Congress votes to wipe out landmark internet privacy protections

Congress sent proposed legislation to President Donald Trump on Tuesday that wipes away landmark online privacy protections, the first salvo in what is likely to become a significant reworking of the rules governing internet access in an era of Republican dominance.

In a party-line vote, House Republicans freed internet service providers such as Verizon, AT&T and Comcast of protections approved just last year that had sought to limit what companies could do with information such as customer browsing habits, app usage history, location data and Social Security numbers. The rules had also required providers to strengthen safeguards for customer data against hackers and thieves.

The Senate has already voted to nullify those measures, which were set to take effect at the end of this year. If Trump signs the legislation, as expected, providers will be able to monitor their customers’ behavior online and, without their permission, use their personal and financial information to sell highly targeted ads — making them rivals to Google and Facebook in the $83 billion online advertising market.

The providers could also sell their users’ information directly to marketers, financial firms and other companies that mine personal data — all of whom could use the data without consumers’ consent. In addition, the Federal Communications Commission, which initially drafted the protections, will be forbidden from issuing similar rules in the future.

Search engines and streaming video sites already collect usage data on consumers. But consumer activists claim that internet providers may know much more about a person’s activities because they can see all of the sites a customer visits.

And while consumers can easily abandon sites whose privacy practices they don’t agree with, it is far more difficult to choose a different internet provider, the activists said. Many Americans have a choice of only one or two broadband companies in their area, according to federal statistics.

Advocates for tough privacy protections online called Tuesday’s vote “a tremendous setback for America.”

“Today’s vote means that Americans will never be safe online from having their most personal details stealthily scrutinized and sold to the highest bidder,” said Jeffrey Chester, executive director of the Center for Digital Democracy.

Read More

Apple patent envisions tracking people in real time

Apple’s current Find My Friends feature could one day expand into more of a Track My Friends feature.

Granted to Apple on Tuesday by the US Patent and Trademark Office, a patent called “Sharing location information among devices” describes a procss that would let you view a visual representation of the path taken by another person using a mobile device as a way of following that person’s entire journey.

For example, someone is going for a hike or a trip and wants you to stay informed of his or her whereabouts. That person would enable a feature on a mobile device to allow you to see and track in real time the path being taken on your own mobile device or computer. On the flip side, you could also share your route so the two of you can stay abreast of each other’s ongoing location.

Apple already offers a feature called Find My Friends, which lets you find the specific location of another person via his or her iPhone or iPad. But Find My Friends is geared more toward pointing you to a specific spot, whereas Apple’s patented invention allows for path tracking, or following several points along a specific route.

As described in the patent, your respective devices could also share mapping directions so that you and your friend would be able to easily find each other via your mobile devices. Even further, your devices could tap into a “mirroring” mode that would replicate the view seen on each other’s respective devices.

The system would rely on GPS for navigation purposes but could enable communication between the devices via a cellular network, Wi-Fi or Bluetooth. Assuming both you and your friend had a sufficient signal, cellular would obviously be the most efficient technology as it would allow for the greatest distance between the two of you.

Read More

The Pentagon is looking to hire 3,000 infosec pros

The US Department of Defense has gotten permission and is aiming to hire 3,000 infosec professionals to work at the US Cyber Command by the end of this year, and is set to make the majority of the members of its Cyber Mission Force (CMF) achieve at least initial operational capability by the end of the 2016 Fiscal Year.

According to Aliya Sternstein, salaries start at $42,399 and can eventually rise to over triple that amount ($132,122).

The good news for potential employees is that the DoD doesn’t have to evaluate the applicants by traditional competitive criteria – to gain employment with the CMF, the applicants will have to demonstrate unique cybersecurity skills and knowledge.

The US Cyber Command was instituted in 2010, and was tasked with protecting the Department of Defense’s information networks and critical infrastructure, as well as to carry out cyber attacks against adversaries.

“USCYBERCOM confronted serious challenges from the outset. DoD networks had been planned and initially constructed decades earlier in an environment in which redundancy, resiliency, and defensibility were not always primary design characteristics,” Admiral Mike Rogers, the Head of the Cyber Command, shared with the members of the US House committee on Armed Service’s Subcommittee on Emerging Threats and Capabilities.

“Operators in USCYBERCOM, not surprisingly, could not even see all of our networks, let alone monitor all the traffic coming into and out of them from the Internet. Our people were and are professionals, so that issue was rapidly engaged, but nonetheless the sheer volume of work involved in starting a new, subunified command was substantial.”

“The bad news was that USCYBERCOM was built from the ground up by cutting manning to the bone, initially sacrificing vital support functions and institutional infrastructure to build mission capabilities as fast as possible,” he noted, and announced that things are slowly changing.

Read More

Protecting your privacy on the phone

Tapping phone lines and recording conversations is a classic spy technique, but it can be easy to protect yourself from these actions with a few simple gadgets and security practices. Make sure you are being proactive about your privacy and protecting your phone calls from unwarranted or illegal recording.

There are a few ways to protect your privacy on the phone. Whether the person on the other end is recording the call or you think your own line has been tampered with, make sure you’re taking the right steps toward eliminating these threats and having private conversations in peace.

Bug sweep – Bugging a room or phone is a key way to record or spy on conversations. Getting a Multi-Functional All Purpose All-in-One Sweep Unit can help you find and disable audio recording devices in your phone, as well as hidden cameras and other spying devices.

Tap detection – For increased protection from phone tapping, you can install a Super Tap Buster on your phone line. This tool will constantly monitor line voltage and detect changes that indicate a phone tap. This will further protect you from taps installed outside your home, and can remotely disable bugs, while alerting you to secondary listening devices on a line – such as when a second line is picked up and muted during a call to listen in.

Voice changer – If you’re trying to keep your identify a secret during a phone call, a Telephone Voice Transformer is the best way to go. This device will alter the pitch and tone of your voice to mask it and keep your identify a secret – an excellent way to prevent a phone tap from gathering too much information.

View Source

FBI boss ‘concerned’ by smartphone encryption plans

Plans by Apple and Google to do more to protect customers’ privacy have made the FBI “very concerned”.

Speaking to reporters, FBI boss James Comey said the plans to enable encryption by default could thwart law enforcement investigations.

Lives could depend on police forces continuing to get access to the data on devices used by criminals and terrorists, he said.

The FBI was talking to both Apple and Google about its fears, said Mr Comey.

Protect privacy
The conversations with tech firms needed to be had before the day when police forces lost access to those devices, he said.

“I’d hate to have people look at me and say, ‘Well how come you can’t save this kid?’ ‘How come you can’t do this thing?’” said Mr Comey in a briefing.

His comments came in reaction to a decision by Apple to enable a file encryption system on its iOS 8 software for which it has no keys. This means it would not be able to comply with any official request to help police get at the data on those devices.

Google has said it too is planning to enable a similar encryption system by default on the next version of Android.

Mr Comey said he was “very concerned” about these plans because of what they would allow people to do.

“What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law,” he said.

“I am a huge believer in the rule of law, but I am also a believer that no-one in this country is beyond the law,” he added.

Apple and Google have yet to respond to Mr Comey’s comments.

Ten days prior to Mr Comey’s press statement, iOS data forensics expert Jonathan Zdziarski pointed out that Apple’s encryption system would not stop police getting at data on portable devices.

Specifically weakening security systems just to aid the police was a bad decision, he said.

“For the sake of privacy and overall security, the only logical solution is to make products as secure as possible, and let good detective work do the crime solving, rather than an easy button,” he wrote in a blogpost.

View Source

Google Just Bought a Company That Snoops on Your Chats

Google just bought another online communications channel it can fill with ads.

The tech giant confirms it has acquired Emu, a startup that offers a kind of instant messaging tool. The price was not disclosed, but Google’s interest in the company isn’t hard to divine: Emu has built a system that can monitor chats, infer what people are talking about, and insert relevant links—including ads.

Emu, which has been subsisting for two-and-a-half years on venture funding, doesn’t insert such ads today. Instead, it uses its monitoring tools to identify certain other information that might be helpful to you. For example, if you’re chatting on the Emu service and the other person types something about getting lunch, Emu might suggest nearby restaurants or show the mid-day schedule from your calendar. But it’s a very short leap from such information to commercial promotion. A nearby cafe might pay for ad to appear every time the word “coffee” comes up in your chat.

The Emu buy is part of a much larger trend to monitor and thus profit from new chunks of people’s lives. Foursquare just rolled out a new version that, by default, tracks your movements continuously, negating the need for a “check in” button. Google, meanwhile, isn’t just interested in chats; the company has said that it may eventually show ads on internet-connected home devices, such as thermostats.

A NEARBY CAFE MIGHT PAY FOR AD TO APPEAR EVERY TIME THE WORD “COFFEE” COMES UP IN YOUR CHAT.

Emu fills a growing hole in Google’s ad offerings. Google mines search terms and emails for advertising purposes, but not yet chats. As people shift their computing to smartphones and other mobile devices, chatting—short, immediate, and part of phone culture for decades—has become more popular.

Read More

Phone texts don’t die: they hide

The computer forensics expert who recovered the text messages that brought down parliamentary Speaker Peter Slipper has warned that any messages or files you think you have deleted from your smartphone are still there if someone really wants to find them.

The national head of the IT forensics practice at corporate advisory firm PPB Advisory, Rod McKemmish, was brought in by the legal team of Mr Slipper’s former staffer James Ashby, as some of the messages he had received from the former speaker had been deleted.

He was able to use an automated forensic process to bring the messages back from the dead.

“The delete button on the phone should really be called the ‘hide’ button, because the data is still there, you just can’t see it,” Mr McKemmish said. “In the forensic process we can bring it all back.”

While most politicians and business people are unlikely to be communicating about the sort of topics that brought down Mr Slipper, many might rethink the privacy of their communications.

With soaring levels of smartphone penetration in Australia, it is fair to assume that a significant amount of sensitive discussions take place via SMS.

Mr McKemmish said his skills were increasingly being called upon to investigate corporate cases, where firms were concerned about confidential information residing on the phones of staff leaving. Most phones have a “factory reset feature”, which is supposed to revert the phone to the state when it was first used, but it’s insufficient.

IBRS technology analyst James Turner said businesses needed to be more alert to the permanent nature of digital communication, as more important conversations were handled by SMS and email.

“This can be share price-impacting information, because deals can be made via an SMS that are worth a lot of money,” he said. “The audit trail is all important when it comes to being able to report that due process has been followed, so i f people are using electronic communications, then they must expect that there is a record.”

Not all communication via SMS or email is related to big deals of course. Much could be slotted into the files marked “harmless banter” or “office gossiping”. Common stuff, but not necessarily words that people want to be accessible once the messages have been deleted.

Unfortunately for regular texters,cA computer forensics expert and adjunct professor at Queensland University of Technology, Bradley Schatz, says smartphones were designed to hold on to data as a guard against accidental loss.

He says there are a number of factors that will govern how long a message exists on a phone after it has supposedly been deleted, but a basic guide is that it will remain somewhere on the phone until all available space for new data has been exhausted.

“The memory inside many of these small-scale digital devices is called flash memory, which is the same kind of memory that you would find in a USB key,” Schatz said.

Read More

Comcast is turning your home router into a public Wi-Fi hotspot

If you’re a Comcast cable customer, your home’s private Wi-Fi router is being turned into a public hotspot.

It’s been one year since Comcast (CMCSA) started its monster project to blanket residential and commercial areas with continuous Wi-Fi coverage. Imagine waves of wireless Internet emitting from every home, business and public waiting area.

Comcast has been swapping out customers’ old routers with new ones capable of doubling as public hotspots. So far, the company has turned 3 million home devices into public ones. By year’s end it plans to activate that feature on the other 5 million already installed.

Anyone with an Xfinity account can register their devices (laptop, tablet, phone) and the public network will always keep them registered — at a friend’s home, coffee shop or bus stop. No more asking for your cousin’s Wi-Fi network password.

But what about privacy? It seems like Comcast did this the right way.t’s potentially creepy and annoying. But the upside is Internet everywhere.

Outsiders never get access to your private, password-protected home network. Each box has two separate antennae, Comcast explained. That means criminals can’t jump from the public channel into your network and spy on you.

And don’t expect every passing stranger to get access. The Wi-Fi signal is no stronger than it is now, so anyone camped in your front yard will have a difficult time tapping into the public network. This system was meant for guests at home, not on the street.

As for strangers tapping your router for illegal activity: Comcast said you’ll be guilt-free if the FBI comes knocking. Anyone hooking up to the “Xfinity Wi-Fi” public network must sign in with their own traceable, Comcast customer credentials.

Still, no system is foolproof, and this could be unnecessary exposure to potential harm. Craig Young, a computer security researcher at Tripwire, has tested the top 50 routers on the market right now. He found that two-thirds of them have serious weaknesses. If a hacker finds one in this Comcast box, all bets are off.

“If you’re opening up another access point, it increases the likelihood that someone can tamper with your router,” he said.

Read More

Google Glass wearers can steal your password

But this time he’s wearing Google Glass — and he’s after your iPad PIN.

Cyber forensics experts at the University of Massachusetts in Lowell have developed a way to steal passwords entered on a smartphone or tablet using video from Google’s face-mounted gadget and other video-capturing devices. The thief can be nearly ten feet away and doesn’t even need to be able to read the screen — meaning glare is not an antidote.

The security researchers created software that maps the shadows from fingertips typing on a tablet or smartphone. Their algorithm then converts those touch points into the actual keys they were touching, enabling the researchers to crack the passcode.

They tested the algorithm on passwords entered on an Apple (AAPL, Tech30) iPad, Google’s (GOOGL, Tech30) Nexus 7 tablet, and an iPhone 5.

Why should you be worried?

“We could get your bank account password,” researcher Xinwen Fu said.

The software can be applied to video taken on a variety of devices: Fu and his team experimented with Google Glass, cell phone video, a webcam and a camcorder. The software worked on camcorder video taken at a distance of over 140 feet.

Of course, pointing a camcorder in a stranger’s face might yield some suspicion. The rise of wearable technology is what makes this approach actually viable. For example, a smartwatch could stealthily record a target typing on his phone at a coffee shop without drawing much attention.

Fu says Google Glass is a game-changer for this kind of vulnerability.

“The major thing here is the angle. To make this attack successful the attacker must be able to adjust the angle to take a better video … they see your finger, the password is stolen,” Fu said.

Google says that it designed Glass with privacy in mind, and it gives clear signals when it is being used to capture video.

“Unfortunately, stealing passwords by watching people as they type them into ATMs and laptops is nothing new,” said Google spokesman Chris Dale. “The fact that Glass is worn above the eyes and the screen lights up whenever it’s activated clearly signals it’s in use and makes it a fairly lousy surveillance device.”

Read More

New Technology Could Let Thieves Copy Keys

Using a simple camera or camera phone, it is now possible to snap a photo of almost any key ring and use the image to make a physical copy of a key.

The I-Team did just that, using a web site called keysduplicated.com.

With a smartphone camera, the I-Team took a photo of a key ring lying unarranged on a desk. After the image was run though photo-editing software, and one house key was isolated, the image was uploaded to the web site. Within a week, the company sent the I-Team a copy of the key,which opened the front door of a home.

In crowded Bryant Park one recent day, Devon White’s key ring was one of several the I-Team found sitting in plain sight, vulnerable to a camera phone snapshot.

“It’s always cool when new technology moves in a new direction, but it is a bit worrying,” said White, of Queens, after learning about this new vulnerability. “You wonder … anybody could just take a picture of anybody else’s key.”

Police in Nassau County said they first became aware of the new key-cutting technology in recent months. They said they have not linked any crimes to it yet, but they are urging people to use caution in how they handle their keys.

“All it takes to cut a key is you just have to have the outline of the key,” said Detective Sgt. Richard Harasym, who heads Nassau’s Crimes Against Property Unit. “It’s unlocking the keys to your castle, so to speak, and if you leave them out there, then you run the risk that something bad could happen.”

The I-Team contacted Ali Rahimi, the founder of the web site. Rahimi admitted News 4′s demonstration reveals a security risk, and said he will look for ways to close it. Still, but he said he’s unaware of any customer who’s ever used one of his keys illegally.

“It’s worth incorporating the lessons we’ve learned from your experiment. It’ll take some thought,” said Rahimi.

Rahimi said one possibility might be to use software that detects when photos have been doctored. The web site does require a credit card for payment. Until better security checks can be implemented, he said his employees will screen for any suspicious-looking pictures, and ask for additional photos of the key in the customer’s hands.

“That’ll ensure they have physical access to the key,” he said.

View Source