California May Restore Broadband Privacy Rules Killed By Congress and Trump

An anonymous reader quotes a report from Ars Technica: A proposed law in California would require Internet service providers to obtain customers’ permission before they use, share, or sell the customers’ Web browsing history. The California Broadband I…

An anonymous reader quotes a report from Ars Technica: A proposed law in California would require Internet service providers to obtain customers’ permission before they use, share, or sell the customers’ Web browsing history. The California Broadband Internet Privacy Act, a bill introduced by Assembly member Ed Chau (D-Monterey Park) on Monday, is very similar to an Obama-era privacy rule that was scheduled to take effect across the US until President Trump and the Republican-controlled Congress eliminated it. If Chau’s bill becomes law, ISPs in California would have to get subscribers’ opt-in consent before using browsing history and other sensitive information in order to serve personalized advertisements. Consumers would have the right to revoke their consent at any time. The opt-in requirement in Chau’s bill would apply to “Web browsing history, application usage history, content of communications, and origin and destination Internet Protocol (IP) addresses of all traffic.” The requirement would also apply to geolocation data, IP addresses, financial and health information, information pertaining to minors, names and billing information, Social Security numbers, demographic information, and personal details such as physical addresses, e-mail addresses, and phone numbers.

Read more of this story at Slashdot.

If It Uses Electricity, It Will Connect To the Internet: F-Secure’s CRO

New submitter evolutionary writes: According to F-Secure’s Chief Research Officer “IoT is unavoidable. If it uses electricity, it will become a computer. If it uses electricity, it will be online. In future, you will only buy IoT appliances, whether yo…

New submitter evolutionary writes: According to F-Secure’s Chief Research Officer “IoT is unavoidable. If it uses electricity, it will become a computer. If it uses electricity, it will be online. In future, you will only buy IoT appliances, whether you like it or not, whether you know it or not.” F-Secure’s new product to help mitigate data leakage, “Sense”, is a IoT Firewall, combining a traditional firewall with a cloud service and uses concepts including behaviour-based blocking and device reputation to figure out whether you have insecure devices.

Read more of this story at Slashdot.

Ask Slashdot: How Do You Prepare For The Theft Of Your PC?

A security-conscious Slashdot reader has theft insurance — but worries whether it covers PC theft. And besides the hassles of recreating every customization after restoring from backups, there’s also the issue of keeping personal data private.
I curre…

A security-conscious Slashdot reader has theft insurance — but worries whether it covers PC theft. And besides the hassles of recreating every customization after restoring from backups, there’s also the issue of keeping personal data private.
I currently keep important information on a hidden, encrypted partition so an ordinary thief won’t get much off of it, but that is about the extent of my preparation… What would you do? Some sort of beacon to let you know where your stuff is? Remote wipe? Online backup?

There’s a couple of issues here — including privacy, data recovery, deterrence, compensation — each leading to different ways to answer the question: what can you actually do to prepare for the possibility? So use the comments to share your own experiences. How have you prepared for the theft of your PC?

Read more of this story at Slashdot.

Dubai Airport Will Use Biometric Scanning By 2020 To Replace Entry With Passport

dryriver quotes a report from Gulf News: For visitors or residents coming in to Dubai, a new face-recognition software in the offing at the Dubai International Airport will enable them to walk straight to the baggage claim area after deplaning without …

dryriver quotes a report from Gulf News: For visitors or residents coming in to Dubai, a new face-recognition software in the offing at the Dubai International Airport will enable them to walk straight to the baggage claim area after deplaning without having to stop at passport control. British start-up ObjectTech announced that they will work with the Dubai government to install biometric tunnels that scan people’s faces as they walk to baggage reclaim. The “biometric border” walkway takes a 3D scan of people’s faces as they enter the airport and checks it against a digital passport using face-recognition software. If this project is completed, passengers arriving at Dubai airport will be able to step off their flight and walk straight to baggage reclaim via biometric verification tunnels — allowing them to be registered into the country using a pre-approved and entirely digitized passport.

Read more of this story at Slashdot.

US Internet Company Refused To Participate In NSA Surveillance, Documents Reveal

Zack Whittaker reports via ZDNet: A U.S. company refused to comply with a top-secret order that compelled it to facilitate government surveillance, according to newly declassified documents. According to the document, the unnamed company’s refusal to p…

Zack Whittaker reports via ZDNet: A U.S. company refused to comply with a top-secret order that compelled it to facilitate government surveillance, according to newly declassified documents. According to the document, the unnamed company’s refusal to participate in the surveillance program was tied to an apparent expansion of the foreign surveillance law, details of which were redacted by the government prior to its release, as it likely remains classified. It’s thought to be only the second instance of an American company refusing to comply with a government surveillance order. The first was Yahoo in 2008. It was threatened with hefty daily fines if it didn’t hand over customer data to the National Security Agency. The law is widely known in national security circles as forming the legal basis authorizing the so-called PRISM surveillance program, which reportedly taps data from nine tech titans including Apple, Facebook, Google, Microsoft, and others. It also permits “upstream” collection from the internet fiber backbones of the internet. Any guesses as to which company it may be? The company was not named in the 2014-dated document, but it’s thought to be an internet provider or a tech company.

Read more of this story at Slashdot.

Federal Regulators Are Investigating Uber Over Privacy Violations

An anonymous reader quotes a report from Recode: One of the U.S. government’s most powerful consumer protection watchdogs appears to be quietly probing Uber and the company’s privacy practices. The inquiry is under way at the Federal Trade Commission, …

An anonymous reader quotes a report from Recode: One of the U.S. government’s most powerful consumer protection watchdogs appears to be quietly probing Uber and the company’s privacy practices. The inquiry is under way at the Federal Trade Commission, according to four sources familiar with the matter, where the agency’s investigative staff appears to have focused its attention on some of the data-handling mishaps that have plagued the company in recent years — perhaps including employees’ misuse of “god view,” a tool that had previously allowed some at Uber to spy on the whereabouts of politicians, celebrities and others using the ride-hailing app. The sources cautioned to Recode that FTC staff regularly question companies on consumer-protection matters, like privacy — and often, the agency chooses not to pursue any penalties while closing its investigations as quietly as it began them. Still, the scrutiny could easily blossom into a full-fledged legal complaint against Uber — a reality the company knows well.

Read more of this story at Slashdot.

Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election

Russian hacking groups played a larger role in the 2016 election than anyone realized, according to a highly-classified NSA document published today in The Intercept. The document reveals that a Russian intelligence operation sent spear-phishing emails…

Russian hacking groups played a larger role in the 2016 election than anyone realized, according to a highly-classified NSA document published today in The Intercept. The document reveals that a Russian intelligence operation sent spear-phishing emails to more than 100 local election officials days before the election, which ran through a hack of a U.S. voting software supplier. The Russian cyber espionage operation was functional for months before the 2016 U.S. election. From the report: It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document: “Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.” This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU.

Read more of this story at Slashdot.

Supreme Court Agrees To Decide Major Privacy Case On Cellphone Data

An anonymous reader shares a report: The U.S. Supreme Court on Monday agreed to hear a major case on privacy rights in the digital age that will determine whether police officers need warrants to access past cellphone location information kept by wirel…

An anonymous reader shares a report: The U.S. Supreme Court on Monday agreed to hear a major case on privacy rights in the digital age that will determine whether police officers need warrants to access past cellphone location information kept by wireless carriers. The justices agreed to hear an appeal brought by a man who was arrested in 2011 as part of an investigation into a string of armed robberies at Radio Shack and T-Mobile stores in the Detroit area over the preceding months. Police helped establish that the man, Timothy Carpenter, was near the scene of the crimes by securing cell site location information from his cellphone carrier. At issue is whether failing to obtain a warrant violates a defendant’s right to be free from unreasonable searches and seizures under the U.S. Constitution’s Fourth Amendment. The information that law enforcement agencies can obtain from wireless carriers shows which local cellphone towers users connect to at the time they make calls. Police can use historical data to determine if a suspect was in the vicinity of a crime scene or real-time data to track a suspect.

Read more of this story at Slashdot.

OneLogin Says Breach Exposed Ability To Decrypt Customer Data

Reader tsu doh nimh writes: OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted da…

Reader tsu doh nimh writes: OneLogin, an online service that lets users manage logins to sites and apps from a single platform, says it has suffered a security breach in which customer data was compromised, including the ability to decrypt encrypted data, KrebsOnSecurity reports. “A breach that allowed intruders to decrypt customer data could be extremely damaging for affected customers. After OneLogin customers sign into their account, the service takes care of remembering and supplying the customer’s usernames and passwords for all of their other applications.”

Read more of this story at Slashdot.

83 Percent Of Security Staff Waste Time Fixing Other IT Problems

An anonymous reader shares a report: A new survey of security professionals reveals that 83 percent say colleagues in other departments turn to them to fix personal computer problems. The study by security management company FireMon shows a further 80 …

An anonymous reader shares a report: A new survey of security professionals reveals that 83 percent say colleagues in other departments turn to them to fix personal computer problems. The study by security management company FireMon shows a further 80 percent say this is taking up more than an hour of their working week, which in a year could equate to more than $88,000. For organizations, eight percent of professionals surveyed helping colleagues out five hours a week or more could be costing over $400,000. Organizations are potentially paying qualified security professionals salaries upwards of $100,000 a year and seeing up to 12.5 percent of that investment being spent on non-security related activities.

Read more of this story at Slashdot.