A webcomic explainer on how the census deals with digital privacy

Journalist's Resource published this great comic by Josh Neufeld, explaining the basic concepts behind differential privacy, the data collection method used to prevent bad actors from de-anonymizing the information gleaned from the 2020 Census.

The original source includes some other great resources on differential privacy, but since the comic itself is made available under a Creative Commons Attribution-NoDerivatives 4.0 International License, we've re-posted it here in full.

 

A brief introduction to differential privacy: A data protection plan for the 2020 census [Josh Neufeld / Journalist's Resource] Read the rest

After ransomware took Baltimore hostage, Maryland introduces legislation that bans disclosing the bugs ransomware exploits

Last spring, a Baltimore underwent a grinding, long-term government shutdown after the city's systems were hijacked by ransomware. This was exacerbated by massive administrative incompetence: the city had not allocated funds for improved security, training or cyberinsurance, despite having had its emergency services network taken over by ransomware the previous hear, and five city CIOs had departed in the previous four years either through firings or forced resignations. Read the rest

Firewalla is a simple but effective way to take control of your home network

 

I'm not the kind of person who possesses the programming or IT knowledge to run my own servers and host my own email. But I can manipulate some things on the internet or on local networks, like how to access the gateway to your router and make some changes in there, even if I don't fully grasp the differences between the ports. I'm also someone who's hyper-attuned to data privacy issues who still enjoys the conveniences of some smart home technology.

And that's why I've really been enjoying my Firewalla, a small piece of hardware that you plug into your router to access an app that gives me clear visual command over my network. It's basically a Firewall, VPN, adblocker, and intrusion detection and prevention system all rolled into one. Here's how the company describes it:

Firewalla is a smart firewall device that you simply plug into your router. It monitors network traffic and alerts you via an app if one of your devices starts uploading data including who the data is being shared with and what country. There is an option to stop devices from sending data, which could stop their operations as well, but step one is having transparency and knowledge. Firewalla will also block hackers and cyber thieves from being able to breach smart home devices to steal person information.

I've always felt pretty confident that I'd securely setup my home network. But there's still that lingering concern that someone may have found their way in to spy on me somehow. Read the rest

You can read the forensics report that suggests Prince Mohammad Bin Salman Al Saud hacked Jeff Bezos's phone

Motherboard has obtained and published a copy of the forensics report that suggests that Jeff Bezos's phone was hacked by Prince Mohammad Bin Salman Al Saud, possibly in a scheme to obtain kompromat that could be used as leverage to prevent the Washington Post of reporting on the death of Jamal Khashoggi, who was murdered and mutilated by agents of the prince. Read the rest

Forensics team accuses Prince Bone Saw of hacking Jeff Bezos's phone to obtain kompromat and force Washington Post silence on Khashoggi

When Jeff Bezos accused the National Enquirer of blackmailing him over personal messages he sent to his lover while married to his then-wife, many pointed the finger at his lover's brother, noted asshole Michael Sanchez, suggesting Sanchez received $200,000 from the Enquirer for stealing the data from his sister's phone -- but Bezos's own investigative team said that they suspected an unspecified government actor had played a role in the leak. Read the rest

Carriers ignore studies that show they suck at preventing SIM-swap attacks

Now that many online services rely on sending SMSes to your phone to authenticate your identify, thieves and stalkers have created a whole "SIM swap" industry where they defraud your phone company or bribe employees to help them steal your phone account so they can break into all your other accounts. Read the rest

Schneier: "It's really too late to secure 5G networks"

Bruce Schneier's Foreign Policy essay in 5G security argues that we're unduly focused on the possibility of Chinese manufacturers inserting backdoors or killswitches in 5G equipment, and not focused enough on intrinsic weakness in a badly defined, badly developed standard wherein "near-term corporate profits prevailed against broader social good." Read the rest

Tickets for Hackers on Planet Earth (HOPE) 2020 are now on sale!

Aestetix writes, "HOPE 2020 [ed: Hackers on Planet Earth, the triennial, astoundingly great hacker con put on by 2600 Magazine] is in a brand new location and will be bigger and better than ever with lots more activities and space - all without leaving New York City! It will be held from July 31st to August 2nd at St. John's University in Queens. Get your tickets now for only $200, while supplies lasts. Read the rest

A Public Service: a comprehensive, comprehensible guide to leaking documents to journalists and public service groups without getting caught

In A Public Service, activist/trainer Tim Schwartz presents the clearest-ever guide to securely blowing the whistle, explaining how to exfiltrate sensitive information from a corrupt employer -- ranging from governments to private firms -- and get it into the hands of a journalist or public interest group in a way that maximizes your chances of making a difference (and minimizes your chances of getting caught).

A profile of Cliff "Cuckoo's Egg" Stoll, a pioneering "hacker hunter"

Cliff Stoll (previously) is a computing legend: his 1989 book The Cuckoo's Egg tells the story of how he was drafted to help run Lawrence Berkeley Lab's computers (he was a physicist who knew a lot about Unix systems), and then discovered a $0.75 billing discrepancy that set him on the trail of East German hackers working for the Soviet Union, using his servers as a staging point to infiltrate US military networks. Read the rest

Idiotic security mistakes in smart conferencing gear allows hackers to spy on board rooms, steal presentations

Dten is a "certified hardware provider" for Zoom, making smart screens and whiteboards for videoconferencing; a Forescout Research report reveals that Dten committed a string of idiotic security blunders in designing its products, exposing its customers to video and audio surveillance, as well as theft of presentations and whiteboard data. Read the rest

Happy 10th birthday, TAILS -- the real Paranoid Linux!

In my 2008 novel Little Brother, the underground resistance uses a secure operating system called "Paranoid Linux" that is designed to prevent surveillance and leave no evidence of its use; that was fiction, but there's a real Paranoid Linux out there: Tails, The Amnesic Incognito Live System, and it turns 10 today. Read the rest

Nulledcast: a podcast where hackers play live audio of themselves breaking into Ring cameras and tormenting their owners

Nulledcast is a realtime podcast streamed on a Discord channel for the hacking forum Nulled: the hosts break into Ring and Nest cameras in realtime, blare sirens at the owners, then torment them with insults and racist slurs, livestreaming their responses to hundreds of listeners. Read the rest

Family puts Ring camera in children's room, discovers that hacker is watching their kids 24/7, taunting them through the speaker

A family in DeSoto County, Mississippi, bought a Ring security camera so they could keep an eye on their three young girls in their bedroom. Four days later, they learned that a hacker had broken into the camera and subjected their children to continuous bedroom surveillance, taunting the children through the camera's built-in speaker. Read the rest

Amazon's Ring surveillance doorbell leaks its customers' home addresses, linked to their doorbell videos

Evan from Fight for the Future writes, "A new investigation from Gizmodo just revealed that anyone, anywhere can get geographic coordinates of Ring devices from Amazon’s Neighbors App. Not only can someone find out where users live, they can use footage to track bystanders, locate children, and monitor people going into buildings, like clinics, for private appointments. Amazon sells these devices under the guise of keeping us safe. They’re lying. Their surveillance devices and network puts us all in danger. We need lawmakers to fully investigate the threats associated with Amazon’s dragnet and its impact on our privacy, security, and civil liberties. Fight for the Future has launched a campaign calling for Congress to investigate Amazon's surveillance practices. You can add your name here." (Image: Dan Calacci/MIT) Read the rest

Model stealing, rewarding hacking and poisoning attacks: a taxonomy of machine learning's failure modes

A team of researchers from Microsoft and Harvard's Berkman Center have published a taxonomy of "Failure Modes in Machine Learning," broken down into "Intentionally-Motivated Failures" and "Unintended Failures." Read the rest

95% of America's largest voting districts' mailservers lack basic anti-phishing protection

DMARC is an anti-email-spoofing tool that mail-server administrators can enable; it's designed to reject emails with forged return addresses. Read the rest

More posts