Instituto de la Ciencia y Tecnología en América Latina (ICTAL) - PrivacidadPortal dedicado a la ciencia, el desarrollo, y los derechos humanos... 2024-03-18T13:03:04-04:00urn:md5:c3c53f2c54ac152a71614d9b9f660d3dDotclear“No habrá ninguna ciberguerra. Habrá una guerra real con una faceta ciber”urn:md5:45173d44fe7921cdb1a3525b6f76d7df2020-01-01T19:01:00-04:002020-01-01T19:01:00-04:00cguajonPrivacidadDerechos HumanosDigitalInternacional <p><br />Fuente: El Pais<br /><br /><br />El trabajo de la ciberembajadora Heli Tiirmaa-Klaar es cada vez más importante. Es la embajadora de Estonia para ciberseguridad. En 2019 Politico la escogió como una de las 28 personalidades que iban a conformar Europa. Su país se hizo célebre por unos hechos trágicos en 2007: fue víctima de la primera gran operación rusa en el ciberespacio: "La geografía en Estonia es imposible de escapar", dice. Tiirmaa-Klaar ha sido asesora en la OTAN y encargada de montar la política del ciberespacio en la UE. La diplomática habló con EL PAÍS durante una reciente visita a Madrid organizada por el Instituto Aspen y la Fundación Telefónica.<br /><br />Pregunta. ¿Qué es una ciberembajadora?<br /><br />Respuesta. Es una diplomática especializada que entiende qué tipo de amenazas hay en el ciberespacio, cómo responder al mal comportamiento de actores estatales y cómo animar el buen comportamiento.<br /><br /><br /><br />Cont'd.<br /><br />LINK:<br /><a href="https://elpais.com/tecnologia/2019/12/21/actualidad/1576886357_152918.html">https://elpais.com/tecnologia/2019/12/21/actualidad/1576886357_152918.html</a><br /><br /></p>“La mayoría de usuarios de Internet son mirones que no hacen nada”urn:md5:e022d7493bb8039c5e96ac7217e0639d2019-09-23T08:15:00-04:002019-09-23T08:15:00-04:00cguajonPrivacidadCulturaDigitalTecnología <p><br />Fuente: El Pais<br /><br /><br /><br />Todo lo que hay en Internet es obra de unos pocos. Unos "pocos" que son decenas de millones de personas, pero que solo representan un porcentaje pequeño del total de usuarios. La web es un océano infinito que cubre toda la Tierra, pero la gente que la alimenta cabría en una isla.<br /><br />Menos del 1% de usuarios de Internet crea más del 50% del contenido. "Si tomas cualquier segmento de tiempo determinado, el porcentaje de gente activa en Internet seguro que es menos del 10%", explica el profesor chileno Ricardo Baeza-Yates. "Lo he visto en lugares donde he trabajado. La mayor parte de gente en internet, en las redes sociales sobre todo, está de mirón, sin hacer nada. Ni siquiera hace un like. No genera datos para internet, que no es lo mismo que estar activo. La gente que contribuye, que hace un like, podría ser un 10%, pero quienes hacen un tuit o un post o cuelgan una foto, van a ser menos", añade.<br /><br />En distintos trabajos, Baeza-Yates ha encontrado que un 4% de los usuarios activos escribe la mitad de las reseñas en Amazon ("y eso que un mes después de publicar el artículo Amazon empezó a perseguir las reseñas pagadas, con lo que el número real es menor"), un 2% de usuarios escribe la mitad de tuits en Twitter y que la primera versión de la mitad de entradas de la Wikipedia en inglés fue creada por un 0,04% de sus usuarios registrados, unas 2.000 personas. "Y fue porque les pagaron, porque quién participa en algo que está vacío", dice Baeza-Yates.<br /><br /><br />Cont'd.<br /><br />LINK:<br /><a href="https://elpais.com/tecnologia/2019/09/04/actualidad/1567551266_353982.html">https://elpais.com/tecnologia/2019/09/04/actualidad/1567551266_353982.html</a><br /><br /></p>El FBI lanza una alerta mundial: hay que reiniciar [ALGUNOS] routersurn:md5:040dbdc5154ea4f57c2d9fa0786901122018-05-29T07:25:00-04:002018-05-29T07:25:00-04:00cguajonPrivacidadDerechos HumanosDigitalInternacional <br />Fuente: El Pais<br /><br /><br /><br />Una alerta sin precedentes y con un alcance que puede considerarse masivo: el FBI ha detectado un ataque de hackers proveniente de Rusia mediante el cual se introduciría un malware que se apropiaría del router doméstico. Las autoridades estadounidenses han identificado este malware como VPNFilter, que tomaría el control de nuestro router para propagar ataques mundiales coordinados, y por descontado, registrar toda la actividad en la red de los dispositivos conectados. La gravedad de este ataque es tal, que los hackers podrían anular por completo la conexión a internet en zonas enteras y lo que resulta más preocupante, llevar a cabo ataques masivos a objetivos determinados.<br /><br /><br />Todavía no se conoce el alcance de este ataque, pero se estima que estarían afectados más de medio millón de routers domésticos en todo el planeta, y dada la configuración en red de este tipo de ataques, es de suponer que ese número se dispare exponencialmente por minutos. El funcionamiento es el siguiente: un router afectado por VPNFilter se queda en modo aletargado a la espera de recibir instrucciones de cara a llevar a cabo un ataque coordinado contra un objetivo determinado por los hackers. Entre tanto, registraría toda la información proveniente de nuestra actividad en la red (sí, contraseñas también), y los investigadores que han identificado el hack han comprobado la existencia de un ‘botón letal’ mediante el cual los atacantes podrían inutilizar definitivamente el dispositivo.<br /><br />En una acción coordinada a gran escala, VPNFilter podría inutilizar la conexión a internet en barrios o ciudades enteras, dada la gran cantidad de marcas afectadas. El FBI ha enumerado en un listado los equipos afectados, pero ha avanzado que ello no quiere decir que aquellos que no aparezcan en la lista no estén afectados o sean susceptibles de ello. En este listado encontramos fabricantes como Netgear, TP-Link o Linksys, aunque como apuntamos, los fabricantes afectados podrían ser muchos más. ¿Qué hacer en cualquier caso? Las autoridades recomiendan llevar a cabo algo muy simple: reiniciar el router (desenchufar y volverlo a enchufar); con este paso se inutilizaría el malware en la mayoría de los casos, aunque tampoco hay garantías de ello.<br /><br /><br /><br />Cont'd.<br /><br />LINK:<br /><a href="https://elpais.com/tecnologia/2018/05/28/actualidad/1527511542_736752.html">https://elpais.com/tecnologia/2018/05/28/actualidad/1527511542_736752.html</a><br /><br /><br />How to Download Your Data With All the Fancy New GDPR Toolsurn:md5:a1938f007ddb05228f82f6677cf738d62018-05-26T07:16:00-04:002018-05-26T07:16:00-04:00cguajonPrivacidadDigitalInternacional <p><br />Source: Gizmodo<br /><br /><br /><br />The big new European data-privacy law known as the General Data Protection Regulation (GDPR) is here, and it’s ushered in a host of changes to the way companies treat your personal information.<br /><br />One of the consumer benefits of GDPR is that it requires companies to make it possible for users to pack up their data and leave if they don’t like the service they’re using. You shouldn’t be trapped into keeping an account with a certain company just because you don’t want to lose access to photos you’ve stored there over the years, the theory goes—you should be able to move your data to whatever service you prefer.<br /><br />In order to comply with the law, companies large and small are introducing data download tools. But actually transferring your stuff from one platform to another is still more annoying than it should be—you still have to deal with bulk downloads and conflicting file formats, and most platforms haven’t made really good portability features yet. Although they’ve made it possible for users to download their data, actually porting it over to the service you want to use is pretty much up to you. And for some services, like Facebook, there’s not a meaningful competitor waiting for you to make the switch.<br /><br />These tools ought to be better, and hopefully they’ll improve over time as companies adjust to GDPR. As Mozilla points out, GDPR should be a floor on which companies build, not the ceiling that marks the limit of privacy and data portability. “The GDPR provides a baseline set of rules, which helpfully lay the groundwork for more ethical approaches to data collection and processing. It’s is a step in the right direction, but the devil will be in the details for most organizations,” Mozilla’s MJ Kelly writes. “New privacy controls, even if they technically comply with the GDPR, won’t help if they are too difficult to use and if organizations aren’t committed to the underlying principles that shaped this regulation.”<br /><br />But for now, here are some of the available data portability features.<br /><br />Google<br /><br />You can already extract a comprehensive package of data from your Google account using the Takeout tool, which launched back in 2011. Takeout lets you download your email, photos, contacts, calendar, Google Drive documents, and more, all in one fell swoop. This goofy video Google made back when Takeout launched explains how it works:<br /><br /><br /><br />One of the nicest features Google offers is the ability to transfer your data directly to another cloud storage service like Dropbox or Box. Most services force you to download a sizable data package and then re-upload it to the new service of your choosing, which makes switching services more than a little inconvenient. In Takeout, you can opt to move your data straight to another service or just download it to your hard drive.<br /><br />If you have an Android device, you can get some device data here, and search data for Google Home here.<br /><br />Apple<br /><br />For iPhone devotees, Apple is probably the biggest hoarder of data—the company has all your photos, contacts, call logs and voicemails, iMessage metadata, and iTunes purchase history. If you use features like Health or Keychain, Apple might also have particularly sensitive information about you, like your health data or your passwords.<br /><br />Apple just launched a tool to allow users to download their data, but for now it’s only available to users in the European Union and a few European nations outside the EU. Access to the tool will roll out internationally later this year, Apple says.<br /><br />The company also gives users the option to delete all their data—but be careful, because once you do this, there’s no way to get it back. <br /><br />Facebook<br /><br />Facebook and Instagram have rolled out improved data portability tools in the last few weeks. But Facebook’s suite of apps is the most frustrating when it comes to portability. Sure, you can download your data. But where are you going to put it next?<br /><br />Facebook’s data export is pretty comprehensive—users can expect to get their photos and status updates as well as lots of other interesting stuff such as likes, search history, and information about advertisers who have targeted them. But as TechCrunch points out, Facebook has clung tightly to users’ social graphs, making it especially difficult for its users to find their friends on other social networks even as it has slurped up social graph data from users’ email and phone contacts.<br /><br />Instagram’s data portability tool lets you take your photos, videos, and messages with you if you choose to leave, but it doesn’t sound like you’ll be able to take comments or other data. Instagram’s new privacy policy, released in time for GDPR, notes that the app collects information about how you tap and scroll on your device, but you won’t be able to get that data, either.<br /><br />Amazon<br /><br />Amazon often gets overlooked in discussions about data collection, but the company holds a ton of information about your location and shopping habits. If you own an Echo, the company also has access to recordings of you in your home—which didn’t work out particularly well for this couple—and if you’re a web developer, chances are you have some data stored in Amazon Web Services.<br /><br />Amazon doesn’t have a central tool for data downloads, which is a little irritating, but you can get archives of your shopping history and Alexa recordings. Depending on what Amazon services you use, you’ll have to dig around on the company’s various support pages to find and download the exact data you’re looking for.<br /><br /><br /><br />Cont'd.<br /><br />LINK:<br /><a href="https://gizmodo.com/how-to-download-your-data-with-all-the-fancy-new-gdpr-t-1826334079">https://gizmodo.com/how-to-download-your-data-with-all-the-fancy-new-gdpr-t-1826334079</a><br /><br /></p>WhatsApp Group Video Call and Instagram Video Chat Are Coming Soonurn:md5:bac8a048d7d798a1a5c13cd74b6817d82018-05-02T06:27:00-04:002018-05-02T06:27:00-04:00cguajonPrivacidadDerechos HumanosDigital <p><br />Source: Hacker News<br /><br /><br /><br />Facebook announced a whole lot of new features at its 2018 Facebook F8 developers conference, including Dating on Facebook, letting users clear their web browsing history, real-time language translation within Messenger, and many more.<br /><br />Besides announcing exciting features for its social media platform, Facebook CEO Mark Zuckerberg also gave us a quick look at the features Facebook introduced for companies that it owns, like WhatsApp and Instagram.<br /><br />During Facebook's F8 conference on Tuesday, Zuckerberg announced a long-awaited feature for WhatsApp—Group Video Calling.<br /><br /><br /><br />Cont'd.<br /><br />LINK:<br /><a href="https://thehackernews.com/2018/05/whatsapp-group-video-chat.html">https://thehackernews.com/2018/05/whatsapp-group-video-chat.html</a><br /><br /></p>Amazon Bends the Knee to Autocrats (Signal)urn:md5:9e602b9cff08ecdce398e58193aa7ea02018-05-02T06:25:00-04:002018-05-02T06:25:00-04:00cguajonPrivacidadDerechos HumanosDigital <p><br />Source: Gizmodo<br /><br /><br /><br />Telegram has been putting up an impressive fight against the governments of Russia and Iran in high-profile efforts to censor the messaging service over the last few weeks. But we’ve heard little about its fellow encrypted messaging app Signal. Both services have used an anti-censorship technique called “domain fronting” to get around tyrants—and now, Google and Amazon say that’s no longer an option.<br /><br />Amazon officially announced it’s increased focus on stamping out domain fronting on Friday. The statement followed closely behind a similar move by Google. On Monday, Signal founder Moxie Marlinspike posted a communication from Amazon’s team informing the privacy-focused company that it must discontinue any sort of domain fronting practices if it wants to continue using Amazon Web Services. Marlinspike lamented the crackdown, saying that Signal is being censored in Egypt, Oman, Qatar, and United Arab Emirates. The technique has allowed Signal to circumvent those blocks and continue to provide service to citizens of those countries, according to Marlinspike, but for now, it will have to comply with Amazon’s demands.<br /><br />“With Google Cloud and AWS out of the picture, it seems that domain fronting as a censorship circumvention technique is now largely non-viable in the countries where Signal had enabled this feature,” wrote Marlinspike. “The idea behind domain fronting was that to block a single site, you’d have to block the rest of the internet as well. In the end, the rest of the internet didn’t like that plan.”<br /><br /><br /><br />Cont'd.<br /><br />LINK:<br /><a href="https://gizmodo.com/amazon-bends-the-knee-to-autocrats-threatens-to-cut-of-1825697153">https://gizmodo.com/amazon-bends-the-knee-to-autocrats-threatens-to-cut-of-1825697153</a><br /><br /></p>Facebook dirá a sus usuarios qué webs y aplicaciones usan sus datos y les permitirá borrar esa informaciónurn:md5:90391e5a8b843d8377422a568a5bb96e2018-05-01T17:36:00-04:002018-05-01T17:36:00-04:00cguajonPrivacidadDigitalEconomía PolíticaEstados Unidos <p><br />Fuente: El Pais<br /><br /><br />"Este año ha sido intenso. No parece que solo hayan sido cuatro meses. Vamos a asegurarnos de que nadie use mal nuestra plataforma; soy optimista y vamos a hacer que se use para hacer el bien". Así arrancaba Mark Zuckerberg su intervención hoy en la conferencia F8, dedicada a desplegar el futuro de la red social que ha fundado y que dirige, Facebook, que también está inmersa en una enorme polémica mundial por el uso incorrecto que ha hecho de los datos de sus usuarios.<br /><br />Minutos antes, la compañía había anunciado a través de un comunicado que está construyendo un nuevo control de privacidad llamado Clear history ("limpiar historial", en su traducción al español) para permitir a los usuarios eliminar la posibilidad de que webs y aplicaciones les envíen información a raíz de sus datos. "Si algo hes aprendido yendo a testificar al Congreso es que no hemos sido lo suficientemente claros en las respuestas a preguntas sobre gestión de datos. Estamos trabajando para que el control vuelva a vosotros. Y pronto habrá más novedades", dijo el fundador de la compañía en el escenario del centro de convenciones de San José (California). En su año más difícil, habló rodeado de desarrolladores de aplicaciones asociadas a su plataforma.<br /><br />Zuckerberg volvió a ofrecer su versión más técnica, hablando rápido con alguna pausa para risas buscando la complicidad y atuendo diferente al habitual: cambió la camiseta gris por una azul marino de manga larga.<br /><br /><br /><br />Cont'd.<br /><br />LINK:<br /><a href="https://elpais.com/tecnologia/2018/05/01/actualidad/1525191286_417590.html">https://elpais.com/tecnologia/2018/05/01/actualidad/1525191286_417590.html</a><br /><br /></p>How secure is Internet traffic?urn:md5:28c7f813851efa9a72467abc0bf32a3d2018-04-14T08:01:00-04:002018-04-14T08:01:00-04:00cguajonPrivacidadDigitalInternacionalPolitica <p><br />Source: Hak5 <br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><iframe width="560" height="315" src="https://www.youtube.com/embed/LGABCWReYVk" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe></p>GrayKey' iPhone Unlocking Box Seeing Wide Adoption Among Law Enforcementurn:md5:21d3368aae0e3236e3d4fad889bc80af2018-04-14T07:58:00-04:002018-04-14T07:58:00-04:00cguajonPrivacidadDigitalEstados UnidosPolitica <p><br />Source: MacRumors<br /><br /><br /><br />GrayShift's recently publicized "GrayKey" box designed to crack locked iPhones is seeing wide adoption among police forces and federal agencies across the United States according to a recent investigation by Motherboard. <br /><br />Motherboard found that regional police forces like the Maryland State Police, the Indiana State Police, and the Miami-Dade County Police have purchased or are soon purchasing GrayKey technology, while other forces like the Indianapolis Metropolitan Police Department have looked into boxes and received quotes from GrayShift. <br /><br />The Secret Service is also planning to purchase "at least half a dozen" GrayKey boxes for unlocking iPhones, while the State Department has already bought them and the Drug Enforcement Administration has expressed interest. <br /><br /><br /><br /><br />Cont'd.<br /><br />LINK:<br /><a href="https://www.macrumors.com/2018/04/12/graykey-iphone-unlocking-box-adoption/">https://www.macrumors.com/2018/04/12/graykey-iphone-unlocking-box-adoption/</a><br /></p>Cops Around the Country Can Now Unlock iPhones, Records Showurn:md5:b5b28abaece3389ed37694586c5090a72018-04-14T07:57:00-04:002018-04-14T07:57:00-04:00cguajonPrivacidadDigitalEstados UnidosTecnología <p><br />Source: Motherboard<br /><br /><br /><br />FBI Director Christopher Wray recently said that law enforcement agencies are “increasingly unable to access” evidence stored on encrypted devices.<br /><br />Wray is not telling the whole truth.<br /><br />Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.<br /><br />The news highlights the going dark debate, in which law enforcement officials say they cannot access evidence against criminals. But easy access to iPhone hacking tools also hamstrings the FBI’s argument for introducing backdoors into consumer devices so authorities can more readily access their contents.<br /><br /><br /><br />Cont'd.<br /><br />LINK:<br /><a href="https://motherboard.vice.com/en_us/article/vbxxxd/unlock-iphone-ios11-graykey-grayshift-police">https://motherboard.vice.com/en_us/article/vbxxxd/unlock-iphone-ios11-graykey-grayshift-police</a><br /><br /></p>ProtonMail Launches a Shorter Email Domain and Other New Features for Encryption Loversurn:md5:95c0af47359c642158a8d4449df0b5662018-03-31T07:33:00-04:002018-03-31T07:33:00-04:00cguajonPrivacidadDigitalTecnología <p><br />Source: Gizmodo<br /><br /><br /><br /><br />An encrypted email service widely used among journalists and political dissidents just got several new sick features, including, let’s be honest, the only thing we really care about: a shorter domain name.<br /><br />ProtonMail users can now activate a @pm.me domain name and use it with the same @protonmail.com email account they already have.<br /><br />“Ever since ProtonMail launched, people have asked us for a shorter domain name since some feel that ‘protonmail.com’ is too long,” the company said in a blog announcing the updates. “On our user feedback forum, thousands of people have voted for this. We’re excited to finally make this possible.”<br /><br /><br /><br /><br />Cont'd.<br /><br />LINK:<br /><a href="https://gizmodo.com/protonmail-launches-a-shorter-email-domain-and-other-ne-1824216893">https://gizmodo.com/protonmail-launches-a-shorter-email-domain-and-other-ne-1824216893</a><br /><br /><br /></p>Cambridge Analytica Goons Brag About Winning the Election for Trump in New Undercover Videourn:md5:c5434bb92c9af17c045487fe1de7ec542018-03-21T06:27:00-04:002018-03-21T06:27:00-04:00cguajonPrivacidadDigitalEstados UnidosInternacionalPolitica <p><br />Source: Gizmodo<br /><br /><br /><br />Cambridge Analytica, the data-firm that’s wrapped up in a massive scandal with Facebook, is having a very bad week. Following Monday’s reveal of an undercover video showing executives bragging about blackmail and bribery, a new video shows the men bragging about winning the election for Donald Trump and their use of a high-tech email system “with a self-destruct timer.”<br /><br />Channel 4's multi-part investigation into Cambridge Analytica concluded on Tuesday with another video of the firm’s CEO, Alexander Nix, meeting with an undercover reporter who was impersonating a fixer for a wealthy client seeking help in swaying Sri Lankan elections. Mark Turnbull, Cambridge Analytica’s managing director of political global, and Dr. Alex Tayler, the company’s chief data scientist, are also identified as attendees at the meeting.<br /><br />In Tuesday’s video, executives claimed that they could “send some girls around” to opposition candidates in order to create damaging material against them. They also floated the option of setting up meetings with opponents in which they’re sneakily offered a bribe and caught on video. It’s unclear how much of that talk is puffery, but it was certainly enough to prompt the UK’s data watchdog to seek a warrant to raid the company’s headquarters and get Nix suspended.<br /><br /><br /><br /><br />Cont'd.<br /><br />LINK:<br /><a href="https://gizmodo.com/cambridge-analytica-goons-brag-about-winning-the-electi-1823933102">https://gizmodo.com/cambridge-analytica-goons-brag-about-winning-the-electi-1823933102</a><br /></p>13 Critical Flaws Discovered in AMD Ryzen and EPYC Processorsurn:md5:14c789bce3203384dcb61fa263b9c9e52018-03-14T07:38:00-04:002018-03-14T07:38:00-04:00cguajonPrivacidadDigitalTecnología <p><br />Source: Hacker News<br /><br /><br /><br />Security researchers claimed to have discovered 13 critical Spectre/Meltdown-like vulnerabilities throughout AMD's Ryzen and EPYC lines of processors that could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems.<br /><br />All these vulnerabilities reside in the secure part of the AMD's Zen architecture processors and chipsets—typically where device stores sensitive information such as passwords and encryption keys and makes sure nothing malicious is running when you start your PC.<br /><br />The alleged vulnerabilities are categorized into four classes—RYZENFALL, FALLOUT, CHIMERA, and MASTERKEY—and threaten wide-range of servers, workstations, and laptops running vulnerable AMD Ryzen, Ryzen Pro, Ryzen Mobile or EPYC processors.<br /><br /><br /><br /><br />Cont'd.<br /><br />LINK:<br /><a href="https://thehackernews.com/2018/03/amd-processor-vulnerabilities.html">https://thehackernews.com/2018/03/amd-processor-vulnerabilities.html</a><br /><br /></p>Pretty Soon a Smart Assistant Won't Be a Choiceurn:md5:0538e075daefcfda1ec5d8f2366da0252018-01-14T07:52:00-04:002018-01-14T07:52:00-04:00cguajonPrivacidadDerechos HumanosDigitalEstados UnidosTecnología <p><br />Source: Gizmodo<br /><br /><br /><br />At home, my pair works like a deeply discounted Sonos setup. I can tell Google’s Assistant to play a song on “both speakers,” and it’ll pipe tinny, still-decent-sounding music into my bedroom and living room. At my parents’ house, I paid $29 for a goofy gift that, I hope, will ultimately help my mom listen to Paul Simon while she’s upcycling furniture.<br /><br />For the price I paid, I think my Minis were an excellent deal, at least until I grow sick of Google’s digital assistant. And I’m sure I will, but when that happens I can turn the microphones off and just use my phone to beam songs into the little cloth-covered spheroids.<br /><br />But people have good reasons to dislike these kinds of products. Some people distrust or fear them, mostly because of the inherent security risks involved with creating and maintaining a bunch of inexpensive, internet-connected, microphone-having devices. I opted in anyways, and paid money to do it, aware that Google will somehow use something I say one day to generate more money.<br /><br /><br /><br /><br />Cont'd.<br /><br />LINK:<br /><a href="https://gizmodo.com/pretty-soon-a-smart-assistant-wont-be-a-choice-1822037723">https://gizmodo.com/pretty-soon-a-smart-assistant-wont-be-a-choice-1822037723</a><br /><br /></p>Every single Yahoo account was hacked - 3 billion in allurn:md5:31897d6b7cc54c40f3917259ca46f8d72017-12-19T07:36:00-04:002017-12-19T07:37:41-04:00cguajonPrivacidadCulturaDigitalEstados Unidos <p><br />Source: CNN<br /><br /><br /> <br />Sitting down? An epic and historic data breach at Yahoo in August 2013 affected every single customer account that existed at the time, Yahoo parent company Verizon said on Tuesday.<br /><br />That's three billion accounts -- including email, Tumblr, Fantasy and Flickr -- or three times as many as the company initially reported in 2016. Names, email addresses and passwords, but not financial information, were breached, Yahoo said last year.<br /><br />The new disclosure comes four months after Verizon (VZ) acquired Yahoo's core internet assets for $4.48 billion. Yahoo is part of Verizon's digital media company, which is called Oath.<br /><br /><br /><br />Cont’d.<br /><br />LINK:<br /><a href="http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html">http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html</a><br /><br /><br /><br /></p>Former Facebook Exec: 'You Don’t Realize It But You Are Being Programmedurn:md5:55fb1959352c7dbaeed315e43a9e6ff92017-12-12T07:52:00-04:002017-12-12T07:52:00-04:00cguajonPrivacidadDigitalEconomía PolíticaEstados UnidosTecnología <p><br />Source: Gizmodo<br /><br /><br /><br />Last month, Facebook’s first president Sean Parker opened up about his regrets over helping create social media as we know it today. “I don’t know if I really understood the consequences of what I was saying, because of the unintended consequences of a network when it grows to a billion or 2 billion people and it literally changes your relationship with society, with each other,” Parker said. “God only knows what it’s doing to our children’s brains.”<br /><br />Chamath Palihapitiya, former vice president of user growth, also recently expressed his concerns. During a recent public discussion at the Stanford Graduate School of Business, Palihapitiya—who worked at Facebook from 2005 to 2011—told the audience, “I think we have created tools that are ripping apart the social fabric of how society works.”<br /><br />Some of his comments seem to echo Parker’s concern [emphasis ours]. Parker has said that social media creates “a social-validation feedback loop” by giving people “a little dopamine hit every once in a while, because someone liked or commented on a photo or a post or whatever.”<br /><br /><br /><br /><br />Cont’d.<br /><br />LINK:<br /><a href="https://gizmodo.com/former-facebook-exec-you-don-t-realize-it-but-you-are-1821181133">https://gizmodo.com/former-facebook-exec-you-don-t-realize-it-but-you-are-1821181133</a><br /><br /></p>FCC Commissioner Blasts Her Own Agency for Withholding Evidence of Fraudurn:md5:b31dcbf7281b6f98e7cc6d1928798ff82017-12-09T07:52:00-04:002017-12-09T07:52:00-04:00cguajonPrivacidadDigitalEconomía PolíticaEstados UnidosTecnología <p><br />Source: Gizmodo<br /><br /><br /><br />FCC Commissioner Jessica Rosenworcel on Friday accused her agency of withholding evidence of fraud, further intensifying the ongoing battle over the future of net neutrality.<br /> <br />“To put it simply, there is evidence in the FCC’s files that fraud has occurred, and the FCC is telling law enforcement and victims of identity theft that it is not going to help,” Rosenworcel said in a statement to Gizmodo. “Moreover, the FCC refuses to look into how nearly half a million comments came from Russian sources. Failure to investigate this corrupted record undermines our process for seeking public input in the digital age.”<br /><br />Rosenworcel’s heated comments come in response to a clash between the Federal Communications Commission and New York Attorney General Eric Schneiderman over his office’s investigation into fraudulent comments submitted to the FCC regarding agency Chairman Ajit Pai’s plan to dismantle federal net neutrality rules.<br /><br /><br /><br />Cont’d.<br /><br />LINK:<br /><a href="https://gizmodo.com/fcc-commissioner-blasts-her-own-agency-for-withhold-evi-1821133018">https://gizmodo.com/fcc-commissioner-blasts-her-own-agency-for-withhold-evi-1821133018</a><br /><br /></p>Google revela los métodos preferidos por los ‘hackers’ para entrar en tu cuenta de Gmailurn:md5:c9539226dc50b71eb03342a13690084f2017-11-24T06:23:00-04:002017-11-24T06:23:00-04:00cguajonPrivacidadDerechos HumanosDigital <p><br />Fuente: El Pais<br /><br /><br /><br />La huella digital de los usuarios de Internet abarca redes sociales, registros financieros e información de carácter sensible, como fotografías, en servicios de almacenamiento en la nube. A menudo, una dirección de correo es el único respaldo de todas ellas. Hallando la contraseña o las preguntas de seguridad de recuperación, los ciberdelincuentes pueden descargar todos los datos de la víctima, robar sus credenciales bancarios o borrar sus copias de seguridad.<br /><br />Personalidades como el presidente de la República Francesa Emmanuel Macron, la exgobernadora Sarah Palin o la agencia de noticias estadounidense Associated Press sufrieron el secuestro de sus cuentas online. Aun así, a pesar de la creciente preocupación de los usuarios por su seguridad, la información siempre se dirige a las medidas preventivas que podrían adoptar las víctimas y pocas veces a la raíz del problema: cómo ocurren las grandes brechas de seguridad, dónde se compran las listas de credenciales robadas o cuáles son los métodos preferidos de los delincuentes.<br /><br />Sobre esta premisa, Google, en colaboración con la Universidad de California en Berkeley, ha analizado durante un año el ecosistema de robo y compraventa de credenciales en los mercados negros de internet profundo e identificó 788.000 víctimas potenciales de keyloggers, programas que capturan lo que teclea el usuario o lo que ve a través de su pantalla para enviarlo a un servidor externo controlado por el hacker, 12,4 millones de víctimas potenciales a los kits de phishing, práctica que engaña al usuario para que introduzca sus credenciales en una web controlada por el atacante, y 1.900 millones de credenciales expuestos por brechas de seguridad que son vendidas en los mercados negros.<br /><br /><br /><br /><br />Cont’d.<br /><br />LINK:<br /><a href="https://elpais.com/tecnologia/2017/11/14/actualidad/1510661373_118000.html">https://elpais.com/tecnologia/2017/11/14/actualidad/1510661373_118000.html</a><br /><br /></p>Schneier on Equifaxurn:md5:ff949916a871465ce30de9eeea672e772017-11-19T07:45:00-04:002017-11-19T07:45:00-04:00cguajonPrivacidadDigitalEconomía PolíticaEstados UnidosTecnología <p><br />Source: Security Now!<br /><br /><br /><br /><br />Okay. So last week our often-quoted guru and security expert and crypto person whose books I have behind me on my shelf, Bruce Schneier, was asked to testify before the House Energy and Commerce Committee on his feelings about the Equifax hack. There is on his site - his current blog is www.schneier.com, S-C-H-N-E-I-E-R dot com - there's a link to the video of his testimony, if you want to watch it. But I want to share some of the points he made because they were good.<br /><br />And he starts out a little bit with his CV: "Mr. Chairman and Members of the Committee, thank you for the opportunity to testify today concerning the security of credit data. My name is Bruce Schneier, and I am a security technologist. For over 30 years I have studied the technologies of security and privacy. I have authored 13 books on these subjects, including 'Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World,' published in 2015 by Norton."<br /><br />He says: "My popular newsletter Crypto-Gram and my blog Schneier on Security are read by over a quarter million people. Additionally," he says, "I am a Fellow and Lecturer at the Harvard Kennedy School of Government, where I teach Internet security policy, and a Fellow at the Berkman Klein Center for Internet and Society at Harvard Law. I am a board member of the Electronic Frontier Foundation, Access Now, and the Tor Project; and an advisory board member of Electronic Privacy Information Center and VerifiedVoting.org. I am also a special advisor to IBM Security and the Chief Technology Officer of IBM Resilient."<br /><br />So obviously he's got a beautiful CV that demonstrates to these guys who have no clue which end is up that this is a guy whose opinion is informed. He says: "I am here representing none of those organizations and speak only for myself based on my own expertise and experience. I have eleven main points." And I'm going to skip them toward the end, but I want to share the main salient ones.<br /><br />He says: "One, the Equifax breach was a serious security breach that puts millions of Americans at risk." We all know that, but he wants to establish some ground. "Equifax reported that 145.5 million U.S. customers, about 44% of the population, were impacted by the breach. That's the original 143 million plus the additional 2.5 million disclosed a month later. The attackers got access to full names, Social Security numbers, birth dates, addresses, and driver's license numbers.<br /><br />"This is exactly the sort of information," Bruce says, "criminals can use to impersonate victims to banks, credit card companies, insurance companies, cell phone companies, and other businesses vulnerable to fraud. As a result, all 143 million US victims are at greater risk of identity theft, and will remain at risk for years to come. And those who suffer identify theft will have problems for months, if not years, as they work to clean up their name and credit rating.<br /><br />"Two, Equifax was solely at fault." He says: "This was not a sophisticated attack. The security breach was a result of a vulnerability in the software for their websites, a program called Apache Struts. The particular vulnerability was fixed by Apache in a security patch that was made available on March 6, 2017 and was not a minor vulnerability. The computer press at the time called it 'critical.' Within days it was being used by attackers to break into servers. Equifax was notified by Apache, US-CERT, and the Department of Homeland Security about the vulnerability and was provided instructions to make the fix.<br /><br />"Two months later, Equifax had still failed to patch its systems. It eventually got around to it on July 29. The attackers used the vulnerability to access the company's databases and steal consumer information on May 13, over two months after Equifax should have patched the vulnerability. The company's incident response after the breach was similarly damaging. It waited nearly six weeks before informing victims that their personal information had been stolen, and that they were at increased risk of identity theft. Equifax opened a website to help aid customers, but the poor security around that - the site was a domain separate from the Equifax domain - invited fraudulent imitators and even more damage to victims. At one point, the official Equifax communications even directed people to that fraudulent site."<br /><br />He says, finishing point two: "This is not the first time Equifax failed to take computer security seriously. It confessed to another data leak in January 2017. In May 2016, one of its websites was hacked, resulting in 430,000 people having their personal information stolen. Also in 2016, a security researcher found and reported a basic security vulnerability in its main website. And in 2014, the company reported yet another security breach of consumer information. There are more.<br /><br />"Three," he says, "there are thousands of data brokers with similarly intimate information, similarly at risk. Equifax," he says, "is more than a credit reporting agency. It's a data broker. It collects information about all of us, analyzes it all, and then sells those insights. It might be one of the biggest, but there are 2,500 to 4,000 other data brokers that are collecting, storing, and selling information about us, almost all of them companies you've never heard of and have no business relationship with.<br /><br />"The breadth and depth of the information the data brokers have is astonishing. Data brokers collect and store billions of data elements covering nearly every U.S. consumer. Just one of the data brokers studied holds information on more than 1.4 billion consumer transactions and 700 billion data elements, and another adds more than 3 billion new data points to its database each month. These brokers collect demographic information: names, addresses, telephone numbers, email addresses, gender, age, marital status, presence and ages of children in household, education level, profession, income level, political affiliation, cars driven, and information about homes and other property. They collect lists of things we've purchased, when we purchased them, and how we paid for them. They keep track of deaths, divorces, and diseases in our families. They collect everything about what we do on the Internet."<br /><br />He says: "Number four, these data brokers deliberately hide their actions and make it difficult for consumers to learn about or control their data." He writes: "If there were a dozen people who stood behind us and took notes of everything we purchased, everything we read, searched for, or said, we would be alarmed at the privacy invasion. But because these companies operate in secret, inside our browsers and financial transactions, we don't see them, and we don't know they're there.<br /><br />"Regarding Equifax, few consumers have any idea what the company knows about them, who they sell personal data to, or why. If anyone knows about them at all, it's about their business as a credit bureau, not their business as a data broker. Their website lists 57 different offerings for business - products for industries like automotive, education, healthcare, insurance, and restaurants. In general, options to 'opt-out' don't work with data brokers. It's a confusing process and doesn't result in your data being deleted. Data brokers will still collect data about consumers who opt out. We will still be in those companies' databases and will still be vulnerable. It just won't be included individually when they sell data to their customers.<br /><br />"Five," he says. "The existing regulatory structure is inadequate. Right now there is no way for consumers to protect themselves. Their data has been harvested and analyzed by these companies without their knowledge or consent. They cannot improve the security of their personal data and have no control over how vulnerable it is. They only learn about data breaches when the companies announce them, which can be months after the breaches occur, and at that point the onus is on them to obtain credit monitoring services or credit freezes. And even those only protect consumers from some of the harm, and only those suffered after Equifax admitted to the breach.<br /><br />"Right now, the press is reporting dozens of lawsuits against Equifax from shareholders, consumers, and banks. Massachusetts has sued Equifax for violating state consumer protection and privacy laws. Other states may follow suit. If any of these plaintiffs win in the court, it will be a rare victory for victims of privacy breaches against the companies that have our personal information. Current law is too narrowly focused on people who have suffered financial losses directly traceable to a specific breach. Proving this is difficult. If you are the victim of identity theft in the next month, is it because of Equifax, or does the blame belong to another of the thousands of companies who have our personal data? As long as one can't prove it one way or the other, data brokers remain blameless and liability free.<br /><br />"Additionally, much of this market in our consumer data falls outside the protections of the Fair Credit Reporting Act. And in order for the FTC (Federal Trade Commission) to levy a fine against Equifax, it needs to have a consent order and then a subsequent violation. Any fines will be limited to credit information, which is a small portion of the enormous amount of information these companies know about us. In reality, this is not an effective enforcement regime. Although the FTC is investigating Equifax, it's unclear if it has a viable case."<br /><br />And so anyway, I won't go on. "Number six," he says, "the market cannot fix this because we are not the customers of the data brokers." As we know, we are the products which the data brokers sell. So this has perverse incentives. The data brokers are selling to companies that want the information. So this doesn't, in this system, traditional market forces don't work to apply pressure. The customers want the information, want it to be easy to get, don't want us to be able to block it from their access. So as a consequence, it has been made hard for us to do this. And in fact he makes the point that financial markets reward bad security.<br /><br />He writes: "Given the choice between increasing their cybersecurity budget by 5% or saving that money and taking the chance, a rational CEO chooses to save the money. Wall Street rewards those whose balance sheets look good, not those who are secure. And if senior management gets unlucky and a public breach happens, they end up okay. Equifax's CEO did not get his $5.2 million severance pay, but he did keep his $18.4 million pension. Any company that spends more on security than absolutely necessary is immediately penalized by shareholders when its profits decrease."<br /><br />And he finishes: "Even the negative PR that Equifax is currently suffering will fade. Unless we expect data brokers to put public interest ahead of profits, the security of this industry will never improve without government regulation." Anyway, so "Number seven, we need effective regulation of data brokers. Number eight, resist the complaints from the industry that this is too hard." He notes that credit bureaus and data brokers and their lobbyists and their trade association representatives will claim that these measures are too hard.<br /><br />He says: "They are not telling you the truth." He says: "Take one example, credit freezes. This is an effective security measure that protects consumers. But the process of getting one and of temporarily unfreezing credit is made deliberately onerous by the credit bureaus. Why isn't there a smartphone app that alerts me when someone wants to access my credit rating and lets me freeze and unfreeze my credit at the touch of the screen? Too hard? Hardly. Today you can have an app on your phone that does something similar if you try to log into a computer network, or if someone tries to use your credit card at a physical location different from where you are."<br /><br />He says: "Moreover, any credit bureau or data broker operating in Europe is already obligated to follow the much more rigorous EU privacy laws. The EU General Data Protection Regulation will come into force, requiring even more security and privacy controls for companies collecting and storing the personal data of EU citizens. Those companies have already demonstrated that they can comply with those more stringent regulations."<br /><br />Anyway, so really, really good testimony from Bruce. He finishes with number 11, saying: "We need to do something about it. Yes, this breach is a huge black eye and a temporary stock dip for Equifax - this month. Soon, another company will have suffered a massive data breach, and few will remember Equifax's problem. Does anyone remember last year when Yahoo admitted that it exposed personal information of a billion users in 2013 and another half billion in 2014?" He says: "Unless Congress acts to protect consumer information in the digital age, these breaches will continue."<br /><br />Finally: "Thank you for the opportunity to testify today. I will be pleased to answer your questions." And Bruce then did that. So bravo for having someone who understands the problem, who understands security, and who understands that we could easily, if they chose to, give us the technology, at least in these cases, to manage the availability of our credit far more usefully than we have today.<br /><br /><br /><br />Cont’d.<br /><br />LINK:<br /><a href="https://www.grc.com/sn/sn-637.txt">https://www.grc.com/sn/sn-637.txt</a><br /><br /></p>‘IOTROOP’ BOTNET COULD DWARF MIRAI IN SIZE AND DEVASTATIONurn:md5:73504906b301b5001cc9a12691eb71fa2017-11-01T06:49:00-04:002017-11-01T06:49:00-04:00cguajonPrivacidadDerechos HumanosDigitalInternacionalTecnología <p><br />Source: Threat Post<br /><br /><br /> <br />A botnet, which is adding new bots every day, has already infected one million businesses during the past month and could easily eclipse the size and devastation caused by Mirai.<br /><br />The malware and botnet, dubbed IOTroop, was spotted in September by researchers at Check Point who warn that 60 percent of corporate networks have at least one vulnerable device.<br /> <br />Similar to Mirai, the malware targets poorly protected network-connected devices such as routers and wireless IP cameras manufactured by D-Link, TP-Link, Avtech, Netgear, MikroTik, Linksys, Synology and GoAhead.<br /><br /><br /><br />Cont’d.<br /><br />LINK:<br /><a href="https://threatpost.com/iotroop-botnet-could-dwarf-mirai-in-size-and-devastation-says-researcher/128560/">https://threatpost.com/iotroop-botnet-could-dwarf-mirai-in-size-and-devastation-says-researcher/128560/</a><br /><br /></p>