Pete Recommends – Weekly highlights on cyber security issues November 23, 2019

Subject: Anti-robocall bill likely as House, Senate reach compromise
Source: AP via Yahoo
https://news.yahoo.com/anti-robocall-bill-likely-house-221203052.html

Phone companies have been rolling out verification tools after prompting from regulators. These reassure customers that the number showing up on their phone is actually the number that called, and not a fraudster “spoofing,” or faking, the number to try to get people to pick it up. Numbers can be faked to look like they’re coming from the IRS, for example, or from a number with the same area code as you. But to combat this successfully, all carriers need to put the anti-spoofing system in place.

Telecom companies are also offering call-blocking apps for smartphones and many home phones, although not always for free. The FCC in June gave them permission to turn on call-blocking by default. While tools had been available before, customers might not have known to ask about them.


Subject: Stop Using Public USB Ports to Charge Your Phone
Source: Lifehacker
https://lifehacker.com/stop-using-public-usb-ports-to-charge-your-phone-1839906505

Battery power is one of those things that’s always at a premium, especially when you’re traveling and need to use one of the precious few power outlets at the airport to keep your device charged.This week, the LA County District Attorney’s office put out a warning to remind everyone of one way you shouldn’t keep that device charged: a public USB port.

We warned people about using public USB ports back in May.
The issue is that public USB ports can potentially be hacked so that they install data-stealing malware onto your phone while you charge up. Called “juice-jacking,” the hack could result in scammers getting access to your passwords, personal information and more. Not exactly worth it for a few more minutes of Candy Crush, right?


Subject: Chrome, Edge, Safari hacked at elite Chinese hacking contest
Source: ZDNet
https://www.zdnet.com/article/chrome-edge-safari-hacked-at-elite-chinese-hacking-contest/

China’s top hackers have gathered this weekend in the city of Chengdu to compete in the Tianfu Cup, the country’s top hacking competition.Over the course of two days — November 16 and 17 — Chinese security researchers will test zero-days against some of the world’s most popular applications.

The goal is to exploit and take over an app using never-before-seen vulnerabilities. If attacks succeed, researchers earn points towards an overall classification, cash prizes, but also the reputation that comes with winning a reputable hacking competition.

The Tianfu Cup’s rules are identical to what we see at Pwn2Own, the world’s largest hacking contest. The two events are more tied than most people know.

filed under Topic: Security
RSS feed: https://www.zdnet.com/topic/security/rss.xml


Subject: How to Lock Down Your Health and Fitness Data
Source: WIRED
https://www.wired.com/story/health-fitness-data-privacy/

Whether you’re a Fitbit user worried about Google’s recent $2.1 billion purchase of the company or just generally privacy conscious, you should pay attention to where your health and fitness data goes, and who has access. It’s among the most sensitive data you have.While you unfortunately can’t control where all of your health information goes—as a Google partnership with Ascension, the nation’s second-largest health system, has unfortunately proved—you can still dedicate a few minutes to health data audit, making sure your calorie burns and step counts are completely private. Or if not, that they’re only shared by choice.

It shouldn’t take long, and it follows the same principles as any other data privacy audit: Check which data is being collected, which parts of it are public, and how many of your apps can access to it.

We can’t cover every single fitness app out there, but these are the main players. If you’re using something else, you should be able to use a similar process to check what information is being logged and how it’s being used.

The WIRED Guide to Personal Data

More Great WIRED Stories

Topics


Subject: Who Stole My Face? The Risks Of Law Enforcement Use Of Facial Recognition Software
Source:  Above the Law via LLRX
https://www.llrx.com/2019/11/who-stole-my-face-the-risks-of-law-enforcement-use-of-facial-recognition-software/

Who knows what extremes we’ll go to camouflage ourselves in a world where facial surveillance is the norm?Last week, RIT philosophy professor and expert on the ethical and privacy implications of technology, Evan Selinger, spoke to a group of lawyers in Rochester, New York, about the dangers presented by facial recognition software. The presentation, “Who Stole My Face? The Privacy Implications of Facial Recognition Technology,” was hosted by the committee that I chair for the Monroe County Bar Association, the Technology and Law Practice Committee, and was the brainchild of committee member Aleksander Nikolic, a Rochester IP attorney.

During his talk, Selinger contended that facial recognition technology should be banned across the board until regulations are enacted that are designed to control when and how it is used, and by whom. As he explains in a recent New York Times Op-Ed that he coauthored, facial recognition technology is unique in its invasiveness and in its potential for causing harm:

LLRX Posted in: AI, Civil Liberties, Congress, Cyberlaw, Legal Research, Privacy, Social Media
A.B.L. site RSS feed: https://abovethelaw.com/feed/
Tech feed: https://abovethelaw.com/technology/feed/


Subject: DuckDuckGo Introduces “Smarter Encryption”
Source: DuckDuckGo Blog Post via LJ infoDOCKET
https://www.infodocket.com/2019/11/19/122023/

When [Smarter Encryption is] enabled, this technology will make most typical Internet browsing connections encrypted, and therefore private from potential eavesdroppers. For example, when using DuckDuckGo Smarter Encryption, 81% of clicks to websites from DuckDuckGo Search results use encrypted connections. This gives you peace of mind that no matter where the Internet takes you, DuckDuckGo is helping you keep your private information just that, private….


Subject: Upgrading Your Phone? 4 Things You Should Do First
Source: FTC Consumer Information
https://www.consumer.ftc.gov/blog/2019/11/upgrading-your-phone-4-things-you-should-do-first

If you’re thinking about upgrading to a new phone, make sure you remove your personal information before you trade it in. Why? Because your phone could have a lot of sensitive, personal information on it – like your passwords, account numbers, emails, text messages, photos, and videos. If that information ends up in the wrong hands, someone could use it to wreak havoc. They could open accounts in your name, spend your money, hack into your email, or take over your social media accounts.Here’s how to remove your personal information before you trade in your phone.

[Just got a new phone?  Find out how to protect it and your data. These tips work for not-so-new phones, too!]

Tagged with:


Subject: Court: Man Charged With Child Porn Can Withhold His Password From Police
Source: AP via CBS Pittsburgh
https://pittsburgh.cbslocal.com/2019/11/20/man-charged-with-child-porn-can-withhold-password/

HARRISBURG, Pa. (AP) – Pennsylvania’s highest court has ruled that a man charged with distributing child pornography does not have to tell police his computer password.The court’s 4-3 de/cision Wednesday reaffirms the right to remain silent and acknowledges the difficulty of building cases when police confront sophisticated encryption services and other technology….

Posted in: AI, Big Data, Congress, Cybercrime, Cybersecurity, Healthcare, Legislative, Mobile Tech, Pornography, Privacy, Search Engines