no more cubes

Category: Security & Privacy

  • This week in dystopia.

    This week in dystopia: The New York Times has an article about the next steps in dystopian future. A start-up evolving face recognition algorithms, fed by a database with facial images, scraped from the open web.

    Clearview - This week in Dystopia.
    Clearview – This week in Dystopia.

    A little-known start-up helps law enforcement match photos of unknown people to their online images — and “might lead to a dystopian future or something,” a backer says.

    The New York Times: The Secretive Company That Might End Privacy as We Know It

    Further, the article describes the sheer size of the database. At a rate of massive duplicate numbers, three billion images is still impressive.

    The system — whose backbone is a database of more than three billion images that Clearview claims to have scraped from Facebook, YouTube, Venmo and millions of other websites — goes far beyond anything ever constructed by the United States government or Silicon Valley giants.

    The New York Times: The Secretive Company That Might End Privacy as We Know It

    In times in which criticism of big tech is on the rise. Just this week Jannis Brühl, Head of Tech News Department at @sueddeutsche Zeitung published an opinion that this technology is dangerous and should be banned,. The article include an appeal to German government to create legislation to do so. Jannis is in good company with other tech critics like Eyvgen Morozov

    Source: The Secretive Company That Might End Privacy as We Know It

  • Microsofts Patch Tuesday

    Y’all install Microsoft Patch Tuesday patches within 24h, right? This time Krebs On Security has some rumours that make you want to really install these patches in time.

    Update: Washington Post reports, the NSA warned Microsoft about it.

  • SHA-1 is a Shambles

    SHA-1 is a Shambles: Hashing Algorithm SHA-1 has seen collision attacks before. Gaëtan Leurent and Thomas Peyrin Published a chosen-prefix collision for SHA-1.

    Source: SHA-1 is a Shambles

  • Twelve Million Phones, One Dataset, Zero Privacy

    Twelve Million Phones, One Dataset, Zero Privacy

    is part one of One nation, tracked, an New York Times investigation series of smart phone information tracking and by Stuart A. Thompson and Charlie Warzel, within their privacy project. The research covers multiple topics, only starting out with an analysis of the potential contained in smartphone tracking information.

    What we learned from the spy in your pocket.

    Twelve Million Phones, One Dataset, Zero Privacy

    The authors analyse a large dataset of location information from New York and Washington, DC, cell phone users. With the analysis, the article debunks myths about data privacy. The key takeaway of the analysis, to my interpretation are:

    Twelve Million Phones - One Mobile Phone User in Munich
    Mobile Phone User – Munich
    1. Data is not anonymous – the authors successfully identified a Senior Defense Department official and his wife. And this was possible during the Women’s March. According to authors, nearly half a million descended on the capital for this event. (Other sources only mention one hundred thousand attendants)
    2. Data is not safe – the authors point out complex relationships of companies in the tracking business. Complexity makes it impossible to ensure ownership. There is no foolproof way for anyone or anywhere in the chain to prevent data from falling into the hands of a foreign security service.
    3. Affected persons cannot consent – the authors criticism seems reasonable. Virtually all companies involved with tracking require user consent. And even cell phones make the geo-tracking feature visible to users. Only barely anyone in the business makes purpose transparent. In other words, no company prominently announce how they package and sell data or insight.

    One Nation, Tracked

    The article is a creepy read, but worth the time spending. The series One Nation, Tracked continues with 6 other parts:

    1. discussing how to Protect Yourself
    2. National Security, which is for the the US in the article.
    3. details on How it works
    4. individual spying in One Neighborhood
    5. Protests is about how this business betrays democracy
    6. And offers Solutions through privacy rights.

    Source: Opinion | Twelve Million Phones, One Dataset, Zero Privacy – The New York Times

  • Security Nightmares beim 36C3

    Security Nightmares – Frank und Ron beim 36C3 in Leipzig

    Wie jedes Jahr , jedenfalls seit 1999 während des 19C3 in Berlin, haben Frank und Ron auch dieses Jahr wieder Ihren Vortrag Security Nightmares beim 36C3 zu Sicherheitsbezogenen Vor- und Rückschauen gehalten.

    Frank und Ron zu Security Nightmares 0x14 auf dem #36c3
    Security Nightmares 0x14

    In einer Rückschau auf diesen ersten Vortrag “vor zwanzig Jahren” blicken die beiden auf die Vorhersagen von Damals und die Ereignisse der letzte Jahre zurück und fassen den ganzen Zeitraum der beiden Jahrzehnte damit zusammen, ob man Makros erlauben möchte. Makros waren schon 1999 (Melissa, I love you) wie heute (Emotet) einer der wichtigsten Angriffsvektoren für Malware. Der folgende Rückblick auf die letzten zehn Jahre alleine fällt etwas technischer aus. Trotzdem ruft der Teil einige schöne Ereignisse noch einmal ins Gedächtnis. Darunter z.B. den Aufschrei Deutschlands gegen Streetview, die Debatte um intelligente Stromzähler oder die elektronische Gesundheitskarte. Themen, die auch bis heute nicht vollkommen abgeschlossen sind.

    Ein “Internet-Normalitätsupdate” setzt jüngere und auch noch laufende Angriffe mit bekannten Zahlen in Perspektive.

    Darüber hinaus setzt der Vortrag sich mit Rückschauen in den Themenfeldern E-Gov, Datenreichtum und Crypto (SPD Mitgliederbefragung!), Geschäftsfelder, Crypto, Sport und Bemerkenswertem auseinander, bevor sich Frank und Ron den Stichworten für 2020 widmen. Wenig technisch wagen die beiden eine Prognose zu Berufsfeldern, die die Cyber-Situation hervorbringen könnte. Das reicht von der Cyber-Nachsorge für das Seelenheil Betroffener, über die Cyberfantasy-Geschichtenschamanen, die magiehafte Technologie nachvollziehbar erzählen können, bis zu Verzerrungs-Sucher und IPv6 Exorzisten

    Wie jedes Jahr ein interessanter und unterhaltsamer Vortrag. Auch wenn ich die Lesung nicht selbst hören habe können, lohnt sich die Aufzeichnung auf media.ccc.de nachzusehen.

  • (ISC)2 mailed me

    Dear Andreas,

    You have satisfied your Annual Maintenance Fee (AMF) and Continuing Professional Education (CPE) requirements for your CCSP.

    Your CCSP certification has been renewed to a new three-year cycle!

    Happy to be certified again!

  • Netflix (Security) on Youtube

    Netflix (Security) on Youtube: Netflix Security runs a YouTube Channel! As opposed to the company channel, it does not only broadcast previews! This is a great subscription for security practiconers!

    Via Stephanie Olsen (on LinkedIn).

  • Nicht witzig.

    Stephan Anpalagan
    @stephanpalagan on Twitter

    Stephan Anpalagan@stephanpalagan hat da schon recht irgendwie. Blos finde ich das eigentlich gar nicht so witzig…

  • Kampf gegen Facebook: Rückenwind für Schrems vor EuGH

    Schon seit den Snowden Leaks setzt Max Schrems sich gegen Facebook und für Datenschutz in Europa ein. Noch am 19.12.2019 hat das EuGH in seinem Sinn entschieden, schreibt der Österreichische Rundfunk:

    Am Donnerstag errang er [Max Schrems] einen Etappenerfolg: Der Generalanwalt des Europäischen Gerichtshofs (EuGH) empfahl dem Gericht, bei einigen Grundsatzfragen zum Datenaustausch zwischen den USA und EU in Schrems’ Sinne zu entscheiden.

    news.orf.at

    Source: Kampf gegen Facebook: Rückenwind für Schrems vor EuGH – news.ORF.at

  • Quitting Google

    Nithin Coca of The Next Web went on a quest to quitting Google. In this article, he describes his experience and gives plenty of pointers on how to achieve the same. He start out making a point about individual privacy, and points out individual alternatives to popular Google services. Starting from using Firefox over Chrome to particular services for daily office use. At the end of the year, this little “Quitting Google” guide contains little news, but serves as a good starting point to maybe develop a new years resolution and be more sensitive about privacy in the upcoming year 2020.

    Nithin Coca of The Next Web
    Nithin Coca of The Next Web

    Over the past six months, I have gone on a surprisingly tough, time-intensive, and enlightening quest — to quit using, entirely, the products of just one company — Google. What should be a simple task was, in reality, many hours of research and testing. But I did it. Today, I am Google-free, part of the […]

    Source: How I fully quit Google (and you can, too)