Saturday, June 16, 2018

Smart 911


Smart911 is a free, third party (non government) supplemental data service that allows you to create a safety profile that can be seen by emergency responders when you call 9-1-1. The company that owns / runs Smart911 is Rave Mobile Safety.

After you sign up with Smart911; when you call 9-1-1  from a registered phone number, your profile will be displayed at the 9-1-1 center. You can include as little or as much information in your profile as you like. Information may include address, medical and security information. This service is voluntary, so you decide what information you want emergency responders to know about you when you call 9-1-1. 

Part of the intent of Smart911 is to compensate for cell-phones and VOIP phones, which have replaced landline phones by as much 70 percent in some areas.  Cell-phones only transmit a general location data.  With Smart911, emergency crews can be provided with the caller’s exact address, which is especially helpful in finding apartment renters, and hard to find homes in rural areas.

Smart911 prompts registered users to verify their information every six months. However, you should update your profile anytime there is any change to your information.


Privacy Concerns

In 2012, when Smart911 became available in King County, WA, KIRO 7 News published a report "Smart' 911 registry prompts privacy questions".  KHON 2 News (Honolulu) expressed similar concerns in 2015, asking "How much information is too much information for HPD's new Smart911 system?"

Although Smart911 claims that your data profile is only available to dispatchers after you call 9-1-1 from a registered number; a 2013 article in The Missoulian (Missoula, MT) pointed out that information the Smart911 system can be searched even if you don't call 9-1-1. The article stated in part: "The biggest change is that the new system will let emergency officials look up information based on possible needs, rather than waiting until someone calls. "So if there was a severe power outage, we could look up which people in the county need electricity to power medical equipment and act on that information..."  (There is an option to opt-out of pre-screening of your profile, before you call 9-1-1.)

As with any database containing extensive personal information there are concerns of data breaches, hacking, and misuse of the data.

Even the Smart911 (Rave Mobile Safety) privacy policy states: "Rave cannot guarantee the security of user account or other personal information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time."

So, should you participate in the Smart911 program? While there are privacy concerns with this service; only you can decide what information you are willing to share with the Rave Mobile Safety company, and with first responders and emergency managers in your area.

You may want to associate your cell-phone or VOIP phone with your address to aid responders in finding you during an emergency.

If you have specific health conditions that may require special treatment or that might prevent you from communicating easily with the 9-1-1 call center during an emergency call, you may want to include this information in your profile.

Because Smart911 lets you control what information you include in your profile, and the profile questions seem to be specifically related to information that would be needed by first responders... Smart911 is probably a good tool to consider as part of your personal security plan.

Remove EXIF Data From Your Photos


Did you know that most digital cameras embed hidden information, called metadata, into every photograph taken? And when you share those images, say by uploading them to a social network, that hidden information often stays embedded? And that people can view said information for almost no effort at all?

Metadata connected to photos is stored in a format called "Exchangeable Image File Format" or EXIF. EXIF metadata might include:
  • Latitude and longitude coordinates for the location where the photo was taken,
  • Camera settings like ISO speed, shutter speed, focal length, aperture, white balance, and lens type.
  • The make and model of the camera.
  • The date and time the photo was taken.
  • The name and build of all programs used to view or edit the photo.

EXIF data can be used by malicious users to inconvenience you at best or harm you at worst. A good example of this danger is seen in the disclosure of John McAfee's location in 2012 when a photo of Mr. McAfee and VICE’s editor-in-chief Rocco Castoro was posted on-line with EXIF data containing among other things, the GPS latitude and longitude co-ordinates of where it was taken. 

Of course you don't have to be on the run from the law to be concerned about EXIF data in your photos. If you post a photograph of yourself standing by your home, EXIF data can reveal your address.

Windows has a built-in method for clearing EXIF data. Simply right-click on your photo, select Properties, then go to the Details tab. At the bottom of this tab click on Remove Properties and Personal Information to open the EXIF removal tool. The tool lets you either create a copy of the image with all metadata removed or pick and choose which properties to erase from the selected file.

Windows 10's metadata-removal tool isn't perfect, and it may not be able to remove all the personal information from your photos.

If you run into issues removing metadata with Windows, you'll need to try a third-party tool such as EXIF Purge. EXIF Purge is a small portable application to remove EXIF meta data from multiple images at once. Be sure to test any tool that use to remove EXIF data from your photos to be sure that it completely removes any data you don't want to share with the world.

Will the UK Require Digital ID to Use the Internet ???


The UK, following the example of China, has proposed that any place providing internet access use bank-account verification to affirmatively identify all the people who use the internet.  UK Security Minister Ben Wallach said that social media companies should bear the cost of tracking the identities of all their users.

Real-name policies have proved to be a boon to authoritarian rulers; in Cambodia, dictator Hun Sen has embraced Facebook, creating a direct pipeline to Facebook's real-name compliance team that his government uses to force critics to reveal their real identities (exposing them to arrest and torture), or leave the platform.

Are we soon to see this same policy in the UK?  (Read more at Boing Boing, June 11, 2018)

Friday, June 15, 2018

The Complete Privacy & Security Desk Reference: Volume II (Available Now)



The Complete Privacy & Security Desk Reference: Volume II: Physical (Volume 2)

The first volume of this series made you digitally invisible. This book continues with your journey and explores complete physical privacy and security in the real world. After 100 pages of updates from the previous volume (Digital), this book explains how to be private and secure in your home and while you travel. You will create a more secure home perimeter, use living trusts, land trust and LLC's to privately title your home, apply physical disinformation techniques around your property, execute a fail-proof firewall to protect your entire home network and devices, install better locks on your doors, enable advanced features of your alarm system, install a proper home safe, modify your vehicles and usage, privately title your vehicle and registration, embrace surveillance under your terms, avoid threats to your safety, secure your belongings from physical and digital intrusion during travel, and become more aware of your surroundings while being prepared to take action. When taken to the extreme, you will be impossible to compromise.
--

Volume 1 of The Complete Privacy & Security Desk Reference is a great book, that I highly recommend for anyone interested in data privacy and personal security. Now Volume 2 is available on Amazon.Com.




Choosing a Home Safe

 
When choosing a home safe, there are several things that we should consider, and first among those is what do we want the safe to protect against. Most home safes that you buy at stores like Wal-Mart or Home Depot, or on-line from Amazon are designed to protect against fire and maybe water damage, but provide very little protection against burglars targeting the safe itself. This being said, a burglar targeting your home at random probably isn't prepared to break into a safe of any type.
 
The Sentry fire and water resistant safe (Model: SFW123DSB) has a good overall reputation for home safes costing less than $250. If you choose a Sentry Safe, I recommend that you chose the dial combination model, and avoid the safes with an electronic keypad. 
 
It is possible to quickly defeat the electronic key pad locking mechanisms using a strong magnet, as can be seen in the following Mr. Locksmith videos:
 

Open Sentry Safe in less than 5 seconds!

Open a New Sentry Safe XXL with a Rare Earth Magnet
 
While the random burglar is unlikely to be carrying a rare earth magnet, someone who was aware of your safe and who wanted to gain surreptitious entry to it could defeat the electronic lock for about $15.
 
Note that while the dial combination solves the problem of using a magnet to bypass the lock, you are unable to change the factory set dial combination, where with the electronic keypad you can change the combination to your safe as often as you wish.
 
The Sentry Safe pictured above weighs 90 pounds, so while a burglar won't be tossing it in to a bag and running down the street with it, little effort would be required to carry it out your front door to a waiting vehicle.  For this reason you should always anchor your safe to the floor and/or wall with the provided mounting bolts.
 
So, should you invest in a safe for your home? Yes, if you have important documents and such to protect a fire and water resistant safe is a good investment. You also gain some protection against the random burglar who breaks into your home unprepared to deal with a safe.
 
If you have expensive jewelry, cash, or other small valuables in your home, and you are concerned about a targeted burglary, then you should consider a safe specifically designed to resist attempts to break into it. Examples of this type of safe includes:
 
 
 
The cost of your safe now increases from the $200 range to the $600 - $700 range, but if you have a few thousand dollars worth of valuables to protect, spending a few hundred more dollars for a more secure safe is probably worth it.
 
If your concern is burglary over fire, you might consider the Gardall LC1414-G-C Commercial Light Duty Safe for around $350. This is a smaller safe (Inside: 13.50" H X 13.50" W X 11.00" D) weight 60 pounds, so you will need to anchor it to the floor / wall.
 
 
 

China’s Surveillance State Will Soon Track Cars Using Mandatory RFID Chips


In a move that comes across as a strengthening of domestic surveillance policies, China will require all new vehicles to have vehicle-identity RFID chips starting next year (2019).

The RFID chips will be read by sensors installed along roads by the government and feed data about the vehicle's location and owner back to the Ministry of Public Security. This kind of RFID scanning is less precise than GPS tracking, given that it only shows when vehicles pass sensors, but it's still plenty to build a profile of someone's habits based on where they drive. (WSJ, June 13, 2018)

Thursday, June 14, 2018

DOJ OIG Report on Comey, Clinton E-mail Investigation



The long-awaited Department of Justice Inspector General report on the handling of the Clinton email investigation by the Justice Department and FBI has been released.

The 568 page report details the Department of Justice's Office of the Inspector General investigation into the conduct of FBI personnel, including former FBI Director James Comey, during the investigation into former Secretary of State Hillary Clinton's use of a private email server (code-named "Midyear Exam") and related events just before the 2016 presidential election. The report reveals details of the FBI's internal communications, including an apparent agency-wide distaste for Lync, the mandated official messaging application for the FBI's internal networks.

The report describes Comey as "insubordinate" while also criticizing then-Attorney General Loretta Lynch for weak leadership. It also criticizes FBI official Peter Strzok for his priorities and communications in the Clinton email probe. (ARS Technica, June 14, 2018)



RFID Capture and Cloning Toolkit



The Boscloner is an All-in-One RFID Cloning Toolkit designed to make RFID badge cloning during a penetration testing engagement lightning fast and super easy, featuring:
  • 3ft Read Range
  • Rechargeable Batteries
  • Bluetooth Support
  • Companion App (iPhone and Android*)
  • Auto-Clone Technology
The Boscloner’s core functionality set revolves around its ability to capture RFID badges from three feet away, automatically clone captured badges (in seconds!) and allow the penetration tester to reach into a pocket and pull out a cloned and fully functioning badge providing instant access to restricted areas.

A YouTube Video demonstrates how easy it is to capture and clone data from an RFID chip using this device.  You can buy your own Boscloner for $1500 from Ace Hackware, or you can build it yourself for a lot less.



Dead Man's Switch


Bad things happen. Sometimes, they happen to you. If something does happen, you might wish there was something you had told the people around you. Dead Man's Switch lets you write a few e-mails and choose the recipients. These emails are stored privately until they're sent. Dead Man's Switch will e-mail you every so often, asking you to show that you are fine by clicking a link. If something were to... happen... to you, your switch would then send the e-mails you wrote to the recipients you specified.

Dead Man's Switch is a useful tool to provide information to others if you become incommunicado (or dead), but there are things you should consider. First, information that you store with Dead Man's Switch is available to the administrators of the site. Sensitive information should be encrypted before it is added to your Dead Man's Switch. This of course means that your intended recipients will need to be able to decrypt and read the messages they receive. If the service provider (Dead Man's Switch) goes out of business your messages might never be delivered. And, if you lose access to the e-mail with the link you are supposed to click to show that you are still alive, your messages might be sent before you want them to be.


CBP Agent Faces Investigation After Questioning Reporter About Her Sources


According to the Washington Post (June 12, 2018) "The actions of a Customs and Border Protection agent who confronted a reporter covering national security issues about her confidential sources are being examined by the CBP’s Office of Professional Responsibility. The agent, Jeffrey A. Rambo, contacted journalist Ali Watkins last June as the Trump administration was ramping up its investigations of unauthorized leaks to reporters, and he identified himself as a government agent. Rambo met with Watkins at a restaurant in Washington after initially contacting her by email. A reporter taking such a meeting with a potential source would not be unusual.

But after he arrived, Rambo said the administration was eager to investigate journalists and learn the identity of their confidential sources to stanch leaks of classified information. He questioned Watkins broadly about her reporting and how she developed information.

Rambo’s behavior was un­or­tho­dox. It’s highly unusual for government investigators to question reporters about their sources, and national security leaks are generally investigated by the FBI, not CBP, part of the Department of Homeland Security. Rambo also contacted Watkins using a personal email address and declined to provide his name."
--
Investigative misconduct is a very serious and a growing problem. Investigations must be conducted within the scope of authority of the agency involved, must follow established agency policy and procedure, and must be consistent in type, scope, and method with other investigations conducted by the agency involved. When these conditions are not met, it is likely that the investigative activity is illegal.

Wednesday, June 13, 2018

U.S. Warns Travelers' to World Cup "Your Electronic Devices Could Be Hacked"


According to Reuters (June 12, 2018) The top U.S. counterintelligence official is advising Americans traveling to Russia for football’s World Cup beginning this week that they should not take electronic devices because they are likely to be hacked by criminals or the Russian government.

In a statement to Reuters on Tuesday, William Evanina, an FBI agent and the director of the U.S. National Counterintelligence and Security Center, warned World Cup travelers that even if they think they are insignificant, hackers could still target them.

“If you’re planning on taking a mobile phone, laptop, PDA, or other electronic device with you - make no mistake - any data on those devices (especially your personally identifiable information) may be accessed by the Russian government or cyber criminals,” he said.

“Corporate and government officials are most at risk, but don’t assume you’re too insignificant to be targeted,” Evanina added. “If you can do without the device, don’t take it. If you must take one, take a different device from your usual one and remove the battery when not in use.”
--

Any international travel can increase the possibility of being targeted by criminal hackers or foreign governments. In travel to some countries, like China, this is almost a certainty. When traveling to Russia or Europe it is a possibility.

The U.S. National Counterintelligence Executive has provided a brochure "Traveling Overseas with Mobile Phones, Laptops, Personal Digital Assistants, and Other Electronic Devices" to help you protect your electronic devices while traveling.

The FCC (March 28, 2018) also provides Cybersecurity Tips for International Travelers.

Booking dot Com (May 4, 2017) offered some tips on How to Avoid Cyber Fraud While Travelling.

Additionally, remember that any electronic devices that you take with you when you leave the United States are subject to being searched when you return with them. The EFF has published a guide "Digital Privacy at the U.S. Border: Protecting the Data On Your Device" that can assist you in understanding your rights at the U.S. border.

Learn to Code


Even if you never plan to be a programmer, if you never intend to write any type of code, it is still useful to have a basic understanding of how computer code works, and of how computers operate.

If however you would like to write your own programs, or maybe just see if programming is for you, then here are a few places to start...

https://code.org/

https://www.codecademy.com/

https://www.freecodecamp.org/

https://dash.generalassemb.ly

https://www.youtube.com/user/CodersGuide (YouTube)


 
This is CS50x, Harvard University's introduction to the intellectual enterprises of computer science and the art of programming for majors and non-majors alike, with or without prior programming experience. An entry-level course taught by David J. Malan, CS50x teaches students how to think algorithmically and solve problems efficiently. Topics include abstraction, algorithms, data structures, encapsulation, resource management, security, software engineering, and web development. Languages include C, Python, SQL, and JavaScript plus CSS and HTML. Problem sets inspired by real-world domains of biology, cryptography, finance, forensics, and gaming.


Exposing and Challenging Government Hacking for Surveillance


Privacy and security are both essential to protecting individuals, including their autonomy and dignity. Undermining privacy undermines the security of individuals, their devices and the broader infrastructure. People need privacy to freely secure themselves, their information, and fully enjoy other rights.

Privacy International has released a report "Pay No Attention to That Man Behind the Curtain: Exposing and Challenging Government Hacking for Surveillance" that discusses the threats we face from hacking and surveillance. 

A Privacy International podcast (30 minutes), discussing government hacking and surveillance is available here. 


U.S. Expects Fallout from Snowden Leaks for Years to Come


According to the Associated Press (AP) (June 4, 2018) "Whistleblower or traitor, leaker or public hero?  National Security Agency contractor Edward Snowden blew the lid off U.S. government surveillance methods five years ago, but intelligence chiefs complain that revelations from the trove of classified documents he disclosed are still trickling out.  That includes recent reporting on a mass surveillance program run by close U.S. ally Japan and on how the NSA targeted Bitcoin users to gather intelligence to combat narcotics and money laundering.

The Intercept, an investigative publication with access to Snowden documents, published stories on both subjects.  The top U.S. counterintelligence official said journalists have released only about 1% taken by the 34-year-old American, now living in exile in Russia.  “This past year, we had more international, Snowden-related documents and breaches than ever,” Bill Evanina, who directs the National Counterintelligence and Security Center, said at a recent conference.  “Since 2013, when Snowden left, there have been thousands of articles around the world with really sensitive stuff that’s been leaked.”

Moscow has resisted U.S. pressure to extradite Snowden, who faces U.S. charges that could land him in prison for up to 30 years. From exile, Snowden often does online public speaking and has been active in developing tools that reporters can use, especially in authoritarian countries, to detect whether they are under surveillance."




Tuesday, June 12, 2018

More Than 2,300 Online Child Sex Offenders Arrested



The Department of Justice announced today (June 12, 2018) the arrest of more than 2,300 suspected online child sex offenders during a three-month, nationwide, operation conducted by Internet Crimes Against Children (ICAC) task forces.

The task forces identified 195 offenders who either produced child pornography or committed child sexual abuse, and 383 children who suffered recent, ongoing, or historical sexual abuse or production of child pornography.

The operation targeted suspects who: (1) produce, distribute, receive and possess child pornography; (2) engage in online enticement of children for sexual purposes; (3) engage in the sex trafficking of children; and (4) travel across state lines or to foreign countries and sexually abuse children.

For more information about Internet Safety visit the Internet Crimes Against Children web-site.


What Will Microsoft's GitHub Buy Mean for Controversial Code?



Microsoft announced it has bought GitHub, the open source code repository that’s basically a social network for developers. It’s one of the most beloved and popular sites on the web, hosting everything from Bitcoin’s code to Germany’s laws and regulations to NASA’s exoplanet hunting software. But it’s also home to the code that allows people to make deepfakes: AI-assisted nonconsensual porn videos that realistically swap one person’s face onto another person’s body. And now the very mixed bag of a site is Microsoft’s problem. “The tech giant will face similar content moderation challenges that peers like Facebook and Google have,” writes security reporter Louise Matsakis. “But with code instead of speech.”

How’s the GitHub community taking the news? Well, according to Matsakis, the top repository on GitHub Tuesday was the “GitHub Evacuation Center.” But people aren’t just moving elsewhere because the open source town got a sheriff. Microsoft’s business entanglements put it at cross purposes with a lot of big GitHub projects. On the semi-frivolous end, there’s Xbox emulators, which allow gamers to play console games on their computers (without, ahem!, buying an expensive console from Microsoft). But GitHub also provides valuable resources for people who only have access to heavily censored areas of the internet. GitHub has run afoul of major Microsoft customers like China because it hosts things like tools for circumventing China’s internet censorship and the Chinese edition of The New York Times. “GitHub isn’t a perfect defender of censorship, but they still host [articles about the student-led protests at] Tiananmen Square,” says Rob Graham, CEO of Errata Security. “That’s likely to disappear under Microsoft.”  (Wired, June 5, 2018

CryptoParty Washington D.C. - The New York Times Talks Data Protection


Cyber-Security super guru, Runa Sandvik @runasand (and others) will present at the 2nd New York Times CryptoParty in Washington, D.C. If you can be in Washington, D.C. on the evening of July 11, 2018 you should attend this event.

CryptoParty Washington D.C.: The New York Times Talks Data Protection
Wednesday, July 11, 2018
6:30 - 9 p.m.

The Mansion on O Street
2020 O Street NW
Washington, D.C.

Raise a drink to locked-down data — and learn how reporters circumvent it — at our Washington CryptoParty. You’ll learn the basics of cybersecurity and how to protect your personal information, which has become a commodity product. Hear The Times’s senior director of information security Runa Sandvik, a hacker-turned-security expert, and national security reporter Matthew Rosenberg, who will discuss how he keeps his sources and himself safe when dealing with American spies, Russian cybercriminals  and private companies. They will be joined by The Times's executive director of information security Bill McKinley, CryptoHarlem founder Matthew Mitchell and others.

China Hacked Navy Contractor, Stole Sensitive Data on Submarine Warfare


According to the Seattle Times (June 8, 2018), Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to undersea warfare - including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020. The hackers targeted a contractor who works for the Naval Undersea Warfare Center. Taken were 614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit’s electronic warfare library.
--

*** Everybody hates the security manager and the FSO until someone steals your secrets! *** 



Monday, June 11, 2018

Free USB Fan for Journalists at Kim-Trump Summit in Singapore



Journalists at the 2018 North Korea-United States Summit (Kim-Trump Summit in Singapore) were given a free USB fan. This was in a bag of "gifts" distributed to members of the press pool. Just plug it into your computer's USB port and stay cool while you file your stories.

Ahhh... when the government gives you a free USB, don't plug it into your computer!


Yahoo Messenger Discontinued July 17th


The announcement comes just six months after Yahoo and AOL's parent company Oath discontinued AIM (AOL Instant Messenger).

Yahoo Messenger will only continue working normally until July 17, 2018.  After that date, you will no longer be able to access your chats and the service won't work. Your Yahoo ID will continue to work for other Yahoo properties like Mail and Fantasy.
--

If you are still using Yahoo Messenger, now would be a great time to switch to a end-to-end encrypted messenger such as Signal Private Messenger or WhatsApp.

How to Make Your Online Communications More Secure


June 9, 2018 article in the Washington Post "Don’t be Paul Manafort: How to make your online communications more secure" is worth reading because it highlights that there is more to communications security than just using encryption. Of course, encryption is important but if the person with whom you are communicating provides copies of your messages to the Feds, or if the government can seize unencrypted copies of your messages, then your encryption is defeated.

From the article...

Over the past week we’ve learned of two incidents in which conversations that people thought were private actually were not. In each case, two people were communicating electronically, using applications that allow for end-to-end encryption.
 
What does that mean? It means that each person’s messages were placed into locked digital envelopes that only the other person could open. As a message passed over the Internet, it couldn’t be read, unlike, say, most email messages, which move over the Internet like postcards in the postal system.

The first incident involves Paul Manafort, the chairman of President Trump’s 2016 campaign. He was indicted by special counsel Robert S. Mueller III on two new charges Friday after WhatsApp messages he had sent suggested - per prosecutors - that he was trying to persuade a third party to tell Mueller something false. WhatsApp messages have end-to-end encryption, but the government apparently gained access to them in two ways. For one, they were backed up online, the equivalent of putting photocopies of a letter in a folder at your house. For another, it seems that the person to whom the messages were being sent turned copies over to investigators.

The other recent incident involves charges filed against a Senate Intelligence Committee staffer named James A. Wolfe. Wolfe communicated with a reporter using the encrypted platform Signal - but the government appears to have found messages on his phone. In this case, it’s a bit like having the opened letter lying on your kitchen table when the police show up with a search warrant.


Support the EFF When You Shop with AmazonSmile

 
AmazonSmile is a website operated by Amazon that lets customers enjoy the same wide selection of products, low prices, and convenient shopping features as on Amazon.com. The difference is that when customers shop on AmazonSmile, the AmazonSmile Foundation will donate 0.5% of the price of eligible purchases to the charitable organizations selected by customers.

One of the charities you may choose to support is the Electronic Frontier Foundation @EFF.

Just go to https://smile.amazon.com/ and select the Electronic Frontier Foundation (EFF) as your charity of choice. Then whenever you make a purchase from Amazon, just begin your shopping at https://smile.amazon.com/ and the EFF will receive a donation of 0.5% of whatever you purchase.

This doesn't cost you any thing additional, all donations are made by the AmazonSmile Foundation based on the amount of money you spend when shopping on Amazon.  You can read more about AmazonSmile here: https://org.amazon.com/.

If you are not already supporting a charity through AmazonSmile, why not sign-up and begin supporting the Electronic Frontier Foundation today?

 
 
 

Sunday, June 10, 2018

Mooltipass


Mooltipass is a hardware based password manager that can be used with any USB enabled device.

To use the Mooltipass device it must be connected to your computer or smartphone via a USB connection. You download an app which allows Mooltipass to communicate over the USB connection with your computer or smartphone and provide your login credentials to web-sites and applications.

You gain access to your Mooltipass device by using the provided smartcard and a PIN.

I strongly recommend that you use a password manager of some type to secure your on-line credentials, and with Mooltipass you get the increased security of having that password manager contained in a removable hardware device.


National Security Agency (NSA) Security Motivational Posters


As part of a FOIA request the National Security Agency (NSA) has released 136 security and motivational posters from the 1950s and 1960s.

You can download a PDF (73 MB) file containing all of the posters from the Government Attic.




Vermont Passes First Law to Crack Down on Data Brokers



While Facebook and Cambridge Analytica are hogging the spotlight, data brokers that collect your information from hundreds of sources and sell it wholesale are laughing all the way to the bank. But they’re not laughing in Vermont, where a first-of-its-kind law hems in these dangerous data mongers and gives the state’s citizens much-needed protections.

This data exists in a regulatory near-vacuum. As long as they step carefully, data brokers can maintain what amounts to a shadow profile on consumers.

If you use an actual credit score, it’s regulated under the Fair Credit Reporting Act, but if you take a thousand points like shopping habits, zip code, housing status, you can create a new credit score; you can use that and it’s not discrimination.

And while medical data like blood tests are protected from snooping, it’s not against the law for a company to make an educated guess your condition from the medicine you pay for at the local pharmacy. Now you’re on a secret list of “inferred” diabetics, and that data gets sold to, for example, Facebook, which combines it with its own metrics and allows advertisers to target it.

Vermont’s new law, which took effect late last week, is the nation’s first to address the data broker problem directly.  (Tech Crunch, May 27, 2018)

You can read the full law here.