore the power consumers routinely give to Amazon and other big technology companies when using their free services. In this case, Amazon gains potential insight into how it should tailor marketing and how it could stamp out the retail competition. “This data is often used for training machine learning models to do better ad targeting,” said Bennett Cyphers, a technologist at the nonprofit Electronic Frontier Foundation. “But in the U.S., there aren’t really restrictions on what you can do with this kind of data.” Amazon already has more than 7 million customers using its assistant via Google Chrome and Mozilla Firefox, according to data published by those web browsers. Other companies offer similar shopping tools. While another technology known as tracking pixels shows Amazon information from visitors to roughly 15 percent of the top 10,000 websites, the assistant lets Amazon follow a smaller set of users from page to page, Cyphers said. Amazon’s combination of tools still pales in comparison to data collection by Alphabet Inc’s Google, which has tracking pixels on most web pages. Amazon did not discuss how it uses the data it gathers via the assistant for any unrelated purposes, but a job listing for an affiliated team known as Browser Integration Technologies says the group’s influence “spans across advertising and marketing, pricing and selection.” “Customer trust is paramount to Amazon, and we take customer privacy very seriously,” a company spokeswoman said, noting compliance with the assistant’s privacy policy, which says data collection is for websites that users visit “where we may have relevant product or service recommendations.” The policy also notes that customers can disable certain features of the assistant, and that Amazon only links browsing data to an individual’s account when the assistant is in active use. U.S. lawmakers have recently increased their scrutiny of Silicon Valley’s data collection practices. A bill introduced in the Senate last month proposed requiring that big platforms disclose what information they gather from users and how much that is worth. Source
  12. PARIS (Reuters) - Facebook has agreed to hand over the identification data of French users suspected of hate speech on its platform to judges, France’s minister for digital affairs Cedric O said on Tuesday, adding the deal was a world first. The move by the world’s biggest social media network comes after successive meetings between Facebook’s founder Mark Zuckerberg and French President Emmanuel Macron, who wants to take a leading role globally on the regulation of hate speech and the spread of false information online. So far, Facebook has cooperated with French justice on matters related to terrorist attacks and violent acts by transferring the IP addresses and other identification data of suspected individuals to French judges who formally demanded it. Following a meeting between Nick Clegg, Facebook’s head of global affairs, and O last week, the social media company has extended this cooperation to hate speech. “This is huge news, it means that the judicial process will be able to run normally,” O, a former top adviser to Macron, told Reuters in an interview. “It’s really very important, they’re only doing it for France.” O, who said he had been in close contact with Clegg over the last few days on the issue, said Facebook’s decision was the result of an ongoing conversation between the internet giant and the French administration. Facebook declined to comment. The discussions started off with a Zuckerberg-Macron meeting last year, followed by a report on tech regulation last month that Facebook’s founder considered could be a blueprint for wider EU regulation. Facebook had refrained from handing over identification data of people suspected of hate speech because it was not compelled to do so under U.S.-French legal conventions and because it was worried countries without an independent judiciary could abuse it. France’s parliament, where Macron’s ruling party has a comfortable majority, is debating legislation that would give the new regulator the power to fine tech companies up to 4% of their global revenue if they don’t do enough to remove hateful content from their network. Source
  13. BEIJING/HANGZHOU, China (Reuters) - In China, the sales maxim of ‘know your customer’ is being taken to new lengths. One of the first firms to join an Alibaba Group Holding Ltd program that provides years of consumer shopping history, snack food chain Bestore Co Ltd plans to link facial recognition technology with the e-commerce giant’s account data by the year’s end. For customers opting to have their facial data in Bestore’s systems, that means shop assistants will be able to check on what food they like the moment they enter one of its stores. Bestore, which already offers customers the option of paying with Alibaba’s face scanning tablets, has also started using Alibaba’s other services for more successful marketing. It can now arrange for a person who likes salty food, owns an SUV and probably has a family to receive an ad suggesting suitable Bestore snacks for a Spring holiday road trip, Huang Xiao, Bestore’s head of e-commerce, told Reuters. “With the partnership, our strategies are more focused, sales behaviors are more targeted and resources are better allocated,” Huang said. The Alibaba program, called A100 and which counts Nestle SA and Procter & Gamble Co as clients, is part of a major push by e-commerce giants in China to retool their relationship with merchants - offering them a trove of shopper data in return for broader and closer partnerships. The shift is integral to what Chinese e-commerce firms call ‘new retail’ or ‘boundary-less retail’ - the marrying of data available from internet shopping and gathered through brick-and-mortar stores to provide highly personalized services. It has been enabled by the widespread use of payments by smartphone, the rise of facial recognition technology and Chinese consumer tolerance of data-sharing between businesses. Other services Alibaba offers to retail clients include shopper movement ‘heat maps’ to help stores better design the layout of products, as well as its chat app Dingtalk to communicate within their own companies and with customers. SEEKING MORE DATA Keeping merchants happy and signing them up for more services has taken on added urgency for Alibaba and rival JD.com. Both are seeking to diversify amid slowing e-commerce revenue growth at home - due in part to saturated markets in China’s biggest cities, flagging consumer confidence from the U.S.-China trade war and increased competition from rivals such as newly listed Pinduoduo Inc. “For Alibaba and JD.com this is critical for their overall ecosystem because they have pretty much already exhausted the online growth,” said Beijing-based Jason Ding, partner at consulting firm Bain & Company. By providing data-driven tools to retail stores, e-commerce firms can expand the amount of data collected. “It’s not just about money, it’s about continuing to grow, and hopefully they will find a way to monetize that,” he said. JD.com, which provides similar services to Alibaba, says it helped U.S. diaper brand “Huggies” work out why Chinese competitors were rising in popularity, prompting Huggies to change to a material that is more absorbent and comfortable when wet. That contributed to a 60% percent rise in Huggies sales on JD.com in 2018, the Chinese firm said. A spokesman for Kimberly Clark, which owns the Huggies brand, declined to comment on the details of its partnership with JD.com. After a trial run of a new product, JD.com said it creates a ‘profile’ of a potential buyer based on early sales that is cross-checked with its entire userbase, before targeted ads are sent to close matches. Other tools JD.com offers to retail clients include an customer service chatbot powered by artificial intelligence that can the “sense” the mood of customers, and adjust its tone to appear more empathetic. It has also rolled out checkouts in some Hong Kong convenience stores that can scan several items at once and charge customers using their ID-linked accounts, which it says cuts the average checkout time by 30%. FREE FOR NOW Both JD.com and Alibaba executives say they are not charging companies for most data services at the moment, noting the new partnerships facilitate sales of other services such as cloud computing and logistics. Nestle, which sells Haagen Daaz and Nespresso through third-party retail locations in China, says it now has one warehouse instead of four after tapping into data at Alibaba distribution centers which give real-time updates on orders. “You don’t have to carry huge inventory in your warehouse,” said Rashid Qureshi, chief executive of Nestle’s Greater China business, adding it’s the first time Nestle has integrated an e-commerce firm’s data into its own systems. Where previously Bestore and Nestle would have dealt with different parts of the Alibaba empire for delivery, payments, cloud computing and messaging, they now work with one Alibaba team dedicated to their company which organizes a range of tailored services. “It’s a change that subverts the way our entire company has operated,” Alibaba’s Jet Jing told Reuters in an interview. Jing, formerly president of Alibaba’s retail site Tmall, has since become assistant to CEO Daniel Zhang. Alibaba has not disclosed how many companies are currently participating in its A100 program, but some analysts say for now only big firms will be able to benefit as smaller firms do not have the funds to justify major organizational changes. One risk for retailers, however, is that they may become overly dependent on their e-commerce partners. The Chinese market remains tough for brands to crack independently and Alibaba and JD.com represent the two biggest online retail channels into the country. In the face of such tough competition, Amazon.com Inc said in April it is shutting its China online store. “It’s a must for the brands to be involved,” says Bain & Company’s Ding. “But everyone would like to have a balance and not put their eggs in one basket.” More broadly, questions remain over how big e-commerce firms manage their data in a way that is fair to all parties using their services. EU regulators in September launched a preliminary antitrust investigation into Amazon over concerns it is collecting similar data from brands that it might use to boost competing products of its own. Alibaba and JD.com do not produce their own products but both have made significant investments in retail stores including experimental grocery and convenience store formats. Source
  14. Data including a purported list of clients was reportedly stolen from the leading antivirus maker Symantec in a breach the company has downplayed as having no ramifications. The Guardian reported on the incident Thursday, saying the stolen data included passwords and Symantec account numbers. The list of ostensible clients included the Australian federal police, major banks, universities, and retailers, among others, that paper said. According to Symantec, though, the data is largely phony. The company said the incident was contained to a test environment it used for demonstration purposes. According to the Guardian, Symantec described the data as “low-level and non-sensitive” and the email accounts involved as “dummy e-mails.” A Symantec spokesperson told the paper that the client list itself was also fake and that the entities “are not necessarily Symantec customers.” The Guardian did confirm that some of them, including Australia’s Department of Social Services, are users of Symantec’s products. Another government agency listed among the stolen files, however, hasn’t existed in six years. The use of such “dummy data” is not uncommon, and it affords companies the ability to relax security protocols while testing new products. Developers on a project may not all work in the same building or even on the same continent. Using fake customer information allows them to share access to their work more quickly without fear of leaking sensitive data. Companies that use real customer data for testing often suffer for it. The anonymous workplace app Blind, for instance, temporarily exposed sensitive information last year after it transferred a portion of its customers’ data to a test environment. The data was not immediately encrypted or deleted, as was protocol. A data-breach hunter quickly discovered the data online and shared news of it with a reporter. Last year, the weight-loss company Weight Watchers also left a test environment accessible online. The company claimed that no personally identifiable information had been exposed, though the security team that discovered it remained skeptical. Symantec was among a list of three major antivirus companies that a hacking group claimed to have penetrated last month, as Gizmodo first reported. The hackers, known collectively as Fxmsp, were attempting to sell the stolen data on the black market for $300,000. “There is no indication that Symantec has been impacted by this incident,” the company said at the time. AdvIntel, the cybersecurity firm that had been tracking Fxmsp’s activities, told Gizmodo on Thursday that there didn’t appear to be a connection between the two incidents. “It doesn’t seem that this is related to our guys,” they said. Source
  15. Academics detail new Rowhammer attack named RAMBleed. A team of academics from the US, Austria, and Australia, has published new research today detailing yet another variation of the Rowhammer attack. The novelty in this new Rowhammer variety -- which the research team has named RAMBleed -- is that it can be used to steal information from a targeted device, as opposed to altering existing data or to elevate an attacker's privileges, like all previous Rowhammer attacks, have done in the past. What is Rowhammer? For readers unfamiliar with the term "Rowhammer," this is the name of a class of exploits that takes advantage of a hardware design flaw in modern memory cards (also known as RAM). By default, a memory card stores data inside storage cells, which are arranged on the RAM's actual silicon chip in rows, in the form of a grid. Back in 2014, academics found that by reading data stored on one row repeatedly, over and over again, they could create an electrical charge that would alter data stored in nearby memory rows. By coordinating these repeated read operations, in an operation named row hammering, they could either cause data corruption or manipulate data in malicious ways. Throughout the years, academics greatly expanded the methods and exploitation scenarios of the original Rowhammer research, taking a crazy experiment and showing how the technique could be used in the real world: They showed how a Rowhammer attack could alter data stored on DDR3 and DDR4 memory cards alike They showed how a Rowhammer attack could be carried out via JavaScript, via the web, and not necessarily by having access to a PC, physically, or via local malware They demoed a Rowhammer attack that took over Windows computers via the Microsoft Edge browser They demoed a Rowhammer attack that took over Linux-based virtual machines installed in cloud hosting environments They used a Rowhammer attack to get root permissions on an Android smartphone They bypassed Rowhammer protections put in place after the disclosure of the first attacks They showed how an attacker could improve the efficiency of a Rowhammer attack by relying on local GPU cards They developed a technique to launch Rowhammer attacks via network packets They developed a Rowhammer attack that targets an Android memory subsystem called ION, and which broke the isolation between the OS and local apps, allowing data theft and total device control They developed a Rowhammer attack named ECCploit that works even against modern RAM cards that use error-correcting code (ECC) New RAMBleed attack But in a research paper published today, academics unveiled RAMBleed, the first Rowhammer attack that can actively deduce and steal data from a RAM card. To do this, researchers had to come up and combine different techniques, which, when assembled, would permit a RAMBleed attack to take place. This included: Researchers found a way to abuse the Linux buddy allocator to allocate a large block of consecutive physical addresses memory on which they could orchestrate their attack. Researchers designed a new mechanism, which they called "Frame Feng Shui," for placing victim program pages at a desired location on the physical memory. Researchers developed a new method of arranging data in memory and hammering memory rows to infer what data is located in nearby memory cells, rather than just produce a bit flip from 0 to 1, and vice versa. As shown in the image above, a RAMBleed attack happens when the attacker hammers rows A0 and A2 and reads the bit flips (modifications) on row A1, near the "secret" blocks, in the "sampling area." The idea is that by carefully arranging data inside RAM in a format the attacker wants and knows, the attacker can read bit flips in an area adjacent to the "secret" data it wants to steal. By combining these novel techniques, researchers said they were able to steal an RSA key from an OpenSSH server in a demo Linux environment. ECC doesn't stop RAMBleed attacks Furthermore, modern RAM cards that use ECC protections don't stop RAMBleed attacks. ECC memory, which works by reversing rogue Rowhammer-induced bit flips back to their original states, does not protect data integrity, but merely corrects it. "RAMBleed does not necessarily require the attacker to read the bit to determine if it has flipped. Instead, all the attacker requires for mounting RAMBleed is an indication that a bit in the sampling page has flipped (and subsequently corrected)," academics said. "[T]he synchronous nature of the ECC correction algorithm typically exposes such information through a timing channel, where memory accesses that require error correction are measurably slower than normal accesses." This allows academics/attackers to know what memory bits have been corrected, and deduce the value they've been corrected from/to -- making the RAMBleed attack possible. The academic team said it notified Intel, AMD, OpenSSH, Microsoft, Apple, and Red Hat about their findings. More details about the RAMBleed attack -- tracked as CVE-2019-0174 -- are available in a research paper entitled "RAMBleed: Reading Bits in Memory WithoutAccessing Them." Source
  16. Facebook shut down its Research and Onavo programs after TechCrunch exposed how the company paid teenagers for root access to their phones to gain market data on competitors. Now Facebook is relaunching its paid market research program, but this time with principles — namely transparency, fair compensation and safety. The goal? To find out which other competing apps and features Facebook should buy, copy or ignore. Today Facebook releases its “Study from Facebook” app for Android only. Some adults 18+ in the U.S. and India will be recruited by ads on and off Facebook to willingly sign up to let Facebook collect extra data from them in exchange for a monthly payment. They’ll be warned that Facebook will gather which apps are on their phone, how much time they spend using those apps, the app activity names of features they use in other apps, plus their country, device and network type. Facebook promises it won’t snoop on user IDs, passwords or any of participants’ content, including photos, videos or messages. It won’t sell participants’ info to third parties, use it to target ads or add it to their account or the behavior profiles the company keeps on each user. Yet while Facebook writes that “transparency” is a major part of “Approaching market research in a responsible way,” it refuses to tell us how much participants will be paid. “Study from Facebook” could give the company critical insights for shaping its product roadmap. If it learns everyone is using screensharing social network Squad, maybe it will add its own screensharing feature. If it finds group video chat app Houseparty is on the decline, it might not worry about cloning that functionality. Or if it finds Snapchat’s Discover mobile TV shows are retaining users for a ton of time, it might amp up teen marketing of Facebook Watch. But it also might rile up regulators and politicians who already see it as beating back competition through acquisitions and feature cloning. An attempt to be less creepy TechCrunch’s investigation from January revealed that Facebook had been quietly operating a research program codenamed Atlas that paid users ages 13 to 35 up to $20 per month in gift cards in exchange for root access to their phone so it could gather all their data for competitive analysis. That included everything the Study app grabs, but also their web browsing activity, and even encrypted information, as the app required users to install a VPN that routed all their data through Facebook. It even had the means to collect private messages and content shared — potentially including data owned by their friends. Facebook’s Research app also abused Apple’s enterprise certificate program designed for distributing internal use-only apps to employees without the App Store or Apple’s approval. Facebook originally claimed it obeyed Apple’s rules, but Apple quickly disabled Facebook’s Research app and also shut down its enterprise certificate, temporarily breaking Facebook’s internal test builds of its public apps, as well as the shuttle times and lunch menu apps employees rely on. In the aftermath of our investigation, Facebook shut down its Research program. It then also announced in February that it would shut down its Onavo Protect app on Android, which branded itself as a privacy app providing a free VPN instead of paying users while it collected tons of data on them. After giving users until May 9th to find a replacement VPN, the Onavo Protect was killed off. This was an embarrassing string of events that stemmed from unprincipled user research. Now Facebook is trying to correct its course and revive its paid data collection program but with more scruples. How Study from Facebook works Unlike Onavo or Facebook Research, users can’t freely sign up for Study. They have to be recruited through ads Facebook will show on its own app and others to both 18+ Facebook users and non-users in the U.S. and India. That should keep out grifters and make sure the studies stay representative of Facebook’s user base. Eventually, Facebook plans to extend the program to other countries. If users click through the ad, they’ll be brought to Facebook’s research operations partner Applause’s website, which clearly identifies Facebook’s involvement, unlike Facebook Research, which hid that fact until users were fully registered. There they’ll be informed how the Study app is opt-in, what data they’ll give up in exchange for what compensation and that they can opt out at any time. They’ll need to confirm their age, have a PayPal account (which are only supposed to be available to users 18 and over) and Facebook will cross-check the age to make sure it matches the person’s Facebook profile, if they have one. They won’t have to sign and NDA like with the Facebook Research program. Anyone can download the Study from Facebook app from Google Play, but only those who’ve been approved through Applause will be able to log in and unlock the app. It will again explain what Facebook will collect, and ask for data permissions. The app will send periodic notifications to users reminding them they’re selling their data to Facebook and offering them an opt-out. Study from Facebook will use standard Google-approved APIs and won’t use a VPN, SSL bumping, root access, enterprise certificates or permission profiles you install on your device like the Research program that ruffled feathers. Different users will be paid the same amount to their PayPal account, but Facebook wouldn’t say how much it’s dealing out, or even whether it was in the ball park of cents, dollars or hundreds of dollars per month. That seems like a stern departure from its stated principle of transparency. This matters, because Facebook earns billions in profit per quarter. It has the cash to potentially offer so much to Study participants that it effectively coerces them to give up their data; $10 to $20 per month like it was paying Research participants seems reasonable in the U.S., but that’s enough money in India to make people act against their better judgment. The launch shows Facebook’s boldness despite the threat of antitrust regulation focusing on how it has suppressed competition through its acquisitions and copying. Democrat presidential candidates could use Study from Facebook as a talking point, noting how the company’s huge profits earned from its social network domination afford it a way to buy private user data to entrench its lead. At 15 years old, Facebook is at risk of losing touch with what the next generation wants out of their phones. Rather than trying to guess based on their activity on its own app, it’s putting its huge wallet to work so it can pay for an edge on the competition. Source
  17. MOSCOW (AP) — Dating app Tinder is now required to provide user data to Russian intelligence agencies, the country’s communications regulator said Monday. The app was included on a new list of online services operating in Russia that are required to provide user data on demand to Russian authorities, including the FSB security agency. Russia adopted a flurry of legislation in recent years tightening control over online activity. Among other things, Internet companies are required to store six months’ worth of user data and be ready to hand them over to authorities. The communications regulator said Monday that Tinder had shared with them information about the company and that it is now on the list of online apps and websites that are expected to cooperate with the FSB. Russian authorities last year issued an order to ban messaging app Telegram after it refused to provide the user data as required by the Russian law. Tinder was not immediately available for comment. Source
  18. DUBLIN (Reuters) - The European Court of Justice (ECJ) will hear a landmark privacy case regarding the transfer of EU citizens’ data to the United States in July, after Facebook’s bid to stop its referral was blocked by Ireland’s Supreme Court on Friday. The case, which was initially brought against Facebook by Austrian privacy activist Max Schrems, is the latest to question whether methods used by technology firms to transfer data outside the 28-nation European Union give EU consumers sufficient protection from U.S. surveillance. A ruling by Europe’s top court against the current legal arrangements would have major implications for thousands of companies, which make millions of such transfers every day, including human resources databases, credit card transactions and storage of internet browsing histories. The Irish High Court, which heard Schrems’ case against Facebook last year, said there were well-founded concerns about an absence of an effective remedy in U.S. law compatible with EU legal requirements, which prohibit personal data being transferred to a country with inadequate privacy protections. The High Court ordered the case be referred to the ECJ to assess whether the methods used for data transfers - including standard contractual clauses and the so called Privacy Shield agreement - were legal. Facebook took the case to the Supreme Court when the High Court refused its request to appeal the referral, but in a unanimous decision on Friday, the Supreme Court said it would not overturn any aspect the ruling. The High Court’s original five-page referral asks the ECJ if the Privacy Shield - under which companies certify they comply with EU privacy law when transferring data to the United States - does in fact mean that the United States “ensures an adequate level of protection”. Facebook came under scrutiny last year after it emerged the personal information of up to 87 million users, mostly in the United States, may have been improperly shared with political consultancy Cambridge Analytica. More generally, data privacy has been a growing public concern since revelations in 2013 by former U.S. intelligence contractor Edward Snowden of mass U.S. surveillance caused political outrage in Europe. The Privacy Shield was hammered out between the EU and the United States after the ECJ struck down its predecessor, Safe Harbour, on the grounds that it did not afford Europeans’ data enough protection from U.S. surveillance. That case was also brought by Schrems via the Irish courts. “Facebook likely again invested millions to stop this case from progressing. It is good to see that the Supreme Court has not followed,” Schrems said in a statement. Source
  19. Government says hackers breached 30 computers and stole data from 10. Hackers have breached the computer systems of a South Korean government agency that oversees weapons and munitions acquisitions for the country's military forces. The hack took place in October 2018. Local press reported this week[1, 2, 3] that hackers breached 30 computers and stole internal documents from at least ten. The breached organization is South Korea's Defense Acquisition Program Administration (DAPA), an agency part of the Ministry of National Defense. It is believed that the stolen documents contain information about arms procurement for the country's next-generation fighter aircraft, according to a news outlet reporting on the cyber-attack. Reports claim that hackers gained access to the server of a security program installed on all government computers. Named "Data Storage Prevention Solution," the app is installed on South Korean government computers to prevent sensitive documents from being downloaded and saved on internet-connected PCs. According to reports, hackers gained admin access to the software's server and used it to siphon documents from connected workstations. The country's intelligence agency (NIS, National Intelligence Service) investigated the breach in November and reported its findings to government officials, who disclosed the cyber-attack to the public this week. Government officials didn't pin the blame on North Korean hackers, as they usually do, although it wouldn't surprise anyone if they did, as North Korea has often launched cyber-espionage and intelligence collection operations against its southern neighbor. For example, in October 2017, South Korea accused North Korea of hacking and stealing the South's secret joint US war plans, which included detailed plans to attack the North in case diplomatic relations deteriorated to a point where military action was needed. Source
  20. The vast majority of televisions available today are "smart" TVs, with internet connections, advertising placement, and streaming services built in. Despite the added functionality, TV prices are lower than ever — especially from companies like TCL and Vizio, which specialize in low-cost, high-tech smart TVs. There's a simple reason that smart TVs are priced so low: Some TV makers collect user data and sell it to third parties. Did you get a 4K, HDR-capable TV this past holiday, perhaps on sale? Millions of Americans did. Massive TVs with razor-thin frames, brilliant image quality, and built-in streaming services are more affordable than ever thanks to companies like Vizio and TCL. If you want a 65-inch 4K smart TV with HDR capability, one can be purchased for below $500 — a price that may seem surprisingly low for such a massive piece of technology, nonetheless one that's likely to live in your home for years before you upgrade. But that low price comes with a caveat most people probably don't realize: Some manufacturers collect data about users and sell that data to third parties. The data can include the types of shows you watch, which ads you watch, and your approximate location. The Roku TV interface on TCL's smart TVs comes with a prominent ad placement on the home screen. A recent interview on The Verge's podcast with Vizio's chief technology officer, Bill Baxter, did a great job illuminating how this works. "This is a cutthroat industry," Baxter said. "It's a 6% margin industry. The greater strategy is I really don't need to make money off of the TV. I need to cover my cost." More specifically, companies like Vizio don't need to make money from every TV they sell. Smart TVs can be sold at or near cost to consumers because Vizio is able to monetize those TVs through data collection, advertising, and selling direct-to-consumer entertainment (movies, etc.). Or, as Baxter put it: "It's not just about data collection. It's about post-purchase monetization of the TV." And there are a few ways to monetize those TVs after the initial purchase. On TCL's Roku TVs, users can opt out of the full scope of ad tracking. How much you're able to block yourself from data tracking varies by TV manufacturer. "You sell some movies, you sell some TV shows, you sell some ads, you know," he said. "It's not really that different than the Verge website." It's those additional forms of revenue that help make the large, beautiful smart TVs from companies like Vizio and TCL so affordable. Without that revenue stream, Baxter said, consumers would be paying more up front. "We'd collect a little bit more margin at retail to offset it," he said. The exchange is fascinating and worth listening to in full — check it out right here. Source
  21. Late last year, the U.S. government accidentally revealed that a sealed complaint had been filed against Julian Assange, the founder of WikiLeaks. Shortly before this was made public, the FBI reconfirmed its investigation of WikiLeaks was ongoing, and the Wall Street Journal reported that the Department of Justice was optimistic that it would be able to extradite Assange. Soon after, portions of sealed transcripts leaked that implicate WikiLeaks and Assange in directing hackers to target governments and corporations. The charges against Assange have not been officially revealed, though it’s plausible that the offenses are related to Russian hacking and the DNC emails. The alleged offenses in the complaint notwithstanding, the government has an abundance of data to work with: over a dozen WikiLeaks’ computers, hard drives, and email accounts, including those of the organization’s current and former editors-in-chief, along with messages exchanged with alleged Russian hackers about DNC emails. Through a series of search warrants, subpoenas, equipment seizures, and cooperating witnesses, the federal government has collected internal WikiLeaks data covering the majority of the organization’s period of operations, from 2009 at least through 2017. The filing that committed a copy and paste error revealing charges against Assange. In some instances, the seized data has been returned and allegedly destroyed, such as in the case of David House, a technologist and friend of Chelsea Manning when she famously became a source for WikiLeaks. In others, the seized materials include communications between WikiLeaks and their sources. Some of these discussions show WikiLeaks discussing their other sources and specific identifying details about them. A copy of a chat log between Chelsea Manning and a WikiLeaks staff member IDed as Assange by government prosecutors and witnesses. Other seizures gave authorities a deeper view of the internal workings of WikiLeaks, including one of the earliest known seizures of WikiLeaks-related data, executed on December 14, 2010, when the messages and user information of several WikiLeaks-linked Twitter accounts were ordered. This search-and-seizure order included direct messages associated with WikiLeaks and its founder, former Army private first class and WikiLeaks source Chelsea Manning, WikiLeaks editor Rop Gongrijp, former WikiLeaks associate Jacob Appelbaum, and former WikiLeaks associate and Icelandic MP Birgitta Jonsdottir, between November 1, 2009, and the order’s execution. A couet order for information relating to people associated with WikiLeaks. On January 4, 2011, a sealed order filed in the Eastern District of Virginia requested all emails, address book, subscriber information, and other account information associated with Appelbaum’s email address [email protected], and another order would target his internet traffic. Appelbaum was a friend and confidant of Assange as well as a WikiLeaks volunteer. In 2010, Appelbaum was known as “the American WikiLeaks hacker,” and he was, at that time, referred to as WikiLeaks’ only known American member. In a private chat in 2015, WikiLeaks described Appelbaum as being “sort of” part of the group, though following multiple accusations of sexual abuse, the group publicly distanced itself from him. The emails obtained by the government extended from November 2010 at least through January 2011. The timing of the government’s acknowledgment of the order, along with other similar orders, suggest that the monitoring of the account may have continued through late 2014, when it and several orders were made public. A copy of a court order for information relating to Jacob Appelbaum, a hacker who worked with WikiLeaks (now credibly accused of multiple sexual assaults). Publicly released and leaked documents from Assange and his legal team allege that several laptops and hard drives belonging to the organization were intercepted by an intelligence agency during this time period. According to an affidavit from Assange, “three laptops ... assorted electronics [and] additional encrypted hard drives” were taken along with his suitcase in late September 2010. Assange’s legal team produced several additional affidavits and supporting documents detailing the existence and disappearance of the suitcase. The suitcase contained at least five hard drives, all of which were encrypted, according to Assange. However, the government has had eight years to guess or recover the passwords or break the encryption on the hard drives. Several other drives, numerous emails, and at least one cooperating witness may have aided in the process. Affadavit from Julian Assange. In mid-2011, the FBI had developed a major source who would become at least their second information with an eye into WikiLeaks’ operations. Soon after the arrest and cooperation of Hector Xavier Monsegur, a.k.a. Sabu, his hacking group (LulzSec) made contact with WikiLeaks. Sabu and LulzSec would become some of WikiLeaks’ most significant sources. The Syria files and Global Intelligence files LulzSec provided WikiLeaks increased their number of publications tenfold and still account for roughly half of their total number of publications. Communications between Sabu and WikiLeaks were monitored by the FBI. And some of the group’s communications with others were later seized in their arrest or turned over by Sigurdur Thordarson, a WikiLeaks volunteer who became an informant for the FBI that August. A section from the sentencing document for “Sabu.” It was later ID’d by WikiLeaks as about them. In addition to briefing the FBI in a series of meetings, Thordarson reportedly provided them with thousands of pages of WikiLeaks chat logs. Further, in March 2012, Thordarson allegedly provided the FBI with eight WikiLeaks hard drives containing up to 1020GB of data, according to a purported FBI document. Officials have not confirmed the authenticity of the document, though the amount of data provided is corroborated by additional sources. In an interview with Ars Technica, Thordarson claimed that Icelandic authorities had seized an additional 2 TB of WikiLeaks-related data from him, which he assumed was then shared with the U.S. American and Icelandic authorities had previously cooperated on Thordarson’s case and portions of the WikiLeaks investigation. According to leaked letters from WikiLeaks’ legal team, at least some of the hard drives had belonged to Assange. Thordarson’s debriefings and the hard drives of up to 3 TB of data may have contained the decryption keys or passwords needed to decrypt the hard drives Assange alleged had been seized earlier. A receipt given to Sigurdur Thordarson from the FBI for WikiLeaks hard drives. There are several hints as to the contents of these drives. According to the affidavit from Assange, the information on the hard drives included, in addition to the possible staff emails, “chat communications ... copies of passports [and] video footage taken in secret.” Following an Associated Press article based off of a cache of “WikiLeaks emails, chat logs, financial records, secretly recorded footage and other documents” from within the organization, WikiLeaks alleged that the cache was the same that had been provided to the FBI. In October 2011, amidst Thordarson and Sabu’s tenure as cooperating witnesses, American authorities issued a search warrant for the contents of WikiLeaks volunteer Herbert Snorrason’s Gmail account. The warrant requested all of the account’s information, “including stored or preserved copies of e-mails sent to and from the account, draft e-mails, deleted e-mails, emails preserved pursuant to a request made under 18 U.S.C. § 2703(f), the source and destination addresses associated with each e-mail, the date and time at which each e-mail was sent, and the size and length of each e-mail.” The volunteer had helped WikiLeaks with a minor technical issue. After learning that his account’s contents had been seized by the U.S. government, Snorrason told Mother Jones that he thought “pretty much everyone with both a Google account and a WikiLeaks connection will be getting one of those notices eventually.” Snorrason was correct in that other WikiLeaks-associated Google accounts had their information seized by the government. Six months after the order for Snorrason’s emails was issued, a trio of search orders were issued for the email accounts of senior WikiLeaks personnel. On April 5, 2012, sealed warrants were executed for the Google accounts of WikiLeaks editors Sarah Harrison and Joseph Farrell, as well as then-spokesman and future editor-in-chief Kristinn Hrafnsson on suspicion of espionage and violating the Computer Fraud and Abuse Act, as well as conspiracy and theft of government property. The warrants appear to have covered the entirety of the accounts and were disclosed by Google at the close of 2014. A court order for information relating to Kristinn Hrafnsson, current editor in chief of WikiLeaks, on suspicion if charges including but not limited to espionage. In late October 2017, a new government request was issued for portions of WikiLeaks’ communications. A letter from Sen. Diane Feinstein requested that Twitter provide copies of all direct messages that were over 180 days to or from the accounts belonging to WikiLeaks, the WikiLeaks Task Force, “Guccifer 2.0,” Assange, and Margaret Ratner Kunstler. As written, the request would include some of my communications with WikiLeaks and “Guccifer 2.0.” Ultimately, at least some messages between WikiLeaks and the “Guccifer 2.0” were obtained by the U.S. government, although the method of communication for those messages remains unconfirmed. In late October 2017, a new government request was issued for portions of WikiLeaks’ communications. A letter from Sen. Diane Feinstein requested that Twitter provide copies of all direct messages that were over 180 days to or from the accounts belonging to WikiLeaks, the WikiLeaks Task Force, “Guccifer 2.0,” Assange, and Margaret Ratner Kunstler. As written, the request would include some of my communications with WikiLeaks and “Guccifer 2.0.” Ultimately, at least some messages between WikiLeaks and the “Guccifer 2.0” were obtained by the U.S. government, although the method of communication for those messages remains unconfirmed. According to what’s informally known as “the GRU indictment,” WikiLeaks sent Guccifer 2.0 a message on June 22, 2016. The message instructed Guccifer 2.0, a persona the U.S. government believes was used by Russian operatives, to send new material to them so it would “have a much higher impact.” On approximately July 6, the organization sent another message encouraging Guccifer 2.0 to send “anything [H]illary related” in time for the Democratic National Convention, which WikiLeaks thought Clinton would use to solidify support. The quoted portion of the exchange ends with WikiLeaks saying they thought conflict between Sen. Bernie Sanders and Clinton would be “interesting.” These exchanges, about maximizing impact and damage, are relevant to one of the theories of Assange’s potential prosecution outlined by noted national security journalist Marcy Wheeler. An excerpt from a Mueller indictment. If the charges against Assange are related to Russian hacking and the Democratic National Committee email leak, this exchange could be one of the most likely pieces of evidence to be directly relevant to the initial charges against him. However, the entirety of the government’s evidence, including materials seized from alleged Vault 7 leaker Joshua Schulte and the alleged recordings of him transferring additional files to WikiLeaks regarding the organization, may be used to help make the case. Past statements and communications may be used to help establish a modus operandi, a pattern or an intent. As noted by the AP, some of the materials may point to the early beginnings of Assange’s reported relationship with Russia. Leaked copies of sealed files, statements by people familiar with the grand juries, and documents released through FOIA by independent journalist Alexa O’Brien—who also identified a number of sealed search orders—all indicate that the investigations converged and pooled evidence at times. The government’s information could be further augmented by recent surveillance of Assange in the Ecuadorian Embassy, where he has lived under asylum since 2012, the fruits of which may have reportedly been shared with the United States. Regardless of what the charges against Assange are, the government has terabytes of data with which to try to make its case, data that’s come from WikiLeaks supporters, sources, key personnel, and Assange himself. The full depth of the government’s sources, however, have yet to be revealed. Emma Best is a national security reporter and transparency activist. She has published millions of pages of government documents and is a member of the leak collective Distributed Denial of Secrets (DDoSecrets). Source
  22. Marketing firm parts with massive trove of customer data The last time an Apollo effort went this badly, Tom Hanks made a movie about it. Marketing intelligence (read: data broker) startup Apollo fessed up to being the victim of a massive theft that saw it reveal something in the neighborhood of nine billion points of data and contact information of 212 million people. As per usual, the massive trove was discovered online in a misconfigured database that had mistakenly been set to be accessible by anyone. Those "data points" include things like addresses and contact information, as well as contacts and connections on services like LinkedIn. Not particularly sensitive information, but a fairly valuable cache of data for marketers or, in the worst case, potential attackers looking to build spear-phishing emails. Source
  23. Hacker was selling 141.5GB of data from Huazhu Hotels Group. He also attempted to blackmail the hotel chain to pay for its own data. Huazhu Hotels Group Ltd, a China-based hotel chain, announced this week that Shanghai police arrested the hacker who was selling data on millions of its customers online, on the dark web. The arrest was announced on Monday, September 17, by the hotel group in an investors message, and confirmed two days later by Shanghai police for Chinese media. Police did not release the man's man, but according to local reports, the hacker is a 30-year-old man named Liu. Investigators did not reveal any other details about the investigation, but according to previous reports, it appears that Liu may have gotten hold of the hotel chain's data when a developer accidentally uploaded part of its database on GitHub. The hacker put the Huazhu data up for sale on a dark web hacking forum in mid-August, asking for 8 Bitcoin, which was worth around $56,000, at the time. The data was sold in three file packages, for a total of 141.5GB. The data trove contained over 500 million records, comprising of 240 million pieces of content related to hotel stays such as name, credit card details, and mobile number; 123 million pieces of registration data recorded on the group's official website such as userID and login pin; and 130 million pieces of check-in data, including birthday and home address. China hotel data sold on the dark web The Huazhu Hotels Group is one of China's largest hotel chains, operating 5,162 hotels across 13 hotel brands across in 1,119 Chinese cities. The data sold online was advertised to have originated from customers who stayed at Huazhu's hotel brands, such as Hanting Hotel, Grand Mercure, Joye, Manxin, Novotel, Mercure, CitiGo, Orange, All Season, Starway, Ibis, Elan, and Haiyou. The hotel chain filed a police complaint on the same day news of the hack broke in Chinese media --August 28. In its message to investors, the hotel chain said Liu was unsuccessful in selling the stolen data. They also said the hacker attempted to blackmail the hotel into paying for its own data by leveraging public pressure surrounding the public disclosure of the hack. "To comply with laws and police protocols, the Company cannot disclose additional information on the case at this time," a Huazhu spokesperson said. Source
  24. LC Technology International, Inc. is a global leader in data recovery, photo recovery, data recovery services , and SD card/flash media data recovery. Our mission is designed to help our clients resolve catastrophic problems. LC Technology International maintains the highest quality standards with award winning customer service and support as noted by the many awards and articles in the media. We have developed outstanding products that recover data and files in the event of data loss or hard drive failure. Home: https://www.lc-tech.com PHOTORECOVERY PRO 2018 5.1.7.0 AIO Keygen by Lord Blix-TSZ Repack JCVO Site: https://www.mirrorcreator.com Sharecode[?]: /files/0DP5OEJE/PHOTORECOVERY_PRO_2018_5.1.7.0_AIO_Keygen_by_Lord_Blix-TSZ_Repack_JCVO.zip_links Solid State Doctor 3.1.4.2 AIO Keygen by Lord Blix-TSZ Repack JCVO Site: https://www.mirrorcreator.com Sharecode[?]: /files/1GD0HMM6/Solid_State_Doctor_3.1.4.2_AIO_Keygen_by_Lord_Blix-TSZ_Repack_JCVO.zip_links FILERECOVERY Enterprise 5.5.9.8 AIO Keygen by Lord Blix-TSZ Repack JCVO Site: https://www.mirrorcreator.com Sharecode[?]: /files/LQDLYW4N/FILERECOVERY_Enterprise_5.5.9.8_AIO_Keygen_by_Lord_Blix-TSZ_Repack_JCVO.zip_links Digital Media Doctor PRO 3.1.5.3 AIO Keygen by Lord Blix-TSZ Repack JCVO Site: https://www.mirrorcreator.com Sharecode[?]: /files/IOETLXR3/Digital_Media_Doctor_PRO_3.1.5.3_AIO_Keygen_by_Lord_Blix-TSZ_Repack_JCVO.zip_links RescuePRO Deluxe for SSD 6.0.2.3 AIO Keygen by Lord Blix-TSZ Repack JCVO Site: https://www.mirrorcreator.com Sharecode[?]: /files/1CAOSRHH/RescuePRO_Deluxe_for_SSD_6.0.2.3_AIO_Keygen_by_Lord_Blix-TSZ_Repack_JCVO.zip_links RescuePRO Deluxe 6.0.2.3 AIO Keygen by Lord Blix-TSZ Repack JCVO Site: https://www.mirrorcreator.com Sharecode[?]: /files/FBYIUNN2/RescuePRO_Deluxe_6.0.2.3_AIO_Keygen_by_Lord_Blix-TSZ_Repack_JCVO.zip_links Versions Commercial RescuePRO Deluxe Commercial 6.0.2.3 AIO Keygen by Lord Blix-TSZ Repack JCVO Site: https://www.mirrorcreator.com Sharecode[?]: /files/2D23APRM/RescuePRO_Deluxe_Commercial_6.0.2.3_AIO_Keygen_by_Lord_Blix-TSZ_Repack_JCVO.zip_links FILERECOVERY Enterprise Commercial 5.5.9.8 AIO Keygen by Lord Blix-TSZ Repack JCVO Site: https://www.mirrorcreator.com Sharecode[?]: /files/16T2EYXQ/FILERECOVERY_Enterprise_Commercial_5.5.9.8_AIO_Keygen_by_Lord_Blix-TSZ_Repack_JCVO.zip_links PHOTORECOVERY PRO 2018 Commercial 5.1.7.0 AIO Keygen by Lord Blix-TSZ Repack JCVO Site: https://www.mirrorcreator.com Sharecode[?]: /files/3OTC3KZQ/PHOTORECOVERY_PRO_2018_Commercial_5.1.7.0_AIO_Keygen_by_Lord_Blix-TSZ_Repack_JCVO.zip_links installers original with keygen integrated eye are tested and work at the end of the installation will be marked 2 options please do not topen to open and run the program and the keygen that can register it, remember it is a false positive.
  25. Second worst stingray in history (RIP Steve Irwin) Someone may have spied on smartphones in or near the White House using a fake cellphone tower – and miscreants are said to have abused SS7 weaknesses to swipe US citizens' private information, it emerged this week. On Friday, Senator Ron Wyden (D-OR) revealed a letter he received from the US government's Department of Homeland Security earlier this month that suggested someone deployed a Stingray-like IMSI-capturing device to track and snoop on phones near the White House in Washington DC. This equipment works by pretending to be a real cellphone mast, connecting to passing handhelds to collect their owners' unique subscriber ID numbers, and potentially snooping on their chatter. Specifically, Homeland Security officials said they had detected activity that "appeared consistent" with Stingray devices within the capital region "including locations in proximity to potentially sensitive facilities like the White House." The DHS tempered that claim, though, by noting that it could not attribute the IMSI spying to any specific group, and that some of the transmissions turned out to be signals sent from legitimate cellphone towers. The news of a possible foreign stingray near the White House is of particular concern giving reports that the President isn’t even using a secure phone to protect his calls," Wyden said. "The cavalier attitude toward our national security appears to be coming from the top down." Separately, Wyden said he had been told by a big-name mobile network that malicious attackers are believed to have used SS7 – the 40-year-old protocol that glues cellular networks together – to obtain customer data. The Homeland Security letter indeed said it had received reports of "nefarious" types leveraging SS7 to spy on American citizens by targeting their calls, text messages, and other information. SS7 is typically abused by criminals hacking into phone networks, or rogue insiders, to swipe private info. State-owned carriers can also exploit SS7 on behalf of government snoops, or networks can be compelled by administrations to use the protocol to surveil targets. In any case, SS7 is a system that can be exploited by a phone network in one country to screw around with people using a network in another country, or within the same nation, and intercept calls and messages. Wyden released Uncle Sam's letter as part of his push to get America's comms watchdog the FCC, and US telcos, to conduct a more thorough investigation and report on the use of both SS7 exploits and Stingray devices within their networks. Not a useful Ajit Earlier this week, Wyden sent FCC boss Ajit Pai a letter calling for a probe, and blasted the chairman for seemingly refusing to do anything about security holes present in mobile networks. "One year ago I urged you to address serious cybersecurity vulnerabilities in US telephone networks," Wyden's letter [PDF] reads. "To date, your Federal Communications Commission has done nothing but sit on its hands, leaving every American with a mobile phone at risk." The senator added: "This threat is not merely hypothetical – malicious attackers are already exploiting SS7 vulnerabilities. One of the major wireless carriers informed my office that it reported an SS7 breach, in which customer data was accessed, to law enforcement." Wyden thus demanded to know what the regulator did in response to multiple reports of SS7 attacks. Source
×
×
  • Create New...