I'm really glad GDPR is here, yet, this is only another step forward to really grasping what companies are doing with your private life
I'm really tired of EULA's, of the "disclosing information", of the "sharing information", of the "collecting information"... Really, fucking, tired. Now, with this regulation we are even more conscious about the crap of it all.Companies simply collect information because they WANT, not because is needed. They have been doing this for more than a decade now with the boom of social networks. Why? Why the fuck have we allowed these people to get into our lifes like this? More like "why", "how"?It's actually really simple. Back then, nobody actually informed people about what they did with all the data. And now, as I said, we are just grasping what they actually do with all of it.What do people need REALLY think is this. For example: Netflix>collects data about the programmes you watch. Why? Why the hell do they need to do that? Why? They actually don't "need" it, they do it because we allow it. Becuase it's "how it works" https://help.netflix.com/legal/privacy But this happens with any other stream service, like Amazon Prime, and so on and forth. EVERYONE does it.Again, do they need to do it? No, they simply do it because it's "their agreement with you".Goverments need to start (and fucking soon) to enforce companies to NOT collect personal data, to NOT store usage data. It's not about "telling" us what they collect, is about STOPPING them from collecting that data. The law is the only way to stop companies from doing whatever the fuck they want. And it's not about "don't like it, don't use it". This is getting to all areas of entertainment, businesses, social networks, shopping, job hunting, and so on. Are you going to unplug yourself from everything just so they don't collect information from you? Are you going to go living in the wilderness now? Is not about "I don't have secrets", (ff you think like that still, you really need to get educated elsewhere...), is about your private life and your family's.When you used to watch the analog TV, nobody would know what you were watching, what music you were listening on the radio or what cassette tape you would be playing. Now Spotify knows it, shares it with Facebook, hell, it will even tell all your friends that you love Madonna automatically. Now everything can be monitored, stored and kept under crontrol. Information control, people control... Certain videogame designer was very right about all this crap 15 years ago.Companies 20-15 years ago would ASK you to perform a survey to get to know what you like. It was VOLUNTARY. Now, everything they collect is forced to you via an EULA, a Privacy Policy, an User Agreement.This has to stop and will stop, because people is getting educated about this and people will get tired of all this BS.
Submitted May 26, 2018 at 12:57AM by JAD2017
via reddit https://ift.tt/2KX3LSX
I'm really tired of EULA's, of the "disclosing information", of the "sharing information", of the "collecting information"... Really, fucking, tired. Now, with this regulation we are even more conscious about the crap of it all.Companies simply collect information because they WANT, not because is needed. They have been doing this for more than a decade now with the boom of social networks. Why? Why the fuck have we allowed these people to get into our lifes like this? More like "why", "how"?It's actually really simple. Back then, nobody actually informed people about what they did with all the data. And now, as I said, we are just grasping what they actually do with all of it.What do people need REALLY think is this. For example: Netflix>collects data about the programmes you watch. Why? Why the hell do they need to do that? Why? They actually don't "need" it, they do it because we allow it. Becuase it's "how it works" https://help.netflix.com/legal/privacy But this happens with any other stream service, like Amazon Prime, and so on and forth. EVERYONE does it.Again, do they need to do it? No, they simply do it because it's "their agreement with you".Goverments need to start (and fucking soon) to enforce companies to NOT collect personal data, to NOT store usage data. It's not about "telling" us what they collect, is about STOPPING them from collecting that data. The law is the only way to stop companies from doing whatever the fuck they want. And it's not about "don't like it, don't use it". This is getting to all areas of entertainment, businesses, social networks, shopping, job hunting, and so on. Are you going to unplug yourself from everything just so they don't collect information from you? Are you going to go living in the wilderness now? Is not about "I don't have secrets", (ff you think like that still, you really need to get educated elsewhere...), is about your private life and your family's.When you used to watch the analog TV, nobody would know what you were watching, what music you were listening on the radio or what cassette tape you would be playing. Now Spotify knows it, shares it with Facebook, hell, it will even tell all your friends that you love Madonna automatically. Now everything can be monitored, stored and kept under crontrol. Information control, people control... Certain videogame designer was very right about all this crap 15 years ago.Companies 20-15 years ago would ASK you to perform a survey to get to know what you like. It was VOLUNTARY. Now, everything they collect is forced to you via an EULA, a Privacy Policy, an User Agreement.This has to stop and will stop, because people is getting educated about this and people will get tired of all this BS.
Submitted May 26, 2018 at 12:57AM by JAD2017
via reddit https://ift.tt/2KX3LSX
reddit
r/security - I'm really glad GDPR is here, yet, this is only another step forward to really grasping what companies are doing with…
3 votes and 0 so far on reddit
A friend has a very suspicious issue on her sprint iphone. Where should I ask about it? (if not here)
This didn't seem to break the rules, I'm sorry if it does.A friend sent a text message from her iphone which, when reaching the recipient, created a group chat. The 3rd party was an email address, at "internal.com."The email domain is actually sprint.internal.com which has nothing to do with sprint.The whois and other linked sites are extremely sketchy and they look intentionally fake--but the addresses have been registered forever. They include *very* desirable URLs actually--Anything.com, friend.com , kitchen.com, woman.com, medicine.com ..quite a few more...In general the rabbit hole dive is fascinating. There's no direct pitch to sell these domains, and there's no real site--it's *meant* to look like a real website--but it's clearly not. They're registered in St. Kitts, which clearly point so a shell corporation...Thanks or I'm sorry, whichever is appropriate! :)
Submitted May 26, 2018 at 01:53AM by CoryTV
via reddit https://ift.tt/2ILAjyp
This didn't seem to break the rules, I'm sorry if it does.A friend sent a text message from her iphone which, when reaching the recipient, created a group chat. The 3rd party was an email address, at "internal.com."The email domain is actually sprint.internal.com which has nothing to do with sprint.The whois and other linked sites are extremely sketchy and they look intentionally fake--but the addresses have been registered forever. They include *very* desirable URLs actually--Anything.com, friend.com , kitchen.com, woman.com, medicine.com ..quite a few more...In general the rabbit hole dive is fascinating. There's no direct pitch to sell these domains, and there's no real site--it's *meant* to look like a real website--but it's clearly not. They're registered in St. Kitts, which clearly point so a shell corporation...Thanks or I'm sorry, whichever is appropriate! :)
Submitted May 26, 2018 at 01:53AM by CoryTV
via reddit https://ift.tt/2ILAjyp
Outsourced Coders - What to do if they go rogue?
Hello there all,I have a client that is US based, and an outsourced coding vendor from India. One of the programming staff went rogue and locked the customer out of their code. We were able to get everything back for them, but ... is there ANYTHING that a US based legal response could do at all? We have secured everything to prevent future harm, including analyzing for backdoors (we found 1). But the client wants to pursue legally, and I just don't think it's even worth it.I'd love to hear more if anyone has ideas or thinks otherwise.Thanks!
Submitted May 26, 2018 at 01:46AM by jkeegan123
via reddit https://ift.tt/2xjVTce
Hello there all,I have a client that is US based, and an outsourced coding vendor from India. One of the programming staff went rogue and locked the customer out of their code. We were able to get everything back for them, but ... is there ANYTHING that a US based legal response could do at all? We have secured everything to prevent future harm, including analyzing for backdoors (we found 1). But the client wants to pursue legally, and I just don't think it's even worth it.I'd love to hear more if anyone has ideas or thinks otherwise.Thanks!
Submitted May 26, 2018 at 01:46AM by jkeegan123
via reddit https://ift.tt/2xjVTce
reddit
r/security - Outsourced Coders - What to do if they go rogue?
1 votes and 0 so far on reddit
RDP Brute force attacks using real name?
Hello,I'm not entirely sure this subreddit is the right one, but if you can suggest another one that's more appropriate, let me know.Here goes...sorry for the book.As some quick background, I'm in IT, web development background, infrastructure experience over the past 15 years, fairly experienced with AD security policies, basic intrusion detection (via Splunk), and I have a fairly basic home network. Anyway, I'm sure this is a bad practice, but I've had port forwarding setup for several years now so that I can RDP to my PC and my wife's. We use non-default RDP ports (I know that's not security, and I really do it so that we can have the same external IP with diff ports go to diff internal IPs on 3389). I keep strong passwords on my admin accounts, and change them pretty infrequently.In our PCs, I do have failure auditing enabled, and I occasionally review security event logs. I've seen the brute force attempts to login, and usually ignore it because it was always using default users names (Administrator, Backup, Copier, Warehouse, User1)...stuff like that.Anyway, I recently rebuilt my PC and had forgotten to enable failure auditing for a few weeks. When I did, I took a look at the event logs and was shocked when I saw my family members' real names being used to try and login. I see these attempts using all of my family members real names, from multiple foreign IP addresses. Interestingly, in one case, they even misspelled my daughter's name (instead of Jane Smith, for example, it was Jane Smlth). These real names are in no way actual accounts on my PC. Amazingly, they have all of our real names -- I'm probably the outlier in our family and I rarely if ever go on social media -- so I've no idea how they did this.So, now my question...has anyone seen anything like this before? I'm really surprised that someone would be able to track down our real names and correlate them with our public IP address from our cable internet provider (which changes infrequently admittedly, but has changed). Any ideas or have you seen this as well?In the meantime, I did setup a scheduled task that blackholes failed login attempts from the same IP, so there's that...Thanks in advance...
Submitted May 26, 2018 at 05:15AM by kevlav84
via reddit https://ift.tt/2KTnItC
Hello,I'm not entirely sure this subreddit is the right one, but if you can suggest another one that's more appropriate, let me know.Here goes...sorry for the book.As some quick background, I'm in IT, web development background, infrastructure experience over the past 15 years, fairly experienced with AD security policies, basic intrusion detection (via Splunk), and I have a fairly basic home network. Anyway, I'm sure this is a bad practice, but I've had port forwarding setup for several years now so that I can RDP to my PC and my wife's. We use non-default RDP ports (I know that's not security, and I really do it so that we can have the same external IP with diff ports go to diff internal IPs on 3389). I keep strong passwords on my admin accounts, and change them pretty infrequently.In our PCs, I do have failure auditing enabled, and I occasionally review security event logs. I've seen the brute force attempts to login, and usually ignore it because it was always using default users names (Administrator, Backup, Copier, Warehouse, User1)...stuff like that.Anyway, I recently rebuilt my PC and had forgotten to enable failure auditing for a few weeks. When I did, I took a look at the event logs and was shocked when I saw my family members' real names being used to try and login. I see these attempts using all of my family members real names, from multiple foreign IP addresses. Interestingly, in one case, they even misspelled my daughter's name (instead of Jane Smith, for example, it was Jane Smlth). These real names are in no way actual accounts on my PC. Amazingly, they have all of our real names -- I'm probably the outlier in our family and I rarely if ever go on social media -- so I've no idea how they did this.So, now my question...has anyone seen anything like this before? I'm really surprised that someone would be able to track down our real names and correlate them with our public IP address from our cable internet provider (which changes infrequently admittedly, but has changed). Any ideas or have you seen this as well?In the meantime, I did setup a scheduled task that blackholes failed login attempts from the same IP, so there's that...Thanks in advance...
Submitted May 26, 2018 at 05:15AM by kevlav84
via reddit https://ift.tt/2KTnItC
reddit
r/security - RDP Brute force attacks using real name?
1 votes and 0 so far on reddit
mquery: Blazingly fast Yara queries for malware analysts
https://ift.tt/2ILJGSD
Submitted May 26, 2018 at 12:08PM by digicat
via reddit https://ift.tt/2s72KRe
https://ift.tt/2ILJGSD
Submitted May 26, 2018 at 12:08PM by digicat
via reddit https://ift.tt/2s72KRe
GitHub
CERT-Polska/mquery
mquery - YARA malware query accelerator (web frontend)
Apple ID is being used to sign in to a new device in China. I live in Hawaii. I have 2-Factor Identification on all accounts and devices. Should I be concerned/change anything?
https://ift.tt/2KWu63q
Submitted May 26, 2018 at 03:11PM by jakes_tornado
via reddit https://ift.tt/2Lw4rzB
https://ift.tt/2KWu63q
Submitted May 26, 2018 at 03:11PM by jakes_tornado
via reddit https://ift.tt/2Lw4rzB
FBI to America: Reboot Your Routers, Right Now
https://ift.tt/2IP0F2o
Submitted May 26, 2018 at 01:48PM by absolufreak
via reddit https://ift.tt/2ksAx33
https://ift.tt/2IP0F2o
Submitted May 26, 2018 at 01:48PM by absolufreak
via reddit https://ift.tt/2ksAx33
Popular Mechanics
FBI to America: Reboot Your Routers, Right Now
There's a sneaky bit of malware going around.
Jamming Anybody's Wifi by DDOS Attacj
https://ift.tt/2sf15YS
Submitted May 26, 2018 at 12:41PM by vortex1000
via reddit https://ift.tt/2KVzzaN
https://ift.tt/2sf15YS
Submitted May 26, 2018 at 12:41PM by vortex1000
via reddit https://ift.tt/2KVzzaN
Hack My Device
Jamming Wifi Service: How To Perform DDOS Attack Or Jam A Wireless Network
Activists use Social Engineering to bust a child porn group on Telegram
https://ift.tt/2GyNPU1
Submitted May 26, 2018 at 04:15PM by TelegramParanoidMode
via reddit https://ift.tt/2JaD7sc
https://ift.tt/2GyNPU1
Submitted May 26, 2018 at 04:15PM by TelegramParanoidMode
via reddit https://ift.tt/2JaD7sc
FactorDaily
How the fight against child porn took two ordinary men to the internet's darkest corners | FactorDaily
Neither are programmers or hackers, but through a deep understanding of Telegram’s strengths and weaknesses and a heavy dollop of social engineering, they laid the perfect trap.
Do you think GDPR help improve data privacy and security all around the world?
http://www.eweek.com/security/gdpr-day-1-litigating-the-right-to-data-privacy
Submitted May 26, 2018 at 05:50PM by aracelijerome
via reddit https://ift.tt/2ISasF7
http://www.eweek.com/security/gdpr-day-1-litigating-the-right-to-data-privacy
Submitted May 26, 2018 at 05:50PM by aracelijerome
via reddit https://ift.tt/2ISasF7
eWEEK
GDPR Day 1: Litigating the Right to Data Privacy
The General Data Protection Regulation is the most contested law in the E.U.’s history, and we've only touched the surface of its influence.
Security concern about email services and providers
Is there any free email service that does not delete user account, ever?I'm certain that one of the highest security risk of email accounts is the removing of account after an inactivity period, because of the other services registered with that email address. Usually you won't be able to change anything on you other services, because you can not confirm changes by email ever again. And you can not recover those other accounts (in case of lost password, etc.). And on top of that if someone registers your old address, then he can get your password or reset your password to those services.I know, there are several services with 180 days inactivity periods (gmail perhaps 18 months), and paid services/accounts never will be cancelled, but what if the account owner gets a stroke and hospitalized for a long time (can not pay or login)?
Submitted May 26, 2018 at 07:43PM by Erdoe
via reddit https://ift.tt/2LyRNQq
Is there any free email service that does not delete user account, ever?I'm certain that one of the highest security risk of email accounts is the removing of account after an inactivity period, because of the other services registered with that email address. Usually you won't be able to change anything on you other services, because you can not confirm changes by email ever again. And you can not recover those other accounts (in case of lost password, etc.). And on top of that if someone registers your old address, then he can get your password or reset your password to those services.I know, there are several services with 180 days inactivity periods (gmail perhaps 18 months), and paid services/accounts never will be cancelled, but what if the account owner gets a stroke and hospitalized for a long time (can not pay or login)?
Submitted May 26, 2018 at 07:43PM by Erdoe
via reddit https://ift.tt/2LyRNQq
reddit
r/security - Security concern about email services and providers
1 votes and 2 so far on reddit
An NSA-derived ransomware worm is shutting down computers worldwide
https://ift.tt/2qamUcy
Submitted May 27, 2018 at 12:13AM by dengorilla1
via reddit https://ift.tt/2INXnMN
https://ift.tt/2qamUcy
Submitted May 27, 2018 at 12:13AM by dengorilla1
via reddit https://ift.tt/2INXnMN
Ars Technica
An NSA-derived ransomware worm is shutting down computers worldwide
Wcry uses weapons-grade exploit published by the NSA-leaking Shadow Brokers.
Hey everyone,
I've removed posts from /r/security as it wasn't sharing useful information and /r/netsec covers pretty much everything.
I've removed posts from /r/security as it wasn't sharing useful information and /r/netsec covers pretty much everything.
Intel Engine Firmware Analysis Tool (Sources + Discussion)
https://ift.tt/2bHr9nD
Submitted May 27, 2018 at 03:40PM by Scene_News
via reddit https://ift.tt/2INahil
https://ift.tt/2bHr9nD
Submitted May 27, 2018 at 03:40PM by Scene_News
via reddit https://ift.tt/2INahil
GitHub
platomav/MEAnalyzer
MEAnalyzer - Intel Engine Firmware Analysis Tool
SEVered: Subverting AMD’s Virtual Machine Encryption
https://ift.tt/2sb4EQG
Submitted May 27, 2018 at 10:34PM by majorllama
via reddit https://ift.tt/2xi9aSo
https://ift.tt/2sb4EQG
Submitted May 27, 2018 at 10:34PM by majorllama
via reddit https://ift.tt/2xi9aSo
A Quick Analysis of Malicious NSIS installers used to Disperse Malware
https://ift.tt/2se93SV
Submitted May 27, 2018 at 10:05PM by TechLord2
via reddit https://ift.tt/2si8GpO
https://ift.tt/2se93SV
Submitted May 27, 2018 at 10:05PM by TechLord2
via reddit https://ift.tt/2si8GpO
SANS Internet Storm Center
InfoSec Handlers Diary Blog - Internet Storm Center Diary 2018-05-27
Internet Storm Center Diary 2018-05-27, Author: Guy Bruneau
Banking malware employs a new technique to bypass dedicated browser protection measures
https://ift.tt/2sdneqq
Submitted May 27, 2018 at 09:43PM by Scene_News
via reddit https://ift.tt/2LA6KBz
https://ift.tt/2sdneqq
Submitted May 27, 2018 at 09:43PM by Scene_News
via reddit https://ift.tt/2LA6KBz
WeLiveSecurity
Banking malware using inventive methods to attack Polish banks
ESET researchers have discovered a piece of banking malware using a new technique to bypass dedicated browser protection measures that was used to empty accounts in Polish banks.
NetBSD network stack audit results
https://ift.tt/2GYa0TM
Submitted May 28, 2018 at 03:30PM by apancetta
via reddit https://ift.tt/2sevw2k
https://ift.tt/2GYa0TM
Submitted May 28, 2018 at 03:30PM by apancetta
via reddit https://ift.tt/2sevw2k
New VPNFilter malware targets at least 500K networking devices worldwide
https://ift.tt/2scqK4H
Submitted May 28, 2018 at 02:07PM by nachoparker
via reddit https://ift.tt/2IORVxf
https://ift.tt/2scqK4H
Submitted May 28, 2018 at 02:07PM by nachoparker
via reddit https://ift.tt/2IORVxf
Talosintelligence
VPNFilter
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Isolated Networks in the Cloud
https://ift.tt/2GXbrSH
Submitted May 28, 2018 at 06:55PM by Occams_Trimmer
via reddit https://ift.tt/2sdPPNo
https://ift.tt/2GXbrSH
Submitted May 28, 2018 at 06:55PM by Occams_Trimmer
via reddit https://ift.tt/2sdPPNo
Medium
Isolated Networks in the Cloud
After a recent roadmapping session, it seemed like a good idea to research network isolation in cloud environments. We chose to test AWS…
IBM QRadar unauthenticated remote code execution (writeup + exploit)
https://ift.tt/2seGW5g
Submitted May 28, 2018 at 06:53PM by jose_boneh
via reddit https://ift.tt/2ITC3pc
https://ift.tt/2seGW5g
Submitted May 28, 2018 at 06:53PM by jose_boneh
via reddit https://ift.tt/2ITC3pc