Public slams Finnish Transport Safety Agency for privacy breach

Public slams Finnish Transport Safety Agency for privacy breach

The Finnish Transport Safety Agency (Trafi) on Sunday said it had suspended the service while it investigates whether the tool infringes on people’s data privacy and security.

TSA’s Roadmap for Airport Surveillance Moves in a Dangerous Direction

TSA’s Roadmap for Airport Surveillance Moves in a Dangerous Direction

The ink wasn’t even dry on that bill when the Transportation Security Administration (TSA) published their Biometrics Roadmap for Aviation Security and the Passenger Experience, detailing TSA’s plans to work with Customs and Border Protection (CBP) to roll out increased biometric collection and screening for all passengers, including Americans traveling domestically.

Tumblr will start blocking adult content on December 17th

Tumblr will start blocking adult content on December 17th

"As Tumblr continues to grow and evolve, and our understanding of our impact on our world becomes clearer, we have a responsibility to consider that impact across different age groups, demographics, cultures and mindsets," the company said in a statement about its decision to ban adult content.

Marriott hack hits 500 million guests

Marriott hack hits 500 million guests

The records of 500 million customers of the hotel group Marriott International have been involved in a data breach. In a statement, the UK's Information Commissioner's Office said: "We have received a data breach report from Marriott involving its Starwood Hotels and will be making enquiries.

Understanding Database Reconstruction Attacks on Public Data

Understanding Database Reconstruction Attacks on Public Data

These techniques include cell suppression, which prohibits publishing statistical summaries from small groups of respondents; top-coding, in which ages higher than a certain limit are coded as that limit before statistics are computed; noise-injection, in which random values are added to some attributes; and swapping, in which some of the attributes of records representing different individuals or families are swapped.

Database leak exposes millions of two-factor codes and reset links sent by SMS

Database leak exposes millions of two-factor codes and reset links sent by SMS

The database stored texts that were sent through a gateway Voxox provided to businesses that wanted an automated way to send data for password resets and other types of account management by SMS.

Welcome to the burgeoning, globalized business of implementing government surveillance

Welcome to the burgeoning, globalized business of implementing government surveillance

But the rise of the Internet – now the most important medium for carrying out spying – and the globalized trade of goods and services has led to a burgeoning market for implementing government surveillance around the world.

A leaky database of SMS text messages exposed password resets and two-factor codes

A leaky database of SMS text messages exposed password resets and two-factor codes

A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.

Why surveillance is even worse for your privacy than you thought: three cautionary tales

Why surveillance is even worse for your privacy than you thought: three cautionary tales

If it is retained, use by criminals is not the only risk: the authorities may demand legal access in order to use that data as they wish, including against the person who caused it to be stored.

Iris Recognition

Iris Recognition

Making the risk of data breach even greater, law enforcement often stores its iris biometrics on databases operated by vendors and other private third parties.

Telegram Desktop Saves Conversations Locally in Plain Text

Telegram Desktop Saves Conversations Locally in Plain Text

The desktop variant for Telegram secure messaging app fails to protect chat content locally and offers access to plain text conversations and media that otherwise travel encrypted.

Signal Desktop Leaves Message Decryption Key in Plain Sight

Signal Desktop Leaves Message Decryption Key in Plain Sight

As the encryption key will be required each time Signal Desktop opens the database, it will store it in plain text to a local file called %AppData%\Signal\config.json on PCs and on a Mac at ~/Library/Application Support/Signal/config.json.

Coming soon: everyone’s genetic anonymity undermined by distant relatives – and there’s nothing you can do about it

Coming soon: everyone’s genetic anonymity undermined by distant relatives – and there’s nothing you can do about it

As the researchers go on to show in their paper, it is now possible to take DNA from a supposedly anonymous dataset, find matches in public genetic databases, and then work out the identity of the individual by building a family tree.

TSA Announces Plans To Subject Domestic Travelers To Biometric Screening

TSA Announces Plans To Subject Domestic Travelers To Biometric Screening

TSA says that by moving toward facial recognition technology in a time where travel volume is rising, it’s hoping to reduce the need for physical documents like passports and paper tickets.

Donald Daters app leaks user information hours after launch

Donald Daters app leaks user information hours after launch

A security researcher by the name Elliot Alderson broke the news on Twitter and outlined how he was able to download the entire user database. Sharing his findings, Alderson said that he was able to gain access to users’ names, profile pictures, device types and even private messages.

With genetic-identity registries, it’s the end of anonymity as we know it

With genetic-identity registries, it’s the end of anonymity as we know it

Already, 60 percent of Americans of Northern European descent — the primary group using the genetic-genealogy sites — can be identified through such databases whether or not they’ve joined one themselves, according to a new study.

Most People of European Ancestry Can Be Identified From a Relative’s DNA

Most People of European Ancestry Can Be Identified From a Relative’s DNA

GEDmatch, the database investigators used in the Golden State Killer case and subsequent others, does not offer DNA tests itself. To find out exactly how easy it is for genealogists and law enforcement to find genetic matches, Erlich and his team first analyzed MyHeritage’s 1.28 million–person DNA database.

How An Amateur Rap Crew Stole Surveillance Tech That Tracks Almost Every American

How An Amateur Rap Crew Stole Surveillance Tech That Tracks Almost Every American

Cops alleged Da Boss and his co-conspirators had access to the Holy Grail for any Internet-age scam artist: a surveillance technology that police and debt collectors use to track most of the United States’ 325 million inhabitants via their Social Security numbers, license plates, address histories, names and dates of birth.

The Rutherford Institute :: Creating a Suspect Society: The Scary Side of the Technological Police State

The Rutherford Institute :: Creating a Suspect Society: The Scary Side of the Technological Police State

Consequently, no longer are we “innocent until proven guilty” in the face of DNA evidence that places us at the scene of a crime, behavior sensing technology that interprets our body temperature and facial tics as suspicious, and government surveillance devices that cross-check our biometrics, license plates and DNA against a growing database of unsolved crimes and potential criminals.

Police super-database poses a "grave risk" to privacy rights

Police super-database poses a "grave risk" to privacy rights

In one consultation, Liberty claimed, groups were told the new database would include information the goverment and police have no legal right to hold; but will do so regardless.

Police super-database prompts Liberty warning on privacy

Police super-database prompts Liberty warning on privacy

Liberty said in one meeting it was told the new database would include information the government and the police have no legal basis to hold but will do so anyway.

What to Know About Aadhaar, India's Biometric Identity System

What to Know About Aadhaar, India's Biometric Identity System

India’s Supreme Court, in a landmark ruling, said that private companies could no longer require users to provide their Aadhaar details as a condition of service.

Aadhaar, the world's largest biometric identity database, approved by India's Supreme Court

Aadhaar, the world's largest biometric identity database, approved by India's Supreme Court

Key points: Indian residents cannot receive welfare food rations, other benefits without being entered into Aadhaar Until today, Indian residents have had to link their private bank accounts, mobile numbers and even school admissions to their profile in the government database.

NCIX Database Servers Sold at Auction Without Being Wiped

NCIX Database Servers Sold at Auction Without Being Wiped

Doering recounts meeting up with a Craigslist seller claiming to have NCIX’ Database servers for only $1500 CAD. Not only did the seller posses three unwiped servers from NCIX, he also had around “300 desktop computers from NCIX’s corporate offices and retails stores”.

Data Management Firm Exposes 445 Million Records

Security researcher Bob Diachenko discovered the trove of information on Amazon infrastructure on September 5 and saw it vanish four days later, suggesting that the company heeded his notifications and took steps to secure its MongoDB server.

FreshMenu 2016 Data Breach Exposed Records of 110,000 Users, Company Decided Not to Disclose: Report

FreshMenu 2016 Data Breach Exposed Records of 110,000 Users, Company Decided Not to Disclose: Report

A report has now surfaced online that claims FreshMenu had a massive data breach back in 2016; a breach that exposed personal data of over 110,000 customers including their names, email addresses, phone numbers, home addresses, device information, and order histories. One of the app's users from India claims that their email address was part of the breach.

UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm

UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm

Bengaluru-based cyber security analyst and software developer Anand Venkatanarayanan, who also analysed the software for HuffPost India and shared his findings with the NCIIPC government authority, said the patch was assembled by grafting code from older versions of the Aadhaar enrolment software—which had fewer security features— on to newer versions of the software.

A popular fetish app stored passwords in plain text

A popular fetish app stored passwords in plain text

Should hackers have gained access to this database, they could've potentially figured out the real identities of users either through the app itself or through other services where those credentials are identical.

Mobile spyware maker leaks 2 million records

Mobile spyware maker leaks 2 million records

mSpy, a commercial spyware solution designed to help you spy on kids and partners, has leaked over 2 million records including software purchases and iCloud usernames and authentication tokens of devices running mSky. The data appears to have come from an unsecured database that allowed security researchers to pull out millions of records.

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records — Krebs on Security

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records — Krebs on Security

mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.

More