Security and privacy issues continue to make the news. Here are some that I found interesting, significant or helpful, including:
- Various ideas and resources for managing passwords
- Alternatives to passwordsSecurity news
- Mobile security and resources
Privacy
- What Google, governments, businesses and others know about you
- Some resources and measures to protect your privacy
- Privacy and social networking
Passwords and alternatives
Strong Password Generator – Secure, Random & Online Password Generator
http://www.strongpasswordgenerator.org/
Intel’s Password Grader
https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
KeePass Password Safe – The Ultimate Encrypted Password System [Windows, Portable]
http://www.makeuseof.com/tag/keepass-password-safe-encrypted-password-system/
How To Send Sensitive, Secure Emails, Passwords, And Files Without Fear
http://www.makeuseof.com/tag/how-to-send-secure-emails-without-fear/
How to remember passwords (and which ones you should) PC World Magazine New Zealand
http://pcworld.co.nz/pcworld/pcw.nsf/how-to/how-to-remember-passwords-and-which-ones-you-should
How to Devise Passwords That Drive Hackers Away – NYTimes.com
PasswordCard – another way to generate secure passwords
http://www.passwordcard.org/en
How To Enable 2-Factor Verification On Gmail (And Avoid Getting Hacked)
The secret to online safety: Lies, random characters, and a password manager
Or, how to go from “123456” to “XBapfSDS3EJz4r42vDUt.”
http://arstechnica.com/information-technology/2013/06/the-secret-to-online-safety-lies-random-
characters-and-a-password-manager/
Intel’s newest solution to passwords: wave your hands – Neowin
http://www.neowin.net/news/intels-newest-solution-to-passwords-wave-your-hands
Replacing Your Password with a Finger Swipe – Technology Review
http://www.technologyreview.com/news/429037/replacing-your-password-with-a-finger-swipe/
Researchers turn voiceprints into passwords to avoid storing your actual speech anywhere.
http://www.technologyreview.com/news/428970/securing-your-voice/
By David Talbot on August 27, 2012
Security – various
Is DRM A Threat To Computer Security?
http://www.makeuseof.com/tag/drm-threat-computer-security/
Chris Hoffman On 12th June, 2014
DRM is harmful to our security. At best, it’s a necessary evil — and it’s arguably not necessary and isn’t worth the trade-off. Here’s how DRM and the laws that protect it make our computers less secure and criminalize telling us about the problems.
DRM Can Open Security Holes
Digital Rights Management (DRM) itself can be insecure. DRM is implemented with software, and this software needs deep permissions into the operating system so it can stop normal operating system functions.
Revisiting the WS Security Baseline: Part 1
http://windowssecrets.com/top-story/revisiting-the-ws-security-baseline-part-1/
By Susan Bradley on July 3, 2014 in Top Story
Here are tips for safe computing in the year 2014. Pass them along.
The Growing Threat Of Network-Based Steganography | MIT Technology Review
http://www.technologyreview.com/view/529071/the-growing-threat-of-network-based-steganography/
Emerging Technology From the arXiv July 18, 2014
The Growing Threat Of Network-Based Steganography
Hiding covert messages in plain sight is becoming an increasingly popular form of cyber attack. And security researchers are struggling to catch up.
The future
New “unbreakable” encryption based on human biology
A new method of encrypting confidential information has been patented by scientists at Lancaster University, UK
http://www.bleepingcomputer.com/forums/t/530034/new-unbreakable-encryption-based-on-human-biology/
This method offers an infinite number of encryption keys and allows for several encrypted streams to be transmitted at the same time.
In short: this means the new method is virtually impossible to crack. Let’s just hope the research turns into a real-world application.
Mobile security
Smartphone Viruses Are Real: How To Stay Protected
http://www.makeuseof.com/tag/smartphone-viruses-real-stay-protected/
Joel Lee On 14th July, 2014
The last thing you want is a latent Trojan that sits in the background and steals all of your sensitive data. Think you’re safe from a smartphone infection? I wouldn’t be too sure. Viruses are most prevalent on PC platforms, yes, but these past few years have proven that smartphone viruses are real. Are you safe?
What You Really Need To Know About Smartphone Security
http://www.makeuseof.com/tag/what-you-really-need-to-know-about-smartphone-security/
Matt Smith On 16th June, 2014
Since a smartphone is like a computer, it is vulnerable to similar security threats. Malware can be used to monitor data transferred on a phone, hijack specific data (like credit card numbers) or simply corrupt apps and generally make your life difficult. There are millions of potential threats in existence, and while most are unlikely to cross your path, the risk is higher than you might have guessed.
Since a smartphone is like a computer, it is vulnerable to similar security threats. Malware can be used to monitor data transferred on a phone, hijack specific data (like credit card numbers) or simply corrupt apps and generally make your life difficult. There are millions of potential threats in existence, and while most are unlikely to cross your path, the risk is higher than you might have guessed.
Mobile security: Apps to protect Android devices
http://windowssecrets.com/top-story/mobile-security-apps-to-protect-android-devices/
By Fred Langa on July 10, 2014 in Top Story
There are hundreds of free and paid security apps for Android phones and tablets. But many of those offerings are of uncertain quality.
Here’s a sampling of some of the best software for keeping Android devices free of malware, managing passwords, locking up your data, and more.
Android no longer reveals app permission changes in automatic updates
Android no longer reveals app permission changes in automatic updates
Change could heighten security risks for users.
by Dan Goodin – Jun 11, 2014 3:11 pm UTC
Automatically updating Android apps could get riskier thanks to a change Google developers have made to the way the OS discloses new app permissions, such as the ability to send potentially costly text messages or track a user’s precise geographic location.
Previously, automatically updated apps displayed explicit details when a new version gained additional privileges. For example, an app that previously tracked only coarse GPS coordinates would warn users if an update would begin receiving fine coordinates. Similarly, a newly assigned ability to send SMS messages would also be disclosed. Under changes implemented through the latest Play store app, neither new privilege is displayed if a user has previously accepted any other permission in the same category as the new permission. In other words, by accepting one permission from a category, users agree that every other permission in that category can be added without notification in future updates.
Privacy
How Much Does Google Really Know About You?
http://www.makeuseof.com/tag/how-much-google-know-about-you/
Matt Smith On 17th June, 2014
Google’s most obvious and transparent tracking can be found in Google Web History, which tracks your past searches on all devices where you’re registered with your Google account. Web History is supposedly beneficial to users because it allows Google to tailor future search results to your preference based on your past history, but a log of your searches is also quite useful to marketers. And, if anyone manages to snoop on your account, it could become a privacy issue.
Less transparent, but equally common, is Google’s history of the pages you visit, which occurs whether you’re logged in to a Google account or not. This is accomplished through the use of tracking cookies as well as information derived from AdSense and Analytics. Google can learn what sites you frequent, in what order you visit them, how long you spend on them, and much more.
[………..]
Your Google Digital Shadow Is Complete
Taken as a whole, the information Google collects about users is shockingly complete. The company can mine your emails and Drive documents, track your browsing history, track the videos you watch on YouTube, obtain your WiFi passwords and much more.
None of this is meant to be insidious, of course. Google’s interest is serving ads, and in this sense an accurate profile might be perceived as a boon; if you’re going to see ads, they might as well be ones that interest you. The reveal of the NSA’s PRISM program, however, has proven that data collection is always a privacy issue because there are organizations that can compel data from those who hold it, either through legal finagling or by force.
What did you find out when you visited Google Dashboard, and what do you think of the company’s profile on you? Let us know in the comments.
John Edwards, Privacy Commissioner; and Executive Director Netsafe, Martin Cocker.
“Deleted” and “private” information that companies keep on you
Listen particularly to Netsafe’s Martin Cocker at 11.35minutes. Spies can collect metadata and find significant information without having to to tap conversations or see documents.
Lessons Learned From Don’t Spy On Us: Your Guide To Internet Privacy
http://www.makeuseof.com/tag/lessons-learned-dont-spy-us-guide-internet-privacy/
Dann Albright On 29th June, 2014
With 500 attendees and some big names from the data privacy and human rights fields, the Don’t Spy on Us Day of Action was a fascinating afternoon of discussion, debate, and practical advice on how to keep our personal data private from snooping governments. I learned a lot, and I’ve condensed the most important parts of what I’ve learned into five main points.
I’ve also included five things you can do right now to make a difference, both for yourself and for other internet users.
Slowly, More E-Mail Is Getting Encrypted | MIT Technology Review
http://www.technologyreview.com/news/527916/a-simple-plan-to-impede-the-nsa-is-taking-hold/
More e-mail providers are using encryption, meaning messages can’t be intercepted and read by the NSA or hackers.
By David Talbot on June 6, 2014
A year after revelations first emerged from former National Security Agency contractor Edward Snowden about mass Internet surveillance, more e-mail providers are adopting encryption, a simple change that could make it harder for spy agencies to vacuum up huge numbers of communications in transit.
PGP Me: Pretty Good Privacy Explained
http://www.makeuseof.com/tag/pgp-me-pretty-good-privacy-explained/
Dann Albright On 1st July, 2014
If you’re concerned about online and electronic privacy, encryption is the best thing to set your mind at ease. By using strong encryption protocols, you can make sure that your data is safe from prying eyes, and that only the people who you decide should see your information have access to it. One of the most common methods for encryption is called PGP, and this article will guide you through what it is, what it’s good for, and how to use it.
Facebook reveals news feed experiment to control emotions
http://www.theguardian.com/technology/2014/jun/29/facebook-users-emotions-news-feeds/print
Protests over secret study involving 689,000 users in which friends’ postings were moved to influence moods
Robert Booth The Guardian, Monday 30 June 2014
Facebook’s Emotion Study Follows Efforts on Voting and Organ Donation
With emotion-triggering effort, Facebook pushes beyond data-driven studies on voting, sharing, and organ-donation prompts, to make people feel good or bad.
By David Talbot on July 1, 2014
Cesar A. Hidalgo July 3, 2014
Outrage over Facebook’s “emotional contagion” experiment shows a general misunderstanding of what Facebook is and how it works.
The Facebook feed is a bit like a sausage. Everyone eats it, even though nobody knows how it is made.
The gap between our use of Facebook and our understanding of how it works, however, is a problem. By now most people are aware of the outrage triggered by a paper in the Proceedings of the National Academy of Sciences that presented evidence of “emotional contagion” derived from an experiment conducted in Facebook.
Refriending Facebook | MIT Technology Review
http://www.technologyreview.com/view/528756/refriending-facebook/
A Booming Trade in Fake Online Friends | MIT Technology Review
http://www.technologyreview.com/news/528506/fake-followers-for-hire-and-how-to-spot-them/
Fake Followers for Hire, and How to Spot Them
It’s possible to buy a good reputation on the Internet for a modest price, but some are trying to put an end to that.
By Suzanne Jacobs on June 30, 2014
Given that Twitter followers and Facebook likes are one measure of popularity, it can be tempting to fudge the numbers. And that is cheap and easy to do, thanks to a willing cyber workforce dedicated to building fake reputations.
New research provides a fresh measure of the black market for creating false online reputations, but it also highlights a way to curb it.
Snowden: Dropbox is hostile to privacy, unlike ‘zero knowledge’ Spideroak
http://www.theguardian.com/technology/2014/jul/17/edward-snowden-dropbox-privacy-spideroak
How to create an anonymous email account | PCWorld
http://www.pcworld.com/article/2453926/how-to-create-an-anonymous-email-account.html
Microsoft’s implementation of aliases is not designed to hide your identity. Instead, Outlook.com aliases are about creating throw away addresses that you can give out to marketers and others to avoid plugging up your inbox.
But the question remains, how do you create an anonymous email account? Let’s take a look.
Note: This tutorial is not meant for someone in an oppressive country looking to hide themselves from government interlopers. This is aimed at people who want anonymity, but the stakes if they’re found out aren’t at risk of death or imprisonment.
Also keep in mind that no system is foolproof. But for most people, the instructions below should be good enough.