Defense against the Darknet, or how to accessorize to defeat video surveillance

Defense against the Darknet, or how to accessorize to defeat video surveillance

"The idea behind this work is to be able to circumvent security systems that use a person detector to generate an alarm when a person enters the view of a camera," explained Wiebe Van Ranst, a PhD researcher at KU Leuven, in an email to The Register .

Two Thirds of Hotel Sites Leak Guest Booking Info to Third-Parties

Two Thirds of Hotel Sites Leak Guest Booking Info to Third-Parties

Third-party services running on most hotel websites have access to guest booking information, including personal data and payment card details. "This information could allow these third-party services to log into a reservation, view personal details, and even cancel the booking altogether," Wueest says.

EFF’s New ‘Threat Lab’ Dives Deep into Surveillance Technologies—And Their Use and Abuse

EFF’s New ‘Threat Lab’ Dives Deep into Surveillance Technologies—And Their Use and Abuse

EFF is proud to announce its newest investigative team: the Threat Lab. Using a combination of research skills, the Threat Lab will take a deep dive into how surveillance technologies are used to target communities, activists, or individuals.

HTTPS Isn't Always As Secure As It Seems

HTTPS Isn't Always As Secure As It Seems

Vulnerabilities that are full-on "leaky" involve more deeply flawed encryption channels between browsers and web servers that would enable an attacker to decrypt all the traffic passing through them.

New BitLocker attack puts laptops storing sensitive data at risk

New BitLocker attack puts laptops storing sensitive data at risk

Image: Denis Andzakovic A security researcher has come up with a new method of extracting BitLocker encryption keys from a computer's Trusted Platform Module (TPM) that only requires a $27 FPGA board and some open-sourced code.

'Yelp for conservatives' MAGA app leaks users data

'Yelp for conservatives' MAGA app leaks users data

ZDNet has contacted 63red and its founder about Baptise's findings earlier today so the company can take action and update its app to protect users' data.

China database lists 'breedready' status of 1.8 million women

China database lists 'breedready' status of 1.8 million women

An open database in China contains the personal information of more than 1.8 million women, including their phone numbers, addresses, and something called “BreedReady” status, according to a researcher.

Researchers warn of serious password manager flaws

Researchers warn of serious password manager flaws

'Although password managers provide some utility for storing login/passwords and limit password reuse, these applications are a vulnerable target for the mass collection of this data through malicious hacking campaigns.' ISE researchers concentrated their efforts on four of the most popular password management services around: 1Password, in both legacy and current forms, Dashlane, KeePass, and LastPass.

Site using facial recognition to match photos from Russian social media network sued

Site using facial recognition to match photos from Russian social media network sued

A new website enabling users to search the image database of Russian social media site VKontakte with facial biometrics has been discovered, and then threatened with legal action, prompting it to switch off some functions, TOL.org reports.

Twitter has been storing your ‘deleted’ DMs for years

Twitter has been storing your ‘deleted’ DMs for years

Now, this isn’t the most concerning of bugs — the data appears to only be available to the user that sent or received the message, but the fact that Twitter isn’t deleting the messages when it says that it is , isn’t a great look for the company.

Thousands of Android apps are tracking users through MAC address or Android ID

Thousands of Android apps are tracking users through MAC address or Android ID

They allow companies to learn the websites that you visit and the apps that you use Researchers found that these apps track user activities by reading advertising IDs - the unique number assigned to each smartphone to personalise ads.

Unsecured MongoDB databases expose Kremlin's backdoor into Russian businesses

Unsecured MongoDB databases expose Kremlin's backdoor into Russian businesses

"I had to do some digging to understand that the Kremlin requires remote access to systems that handle financial transactions." The researcher says that after his initial finding, he later found the same "admin@kremlin.ru" account on over 2,000 other MongoDB databases that had been left exposed online, all belonging to local and foreign businesses operating in Russia.

How to Delete Your Data From 23andMe, Ancestry, and Other Sites

How to Delete Your Data From 23andMe, Ancestry, and Other Sites

Current laws like the Genetic Information Nondiscrimination Act (GINA) prohibit employers or health insurance companies from discriminating against a person based on their genes, though that doesn’t mean it couldn’t happen.

Facebook Is Paying Teens to Install a 'Research' App That Lets It Monitor Their Phones [Updated]

Facebook Is Paying Teens to Install a 'Research' App That Lets It Monitor Their Phones [Updated]

Some of the ads asked for individuals ages 13-17 for a “paid social media research study,” while another advertised opportunities for users “Age: 13-35 (parental consent required for ages 13-17).” Facebook appears to have taken steps to obfuscate that they are behind the program, with TechCrunch reporting that some sign-up methods only mentioned its name during installation instructions.

Study: On Facebook and Twitter your privacy is at risk -- even if you don't have an account

Study: On Facebook and Twitter your privacy is at risk -- even if you don't have an account

The new study also shows that if a person leaves a social media platform--or never joined--the online posts and words of their friends still provide about 95% of the "potential predictive accuracy," the scientists write, of a person's future activities--even without any of that person's data.

Government’s data policies enter the 21st century — finally

Government’s data policies enter the 21st century — finally

The bipartisan cooperation in Congress and the Commission on Evidence-Based Policymaking deserves praise for leading the country down a path for responsible data use and improved privacy protections.

Staying off social media is not enough to protect your privacy, study says

Staying off social media is not enough to protect your privacy, study says

Even if you're not a user of a social media platform, it's possible to create a 95% accurate profile of you from your friends' accounts, according to new research.

Why Silicon Valley’s “growth at any cost“ is the new ”unsafe at any speed“

Why Silicon Valley’s “growth at any cost“ is the new ”unsafe at any speed“

Ars Technica Live View more stories Months earlier, Soltani had given similar Months earlier, Soltani had given similar testimony before a US Senate subcommittee, where he unequivocally said : "No other single company has done more to erode consumer privacy than Facebook." Earlier in 2018, Soltani also helped author the new California Consumer Privacy Act, which was signed into law last June, just a few years after being named as the chief technologist at the Federal Trade Commission.

Websites can steal browser data via extensions APIs

Websites can steal browser data via extensions APIs

The researcher also created a tool that lets users test if their extensions also contain vulnerable APIs that can be exploited by malicious websites. More details about Somé's work are available in a research paper entitled "EmPoWeb: Empowering Web Applications with Browser Extensions," available for download in a PDF format from here or here .

Genetic testing is the future of healthcare, but many experts say companies like 23andMe are doing more harm than good

Genetic testing is the future of healthcare, but many experts say companies like 23andMe are doing more harm than good

Hazel, a researcher at Vanderbilt University, studied companies ranging from popular startups like 23andMe — which offers health and ancestry information — to under-the-radar outfits such as GEDmatch, which simply houses genetic information to help people build family trees.

Can't unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass

Can't unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass

Bug-hunter Florian Kunushevci today told The Register the security flaw, which has been reported to Microsoft, allows the person in possession of someone's phone to receive a Skype call, answer it without unlocking the handset, and then view photos, look up contacts, send a message, and open the browser by tapping links in a sent message, all without ever unlocking the phone.

Cyber researcher pulls public talk on hacking Apple's Face ID

Cyber researcher pulls public talk on hacking Apple's Face ID

NEW YORK/SAN FRANCISCO (Reuters) - A cyber security researcher canceled a hacking conference briefing on how he said he could crack biometric facial recognition on Apple Inc (AAPL.O) iPhones, at the request of his employer, which called the work “misleading.” FILE PHOTO: An attendee uses the Face ID function on the new iPhone X during a presentation for the media in Beijing, China October 31, 2017.

Security researcher cracks Google's Widevine DRM (L3 only)

Security researcher cracks Google's Widevine DRM (L3 only)

Image: Widevine team A British security researcher has cracked the L3 protection level of Google's Widevine digital rights management (DRM) technology. Because of the varying security levels, which exposes the DRM-encrypted content to attacks, service providers deliver audio and video streams with varying quality levels, with L3 receiving the lowest.

ElasticSearch server exposed the personal data of over 57 million US citizens

ElasticSearch server exposed the personal data of over 57 million US citizens

The researchers said the ElasticSearch server --a technology used for powering search functions-- was leaking over 73GB of data, and that several databases were cached inside the server's memory.

UK cops won't go after researcher who reported security issue to York city officials

UK cops won't go after researcher who reported security issue to York city officials

North Yorkshire Police said today they're not pursuing a criminal case against the researcher who found a vulnerability in a mobile app developed by the York city council.

US Postal Service admits flaw exposed exactly what 60 million users were getting delivered

US Postal Service admits flaw exposed exactly what 60 million users were getting delivered

Security investigator KrebsOnSecurity discovered a vulnerability on USPS' website that allowed anyone to see online users' street addresses, usernames, phone number and other personal information. KrebsOnSecurity discovered a vulnerability on USPS' website that allowed anyone to see online users' street addresses, usernames, phone number and other personal information

These GPS watches put children’s lives at risk, researcher warns

These GPS watches put children’s lives at risk, researcher warns

As one researcher has discovered, kids’ watches based on a specific API are seriously vulnerable to remote attacks, and could help bad actors trick children into a trap.

E-commerce site is infected not by one, but two card skimmers

E-commerce site is infected not by one, but two card skimmers

The second skimmer, now being the only one to hold the valid credit card number, uses a special function to encode the data it exfiltrates.

The End of Trust (McSweeney's 54)

The End of Trust (McSweeney's 54)

EFF and McSweeney’s have teamed up to bring you The End of Trust (McSweeney’s 54). The End of Trust is available to download and read right now under a Creative Commons BY-NC-ND license.

What Constant Surveillance Does to Your Brain

What Constant Surveillance Does to Your Brain

“They suddenly had images that their family could be arrested, that they could be arrested, some people had post-traumatic stress disorder-like symptoms,” Chisholm said in a phone interview. “The fear and uncertainty generated by surveillance inhibit activity more than any action by the police,” Franco said in a phone interview.

More