Uber in Legal Crosshairs Over Hack Cover-up
Two US states on Wednesday confirmed they are investigating Uber’s cover-up of a hack at the ride-sharing giant that compromised the personal information of 57 million users and drivers. Uber purportedly paid data thieves $100,000 to destroy the swiped information — and remained quiet about the breach for a year. That decision evidently came despite…
Privacy Fears Over Artificial Intelligence as Crimestopper
Police in the US state of Delaware are poised to deploy “smart” cameras in cruisers to help authorities detect a vehicle carrying a fugitive, missing child or straying senior. The video feeds will be analyzed using artificial intelligence to identify vehicles by license plate or other features and “give an extra set of eyes” to…
Don’t Be Catfished: Protecting Yourself From New Account Fraud
Catfishing, the practice of pretending to be someone else online, became a cultural phenomenon through MTV’s popular TV show “Catfish,” driving more attention to our obsession with our online personas. However, it’s not just social media that needs additional scrutiny. In the wake of several recent major data breaches of personally identifiable information (PII) such…
Is My Fitness Band Protected? An Exercise in IoT Security
I recently bought a fitness band to track my daily workouts and quickly got hooked. The invaluable insights it provided through data analysis, coupled with the constant reminders it pushed out to help me achieve my fitness goals, got me thinking about how the Internet of Things (IoT) is transforming our way of life and shaping our…
macOS High Sierra Update Patches Keychain Access Flaw
An update released on Thursday by Apple for its macOS High Sierra operating system patches two vulnerabilities, including one that allows malicious applications to steal passwords from the Keychain. The Keychain flaw, tracked as CVE-2017-7150, was disclosed last week by Patrick Wardle, director of research at Synack. Apple has now addressed the issue with the release of High…
Leaving employees to manage their own password security is a mistake
Despite the clear and present danger that weak passwords pose to organizations, many remain focused on implementing technology based on policy, not the user, to address the problem. How do you manage password security? More than half of IT executives surveyed rely on employees alone to monitor their own password behavior, subsequently leaving the company at risk,…
The privacy implications of email tracking
Emails are a widely used means for third parties to tie your email address to your activities across the web, Princeton University researchers have discovered. The extent of email tracking Email tracking was originally aimed at allowing senders to know whether the recipient has read the sent email. Unfortunately, many third parties also receive this…
FBI asks people for digital evidence of Las Vegas shooting
An article about the horrific shooting in Las Vegas was the first thing I saw after getting on the computer this morning. Using Google to search for “Las Vegas shooting” showed an SOS alert at the top of the search results; Google launched SOS alerts in July to help people in a crisis. And this…
Researchers Use Heart Rhythms for Continuous Authentication
Researchers from the University at Buffalo SUNY, and the Department of Electrical and Computer Engineering at Texas Tech University have proposed a novel new continuous user authentication method using cardiac motion (a heart-based function determined by users’ unique heart geometry). Their paper, ‘Cardiac Scan: A Non-Contact and Continuous Heart-Based User Authentication System’ (PDF), will be…
Passwords for 540,642 GPS vehicle tracking devices leaked online
Login credentials and other sensitive data from more than a half million vehicle tracking devices, which continually pinpoint vehicles’ locations, were left unprotected online. The exposed records belonging to SVR Tracking, headquartered in San Diego, were discovered by Kromtech security researchers. Thanks to a misconfigured Amazon AWS S3 bucket, 540,642 account IDs which included logins…