Linux Privacy - Page 41 - Results from #800

Discover Privacy News

Researcher: Digital Signatures Can Lie To Linux, OSX and Windows Users

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Digital signatures were designed to allow secure, confidential communication between two parties. As Wikipedia describes it: "A user may digitally sign messages using his private key, and another user can check that signature (using the public key contained in that user's certificate issued by a certificate authority). This enables two (or more) communicating parties to establish confidentiality, message integrity and user authentication without having to exchange any secret information in advance."

LinuxSecurity.com Team
May 08, 2006

Defeat Spam With SpamBayes

Spam email is the plague of the 21st century; SpamBayes is its cure. This client-side application analyzes all incoming email messages and automatically sorts out those that are unwanted. SpamBayes digests the contents of email messages and counts how often certain words -- e.g. Viagra -- occur in spam (bad) or ham (good) messages. Based on these word patterns, it calculates an overall score that rates a message as spam, ham, or unknown. You can manually classify unknown mail as spam or ham and SpamBayes will learn accordingly.

LinuxSecurity.com Team
May 06, 2006

Spammer Threatens Anti-Spam Group

A company that's promoted an anti-spam "Do Not Intrude Registry" and essentially spammed spammers said Monday that many of its members have received threatening e-mails from a major junk mailer. Blue Security, a Menlo Park, Calif.-based start-up, debuted its registry and BlueFrog client last summer. The company's researchers, who work out of Israel, analyze and vet the spam, trace the message to a Web site (typically the site selling the product or service), and find a form on the site that can be used to complain or opt-out. The BlueFrog client then sends automatically fills out the found form once for each spam received. The result: the site is overwhelmed with opt-out requests or complaints.

LinuxSecurity.com Team
May 03, 2006

Privacy's Generation Gap

I’ve been spending a little too much time thinking about snooping lately. Actually, I’ve been thinking about snooping in all its various guises: personal, corporate, government, and extra-governmental. I’ve never been a big fan, really, even when my duties have required me to snoop. As an ex-corporate guy, my personal expectations of privacy in the workplace are what you’d expect: Never send an email you wouldn’t want to see on the front page. Seven-plus years in a Fortune 100 shop left me with a healthy dose of paranoia, and a strong aversion to sending anything of personal value via email or IM. I encrypt most of what I send from home, twitch when I’m riding wireless networks, and look over my shoulder as I type.

LinuxSecurity.com Team
May 01, 2006

Congress may consider mandatory ISP snooping

It didn't take long for the idea of forcing Internet providers to retain records of their users' activities to gain traction in the U.S. Congress. Last week, Attorney General Alberto Gonzales, a Republican, gave a speech saying that data retention by Internet service providers is an "issue that must be addressed." Child pornography investigations have been "hampered" because data may be routinely deleted, Gonzales warned. Now, in a demonstration of bipartisan unity, a Democratic member of the Congressional Internet Caucus is preparing to introduce an amendment--perhaps during a U.S. House of Representatives floor vote next week--that would make such data deletion illegal.

LinuxSecurity.com Team
May 01, 2006

A Comparison of US and European Privacy Practices

A new study on "US and European Corporate Privacy Practices" was released two days ago, and as I constantly monitor the topic knowing EU's stricter information sharing and privacy violations laws comparing to the U.S, thought you might find this useful. To sum up the findings: "European companies are much more likely to have privacy practices that restrict or limit the sharing of customer or employees' sensitive personal information and are also more likely to provide employees with choice or consent on how information is used or shared," said David Bender, head of White & Case's Global Privacy practice." still at the "sharing sensitive information is bad" promotional stage, I feel the research reasonable points out the lack of a systematic technical approach, bureaucracy can also be an issue, but with so many CERTs in Europe there's potential for lots of developments I think. Established in 2004, ENISA is the current body overseeing and guiding the Community towards data protection practices -- slowly, but steadily gaining grounds.

LinuxSecurity.com Team
Apr 29, 2006

Real-world Hooks Add Allure To Phishing

Phishing attacks are increasingly using offline components to appear more trustworthy, according to security firms. This week, security firm Cloudmark warned that two customers had been targeted with phishing attacks that used real phone numbers to collect personal information from the victims. The e-mail message alerts users to a fictitious security incident and asks them to call their bank at a certain phone number to verify their account number and PIN code. The fraudsters appear to have cloned the real banks automated telephone system to make the attack appear more real.

LinuxSecurity.com Team
Apr 29, 2006

In Between The Lines Of Personal And Sensitive Information

In a previous post, "Give it back!" I mentioned the ongoing re-classification of declassified information and featured some publicly known sources for information on government secrecy. Today I came across to a news item relating to the topic in another way, "States Removing Personal Data from Official Web Sites", more from the article: "At least six states use redaction software, which digitally erases information. It can be tailored to excise nine-digit entries such as SSNs. Chips Shore, circuit court clerk for Florida's Manatee County, removed SSNs and bank account numbers from 3 million public records on the Web site. Another 2.5 million court records were redacted before going online."

LinuxSecurity.com Team
Apr 26, 2006

Enterprises struggling with privacy management

Enterprises are under increasing pressure to safeguard the privacy and security of personal data, but the complexity of the task is making it difficult to meet higher expectations, a Hewlett-Packard Co. (HP) project manager said Tuesday. The pressure is coming from consumers and governments, who want greater control over how data is retained and managed, said Pete Bramhall, project manager at HP's lab in Bristol, England. Internally, enterprises are grappling with the cost and complexity in dealing with distributed networks. Soon, Bramhall predicts, many enterprises will be at a "tipping point," in terms of using new means to protect data.

LinuxSecurity.com Team
Apr 12, 2006

RFDump

RFDump is a backend GPL tool to directly interoperate with any RFID ISO-Reader to make the contents stored on RFID tags accessible. This makes the following types of audits possible: Test robustness of data-structures on the reader and the backend-application; Proof-of-concept manipulations of RFID tag contents; Clone / copy & paste User-Data stored on RFID tags; Audit tag-security features.

LinuxSecurity.com Team
Apr 10, 2006

When 'delete' is not enough

It was only a single digit in a 20-page Microsoft Word contract between two partners, but Scott Cooper earned his fee several years ago when he found it. Cooper, a computer forensics expert, learned that the numeral "1" had been scrubbed in some later versions of this digital document. This gave his client, a partner in a software company that had recently been sold, just a 5 percent rather than a 15 percent share in the company. If the change had gone undetected, the partner would have received $32 million rather than his rightful $96 million payout.

LinuxSecurity.com Team
Apr 10, 2006

RSA Looks To Drown Phishers In Data Flood

A novel tactic to defeat phishers is being employed by Cyota staff: flooding phishing sites with fake bank details to make the real information harder to find. RSA's Cyota division is helping fight phishing attacks by giving the online fraudsters what they want — lots of user names, passwords, online banking credentials and credit card numbers.

LinuxSecurity.com Team
Apr 01, 2006

Why Phishing Attacks Work

When asked if a phishing site was legit or a spoof, 23% of users use only the content of the website to make the decision! The majority of users ignore the address and SSL indicators in the browser. Some users think that favicons and lock icons in HTML are more important indicators. The paper hints that the proposed IE7 security indicators and multi-colored address bar will also suffer a similar fate. This study is brought to you by the people who developed the security skins Firefox extension."

LinuxSecurity.com Team
Mar 30, 2006

E-mail Security: Detecting Spam (II)

As spam filters get more advanced, less spam is allowed to enter into user’s inbox so the business model of spammers gets hurt. Instead of thinking that people don’t really like to receive spam and they would prefer less intrusive ways to get publicity, they try to workaround these filters in, sometimes, really clever ways. So, spam filters have to be continually modified and adapted to not fall into these new tricks.

LinuxSecurity.com Team
Mar 30, 2006

The Future of Privacy = Don't Over-empower The Watchers

I blog a lot about privacy, anonymity and censorship, mainly because I feel not just concerned, but obliged to build awareness on the big picture the way I see it. Moreover, I find these interrelated and excluding any of these would result in missing the big picture, at least from my point of view.

LinuxSecurity.com Team
Mar 20, 2006

IT Confidential: Choose Your Intrusion: Who's Your Friend?

'm as big a fan of government intrusion as the next person, but things may have gotten a little out of hand lately. Take last week's legal contretemps between the Justice Department and Google. Forget for a minute that Google really faces no downside by refusing the government's request to turn over search data. Even if Google loses the case and has to turn over some (truncated) amount of (very general) information about a (random) selection of searches, it still wins in the court of public opinion as a defender of personal privacy. As my colleague Chris Murphy put it, Google should take the court costs out of its marketing budget.

LinuxSecurity.com Team
Mar 20, 2006

Search firms surveyed on privacy

We asked the same seven questions of each company. Their answers are reproduced below, with the responses sorted by the companies' names in alphabetical order. What information do you record about searches? Do you store IP addresses linked to search terms and types of searches (image vs. Web)? Weinstein: Any time a search is done on the AOL service or AOL.com, the left rail on the results page offers a list of the most recent searches conducted by that user.

LinuxSecurity.com Team
Mar 15, 2006

Human Rights and Wrongs Online

A government's position on censorship used to protect its citizenry is dictated by who they are. The well-popularized censorship of Internet content in China by Google and other big players, and criticism of this by the U.S. government, is really just the tip of the iceburg. On Febrary 15, the United States Congress held hearings on the role of U.S. Internet companies like Google, Microsoft, Yahoo and Cisco in suppressing free expression and therefore encouraging repressive tactics by countries like China. The hearings explored the role and the responsibility of these companies for deliberately filtering communications, assisting in the interception of citizen's communications, and using technology to restrict access by citizens to information.

LinuxSecurity.com Team
Mar 14, 2006

Report: 80 percent of emails out to manipulate

Four out of five inbound emails are designed to deceive the recipient, according to a new report studying the scope of abusive online messages. The Messaging Anti-Abuse Working Group's (MAAWG) Email Metric Report, which analyzed data from more than 127 million mailboxes during last year's fourth quarter, found that more than 142 billion emails either were tagged or blocked before they reached the end user. Another 61.3 billion emails were the victims of dropped connections, the study showed. Nearly 37 billion emails were unaltered before reaching their destination.

LinuxSecurity.com Team
Mar 14, 2006

Google outspooks the spooks with Total Information Awareness plan

Google wants to mirror and index every byte of your hard drive, relegating your PC to a "cache", notes on a company PowerPoint presentation reveal. The file accompanied part of Google's analyst day last week. Google has since withdrawn the file, telling the BBC that the information was not intended for publication.

LinuxSecurity.com Team
Mar 08, 2006

Linux Privacy - Page 41

Enhancing Online Privacy and Anonymity with Whonix as Your Digital Shield

Explore Tor Browser 14.0 Updates: Enhanced Privacy and Security Features

Practical Tips for Protecting Email Privacy on Linux