The Surveillance Industry Index

Privacy International has released a Surveillance Industry Index.  From PI:
Privacy International is pleased to announce the Surveillance Industry Index,
the most comprehensive publicly available database on the private surveillance sector.
Over the last four years, Privacy International has been gathering information from various sources that details how the sector sells its technologies, what the technologies are capable of and in some cases, which governments a technology has been sold to. Through our collection of materials and brochures at surveillance trade shows around the world, and by incorporating certain information provided by Wikileaks and Omega Research Foundation, this collection of documents represents the largest single index on the private surveillance sector ever assembled. All told, there are 1,203 documents detailing 97 surveillance technologies contained within the database. The Index features 338 companies that develop these technologies in 36 countries around the world.
This research was conducted as part of our Big Brother Incorporated project, an investigation into the international surveillance trade that focuses on the sale of technologies by Western companies to repressive regimes intent on using them as tools of political control.
What we found, and what we are publishing, is downright scary . . .
Posted by on No comments:
Labels:

Police Pay Cryptolocker Ransom

From The Herald News:
A computer virus that encrypts files and then demands that victims pay a “ransom” to decrypt those items recently hit the Swansea Police Department.
The department paid $750 for two Bitcoins — an online currency — to decrypt several images and word documents in its computer system, Swansea Police Lt. Gregory Ryan said.
“It was an education for (those who) had to deal with it,” Ryan said, adding that the virus did not affect the software program that the police department uses for police reports and booking photos. . . .

CryptoLocker, a new Windows ransomware virus sweeping across the country, hit the Swansea Police Department on Nov. 6. The virus encrypted several files that could only be decrypted through the purchase of Bitcoins, an unregulated digital currency, to pay for the special “decryption key.” A countdown clock appeared on a computer screen showing how much time the department had to buy the key before all the files were deleted.
Posted by on No comments:
Labels: ,

Bitcoin Blows Past $600

From CNBC:
Bitcoin touched a fresh all-time high on Monday as the digital currency continued to gain favor with investors.  The virtual currency rose to just under $619 on Mt. Gox exchange Monday afternoon in Asia, up by over 25 percent from the same time on Sunday.
Its latest gains come as the potential for regulation hangs over the market. The U.S. Senate Committee on Homeland Security and Governmental Affairs (HSGAC) is set to begin a hearing at 3.00 p.m. Washington time on Monday. The event will bring representatives from different federal agencies and representatives from the bitcoin community to discuss virtual currencies.
Posted by on No comments:
Labels:

Executive Computer Illiteracy a Threat to Consumer Data Security

Here's an interesting new study from Threat Track Security, a "blind survey of 200 security professionals dealing with malware analysis within U.S. enterprises."  From the release:
ThreatTrack Security today published a study that reveals mounting cybersecurity challenges within U.S. enterprises. Nearly 6 in 10 malware analysts reported they have investigated or addressed a data breach that was never disclosed by their company.

These results suggest that the data breach epidemic - totaling 621 confirmed data breaches in 2012, according to Verizon's 2013 Data Breach Investigations Report - may be significantly underreported, leaving enterprises' customers and data-sharing partners unaware of a wide array of potential security risks associated with the loss of personal or proprietary information. Moreover, the largest companies, those with more than 500 employees, are even more likely to have had an unreported breach, with 66% of malware analysts with enterprises of that size reporting undisclosed data breaches. 
Despite their gravity, the reasons behind these breaches are rather funny:
malware analysts revealed a device used by a member of their senior leadership team had become infected with malware due to executives:
  • Visiting a pornographic website (40%)
  • Clicking on a malicious link in a phishing email (56%)
  • Allowing a family member to use a company-owned device (45%)
  • Installing a malicious mobile app (33%)
Posted by on No comments:
Labels:

Wikileaks Obtains Draft Text of TPP Copyright Agreement

From the Guardian:
WikiLeaks has released the draft text of a chapter of the Trans-Pacific Partnership (TPP) agreement, a multilateral free-trade treaty currently being negotiated in secret by 12 Pacific Rim nations.
The full agreement covers a number of areas, but the chapter published by WikiLeaks focuses on intellectual property rights, an area of law which has effects in areas as diverse as pharmaceuticals and civil liberties.
Negotiations for the TPP have included representatives from the United States, Canada, Australia, New Zealand, Japan, Mexico, Malaysia, Chile, Singapore, Peru, Vietnam, and Brunei, but have been conducted behind closed doors. Even members of the US Congress were only allowed to view selected portions of the documents under supervision.
Posted by on No comments:
Labels: ,

HTTPS: Toward a Secure Internet

From W3.org:
There seems to be strong consensus to increase the use of encryption on the Web, but there is less agreement about how to go about this. The most relevant proposals were: 
A. Opportunistic encryption for http:// URIs without server authentication -- a.k.a. "TLS Relaxed" as per draft-nottingham-http2-encryption.

B. Opportunistic encryption for http:// URIs with server authentication -- the same mechanism, but not "relaxed", along with some form of downgrade protection.

 C. HTTP/2 to only be used with https:// URIs on the "open" Internet. http:// URIs would continue to use HTTP/1 (and of course it would still be possible for older HTTP/1 clients to still interoperate with https:// URIs).

In subsequent discussion, there seems to be agreement that (C) is preferable to (B), since it is more straightforward; no new mechanism needs to be specified, and HSTS can be used for downgrade protection. (C) also has this advantage over (A), and furthermore provides stronger protection against active attacks. The strongest objections against (A) seemed to be about creating confusion about security and discouraging use of "full" TLS, whereas those against (C) were about limiting deployment of better security.

Keen observers have noted that we can deploy (C) and judge adoption of the new protocol, later adding (A) if neccessary. The reverse is not necessarily true.
Posted by on No comments:
Labels:

Shielding Yourself from Prying Eyes and Algorithms on Google, Facebook and Twitter

A quick how-to on shielding yourself from online tracking by Google, Facebook and Twitter, from Mashable:
Many sites, apps and browsers are using your information in ways you might not entirely comply with if you'd take the time to read their privacy policies. Often, opting out is only a click away, though it may be difficult to find out where exactly to click. We've compiled this list of ways various Internet companies are tracking and using your data — plus, given you the tools to opt out, if you wish . . .
Posted by on No comments:
Labels: ,
Subscribe to: Posts (Atom)