Kategori surveillance

Security Things to Consider When Your Apartment Goes ‘Smart’

What’s Your Threat Model?

When we’re talking about things that impact personal safety, it’s crucial to think about the specific, realistic threats that we (or our families) face. In this blog, I’m going to talk about ways that consumer IoT and Smart Home systems can be abused to cause risk to safety and privacy. If your number one concern for your safety is a casual criminal breaking your lock and stealing your TV, and the loss of your activity data isn’t something that substantially impacts or bothers you, you might decide that a flawed Smart Home system is an acceptable risk (or even a net benefit).

Läs mer

The Federal Government Offers a Case Study in Bad Email Tracking

Bra beskrivning av ”pixel tracking” och ”link tracking”. Båda frekvent använda även av svenska aktörer såsom kommuner, banker och,,, bevakningsföretag. Mejlleverantörer såsom mailchimp och anpdm får stora mängder överskottsdata.

”We’ll break them down one at a time, using examples from the email itself to illustrate how those methods work in the common case. In addition, we’ve written guidelines for users, email clients, and email providers to protect against these techniques.”

https://www.eff.org/deeplinks/2019/01/federal-government-offers-case-study-bad-email-tracking

Difference between a vulnerability assessment and a penetration testing!

Vulnerability Assessments

A vulnerability assessment is the process of running automated tools against defined IP addresses or IP ranges to identify known vulnerabilities in the environment. Vulnerabilities typically include unpatched or mis-configured systems. 

The purpose of a vulnerability scan is to identify known vulnerabilities so they can be fixed, typically through the application of vendor-supplied patches. Vulnerability scans are critical to an organisations’ vulnerability management programme. The scans are typically run at least quarterly, though many experts would recommend monthly scans.

Penetration Tests

One of the initial phases performed by a penetration tester is to perform a vulnerability scan to learn the IP addresses, device type, operating systems and vulnerabilities present on the systems. The next phase of a penetration test is exploitation which takes advantage of the vulnerabilities identified in the system to escalate privileges to gain control of the network or to steal sensitive data from the system.

Both should be performed

Although vulnerability assessments and penetration testing have different goals, both should be performed to improve the overall security of the information system by a skilled information security professional. The vulnerability assessment should be performed regularly to identify and fix known vulnerabilities on an on-going basis. The penetration test should be performed by a skilled and experienced penetration tester at least once a year and definitely after significant changes in the information systems environment to identify exploitable vulnerabilities in the environment that may give a hacker unauthorized access to the system.

Difference between a vulnerability assessment and a penetration testing by Arthur Soghomonyan

How to Use Plus Addressing in Gmail

A great way to filter incoming messages is to use plus addressing in Gmail, eg JoeSmith+Facebook@gmail.com. You can also use this method if you are required to enter your email on a site you are afraid might sell your email to other companies: if they send you spam emails, you’ll know which site gave them your email.

Läs mer