Forwarded from BlackBox (Security) Archiv
Media is too big
VIEW IN TELEGRAM
Privacy leaks in smart devices: Extracting data from used smart home devices
Remember the good old fun sport, where people bought random hard drives from ebay and did forensics on them?
Did you know you can do the same thing with used #IoT #devices too? Most end-users have no idea what kind of #information their devices are storing and how to securely clean their devices (if that even is possible). Lets explore together what the risks are and how we can extract that data.
πΊ https://media.ccc.de/v/Camp2019-10355-privacy_leaks_in_smart_devices_extracting_data_from_used_smart_home_devices
#ChaosCommunicationCamp #CCCamp19 #CCC #network #security #video #podcast
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
Remember the good old fun sport, where people bought random hard drives from ebay and did forensics on them?
Did you know you can do the same thing with used #IoT #devices too? Most end-users have no idea what kind of #information their devices are storing and how to securely clean their devices (if that even is possible). Lets explore together what the risks are and how we can extract that data.
πΊ https://media.ccc.de/v/Camp2019-10355-privacy_leaks_in_smart_devices_extracting_data_from_used_smart_home_devices
#ChaosCommunicationCamp #CCCamp19 #CCC #network #security #video #podcast
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
Twelve Million Phones, One Dataset, Zero Privacy
Every minute of every day, everywhere on the planet, dozens of companies β largely unregulated, little scrutinized β are #logging the #movements of tens of millions of #people with #mobile #phones and storing the information in gigantic #data #files. The Times #Privacy #Project obtained one such file, by far the largest and most sensitive ever to be reviewed by journalists. It holds more than 50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities, including Washington, New York, San Francisco and Los Angeles.
Each piece of #information in this file represents the precise location of a single #smartphone over a period of several months in 2016 and 2017. The data was provided to Times Opinion by sources who asked to remain anonymous because they were not authorized to share it and could face severe penalties for doing so. The sources of the information said they had grown alarmed about how it might be abused and urgently wanted to inform the public and lawmakers.
After spending months sifting through the data, tracking the movements of people across the country and speaking with dozens of data companies, technologists, lawyers and academics who study this field, we feel the same sense of alarm. In the cities that the data file covers, it tracks people from nearly every neighborhood and block, whether they live in mobile homes in Alexandria, Va., or luxury towers in Manhattan.
One search turned up more than a dozen people visiting the Playboy Mansion, some overnight. Without much effort we spotted visitors to the estates of Johnny Depp, Tiger Woods and Arnold Schwarzenegger, connecting the devicesβ owners to the residences indefinitely.
If you lived in one of the cities the #dataset covers and use #apps that share your# location β anything from weather apps to local news apps to coupon savers β you could be in there, too.
If you could see the full trove, you might never use your phone the same way again.
Read more:
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html
#surveillance #privacy #why #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Every minute of every day, everywhere on the planet, dozens of companies β largely unregulated, little scrutinized β are #logging the #movements of tens of millions of #people with #mobile #phones and storing the information in gigantic #data #files. The Times #Privacy #Project obtained one such file, by far the largest and most sensitive ever to be reviewed by journalists. It holds more than 50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities, including Washington, New York, San Francisco and Los Angeles.
Each piece of #information in this file represents the precise location of a single #smartphone over a period of several months in 2016 and 2017. The data was provided to Times Opinion by sources who asked to remain anonymous because they were not authorized to share it and could face severe penalties for doing so. The sources of the information said they had grown alarmed about how it might be abused and urgently wanted to inform the public and lawmakers.
After spending months sifting through the data, tracking the movements of people across the country and speaking with dozens of data companies, technologists, lawyers and academics who study this field, we feel the same sense of alarm. In the cities that the data file covers, it tracks people from nearly every neighborhood and block, whether they live in mobile homes in Alexandria, Va., or luxury towers in Manhattan.
One search turned up more than a dozen people visiting the Playboy Mansion, some overnight. Without much effort we spotted visitors to the estates of Johnny Depp, Tiger Woods and Arnold Schwarzenegger, connecting the devicesβ owners to the residences indefinitely.
If you lived in one of the cities the #dataset covers and use #apps that share your# location β anything from weather apps to local news apps to coupon savers β you could be in there, too.
If you could see the full trove, you might never use your phone the same way again.
Read more:
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html
#surveillance #privacy #why #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
SECURING_IPSEC_VIRTUAL_PRIVATE_NETWORKS_EXECUTIVE_SUMMARY_2020_07.PDF
224.8 KB
National Security Agency |Cybersecurity Information
Securing IPsec Virtual Private Networks
Many organizations currently utilizeIP Security (IPsec) Virtual Private Networks (VPNs) to connect remote sites andenable telework capabilities. These connections use cryptographytoprotect sensitive information that traversesuntrusted networks. To protect this trafficand ensure data confidentiality, it is critical that these VPNs use strong cryptography.This guidance identifiescommon VPN misconfigurations andvulnerabilities.
π PDF:
https://media.defense.gov/2020/Jul/02/2002355625/-1/-1/0/SECURING_IPSEC_VIRTUAL_PRIVATE_NETWORKS_EXECUTIVE_SUMMARY_2020_07_01_FINAL_RELEASE.PDF
#nsa #cybersecurity #IPsec #vpn #information #guide #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@NoGoolag
π‘@BlackBox
Securing IPsec Virtual Private Networks
Many organizations currently utilizeIP Security (IPsec) Virtual Private Networks (VPNs) to connect remote sites andenable telework capabilities. These connections use cryptographytoprotect sensitive information that traversesuntrusted networks. To protect this trafficand ensure data confidentiality, it is critical that these VPNs use strong cryptography.This guidance identifiescommon VPN misconfigurations andvulnerabilities.
π PDF:
https://media.defense.gov/2020/Jul/02/2002355625/-1/-1/0/SECURING_IPSEC_VIRTUAL_PRIVATE_NETWORKS_EXECUTIVE_SUMMARY_2020_07_01_FINAL_RELEASE.PDF
#nsa #cybersecurity #IPsec #vpn #information #guide #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@NoGoolag
π‘@BlackBox
Forwarded from BlackBox (Security) Archiv
Protect your information from physical threats
π‘ ππΌ Table of Contents ππΌ
π ππΌ What you can learn from this guide
π ππΌ Assessing your risks
π ππΌ Creating your physical security policy
π ππΌ Protecting your information from physical intruders
π ππΌ Software and settings related to physical security
π ππΌ Maintaining a healthy environment for your equipment
π ππΌ Further reading
π‘ π ππΌ https://securityinabox.org/en/guide/physical/
#security #physical #information #guide
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
π‘ ππΌ Table of Contents ππΌ
π ππΌ What you can learn from this guide
π ππΌ Assessing your risks
π ππΌ Creating your physical security policy
π ππΌ Protecting your information from physical intruders
π ππΌ Software and settings related to physical security
π ππΌ Maintaining a healthy environment for your equipment
π ππΌ Further reading
π‘ π ππΌ https://securityinabox.org/en/guide/physical/
#security #physical #information #guide
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
securityinabox.org
Protect against physical threats
Forwarded from BlackBox (Security) Archiv
This is what happens when ICE asks Google for your user information
Youβre scrolling through your Gmail inbox and see an email with a strange subject line: A string of numbers followed by βNotification from Google.β
It may seem like a phishing scam or an update to Gmailβs terms of service. But it could be the only chance youβll have to stop Google from sharing your personal information with authorities.
Tech companies, which have treasure troves of personal information, have become natural targets for law enforcement and government requests. The industryβs biggest names, such as Google, Facebook, Twitter and LinkedIn, receive data requests β from subpoenas to National Security Letters β to assist in, among other efforts, criminal and non-criminal investigations as well as lawsuits.
An email like this one is a rare chance for users to discover when government agencies are seeking their data.
In Googleβs case, the company typically lets users know which agency is seeking their information.
In one email The Times reviewed, Google notified the recipient that the company received a request from the Department of Homeland Security to turn over information related to their Google account. (The recipient shared the email on the condition of anonymity due to concern about immigration enforcement). That account may be attached to Gmail, YouTube, Google Photos, Google Pay, Google Calendar and other services and apps.
The email, sent from Googleβs Legal Investigations Support team, notified the recipient that Google may hand over personal information to DHS unless it receives within seven days a copy of a court-stamped motion to quash the request.
https://www.latimes.com/business/technology/story/2021-03-24/federal-agencies-subpoena-google-personal-information
#ice #federal #agencies #google #DeleteGoogle #personal #data #information #thinkabout
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Youβre scrolling through your Gmail inbox and see an email with a strange subject line: A string of numbers followed by βNotification from Google.β
It may seem like a phishing scam or an update to Gmailβs terms of service. But it could be the only chance youβll have to stop Google from sharing your personal information with authorities.
Tech companies, which have treasure troves of personal information, have become natural targets for law enforcement and government requests. The industryβs biggest names, such as Google, Facebook, Twitter and LinkedIn, receive data requests β from subpoenas to National Security Letters β to assist in, among other efforts, criminal and non-criminal investigations as well as lawsuits.
An email like this one is a rare chance for users to discover when government agencies are seeking their data.
In Googleβs case, the company typically lets users know which agency is seeking their information.
In one email The Times reviewed, Google notified the recipient that the company received a request from the Department of Homeland Security to turn over information related to their Google account. (The recipient shared the email on the condition of anonymity due to concern about immigration enforcement). That account may be attached to Gmail, YouTube, Google Photos, Google Pay, Google Calendar and other services and apps.
The email, sent from Googleβs Legal Investigations Support team, notified the recipient that Google may hand over personal information to DHS unless it receives within seven days a copy of a court-stamped motion to quash the request.
https://www.latimes.com/business/technology/story/2021-03-24/federal-agencies-subpoena-google-personal-information
#ice #federal #agencies #google #DeleteGoogle #personal #data #information #thinkabout
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Los Angeles Times
This is what happens when ICE asks Google for your user information
If you want to stop Google from providing your personal information to authorities who have issued an administrative subpoena, you need to act fast.