What’s so new about RC cars? Oh … they’re the real, “off-the-shelve” ones, those where people ride in … and they can be hijacked by anybody with the same cellular provider … over the Internet, no direct access required … o.O … WIRED has a piece.
Bruce Schneier talks about how security companies sat on knowledge and research data about military-grade Regin malware for at least six years. They only decided to share their knowledge because the Intercept was about to publish an article about it. Their arguments for why they withheld their knowledge until now range from “our customers asked us not to disclose what had been found in their networks” to “we didn’t want to interfere with NSA/GHCQ operations”. :/ It’s safe to say that they sit on a bunch more.
These are people who did nothing wrong. They didn’t click on phishing links, or use dumb passwords (or even if they did, they didn’t cause this). They just showed up. They sent the same banal workplace emails you send every day, some personal, some not, some thoughtful, some dumb. Even if they didn’t have the expectation of full privacy, at most they may have assumed that an IT creeper might flip through their inbox, or that it was being crunched in an NSA server somewhere. For better or worse, we’ve become inured to small, anonymous violations. What happened to Sony Pictures employees, though, is public. And it is total.
And in Bruce’s words:
These people didn’t have anything to hide. They aren’t public figures. Their details aren’t going to be news anywhere in the world. But their privacy has been violated, and there are literally thousands of personal tragedies unfolding right now as these people deal with their friends and relatives who have searched and reads this stuff.
Messenger apps show your friends’ online status. Anytime you open the app, they’ll notify the service that you’re “online” at the moment. Now everybody else can see it in their contact lists.
And with everybody I mean anybody! If you have a phone number you can check that person’s online status as often as you want from wherever you want (no need to be friends or anything).
So did a group of researchers at the Friedrich-Alexander-Universität Erlangen-Nürnberg. They used this “feature” to “find out how frequently and how long users spent with their popular messenger” on a random sample of 1000 people in different countries for over eight months.
Looking through the project’s website should make it clear how little the creators of those apps care …
Moreover, we were able to run our monitoring solution against the WhatsApp services from July 2013 to April 2014 without any interruption. Although we monitored personal information of thousands of users for several months — and thus strongly deviated from normal user behaviour — our monitoring efforts were not inhibited in any way.
… and that they don’t want you to be able to care.
Unfortunately, affected messenger services (like WhatsApp, Telegram, etc.) currently provide no option for disabling access to a user’s “online” status. Even WhatsApp’s newly introduced privacy controls fail to prevent online status tracking, as users still cannot opt-out of disclosing their availability to anonymous parties.
It looks like Apple “needs” to upload even your unsaved documents to its servers to make the newly introduced Continuity “feature” work.
Also it seems Apple silently uploads names and email addresses of all the people you correspond with–no, not only the ones in your address book–just to have a “consistent” experience when displaying recent addresses.
It scares me how little their customer’s privacy must be worth when they choose (these are not accidental data “leaks”) to silently violate them in order to provide comfort features.
It seems there is at least a hidden configuration option to turn this behavior off:
defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false
Forscher der TU Berlin haben herausgefunden, dass die Frontkameras von Smartphones so gut auflösen, dass man an den Reflexionen in den Augen oder Brillen Passwörter auslesen kann.
Außerdem gelang es auch Fingerabdrücke mittels Rückkamera beim Greifen nach dem Gerät abzufilmen.
… man kann es auch als Nachtrag zu diesem Paper sehen.
Just Delete Me – Find out how to delete your account on a service you don’t want to be on any more. … Did somebody say Facebook?
How this “cyber expert” embarrasses herself is priceless. I laughed so hard my stomach hurts. xD