Pete Recommends – Weekly highlights on cyber security issues July 15 2018

Subject: Google Cloud changes abuse prevention process after viral customer complaint
Source: Business Insider

  • Google Cloud says it is reviewing its abuse-prevention process after a customer complaint posted on Medium last week went viral.
  • The author of that Medium post, an admin of an energy-monitoring operation, was spooked when Google threatened in an email to shut down all operations if proper documents weren’t provided in three days.
  • Google is owning up to the error, saying it will make changes so that the problem will never happen again.

When it comes to customer service — a critical feature for businesses staking their livelihoods on a cloud service — Google appears a lot more vulnerable. In the many discussions about this incident on Reddit and other online message boards, a big complaint that has surfaced is an inability of Google Cloud customers to contact human customer-service reps in emergencies. Bender didn’t address that issue in his Medium post.

Read Google’s full response »

Subject: Domestic Abuse Resources: Internet of Things and Smart Homes
Source: Gizmodo

The six-page document lists a number of tools and organizations that are intended to both inform victims on the IoT landscape as well as how to deal with technology that someone might target them with. Melissa Gregg, a research director at Intel, told the New York Times that men predominantly install smart home devices, signaling a potential gap in knowledge on how this technology works from the get-go. But UCL’s resource list aims to combat any proficiency discrepancies, giving victims the information they need not only to understand how smart homes work, but to understand how they are vulnerable to bad actors.

Some of the resources listed include Technology Safety, a blog dedicated to “technology, privacy, and safety in the context of intimate partner violence, sexual assault, and violence against women.” It also includes DIY Cybersecurity for Domestic Violence, an online guide developed by grassroots organization HACK*BLOSSOM which offers victims “accessible and empathetic” suggestions to regain autonomy over their digital privacy.

PLUS other articles on this/related subject:

See also:

Subject: How to Read Long Privacy Policies the Easy Way
Source: The Quint via beSpacific

the quint: “So once I tried reading the privacy policy of a company and post that the process ran its natural course. There were parts I felt were absolutely inconsequential and the excessive use of jargon resulted in me giving up and ultimately clicking “I Agree”. I’m sure it’s just not me and almost 90  percent of people who use these websites and services don’t even read the privacy policy. I get it! You don’t have the time to go through a 2,500-word-long document. And, of course, the language used is a bit convoluted and filled with legalese. Since data privacy policy holds some key information, many companies try to eschew critical information in order to sell the data to ad companies. The introduction of GDPR has instilled a certain amount of fear among such companies, but still users don’t find validity in reading the whole policy. So, is there an easier way to extract the important bits of a privacy policy without diving into its extraneous side? Maybe this can help…”

Subject: Avoid Google and Bing: 7 Alternative Search Engines That Value Privacy
Source: MUO via beSpacific

MakeUseOf (MUO): “Google and Bing might be the web’s most popular search engines, but they’re both a disaster from a privacy standpoint. They routinely harvest your data and use it in more ways than you care to imagine. Is search engine privacy important to you? If so, you should consider using one of these alternative search engines instead. What Kinds of Data Are Google and Bing Collecting? Before we establish the best search engines for user privacy, let’s take a moment to look at what’s wrong with Google and Bing. They will record and/or store four pieces of information every time you enter a query:

Subjects: Internet, Privacy, Search Engines

[all have RSS feeds per Subject: ]

Bonus: RSS feed for MOU:

Subject: Walmart Patents Audio Surveillance Tool to Monitor Employees
Source: Splinter News

Retail colossus Walmart just patented a new technology meant to monitor employee productivity via audio surveillance of checkout counters. The technology, which Walmart calls “listening to the frontend,” aims to increase employee efficiency by using sensors to monitor sounds that can indicate how long lines are, how many bags are being used, and, most unnervingly, conversations among employees or between employees and customers.

Right now, this is just a patent, and it’s unknown whether Walmart will ever develop it. But it shows that Walmart is following in Amazon’s footsteps when it comes to finding new and inventive methods of invasive employee surveillance. When asked for comment, Walmart told BuzzFeed News, “We’re always thinking about new concepts and ways that will help us further enhance how we serve customers, but we don’t have any further details to share on these patents at this time.”

[wiretap laws? /pmw1]

Subject: Getting a password manager is the most important way to improve your online security
Source: The Washington Post via beSpacific

Washington Post – “…After testing password managers that work across browsers and devices, I recommend one called Dashlane. It’s the one simple enough that you’re likely to stick with it, though its features are neck and neck with rivals 1Password and LastPass, which are also fine choices. Dashlane, used by 10 million people, is free to try on a single device. You pay a subscription to make it securely sync up your passwords (and other secrets such as credit card details and ID numbers) across your computer, phone and tablet. At $3.33 per month, Dashlane happens to be the most expensive of the three, but like the Apple of the password game, its design and customer service are worth it.

NB from TWP article:

Password managers can also make your life easier in a few other ways. All three of the ones I recommend can share passwords with other family members and co-workers who use the same program. Dashlane and LastPass also let you identify emergency contacts — people who, after a period of time you determine, will be able to access your passwords and other saved information. This can make accessing bank, email, social media and other personal information much less stressful after a death.

Editor’s note:

Some managers can store (and share) encrypted documents e.g., healthcare lab results.  Also do form-fill info e.g., CC numbers, postal address, shipping address /pmw1

Subjects: Internet, PC Security, Privacy

Subject: Why you might want to wrap your car key fob in foil
Source:  Detroit Free Press via USA Today Network

Cybersecurity experts say privately that anyone who knows anything about the ease of auto and personal data hacking practices safe fob storage.

While auto industry engineers know a lot about traditional safety, quality, compliance and reliability challenges, cyber is an “adaptive adversary,” said Faye Francy, executive director of the nonprofit Automotive Information Sharing and Analysis Center, which specializes in cybersecurity strategies. “Automakers are starting to implement security features in every stage of design and manufacturing. This includes the key fob.”

Posted in: Civil Liberties, Cybercrime, Cybersecurity, Privacy, Search Engines