Archive oktober 2018

Most enterprise vulnerabilities remain unpatched a month after discovery

More bugs are being squashed by the enterprise, but the time it takes to do so leaves organizations at risk.

According to CA Veracode’s latest State of Software Security(SOSS) report, up to 70 percent of bugs remain unpatched four weeks after disclosure, and close to 55 percent are not resolved three months after discovery.

Vulnerabilities impacting organization networks, apps, and infrastructure are not all equal, and part of responsible security practices require that IT staff triage issues to resolve and patch the bugs which are considered the most dangerous to that company.

However, according to the cybersecurity firm, 25 percent of vulnerabilities which are attributed high-severity ratings are not addressed within 290 days, and a quarter of disclosed bugs which may not be so critical remain unpatched well after a year.

https://www.zdnet.com/article/the-majority-of-vulnerabilities-remain-unpatched-a-month-after-discovery

GM tracked radio listening habits for 3 months: Here’s why

Many automakers are reluctant to even ask customers whether the automaker can monitor their in-vehicle habits, Ramsey said.

”Toyota has pretty much said they’re not going to do it,” said Ramsey. ”So GM is positioning itself as one of the only ones right now to actively monetize their data from their connected vehicles.”

Ramsey said GM wants to analyze the data and then use it or share it with other businesses. If the data helps produce better ads that lift an advertiser’s revenue, GM would then ask for compensation, he said.

https://eu.freep.com/story/money/cars/general-motors/2018/10/01/gm-radio-listening-habits-advertising/1424294002/

Integritetssäker sökmotor allt mer populär

Sökmotorn DuckDuckGo, som lägger stort fokus på användarnas integritet, växer kraftigt. Idag räknar sökmotorn 30 miljoner sökningar per dag. Under ett år där företag som Facebook och Google varit inblandade i upprepade integritetsskandaler, har DuckDuckGos sökningar på dag växt från 16 miljoner i januari till 30 miljoner i oktober. Samtidigt är det långt kvar till Googles 3,5 miljarder sökningar per dag. DuckDuckGo ligger också efter Bing, Yahoo och Ask.com. Själva hävdar DuckDuckGo att de har en femtedel av en procent av sökmarknaden. https://www.jajja.com/jajja-magazine/integritetssaker-sokmotor-allt-mer-popular/

How to protect your phone or computer when crossing borders

Border agents have broad powers to search people crossing borders, including their phones and laptops.But there are ways to protect your data when crossing international borders if you understand the technology and the law.

-/-

US Customs and Border Protection (CBP) agents are responsible for enforcing immigration laws and preventing the entry of criminals. Courts have so far ruled that they are allowed to search your devices for any reason or no reason at all. You might get flagged for a device search because there is something wrong with your travel documents, your name is in a law enforcement database, or you were simply chosen for random search.

There are two levels of search, according to the CBP policy on device searches. A basic search is a simple inspection of your data, including your apps, photos, chats, and other files. An advanced search involves using external equipment to access files (including deleted data), copy data, and analyze it. CBP agents need to have reasonable suspicion of a crime or violation, or a national security concern and supervisor approval.

Agents can also “detain” your device for a “reasonable period of time” while they extract your data, copy it, or attempt to break your passwords or encryption.

https://protonmail.com/blog/border-crossing-protect-electronics/

Paramedic agrees Apple Watch Series 4 will save lives, false positives not a problem

Paramedic agrees Apple Watch Series 4 will save lives, false positives not a problem

When owners in other countries will get to enjoy the benefits of the ECG functionality is very much unknown. It could likely take years in Europe, but there is a chance that Apple took a short-cut approach which could see it happening far sooner than expected.

https://9to5mac.com/2018/10/09/paramedic/

’Do Not Track,’ the Privacy Tool Used By Millions of People, Doesn’t Do Anything

When you go into the privacy settings on your browser, there’s a little option there to turn on the ”Do Not Track” function, which will send an invisible request on your behalf to all the websites you visit telling them not to track you.

-/-

Yahoo and Twitter initially said they would respect it, only to later abandon it. The most popular sites on the internet, from Google and Facebook to Pornhub and xHamster, never honored it in the first place.

-/-

From the department of irony, Google’s Chrome browser offers users the ability to turn off tracking, but Google itself doesn’t honor the request, a fact Google added to its support page some time in the last year. […] ”It is, in many respects, a failed experiment,” said Jonathan Mayer, an assistant computer science professor at Princeton University. ”There’s a question of whether it’s time to declare failure, move on, and withdraw the feature from web browsers.” That’s a big deal coming from Mayer: He spent four years of his life helping to bring Do Not Track into existence in the first place.

https://it.slashdot.org/story/18/10/16/2234235/do-not-track-the-privacy-tool-used-by-millions-of-people-doesnt-do-anything

Krönika: Ett smutsigt slut för internets största spökstad

Trots miljardinvesteringar, tvångsanslutning av alla Gmail-användare och sju år, fick Google aldrig sitt sociala nätverk Google+ att lyfta. När nu nätverket stängs ner är det efter att användarnas integritet hotats p g a säkerhetshål.

-/-

Men anledningen att Google äntligen ger Google+ silkessnöret är allvarligt. I mars i år upptäcktes ett säkerhetshål som gjorde en halv miljon användarnas privata uppgifter tillgänglig för vänner och tredjepartsappar. Att avslöja ett allvarligt säkerhetshål ett halvår efter upptäckten, efter att Wall Street Journal avslöjat säkerhetshålet, hade varit allvarligt brott mot GDPR som trädde i kraft två månader efter läckan. Sannolikt blir de också stämda i USA.

https://www.jajja.com/jajja-magazine/ett-smutsigt-slut-for-internets-storsta-spokstad/

Skydda datorn mot nätfiskeförsök och andra former av onlinebedrägerier

https://support.office.com/sv-se/article/skydda-datorn-mot-n%C3%A4tfiskef%C3%B6rs%C3%B6k-och-andra-former-av-onlinebedr%C3%A4gerier-be0de46a-29cd-4c59-aaaf-136cf177d593