Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#securemail’

china-censorship-of-the-internet-cartoon_0btrteh

Internet Tracking Has Moved Beyond Cookies

September 6, 2016

Chances are you know you’re being tracked online. Most of us are at the point where we’re not surprised when an ad for something we searched for on one site appears on the next site we visit. We know that many pages (yes, this one you’re reading, too) drop cookies and other scripts into our browser to keep tabs on our activity and sell us stuff.
A new survey from a group of Princeton researchers of one million websites sheds some light on the cutting-edge tricks being used to follow your digital trail. Rather than placing a tracker on your browser, many sites are now “fingerprinting” — using information about your computer such as battery status or browser window size to identify your presence.
Arvind Narayanan, one of the authors of the Princeton study, discusses his research, the latest in online tracking and what you (and our lawmakers) can do to counter the trackers.
Read a partial transcript below. Here are a few of the tools and studies we mentioned in the show:
• Arvind Narayanan and Steven Englehardt’s full paper (PDF)
• Ghostery, an online tool that alerts you to the trackers on the website you’re visiting
• Panopticlick from the Electronic Frontier Foundation, which analyzes how well your browser is protected from tracking
How fingerprinting works
Arvind Narayanan: In the ad tech industry, cookies are gradually being shunted in favor of fingerprinting. The reason that fingerprinting is so effective is that even if you have a device that you think is identical to the device of the person sitting next to you, there are going to be a number of differences in the behavior of your browser. The set of fonts installed on your browser could be different. The precise version number of the browser could be different. Your battery status could be different from that of the person next to you, or anybody else in the world. And it turns out that if you put all of these pieces of information together, a unique or nearly unique picture of the behavior of your device emerges that’s going to be relatively stable over time. And that enables your companies to recognize you when you come back.
Jody Avirgan: But how does it enable that? My actual finger’s fingerprint doesn’t change from today to tomorrow. But my computer’s battery status can change. So how do they know it’s still you?
Narayanan: The battery status is actually the only exception to that general principle. And that’s the reason why we’re still figuring out how that works. [Editor’s note: Earlier in the interview, Narayanan had mentioned that the rate at which your battery depletes might be an identifier.] But let’s say you’ve got 41 fonts installed on your browser today. You come back in a week, maybe you have 43 fonts installed. But 41 of those are going to be the same as what they saw a week ago. And it changes slowly enough that statistically you can have a high degree of confidence. In the industry they call these things statistical IDs. It’s not as certain as putting a cookie on your browser, but you can derive a very high degree of confidence.
Tracking’s chilling effect
Narayanan: The reason that this is really important, and perhaps the primary thing that motivates me to do this research, is this world of pervasive surveillance that we’re entering into — and I’m going to use that word surveillance very deliberately, because it is surveillance. Everything that we look at online and click on is getting stored in a database somewhere. And it’s being data-mined and various [decisions] are being based on that. Targeted advertising is a relatively innocuous example, but there are a variety of other things that can and do happen.
There is research that shows that when people know they are being tracked and surveilled, they change their behavior. We lose our intellectual freedom. A variety of things we consider important for our civil liberties — say, marriage equality — are things that would have been stigmatized just a few decades ago. And the reason we got to the point where it was possible to talk about it and try to change our norms and rules is because people had the freedom to talk to each other privately. To find out that there are like-minded people. As we move to a digital world, are we losing those abilities or freedoms? That is the thing to me that is the question. That’s the most worrisome thing about online tracking. It’s not so much the advertising.

Tags: , , , , , , ,

A dealer reacts on the trading floor of IG Index in the City of London August 11, 2011. Firmer U.S. stocks pulled world shares higher on Thursday as strong U.S. jobs data took some of the focus away from renewed fears about the health of the euro zone banking system.  REUTERS/Toby Melville    (BRITAIN - Tags: BUSINESS EMPLOYMENT) - RTR2PTUZ

How Ransomware Became a Billion-Dollar Nightmare for Businesses

September 4, 2016

One cybersecurity firm estimates that extortive attacks now cost small and medium companies at least $75 billion in expenses and lost productivity each year.
In recent months, a proliferation of ransomware attacks has affected everyone from personal-computer and smart-phone owners to hospitals and police departments. An attack works like this: A virus arrives and encrypts a company’s data; then a message appears demanding a fee of hundreds or thousands of dollars. If the ransom is paid in time, the information is restored. At the heart of this new business model for cybercrime is the fact that individuals and businesses, not retailers and banks, are the ones footing the bill for data breaches.
According to an FBI tally, ransomware attacks cost their victims a total of $209 million in the first three months of 2016, a stunning surge upward from $24 million in all of 2015. However, that figure was based only on the complaints that victims reported to the bureau. In a new report, Datto, a Connecticut-based cybersecurity company, offers an alarmingly higher estimate that accounts for unreported incidents and lost productivity, which costs businesses far more than paying ransoms does.
The company’s survey of 1,100 IT professionals found that nearly 92 percent had clients that suffered ransomware attacks in the last year, including 40 percent whose clients had sustained at least six attacks. The report found that “less than 1 in 4 ransomware incidents are reported to the authorities.” Factoring in the cost and average amount of time lost to infections—an overwhelming majority of small businesses hit by ransomware face at least two days of downtime—as well as the number of businesses affected by them, Datto suggests that the financial impact of this brand of cybercrime starts in the range of $75 billion each year.
The company arrived at this figure based on an estimate from the Aberdeen Group, a consultancy, that an hour of inactivity costs small companies an average of $8,581 per hour. By comparison, Datto’s survey indicated that about three-quarters of the IT professionals said the ransoms paid were somewhere between $100 and $2,000. Overall, Datto estimates that $375 million has been paid out in ransoms in the past year, making lost productivity the much bigger concern.
Joe Gleinser, the president of GCS Technologies, an Austin-based IT support and services company, walked me through just how time-consuming it is for companies to deal with ransomware attacks, which generally starts with the appearance of “unusually named files” or files that suddenly can’t be accessed. “Locking the network down”—freezing some or all of a company’s systems—is typically the first step after the attack is recognized, in an effort to stop the damage and look for fixes.
“So that’s productivity hit number one,” he said. For a small business, that can mean an entire operation; for a larger one, it could mean a section or a division. “Obviously in certain industries that’s a lot more painful,” Gleinser added. “In health care, that can mean patients going untreated. If you don’t have that information, you don’t know what drugs were prescribed and sometimes it’s tough to make decisions.” Earlier this year, operations at a Los Angeles hospital came to a near halt, leaving staff to use faxes and paper notes to communicate before a $17,000 ransom was paid.
If a business has a well-maintained back-up system in place, data may be restored with only some small delays and limited expense. Should a sufficient back-up not be possible and should the inaccessible files be deemed important enough, the second step is paying the ransom, a practice that the FBI discourages, but says is not illegal under most circumstances.
“Paying the ransom is tricky business,” said Gleinser. “You’re dealing with criminals.” While many ransomers operate quickly, even attentively, that is not always the case. Datto’s survey found that 7 percent of IT professionals reported incidents where data was not restored even after a ransom was paid.
But even paying the ransom can be tricky. “If you don’t have Bitcoin right now, you’re probably not going to get it before the timer expires on the infection,” Gleinser said. “Many of these infections, as soon as you start the process to engage with the ransomer … you have about 48 hours before the data is non-recoverable to encourage you to move quickly.”
As one cybersecurity company executive told Business Insider last month, banks have started to keep tens of thousands of dollars in Bitcoin ready in case of an attack. “Buying bitcoin on any one of the U.S. exchanges is a three-to-five day wait time, so we’ve been forced into the position of having to stock bitcoin as if it were computer equipment and have it ready for our use,” Gleinser added. And even if a company is prepared to pay, when the deadline arrives, the price can jump, sometime double, triple, or even quadruple, or the data can be rendered permanently unrecoverable. “We’ve seen some clients who had paid the ransom and then immediately get attacked again,” he added.
So who is doing this? Ransomware attacks originate largely in Russian or Eastern European outfits, but in recent years, they’ve come from all over the world. Quoting FBI statistics, Gleinser says an average of 4,000 ransomware episodes now take place each day, mostly with no ideological rhyme or reason. These heavily-automated attacks have changed a basic business calculus whereby employers and management have started looking outward for threats instead of inward. “We’ve told clients the last 15 years, the number one threat is not the boogeyman, it’s … the third party you’ve already given access to your network. Disgruntled staff has by far been the largest security risk our clients have dealt with historically,” Gleinser said. “It’s not definitely true in this day and age. There definitely is a boogeyman out to get these guys.” With Bitcoin enabling easier and less traceable methods of cybercrime, ransomware attacks will almost certainly not be the boogeyman’s final evolution.

Tags: , , , , , , , ,

CnLLlWSVYAM8NTZ

You Are Unknowingly A CIA Subcontractor Agent If You Play PokemonGO. And Here Is Why.

August 29, 2016

Before going in to explanations on why, let me take you to some areas you need to know previous to heading more deeply into this matter. Have you ever before heard of the NGA?
No, not the National Governors Associations, and neither a National Galery of Art.
The NGA which is a National Geospatial-Intelligence Agency (Wikipedia) – is a US Department Of Defense agency that provides location, mapping and imagery intelligence support to NSA and CIA in combat operations.
In 1999 a venture capital firm called In-Q-Tell was founded by former Lockheed Martin CEO Norman Augustine. In-Q-Tel invests in high-tech companies for the sole purpose of keeping the Central Intelligence Agency, and other intelligence agencies, equipped with the latest in information technology in support of United States intelligence capability.
In-Q-Tel’s mission is to identify and invest in companies developing cutting-edge technologies that serve United States national security interests. And much of the In-Q-tel’s funding comes’ from National Geospatial-Intelligence Agency
The firm is seen as a trend-setter in the information technology industry, with the average dollar invested by In-Q-Tel in 2012 attracting nine dollars of investment from other companies.
Former CIA director George Tenet who was Director of Central Intelligence from July 1997 to July 2004 says:
“We [the CIA] decided to use our limited dollars to leverage technology developed elsewhere. In 1999 we chartered … In-Q-Tel. … While we pay the bills, In-Q-Tel is independent of CIA. CIA identifies pressing problems, and In-Q-Tel provides the technology to address them. The In-Q-Tel alliance has put the Agency back at the leading edge of technology … This … collaboration … enabled CIA to take advantage of the technology that Las Vegas uses to identify corrupt card players and apply it to link analysis for terrorists and to adapt the technology that online booksellers use and convert it to scour millions of pages of documents looking for unexpected results”
In 2001, In-Q-Tel invested in “Keyhole Inc.” founded by John Hanke, who previously worked in a “foreign affairs” position within the U.S. government. Key Hole developed 3D “flyby” images of buildings and terrain from geospatial data collected by satellites with the name of the product known to public at that time as “Earth”
In 2004 In-Q-Tel sold it’s shares to Google which resulted in Google’s acquisition of “Key Hole”- the CIA funded satellite mapping software, which after the take over Google rolled it to what we now know as “Google Earth”
As of August 2006, In-Q-Tel had reviewed more than 5,800 business plans, invested some $150 million in more than 90 companies, and delivered more than 130 technology solutions to the intelligence community. In 2005 it was said to be funded with about $37 million a year from the CIA.
In 2010, John Hanke, the founder of Keyhole, has founded Niantic Labs, an internal start up at Google. Over the next few years, Niantic created two location-based apps/games. The first was Field Trip, a smartphone application where users walk around and find things. The second was Ingress, a sci-fi-themed game where players walk around and between locations in the real world.
And here is an interesting connection. The name of the first company founded by John Hanke – “Keyhole Inc” was a homage, a tribute to KH – code name of the satellites utilized in Corona program – a program that was launched back in 1959 by CIA to conduct photographic surveillance of the USSR, People’s Republic of China and other areas with the help of satellites. The Corona satellites were designated KH-1, KH-2, KH-3, KH-4, KH-4A and KH-4B.
KH stood for “Key Hole” or “Keyhole” with the name being an analogy to the act of spying into a person’s room by peering through their door’s keyhole.
It’s easy to see why the CIA would have an interest in the software behind Pokémon Go; the game utilizes the player’s camera and gyroscope to display an image of a Pokémon as though it were in the real world, such as the player’s apartment complex or workplace bathroom.
Software like that could theoretically turn millions of smartphone users into ‘Imperial probe droids’ who take real-time, ground-level footage of their cities and homes, reaching into dark alleyways and basements which spy satellites and Google cars can’t reach. Pokemon Go could be reasonably considered a logical continuation of the Corona program.
Going back to In-Q-Tel, the CIA is not just using games for its purposes in global surveillance, it’s venture firm’s start up projects in App and gaming industry are attracting public interest and participation in promotion of its startups which when successful create global buzz and generate $ billions of profit what in the end brings return on investment to the CIA initially having invested in these startups.
Young people have been tricked by the Pokemon Go into giving up their privacy to these intelligence agencies.And if you already downloaded Pokemon Go, what means you gave access to your Google User ID, Google account and email address, primarily your Gmail account- your email box, it’s a right time to think of moving to a secure and private email services like Shazzlemail which is free and offers end-to-end encryption of your email communications and is on guard of your privacy.

Tags: , , , , , , , ,

leikkausali_neo

Are Unsecure Medical Devices Opening the Backdoor for Hackers?

August 17, 2016

The increased adoption of connected devices into medical services and processes is streamlining and improving the manner in which medicine can be tracked, developed, sourced and distributed.
On call/off site medical staff are also able to access information and source medicine on site, improving service levels and productivity. However, the exponential advantages of integrating connected devices into this industry can potentially open up points of vulnerability which should increase security fears for decision makers.
The biggest threat to any organization, large or small, is understanding who actually has access to information and at what levels they can access the network. With the Internet of Things (IoT), access can come in many shapes and sizes, from an off site doctor accessing medical history and prescription requirements to ambulance and emergency staff needing to log cases.
Medical/health institutions must prioritize the management of user access if they want to ensure they have the adequate security levels around these access points. The variety of job roles that need to access a vast array of files from a connected network will also require different levels of access, for example a doctor on call will need access to all previous medical history and prescription requirements, whereas an on-call care worker may only need medical history and is not qualified to distribute or access prescriptive files.
Therefore organizations must ensure that the right person is accessing the network or device, each time a request takes place with the correct level of attributed trust. However, individual access identification may now not be sufficient enough to fully eliminate security and safety fears in this area.
Although the correct person may have access to a network from a specific place and use the correct logins, there is no guarantee that a rogue infiltrator hasn’t “piggy backed” the connection giving them the same level of access as the individual.
Through effectively moonlighting as the employee or third party, hackers can utilize the open connection to the network to gain the same level of access as the member of staff. This may encourage hackers to potentially target gateway devices such as medical distribution tools that require a network connection. The device in this instance doesn’t hold or contain sensitive information, however it does act as a gateway onto the network.
Now, it is here that access management solutions must be considered to allow damage limitation to take place if a hack does happen, providing granular access controls and monitoring for every access request.
We know hackers use a variety of methods to gain access from rogue emails to downloadable PDF’s that open access to personal and organizational data. However, security implications must also be considered on a more tangible level, in addition to digital and internet driven attacks. If we take reference from the Barclays hack that took place in 2013 and cost the bank £1.3 million, it helps us uncover the level of simplicity, but outright tenacity that some hackers will go to in hope of gaining access to data. This hack saw insiders pose as IT engineers and fitted a device that gave access to its network remotely and allowed them to transfer money into their own accounts.
There are two recommended strategies for organizations to protect themselves against hacks such as this. Firstly, to ensure all staff are trained on the variety of risks that are present when exchanging emails or other digital communications. Secondly, organizations need to protect their networks by securely supervising, auditing and controlling access to their assets, data and IP via a privileged access managed solution.
The increased adoption of connected devices into medical services and processes is streamlining and improving the manner in which medicine can be tracked, developed, sourced and distributed.

Tags: , , , , , , ,

hackers-cybercriminals-kris-fenton-under-attack

Old Data Breaches With Personal Information Led To New Cyber Attacks

July 22, 2016

Old breaches led to new breaches as cybercriminals’ ability to use and monetize personal information rose significantly across all industries.
Past cyber-attacks and the tools used to carry them out have led to new breaches, according to key findings in a new mid-year trend report by cyber threat intelligence provider, SurfWatch Labs. In a study of cybercrime events that occurred in the first half of 2016, the stockpile of personal information garnered from old data breaches led to new compromises and lucrative payoffs for cyber criminals.
“When LinkedIn announced in May of this year that their 2012 breach actually impacted 100 million more users than originally thought, other organizations began to see data breaches they attributed to the LinkedIn compromise, widespread password reuse by users and remote access software from services such as GoToMyPC, LogMeIn, and TeamViewer,” said Adam Meyer, chief security strategist, SurfWatch Labs. “Other breached organizations only widened the pool of information available to be stockpiled by bad actors.”
No industry was left untouched, and the tactics used were not new or sophisticated, according to the report that offers a breakdown of industries targeted, the effects of cybercrime and the tactics criminals employed.
SurfWatch Labs collected cyber event activity from thousands of open and Dark Web sources and then categorized, normalized and measured the data for impact based on their CyberFact information model. Highlights from the SurfWatch Labs Cyber Risk Report: 2016 Mid-Year Review include:
• IT and global government were the most targeted industries. Of all the CyberFacts analyzed, the information technology industry was hit the hardest in the first half of 2016. Microsoft was second behind LinkedIn as the top target. After IT, the government sector had the highest number of publicly discussed cybercrime targets, led by a breach at the Commission on Elections in the Philippines.
• The consumer goods sector made up the largest share of industry targets with information bought, sold or otherwise discussed on the dark web.
• Credentials theft is on the rise. Credentials stolen/leaked appeared in 12.7% of the negative CyberFacts in the first half of 2016, up from 8.3% in all of 2015. That rise is driven by massive credential breaches such as LinkedIn, which was the most talked about event over the period.
• Ransomware and extortion are the methods of choice. The first half of 2016 saw a significant spike in ransomware and extortion as researchers, organizations, and government officials scrambled to deal with the growing and costly problem of data or services being held hostage.
“Our research indicates the familiar cadence of ‘we were breached by a sophisticated attack but it has now been contained’ actually contradicts what has really happened so far this year,” said Meyer. “By understanding what the bad guys are up to, we can make better informed forecasts of how cybercrime will impact organizations going forward and therefore what should be done to reduce risk in the future.”

Tags: , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
1463600977631262
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more
privacy-coins-and-bitcoin-dominance-guide
9 Important Privacy Settings for Windows 10
June 3, 2019

Matt Powell On Jun 3, 2019 At first glance, the Digital Age may seem like a wonderful thing. And ...

Read more
apple
Apple exec dismisses Google CEO’s criticism over turning privacy into a ‘luxury good’
May 29, 2019

By Jacob Kastrenakes@jake_k May 27, 2019, 12:18pm EDT Apple’s software chief, Craig Federigh...

Read more