Digital privacy and liberty
131 views | +0 today
Follow
 
Scooped by Sylvan Ravinet
onto Digital privacy and liberty
Scoop.it!

Google 'Pressure Cookers' and 'Backpacks,' Get a Visit from the Cops

Google 'Pressure Cookers' and 'Backpacks,' Get a Visit from the Cops | Digital privacy and liberty | Scoop.it
Michele was Googling pressure cookers. Her husband was looking at backpacks. So six men from a joint terrorism task force showed up at their house. How'd the government know what they were Googling? 
Sylvan Ravinet's insight:

"One hundred times a week, groups of six armed men drive to houses in three black SUVs, conducting consented-if-casual searches of the property perhaps in part because of things people looked up online."

more...
No comment yet.
Your new post is loading...
Your new post is loading...
Scooped by Sylvan Ravinet
Scoop.it!

iPhone 5S TouchID and other fingerprint based technologies are flawed

iPhone 5S TouchID and other fingerprint based technologies are flawed | Digital privacy and liberty | Scoop.it
Sylvan Ravinet's insight:

Published nearly 4 days ago by the Chaos Computer Club (Germany) but still insightful. It took only 2 days of the CCC to adapt its method and break the authentication mechanism.

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

Due to UK gov pressure, the Guardian (UK) decides to report on Snowden materials from New York City

Due to UK gov pressure, the Guardian (UK) decides to report on Snowden materials from New York City | Digital privacy and liberty | Scoop.it
Editorial: Thanks to Edward Snowden, the world now has a debate about the dramatic change in the contract between state and citizen
Sylvan Ravinet's insight:

Due to UK government's pressure, The Guardian (UK) decided to relocate to New York City (USA) his team reporting on Snowden's leaked documents. This article contains also an interesting analysis of the political and societal implications of surveillance.

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

Switching To Gmail May Leave Reporters' Sources At Risk : NPR

Switching To Gmail May Leave Reporters' Sources At Risk : NPR | Digital privacy and liberty | Scoop.it
This summer, The New York Times moved all of it reporters' email to corporate Gmail accounts. This move to a third party could leave Times reporters and their sources with fewer legal protections if they are the subject of a government investigation.
more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

Google 'Pressure Cookers' and 'Backpacks,' Get a Visit from the Cops

Google 'Pressure Cookers' and 'Backpacks,' Get a Visit from the Cops | Digital privacy and liberty | Scoop.it
Michele was Googling pressure cookers. Her husband was looking at backpacks. So six men from a joint terrorism task force showed up at their house. How'd the government know what they were Googling? 
Sylvan Ravinet's insight:

"One hundred times a week, groups of six armed men drive to houses in three black SUVs, conducting consented-if-casual searches of the property perhaps in part because of things people looked up online."

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

Viber hacking appears to extend to app's App Store description - 9 to 5 Mac

Viber hacking appears to extend to app's App Store description - 9 to 5 Mac | Digital privacy and liberty | Scoop.it
Viber hacking appears to extend to app's App Store description 9 to 5 Mac Last week, we noted that popular communications app Viber was hacked by the Syrian Electronic Army, which led to aspects of Viber's website being defaced with the message...
more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

Extremist 'zine offers advice to would-be terrorists on hiding digital footprints

Extremist 'zine offers advice to would-be terrorists on hiding digital footprints | Digital privacy and liberty | Scoop.it
An influential online forum linked to al Qaeda has provided readers with a guide on how to hide their digital footprints, amid a flood of commentary on such sites about the NSA leaker Edward Snowden and the breadth of U.S.
Sylvan Ravinet's insight:

Do extremists master more advanced information security practices than most businesses worldwide?

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

After Snowden, new anti-leak measures set at NSA show a shift in information protection

After Snowden, new anti-leak measures set at NSA show a shift in information protection | Digital privacy and liberty | Scoop.it
Disclosures by Edward Snowden prompts National Security Agency to implement new security measures
Sylvan Ravinet's insight:

Following Snowden case, the NSA is shifting from a bastion-like information security strategy (the famous concentric circles of protection) to a fine-grained access level and probably more agile version of information security. The CIA's Intellipedia will probably adapt in a similar fashion. Companies should learn from this and do a similar change... before they face themselves any large breach. After all, let's not forget NSA nearly invented modern information security practices, and we may expect the agency to be still at the edge.

more...
Sylvan Ravinet's comment, July 26, 2013 12:27 PM
I wanted to add that practices from the banking sector (eg. segregation of duties) may be coming to the governmental agencies
Scooped by Sylvan Ravinet
Scoop.it!

NSA says it can’t search its own emails

NSA says it can’t search its own emails | Digital privacy and liberty | Scoop.it
You can't make this up: The agency claims it doesn't have the technology to retrieve its employees' correspondence
Sylvan Ravinet's insight:

30 to 40 000 employees, an annual budget of 10 to 15 Md USD, born for USA national security and cyber-intelligence...  but no system to archive, search and retrieve employees emails? Again, even the best in class have opportunities for improvement? Or is it in the agency's public relations interest? What do you think?

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

OVH se fait pirater des données de ses clients européens

OVH se fait pirater des données de ses clients européens | Digital privacy and liberty | Scoop.it
Le premier hébergeur européen de sites internet, installé à Roubaix, a annoncé mardi que les données de quelques centaines de milliers de clients européens avaient été piratées par un "hackeur".
Sylvan Ravinet's insight:

Questions et réflexions à chaud à la lecture du message d'Octave Klaba à ses clients.

 

1. "il y a quelques jours nous avons découvert" Combien ? Une semaine, un mois ? Depuis combien de temps l'attaque était en place ? 

 

2. Comment l'accès à un compte email d'un administrateur système a-t-il été obtenu ? comme souvent avec du phishing ? ou avec un keylogger sur un PC pro ?

http://www.computerweekly.com/news/2240184451/Privileged-accounts-key-to-most-APT-attacks-says-Cyber-Ark 

 

3. Comment passer d'un accès email (utilisateur, non privilégié) à un accès "sur le VPN interne d'un autre employé" ?  Le mot de passe email a-t-il été réutilisé pour un accès système au VPN ? Les administrateurs n'utilisent pas des clés SSH pour tous les accès système ?

 

4. La règle de "sécurité interne" était notamment basée sur "l'IP source". La première attaque IP spoofing connue daterait de … 1995 http://fr.wikipedia.org/wiki/Usurpation_d'adresse_IP

 

5. Un "nouveau VPN (est mis en place) dans une salle sécurisée (…) avec accès très restreints". Etait-ce "open-bar" pour les accès physiques aux systèmes avant cette attaque ? Les salariés, les prestataires extérieurs, les femmes de ménage pouvaient-ils accéder quasi librement aux serveurs ?

 

6. Les mots de passe des utilisateurs (clients) sont chiffrés avec un "salt" et avec SHA512. Mais quelle est la qualité de l'implémentation du hash SHA512 chez OVH ?

 

7. YubiKey (http://geekfault.org/2011/04/14/yubikey-la-petite-cle-qui-assure/) serait désormais utilisé. En combien de temps peut-on commander les clés pour les centaines de salariés OVH et déployer une architecture avec YubiKey ?

 

8. En préventif, OVH a-t-il déjà fait appel à une revue externe de sa sécurité ? A des tests d'intrusion ?

A priori non : "OVH.com n’a jamais recours à des sous-traitants. La société maîtrise le circuit de l’hébergement de A à Z : elle conçoit et exploite ses datacentres, construits ses serveurs et gère le suivi de sa clientèle en interne." http://www.ovh.com/fr/backstage/a741.cloud_computing_la_cnil_pointe_un_manque_de_transparence

Est-ce toujours judicieux de se priver d'un regard et challenge externe ? 

 

9. Cette attaque est-elle lie à la présence d'OVH comme Sponsor Platinum à la "Nuit du hack" les 22 et 23 juin ? http://www.ovh.com/fr/a1133.ovhcom_a_la_nuit_du_hack_objectif_recrutement 

où l'intérêt de hackers black hat aurait pu être éveillé ? "Il s’agissait de découvrir et décrypter des énigmes dans du contenu caché dans des pages de notre site"

 

10. Ou bien est-ce une "vengeance" à l'interdiction de github chez OVH? http://www.ovh.com/fr/all/a1136.interview-github-octave-klaba-ovh 

 

Question subsidiaire : OVH va-t-il (devoir) recruter un (nouveau ?) RSSI ? Ou au contraire donner plus de pouvoir (et responsabilité) à un RSSI existant ?

more...
Sylvan Ravinet's comment, July 23, 2013 3:58 PM
Avec 145 millions d'euros levés récemment il semble possible de constituer une équipe sécurité apte à revoir toute la stratégie sécurité d'OVH http://www.ovh.com/fr/backstage/a1077.etats-generaux-2013-cloud-computing-eurocloud
Scooped by Sylvan Ravinet
Scoop.it!

Hacker gives Google Glass facial recognition using his own OS (Wired UK)

Hacker gives Google Glass facial recognition using his own OS (Wired UK) | Digital privacy and liberty | Scoop.it
One hacker has successfully managed to get facial recognition technology to run on Glass, despite Google explicitly stating in its developer policy that this isn't allowed
Sylvan Ravinet's insight:

C'est parti, plus d'anonymat dans la rue, vous pouvez être abordé par n'importe qui, qui vous connaît déjà, vous et tous vos profils publics. Tous surveillés par une application peer-to-peer de localisation sous Google Glass qui fonctionne avec ou sans l'accord de son priopriétaire.

A rapprocher à Business Insider Intelligence qui estime qu'il y aurait 36 millions de Google Glass dans le monde en 2018. Et déjà quasiment 1 million de ventes dès 2014.

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

Tumblr for iOS receives critical security update, users urged to ...

Tumblr for iOS receives critical security update, users urged to ... | Digital privacy and liberty | Scoop.it
A fresh version of Tumblr just hit iOS devices less than a week ago, but now the Yahoo-owned service is pushing out a newer release with \"a very.
Sylvan Ravinet's insight:

An issue with the process of mobile application testing, its coverage, and code review by Yahoo's CTO team?

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

Researchers reverse-engineer the Dropbox client: What it means - TechRepublic

Researchers reverse-engineer the Dropbox client: What it means - TechRepublic | Digital privacy and liberty | Scoop.it
There were doubts about being able to reverse engineer heavily-obfuscated applications written in Python. Two researchers have removed all doubt by reverse engineering the immensely popular Dropbox client.
Sylvan Ravinet's insight:

As the author implies, Dropbox is rather ill-designed as for security. Any dropbox account having the current version can be stolen.

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

NSA broke privacy rules thousands of times per year, audit finds

NSA broke privacy rules thousands of times per year, audit finds | Digital privacy and liberty | Scoop.it
Agency also has overstepped legal authority since Congress gave it broad new power in 2008.
Sylvan Ravinet's insight:

It would be interesting to see whether the GAO (Government Accounting Office) has the authority to perform independent audits as well.

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

Learning from journalists protecting sources: Lessons in secure communication | Journalism.co.uk

Learning from journalists protecting sources: Lessons in secure communication | Journalism.co.uk | Digital privacy and liberty | Scoop.it
The Guardian's James Ball, currently working on the news outlet's Prism scoop, shares his advice for communicating with sources securely
Sylvan Ravinet's insight:

Quoting James Ball: "We need security that we can understand and use day-to-day".

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

NIST cybersecurity head thinks business first

NIST cybersecurity head thinks business first | Digital privacy and liberty | Scoop.it
Donna Dodson, who heads the center, describes its mission, priorities and strategy.
Sylvan Ravinet's insight:

Quoting Donna Dodson, head of the cybersecuritycenter of NIST: "It's also important to have that conversation with not just cybersecurity practitioners – starting with the business requirements first and then working your way into the cybersecurity platform." Is it a business-oriented strategy that could be benchmarked by the European and French institutions in cybersecurity and the standardization bodies?

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

Prison for cut-and-paste one link?!

Prison for cut-and-paste one link?! | Digital privacy and liberty | Scoop.it
Journalist Barrett Brown has spent almost a year in jail for sharing a link during the course of research on intelligence firms.
Sylvan Ravinet's insight:

Didn't notice this news any sooner. Fearful.

Though on a worse scale, it reminds me of the case of Andrew 'weev' a "hacker" who (appartently) simply requested information available from a publicly available web service. Weev was senteced early this year to 41 months of jail. http://boingboing.net/2013/03/18/weev-sentenced-to-41-months-fo.html

What would be the next step in limiting liberty?

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

Google 'near perfect' real-time translation technology means challenges to privacy

Google 'near perfect' real-time translation technology means challenges to privacy | Digital privacy and liberty | Scoop.it
Google is currently prototyping a real-time translation technology that could revolutionize the way people communicate when abroad. Android VP Hugo Barra offered some details on the initiative —...
Sylvan Ravinet's insight:

Ugh! Real time translation of voice means a capacity to write accurate text transcripts of voice in real time, machine understand the semantics... and then apply detection and search algorighms? Perfect for large scale surveillance of voice conversations...

+ Gathering in the same company all these advanced technologies is a challenge to democracy worldwide, possibly far more challenging than reaching a monopolistic position in a single market.

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

SIM flaw questions... storing anything sensitive on smartphones

SIM flaw questions... storing anything sensitive on smartphones | Digital privacy and liberty | Scoop.it
With 40-year-old encryption find on Subscriber Identification Module cards, researcher says at least 500 million phones may be vulnerable
Sylvan Ravinet's insight:

CSO Online author writes: "The discovery of 40-year-old encryption standards in the SIM cards in possibly hundred of millions of mobile phones bolsters the argument for isolating corporate data in devices." In a connected world, why isolating corporate data in devices would be an appropriate strategy? Why even storing it on the devices?

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

Applying for a job at GCHQ? Here's your plain-text password | Enterprise | Real World Computing | PC Pro

Applying for a job at GCHQ? Here's your plain-text password | Enterprise | Real World Computing | PC Pro | Digital privacy and liberty | Scoop.it
Davey Winder discovers an embarrassing flaw in the website of the government department that's meant to know a thing or two about data security
Sylvan Ravinet's insight:

Another proof, if still needed, that even the best in class have good improvement opportunities...

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

Why We Can No Longer Trust Microsoft

Why We Can No Longer Trust Microsoft | Digital privacy and liberty | Scoop.it
If the NSA is spying on Microsoft products, why would anyone want to use them?
Sylvan Ravinet's insight:

Ironicaly Microsoft's recent advertising campaign focuses on privacy protection for home users... while this article states that Microsoft was a company on the edge of PRISM!

more...
No comment yet.
Scooped by Sylvan Ravinet
Scoop.it!

PRISM : les géants du net s'unissent pour réclamer la transparence

PRISM : les géants du net s'unissent pour réclamer la transparence | Digital privacy and liberty | Scoop.it
L'union fait la force, dit l'adage. Face à l'étendue des révélations sur le programme de surveillance électronique PRISM, les géants de la Silicon
Sylvan Ravinet's insight:

A lire leur lettre, ces grandes sociétés demandent essentiellement la possibilité de publier des statistiques sur les requètes de l'Etat américain... Je ne lis aucune demande d'engagement sur les interceptions de communications par les services américains, qu'elles légales ou illégales. Ainsi quelle que soit la suite donnée à cette demande, reste à voir si les USA et leurs intérêts resteront bien défendus sur le Net et indirectement par ces mêmes grands noms du Net...

more...
No comment yet.
Rescooped by Sylvan Ravinet from Facebook pour les entreprises
Scoop.it!

Mieux utiliser Facebook : astuces, conseils et outils pour gérer so...

Ce guide vous propose de nombreux conseils et astuces pour mieux gérer votre compte Facebook et les paramètres de confidentialité qui lui sont liés.

Via Vincent Pereira Pro
Sylvan Ravinet's insight:

Guide très utile mais deux remarques s'imposent : 

1. Pendant combien de temps ce guide va-t-il être valable ? Facebook fait évoluer très vite ses fonctionnalités, sa gestion des paramètres de sécurité et de vie privée, ses termes d'utilisation

2. Peut-on faire confiance à ces applications Facebook dédiées à l'identification et à la remédiation des problématiques de sécurité et de vie privée sur Facebook ?

Affaire à suivre donc...

more...
No comment yet.