Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#hacking’

pr

Data-hucksters beware – online privacy is making a comeback

August 22, 2017

Next year, 25 May looks like being a significant date. That’s because it’s the day that the European Union’s general data protection regulation (GDPR) comes into force. This may not seem like a big deal to you, but it’s a date that is already keeping many corporate executives awake at night. And for those who are still sleeping soundly, perhaps it would be worth checking that their organisations are ready for what’s coming down the line.

First things first. Unlike much of the legislation that emerges from Brussels, the GDPR is a regulation rather than a directive. This means that it becomes law in all EU countries at the same time; a directive, in contrast, allows each country to decide how its requirements are to be incorporated in national laws.

Second, the purpose of the new regulation is to strengthen and rationalise data protection for all individuals within the EU. It also covers the export of personal data to outside the bloc. Its aims are to give control back to EU residents over their personal data and to simplify the regulatory environment for international business by unifying regulation, so that instead of having to deal with a range of data-protection issues in different jurisdictions, companies will effectively be able to obtain a “passport” for the entire region, much as financial services firms have been able to acquire.

Given that the use, abuse and exploitation of personal data has become the core business of the internet, anything that affects this is going to be a big deal. The GDPR extends EU data-protection law to all foreign companies that process the data of EU residents. So even if a company has no premises or presence within the EU, if it processes EU data it will be bound by the regulation. And the penalties for non-compliance or infringement are eye-watering, even by internet standards: fines up to €20m and/or 4% of global turnover.

Advertising Age concludes that the new regulation will ‘rip the global digital ecosystem apart’
The GDPR applies both to data “controllers” (who determine how and why personal data is processed) and “processors” (who handle the data on the controller’s behalf). The obligations on controllers are broadly similar to those imposed by current data-protection law. But if you’re a processor, then the regulation imposes specific legal obligations on you to maintain records of personal data and processing activities and you will have significantly more legal liability if you are responsible for a data breach. And any breach, no matter how small, has to be reported to the authorities within 72 hours.

More significantly, the GDPR extends the concept of “personal data” to bring it into line with the online world. The regulation stipulates, for example, that an online identifier, such as a device’s IP address, can now be personal data. So next year, a wide range of identifiers that had hitherto lain outside the law will be regarded as personal data, reflecting changes in technology and the way organisations collect information about people.

The regulation gives important new rights to citizens over the use of their personal information. They have the right, for example, to contest and fight decisions that have been made about them by algorithms processing their data. Valid consent has to be explicitly obtained for any data collected and for the uses to which it will be put. Consent for children’s data must be given by parents or guardians and data controllers must be able to prove that consent has been obtained.

Citizens will now have the right to request the deletion of personal information related to them – and companies will have to be able to prove that the offending data has been properly wiped (which may be more difficult than it sounds). And so on.

For many traditional companies – the ones that keep HR records, customer lists, contact details etc – the GDPR will probably make little practical difference, except for more onerous compliance requirements. But for organisations that have hitherto operated outside the reach of data-protection law, for example the hidden multitudes of data-hucksters, trackers, data-auctioneers and ad-targeters that operate behind the facade of websites, social media and Google, the GDPR represents an existential threat.

Facebook and Google should be OK, because they claim to have the “consent” of their users. But the data-broking crowd do not have that consent. As Advertising Age puts it: “Targeting and tracking companies will need to get user consent somehow. Everything that invisibly follows a user across the internet will, from May 2018, have to pop up and make itself known in order to seek express permission from individuals.” The new regulation will, it concludes, “rip the global digital ecosystem apart”.

Not before time, IMHO. In the meantime, three cheers for the EU. And – since you ask – the UK government has decided that the GDPR will apply here even after Brexit.

Tags: , , ,

hacker-coder-developer-software-programmer-alphanumeric-matrix

Hacking capture-the-flag event coming to rAge 2017

February 21, 2017

SecureConekt has announced it is organising a hacking competition for the rAge Johannesburg event in October.

The hacking event’s organiser, Errol Enslin, said rAge has partnered with them to establish the competition for hackers.

Enslin said they are assessing what interest there is for such a competition, which will determine the type of capture-the-flag (CTF) events:

Jeopardy-style CTF: Teams complete tasks in range of categories, such as web, forensic, crypto, and binary. Points are awarded for solving tasks, with complex tasks worth more points. Once a task is complete, the team may progress to the next one.
Attack-Defence: Teams must defend their vulnerable host, or hosts, while attacking the other team.
Mixed competitions: A combination of task-based and versus competitions, with a weighted total score determining the winner.
“CTF games often touch on many other aspects of information security: cryptography, steganography, binary analysis, reverse engineering, mobile security, and others,” said Enslin.

“We will set up a decent prize, so competing will be worth it.”

He said the competition will give South African hackers a way to measure their skill and will help grow the local community.

“Hackathons are a good way for the administrators to witness what [hackers] are facing day to day.”

It will also give corporate security employees a tool to test their abilities within a controlled environment, he said.

Tags: ,

pp

WhatsApp scams: Gold, free money, spying apps and everything else you should worry about

November 4, 2016

Almost everybody uses WhatsApp. That’s what makes it so useful – but it’s also what makes it so dangerous.

As WhatsApp and other chat apps have grown, they’ve also picked up their unfair share of scams. They come in many different forms, and are often very convincing.

But the advice for steering clear and staying safe is the same as it is everywhere else on the internet, really. Just make sure that you stay vigilant and don’t fall for anything that seems too good or too worrying to be true.

Here’s some of the things you should be looking out for.

Voucher scams

This is a tale at least as old as text messages. But it’s lived on into the WhatsApp age and is showing no sign of dying.

It works like this: a message arrives in your WhatsApp from someone who looks like your friend, recommending a deal they’ve found. The deal will usually be good – a voucher for £100 off at Sainsbury’s or TopShop, for instance, usually justified by the fact that the company is changing one of its systems or something.
But it’s barely ever real. The messages usually come with a link that actually takes you to another website and tricks you into giving your personal information over.

Staying safe from these is fairly simple: don’t ever click a link you’re not sure about and certainly don’t ever hand over personal information to a website you haven’t checked.

WhatsApp ending

Other fake messages claim that WhatsApp is going to end, unless enough people share a certain message. It isn’t happening.

The messages often look convincing, claiming to come from the CEO or another official. And they’re written using the right words and phrases, looking like an official statement.

But any official statement wouldn’t need users to send it to everyone like a round robin. If WhatsApp does actually shut down, you’ll either see it in the news or it’ll come up as a proper notification in the app from the actual WhatsApp team.

Or it’s shutting down your account

This is very similar – and a similarly old trick. They will usually say something that looks like an official message that claims that people’s WhatsApp accounts are being shut down for being out of use. Sending the message on will prove that it’s actually being used and

It’s not true. This is the kind of thing that’s been going round the internet for years – and has never actually been the case.

It works very well because it feels like the kind of thing that might happen, and instructs people to share it along.

Or making you pay

This, again, is the same. The only difference is that the message supposedly exempts you from having to pay for your account. It doesn’t, because the company isn’t ever going to force people to pay (and, if it does, it’ll announce it in the normal way).

As with all of these, ignore them and don’t forward them on.

WhatsApp Gold or WhatsApp Premium

This, unlike the other scams, is specific to WhatsApp. But it’s just as wrong.

The claim suggests that people pay for or download a special version of WhatsApp, usually called Gold or Premium. It offers a range of exciting-sounding features, like the ability to send more pictures, use new emoji or add extra security features.

The problem is that it’s far from secure – and is actually entirely made up. Downloading the app infects people’s phones with malware and helps them get used for crime. And sometimes it will force people to pay for something that not only is dangerous, but certainly won’t actually help make WhatsApp any better at all.

Emails from WhatsApp

Emails are dodgy enough. Emails plus WhatsApp are even dodgier.

There’s a range of scams out there that send people emails that look like they’ve come from WhatsApp, usually looking like a notification for a missed voice call or voicemail. But when people click through, they end up getting scammed – either by being tricked into giving over their information or through other means.

Don’t ever click on an email from a questionable sender. And WhatsApp will never send you emails including information about missed calls or voicemails.

Any you do get should be ignored and send to the junk.

Fake WhatsApp spying apps

It’s just not possible to let people spy on other’s conversations on WhatsApp – or at least it shouldn’t be – because the company has end-to-end encryption enabled, which makes sure that messages can only be read by the phones that send and receive them. But the possibility of reading other people’s chats seems very exciting – so exciting that it’s being used for scams.

The apps at their best encourage people to download something that isn’t actually real. At their worst they encourage people to pay money for fake users, install malware, or actually do read your chats once they’ve got onto your phone.

You won’t be able to read anyone else’s chats, unless you actually have their phone. But the makers of spy apps might be able to read yours.

Intruders on your conversations

And this isn’t so much a hoax as a continual worry. WhatsApp is in fact a very secure platform – that’s why many of these things come as messages rather than viruses or anything else – but there are issues.
Last month, when Amnesty said that the app was the safest chat app, security experts rushed to point out that there is actually a range of security problems. Those include the fact that the company is getting increasingly trigger happy about handing data over to its users, and also that its encryption can be got around in various ways.

Tags: , , ,

pp

Drone-hacking cybersecurity boot camp launched in UK

November 3, 2016

Budding cyberspies will learn how to hack into drones and crack codes at a new cybersecurity boot camp backed by the government.
Matt Hancock, the minister for digital and culture, said students would gain the skills needed to “fight cyber-attacks” and help keep the UK safe.
The 10-week course has been “certified” by UK spy agency GCHQ.
But some security experts raised questions about the need for the course and the intent behind it.
“If I were a company, I would not hire security consultants who had been approved by GCHQ,” said Prof Ross Anderson, who leads the security group at Cambridge University’s Computer Laboratory.
“I would simply not be able trust them. GCHQ’s goal is that no-one should be able to shield themselves from surveillance, ever,” he told the BBC.
‘Skills gap’
The Cyber Retraining Academy will be operated by cybersecurity training firm Sans Institute. It will be funded as part of the government’s £1.9bn National Cybersecurity Strategy.
Sans Institute said “leading cybersecurity employers” would be able to track students’ performance throughout the course, with a view to recruiting talented individuals.
Would-be recruits must pass a series of competency tests to be considered for the boot camp, including a multiple-choice quiz before they can even submit an application.
The successful 50 candidates will attend the academy in London in 2017, and will receive two years of training condensed into 10 weeks.
Rik Ferguson of cybersecurity firm Trend Micro said the scheme could help people learn the skills to “hit the ground running” in a security-related role, but questioned why the scheme was needed.
“Employers often complain about the ‘cybersecurity skills gap’ – a gap that I would argue doesn’t exist,” he told the BBC.
“The problem is rather that employers are not looking beyond very narrowly specified certifications or degree courses in security-related subjects.
“If advertising a cyber-retraining programme as ‘drone hacking’ is going to get individuals with the right character and curiosity applying for this course, then it can only be a good thing.
“But obviously it takes more than 10 weeks, however intense, to create a well-rounded security professional.”

Tags: , , , ,

Unlock-iPhone

Ethereum to Add Zcash Privacy, Says Vitalik Buterin

October 31, 2016

The power of smart contracts may be combined with absolute privacy according to a new statement by Ethereum’s founder, Vitalik Buterin.

“[Z]ero knowledge proofs are on ethereum’s roadmap and have been for over two months.” – Buterin publicly stated yesterday, before adding in a short interview for CCN that, realistically, it would take around four months to one year for Zec like privacy to be added to ethereum.

A fully private ethereum raises the prospects of a solution to one seemingly intractable blockchain problem: how do you transact privately as far as the world is concerned, while at the same time revealing to whoever you wish the exact transactions you are undertaking. Zooko Wilcox, Zcash founder and a participant in the now famous mailing list thread discussion where Nakamoto made his first public announcement, stated during a devcon2 presentation titled Zcash + Ethereum = Love, that in the past four years or so, researchers have made a discovery that allows one to transact completely privately while, at the same time, allowing others to see their transaction if they so choose.

This discovery was not available to Nakamoto, Zooko stated, therefore he was unable to use it, but now, through mathematical advancements made by researchers currently working on Zcash, it is very much possible to not only allow validators, aka miners, to be certain a transaction is valid according to stated network rules, without knowing anything about the transaction, but to also, at the same time, allow potential employees, regulators, specific customers, or anyone else, to see, and therefore be able to verify, any undertaken transaction while prohibiting all others, in any way, from gaining any information whatever, about the exchange.

Zcash, therefore, instead of providing solely anonymity, gives us a mechanism to solve a very serious problem. That is, it allows us all to use the public blockchain by not revealing anything while, at the same time, revealing everything in a way that makes it impossible to corrupt the data, to those who need to know what must, necessarily, be revealed.

In combination with smart contracts, this technology can become very powerful, allowing for incremental improvement of our current infrastructure in a way that may profoundly increase our productivity, efficiency and well-being.

This is a sentiment echoed by Buterin who stated:

“[C]ombining blockchain tech and strong privacy may well be one of the next major frontiers in secure application development.”

Privacy Down, Scalability and Usability to Go

The only problem now left is scalability, and, of course, usability. Z-knowledge proofs, the high maths that makes all this wizardry possible, use much memory and ram. Some, therefore, suggest that for ethereum this new invention should be used at a contract/project level, rather than at the protocol level itself, some otherwise.

In addressing scalability, Buterin stated that : zero knowledge proof transactions do take longer than ordinary transactions to process, “so you won’t be seeing 15 zkp transactions per second the way we do with regular ones (though if our VM improvements are good enough you may well; hard to tell at this point).” In further indicating a preference for both approaches – incorporation at the contract and protocol level – Buterin stated that “we need some precompiles for optimization.”

Regardless of whatever coders decide, ethereum’s sharding solution, whereby certain nodes validate only some transactions, creating a complex web which amounts to, effectively, all nodes validating all transactions, goes a long way towards addressing any scalability concerns. Work, therefore, has already began towards incorporating Zec like privacy on eth’s smart contracts with the skeleton code for a project Zec on Eth launched during this summer.

Furthermore, Zooko stated in his presentation that there may be a zec relay for ethereum, indicating a close collaboration between eth and zec developers. The world may, therefore, see a potent force in the combined brain power of these two grounded men: Zooko Wilcox and Vitalik Buterin.

Tags: , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
4000
Facebook loses Belgian privacy case, faces a hefty fine
February 19, 2018

A Belgian court threatened Facebook with a fine of up to 100mil euros (RM480mil) if it continued to ...

Read more
featured image 3
Steve Hilton: Silicon Valley’s surveillance capitalism has resulted in Big Tech killing off human privacy
February 12, 2018

The case against Big Tech seems to be building by the week. And interestingly, some of the most powe...

Read more
City Lights series. Interplay of technological fractal textures on the subject of science, technology, design and imagination
Rand Paul voices support for memo, citing privacy rights
February 5, 2018

Sen. Rand Paul, a Republican from Kentucky who recently was attacked by a neighbor while working on ...

Read more
SAN FRANCISCO - OCTOBER 24:  Dustin Moskovitz, co-founder of Facebook, delivers his keynote address at the CTIA WIRELESS I.T. & Entertainment 2007 conference October 24, 2007 in San Francisco, California. The confernence is showcasing the lastest in mobile technology and will run through October 25.  (Photo by Kimberly White/Getty Images)
Google and Facebook are watching our every move online. It’s time to make them stop
January 31, 2018

Facebook CEO Mark Zuckerberg, left, and Google CEO Larry Page To make any real progress in advancin...

Read more
nintchdbpict0003786826291
Panicky Bitcoin investors struggle to withdraw cash from money exchanges as they look to ‘safe’ gold investments amid fears of cryptocurrency collapse
January 22, 2018

HERE are mounting fears that Bitcoin investors will struggle to get their cash out after the cryptoc...

Read more