Found 213 bookmarks
Custom sorting
How Apple Wi-Fi Positioning System can be abused to track people around the globe
How Apple Wi-Fi Positioning System can be abused to track people around the globe
Academics have suggested that Apple's Wi-Fi Positioning System (WPS) can be abused to create a global privacy nightmare. In a paper titled, "Surveilling the Masses with Wi-Fi-Based Positioning Systems," Erik Rye, a PhD student at the University of Maryland (UMD) in the US, and Dave Levin, associate professor at UMD, describe how the design of Apple's WPS facilitates mass surveillance, even of those not using Apple devices.
#theregister#EN#2024#Apple#Wi-Fi#Positioning#WPS#privacy#abused
·theregister.com·
How Apple Wi-Fi Positioning System can be abused to track people around the globe
When privacy expires: how I got access to tons of sensitive citizen data after buying cheap domains
When privacy expires: how I got access to tons of sensitive citizen data after buying cheap domains
Cybersecurity has always been transient: what is deemed to be secure today, may be considered easily hackable tomorrow. Domain names in web and e-mail addresses, such as info@inti.io, are leased in time. This means that if nobody thinks of renewing them after they expire, they will be put up for sale. It made me wonder what would happen to the graveyard of cloud accounts attached to the e-mail addresses that once belonged to these expired domains.
#inti.io#EN#2024#privacy#expired#domains#research
·inti.io·
When privacy expires: how I got access to tons of sensitive citizen data after buying cheap domains
Tech tool offers police ‘mass surveillance on a budget’
Tech tool offers police ‘mass surveillance on a budget’
Local law enforcement agencies from suburban Southern California to rural North Carolina have been using an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people’s movements months back in time, according to public records and internal emails obtained by The Associated Press.
#ApNews#EN#2022#AP-Investigations#Technology#Police#California#Arkansas#Weekend-Reads#North-Carolina#privacy#Government-surveillance#Law-enforcement-agencies#Criminal-investigations
·apnews.com·
Tech tool offers police ‘mass surveillance on a budget’
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
User tracking technologies are ubiquitous on the web. In recent times web browsers try to fight abuses. This led to an arms race where new tracking and anti-tracking measures are being developed. The use of one of such evasion techniques, the CNAME cloaking technique is recently quickly gaining popularity. Our evidence indicates that the use of the CNAME scheme threatens web security and privacy systematically and in general
#lukaszolejnik#EN#2022#research#privacy#web-browser#web#w3c#consent#data-breach#gdpr#dns#cname#cloacking
·blog.lukaszolejnik.com·
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.
#citizenlab#2021#EN#Pegasus#Predator#spyware#privacy#IoC#Cytrox
·citizenlab.ca·
Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Apple Inc. and Meta Platforms Inc., the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter. Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.
#bloomberg#EN#2022#RecursionTeam#Lapsus$#Apple#Meta#privacy#forged#datarequest
·bloomberg.com·
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Denmark: Datatilsynet publishes guidance on use of cloud technologies
Denmark: Datatilsynet publishes guidance on use of cloud technologies
The Danish data protection authority ('Datatilsynet') announced, on 9 March 2022, that it had published a new guide on the use of cloud services, as well as a short overview of frequently asked questions ('FAQs'). In particular, the Datatilsynet stated that the new guide is targeted at data controllers and notes the considerations which data controllers must keep in mind when using a cloud service, including an outline of the pitfalls, opportunities, and obligations that arise when using such technologies. Document PDF
#Denmark#dataguidance#EN#2022#guidance#cloud#privacy#legal#EU#Datatilsynet
·dataguidance.com·
Denmark: Datatilsynet publishes guidance on use of cloud technologies
‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them
‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them
As a journalist working for the Arab news network Alaraby, Rania Dridi said she’s taken precautions to avoid being targeted by hackers, keeping an eye out for suspicious messages and avoiding clicking on links or opening attachments from people she doesn’t know.
#Bloomberg#EN#2022#zeroclick#spyware#NSO#governement#spy#privacy#attack
·bloombergquint.com·
‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them
Tech tool offers police ‘mass surveillance on a budget’
Tech tool offers police ‘mass surveillance on a budget’
Local law enforcement agencies from suburban Southern California to rural North Carolina have been using an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people’s movements months back in time, according to public records and internal emails obtained by The Associated Press.
#ApNews#EN#2022#AP-Investigations#Technology#Police#California#Arkansas#Weekend-Reads#North-Carolina#privacy#Government-surveillance#Law-enforcement-agencies#Criminal-investigations
·apnews.com·
Tech tool offers police ‘mass surveillance on a budget’
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
User tracking technologies are ubiquitous on the web. In recent times web browsers try to fight abuses. This led to an arms race where new tracking and anti-tracking measures are being developed. The use of one of such evasion techniques, the CNAME cloaking technique is recently quickly gaining popularity. Our evidence indicates that the use of the CNAME scheme threatens web security and privacy systematically and in general
#lukaszolejnik#EN#2022#research#privacy#web-browser#web#w3c#consent#data-breach#gdpr#dns#cname#cloacking
·blog.lukaszolejnik.com·
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.
#citizenlab#2021#EN#Pegasus#Predator#spyware#privacy#IoC#Cytrox
·citizenlab.ca·
Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Apple Inc. and Meta Platforms Inc., the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter. Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.
#bloomberg#EN#2022#RecursionTeam#Lapsus$#Apple#Meta#privacy#forged#datarequest
·bloomberg.com·
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Denmark: Datatilsynet publishes guidance on use of cloud technologies
Denmark: Datatilsynet publishes guidance on use of cloud technologies
The Danish data protection authority ('Datatilsynet') announced, on 9 March 2022, that it had published a new guide on the use of cloud services, as well as a short overview of frequently asked questions ('FAQs'). In particular, the Datatilsynet stated that the new guide is targeted at data controllers and notes the considerations which data controllers must keep in mind when using a cloud service, including an outline of the pitfalls, opportunities, and obligations that arise when using such technologies. Document PDF
#Denmark#dataguidance#EN#2022#guidance#cloud#privacy#legal#EU#Datatilsynet
·dataguidance.com·
Denmark: Datatilsynet publishes guidance on use of cloud technologies
‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them
‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them
As a journalist working for the Arab news network Alaraby, Rania Dridi said she’s taken precautions to avoid being targeted by hackers, keeping an eye out for suspicious messages and avoiding clicking on links or opening attachments from people she doesn’t know.
#Bloomberg#EN#2022#zeroclick#spyware#NSO#governement#spy#privacy#attack
·bloombergquint.com·
‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them
CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and…
#krebsonsecurity#EN#2024#CEO#Onerep.com#People-Search#privacy
·krebsonsecurity.com·
CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
Google Chrome gets real-time phishing protection later this month
Google Chrome gets real-time phishing protection later this month
Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. The company launched Safe Browsing in 2005 to defend users against web phishing attacks and has since upgraded it to block malicious domains that push malware, unwanted software, and various social engineering schemes.
#bleepingcomputer#EN#2024#solution#Browsing#Phishing#Enhanced#Chrome#Google#Safe#Privacy#Safe-Browsing#browser
·bleepingcomputer.com·
Google Chrome gets real-time phishing protection later this month
Civil society complaint raises concern that LinkedIn is violating DSA ad targeting restrictions
Civil society complaint raises concern that LinkedIn is violating DSA ad targeting restrictions
On 26 February, EDRi and its partners Global Witness, Gesellschaft für Freiheitsrechte and Bits of Freedom have submitted a complaint to the European Commission regarding a potential infringement of the Digital Services Act (DSA). Specifically, we have raised concerns that LinkedIn, a designated Very Large Online Platform (VLOP) under the DSA, infringes the DSA’s new prohibition of targeting online adverts based on profiling using sensitive categories of personal data such as sexuality, political opinions, or race.
#edri.org#EN#2024#LinkedIn#privacy#complaint#EU#European#Digital#Rights
·edri.org·
Civil society complaint raises concern that LinkedIn is violating DSA ad targeting restrictions
Tech tool offers police ‘mass surveillance on a budget’
Tech tool offers police ‘mass surveillance on a budget’
Local law enforcement agencies from suburban Southern California to rural North Carolina have been using an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people’s movements months back in time, according to public records and internal emails obtained by The Associated Press.
#ApNews#EN#2022#AP-Investigations#Technology#Police#California#Arkansas#Weekend-Reads#North-Carolina#privacy#Government-surveillance#Law-enforcement-agencies#Criminal-investigations
·apnews.com·
Tech tool offers police ‘mass surveillance on a budget’
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
User tracking technologies are ubiquitous on the web. In recent times web browsers try to fight abuses. This led to an arms race where new tracking and anti-tracking measures are being developed. The use of one of such evasion techniques, the CNAME cloaking technique is recently quickly gaining popularity. Our evidence indicates that the use of the CNAME scheme threatens web security and privacy systematically and in general
#lukaszolejnik#EN#2022#research#privacy#web-browser#web#w3c#consent#data-breach#gdpr#dns#cname#cloacking
·blog.lukaszolejnik.com·
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?