Yale Privacy Lab
"The concern is that a rogue submodule can trick the Git into running code it shouldn’t outside the context of the repository. 'This allowed an adversary to exfiltrate data, pull down a web shell, plant a cryptominer or just totally own the machine...'" #security
https://threatpost.com/bug-in-git-opens-developer-systems-up-to-attack/132395/
Yale Privacy Lab
"For more than a year, Mozilla Firefox and Google Chrome may have leaked users’ Facebook usernames, profile pictures, and likes if the users’ browsers visited malicious websites that employed a cutting-edge hack" #privacy #security
Yale Privacy Lab
great piece by @yaelwrites including Jack Balkin's concept of information fiduciaries: "Although relationships with third parties might be lucrative for telecoms, any entity collecting sensitive information like location data has a moral obligation to keep it safe."
#privacy #security
Yale Privacy Lab
Doctorow: "if that data leaks, it would allow anyone to break into your kid's cloud and plunder all their private data... Naturally, Teensafe stored thousands of parents and kids' usernames and passwords, without encryption, on an insecure server." #privacy #security
Yale Privacy Lab
the question now: "How much intercepted encrypted e-mail will be (or has been) decrypted by intelligence agencies?" Not all PGP/GPG e-mail is vulnerable... but the extent of the fallout won't be known for a while. #security #privacy
Yale Privacy Lab
PGP/GPG users: Keep Calm and Disable HTML Rendering. It's a good idea to protect you from other kinds of tracking (images in HTML e-mails). Short-term mitigation steps for "Efail" vulnerability: https://efail.de #security #privacy
Yale Privacy Lab
"...a 'rogue Alexa skill' that bypasses Amazon's security checks: it lurks silently and unkillably in the background of your Alexa, listening to all speech in range of it and transcribing it, then exfiltrating the text and audio of your speech..." https://boingboing.net/2018/04/26/user-supplied-listening-device.html
Yale Privacy Lab
"The really big data brokers - firms such as Acxiom, Experian, Quantium, Corelogic, eBureau, ID Analytics - can hold as many as 3,000 data points on every consumer, says the US Federal Trade Commission." #privacy #security
Yale Privacy Lab
"The new terms asserted that Eventbrite staff had the right to 'enter and remain' at any event organized with the platform, record the entirety of the event with video and photography... and retain copyright over everything recorded." https://arstechnica.com/information-technology/2018/04/eventbrite-rolls-back-policy-that-would-have-given-it-right-to-record-events/
Yale Privacy Lab
"Netizens have the wrong idea about what their web browser's 'private' or 'incognito' mode actually does. This is according to researchers at the University of Chicago, in the US, and Leibniz University Hannover, in Germany, who this week declared that folks mistakenly believe that by enabling the incognito browsing mode, they are fully shielded from online tracking and malware." #privacy #security
https://www.theregister.co.uk/2018/04/24/private_web_browsing_study/
Yale Privacy Lab
"A malicious app that can be downloaded from the Google Play store is extremely dangerous, as users will not think twice about downloading it because of their trust in Google" https://arstechnica.com/information-technology/2018/04/malicious-apps-in-google-play-gave-attackers-considerable-control-of-phones/ #security #privacy
Yale Privacy Lab
"Published today, a two-year study of Android security updates has revealed a distressing gap between the software patches Android companies claim to have on their devices and the ones they actually have."
https://www.theverge.com/2018/4/13/17233122/android-software-patch-trust-problem # privacy #security
Yale Privacy Lab
135 tracker signatures in the @exodus scanner, and all 2325 reports recomputing! expect some interesting finds in the reports 🕵️ https://news.exodus-privacy.eu.org/ #privacy #security
Yale Privacy Lab
135 tracker signatures in the @ExodusPrivacy scanner, and all 2325 reports recomputing! expect some interesting finds in the reports 🕵️ https://news.exodus-privacy.eu.org/ #privacy #security
Yale Privacy Lab
Our Sean O'Brien: "If India is to meet the challenge of cyber security as Prime Minister Modi has proposed, the challenge must be met with honesty, even if it is brutal and exposes flaws in administration or implementation." #privacy #security
Yale Privacy Lab
135 tracker signatures in the @ExodusPrivacy scanner, and all 2325 reports recomputing! expect some interesting finds in the reports 🕵️ https://news.exodus-privacy.eu.org/ #privacy #security
Yale Privacy Lab
"Just imagine if other governments of the world instructed their citizens and local carriers not to ink deals with Apple on account that the US government might have ways to crack iOS, regardless of whether that’s true or not." #privacy #security https://bgr.com/2018/02/14/iphone-encryption-backdoor-us-government-huawei-zte/ https://mastodon.social/media/PX6lFwNMjItL64-ZyvI
Yale Privacy Lab
clever use of RTL to fake file extension and deliver malware "Telegram for Windows converted files with names such as 'photo_high_regnp.js' to "photo_high_resj.png,' giving the appearance they were benign image files rather than files that executed code" #security https://arstechnica.com/information-technology/2018/02/telegram-app-purged-of-critical-flaw-attackers-were-actively-exploiting/
Yale Privacy Lab
"Hovering computers will make it increasingly possible to hack equipment that doesn’t connect directly to the internet." #privacy #security https://www.technologyreview.com/the-download/610196/cyber-warfare-is-taking-to-the-skies-aboard-drones/
Yale Privacy Lab
Our Sean O'Brien on #Aadhaar security: "Whenever a security researcher looks at an official government Aadhaar app, there are blatant privacy problems and sloppy cyber-security, such as sending data over the Internet unencrypted." http://www.businesstoday.in/opinion/columns/bad-aadhaar-cybersecurity-tramples-on-the-right-to-privacy/story/270425.html #privacy #security
Mike Gerwitz's GNU Social Instance is a social network, courtesy of Mike Gerwitz. It runs on GNU social, version 1.2.0-beta4, available under the GNU Affero General Public License.
All Mike Gerwitz's GNU Social Instance content and data are available under the Creative Commons Attribution-ShareAlike 3.0 Unported license.