Kategori surveillance

The Federal Government Offers a Case Study in Bad Email Tracking

Bra beskrivning av ”pixel tracking” och ”link tracking”. Båda frekvent använda även av svenska aktörer såsom kommuner, banker och,,, bevakningsföretag. Mejlleverantörer såsom mailchimp och anpdm får stora mängder överskottsdata.

”We’ll break them down one at a time, using examples from the email itself to illustrate how those methods work in the common case. In addition, we’ve written guidelines for users, email clients, and email providers to protect against these techniques.”

https://www.eff.org/deeplinks/2019/01/federal-government-offers-case-study-bad-email-tracking

Difference between a vulnerability assessment and a penetration testing!

Vulnerability Assessments

A vulnerability assessment is the process of running automated tools against defined IP addresses or IP ranges to identify known vulnerabilities in the environment. Vulnerabilities typically include unpatched or mis-configured systems. 

The purpose of a vulnerability scan is to identify known vulnerabilities so they can be fixed, typically through the application of vendor-supplied patches. Vulnerability scans are critical to an organisations’ vulnerability management programme. The scans are typically run at least quarterly, though many experts would recommend monthly scans.

Penetration Tests

One of the initial phases performed by a penetration tester is to perform a vulnerability scan to learn the IP addresses, device type, operating systems and vulnerabilities present on the systems. The next phase of a penetration test is exploitation which takes advantage of the vulnerabilities identified in the system to escalate privileges to gain control of the network or to steal sensitive data from the system.

Both should be performed

Although vulnerability assessments and penetration testing have different goals, both should be performed to improve the overall security of the information system by a skilled information security professional. The vulnerability assessment should be performed regularly to identify and fix known vulnerabilities on an on-going basis. The penetration test should be performed by a skilled and experienced penetration tester at least once a year and definitely after significant changes in the information systems environment to identify exploitable vulnerabilities in the environment that may give a hacker unauthorized access to the system.

Difference between a vulnerability assessment and a penetration testing by Arthur Soghomonyan

How to Use Plus Addressing in Gmail

A great way to filter incoming messages is to use plus addressing in Gmail, eg JoeSmith+Facebook@gmail.com. You can also use this method if you are required to enter your email on a site you are afraid might sell your email to other companies: if they send you spam emails, you’ll know which site gave them your email.

Läs mer

Facial recognition: It’s time for action

 |   Brad Smith – President

In July, we shared our views about the need for government regulation and responsible industry measures to address advancing facial recognition technology. As we discussed, this technology brings important and even exciting societal benefits but also the potential for abuse.<…>

In particular, we don’t believe that the world will be best served by a commercial race to the bottom, with tech companies forced to choose between social responsibility and market success

Läs mer

Google’s Earth: how the tech giant is helping the state spy on us

We knew that being connected had a price – our data. But we didn’t care. Then it turned out that Google’s main clients included the military and intelligence agencies. <…>

Where we go, what we do, what we talk about, who we talk to, and who we see – everything is recorded and, at some point, leveraged for value. Google, Apple and Facebook know when a woman visits an abortion clinic, even if she tells no one else: the GPS coordinates on the phone don’t lie. One-night stands and extramarital affairs are a cinch to figure out: two smartphones that never met before suddenly cross paths in a bar and then make their way to an apartment across town, stay together overnight, and part in the morning. Läs mer

Säpo kräver datalagring och trojaner

Säpo borde vara angeläget om att öka IT-säkerheten, inte medvetet försvaga den!”

Säpo vill att datalagringen – som EU-domstolen upphävt på grund av att den strider mot grundläggande mänskliga rättigheter – skall återupptas. -/-

Säpo ogillar kryptering, eftersom den gör det svårare för dem att övervaka folk. Samtidigt är kryptering ett viktigt, ofta nödvändigt verktyg för företag, organisationer och individer.

Att skapa bakdörrar till kryptering vore att underminera säkerheten för alla, inklusive för centrala samhällsfunktioner. Det skulle öppna dörren för allehanda cyberbrottslingar och främmande stater.-/-

Återigen handlar detta om ett verktyg som – när det hamnar i orätta händer, vilket det förr eller senare kommer att göra – försämrar säkerheten för alla. Det är rena drömmen för brottslingar, spioner och trollfabriker.

https://femtejuli.se/2018/12/07/sapo-vill-ha-kraver-datalagring-och-trojaner/