fbpx

Free tools and resources for Data Protection Officers!

Category Archives for "Security"

On privacy impact assessment and leaking data of millions of users

Anonymizing location data is hard. If you absolutely need to do this, better consult someone knowledgable.

Privacy impact assessments should not conform to fixed templates. These should be strict, technical analyses.

Full article: On privacy impact assessment and leaking data of millions of users

Tech giants unite to launch data security consortium

Big tech firms including Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft and Red Hat have announced they are to create the Confidential Computing Consortium in a bid to boost security for data in use.

Founded by the Linux Foundation, the group will seek to unite hardware vendors, developers, open source experts and other leading organisations to help safeguard the confidentiality of computing, improve open source standards and instil better standards around data protection.

Source: #privacy: Tech giants unite to launch data security consortium

How hackers can use stolen fingerprints

Hackers could use a stolen fingerprint to break into a fairly rudimentary security system. A more advanced system might be possible, too, if they have lots of time and money at their disposal.

There are multiple ways to fool fingerprint readers. Stolen fingerprints are more helpful to hackers if they also have metadata – associated identities and login information, since two-factor security systems often require both conventional passwords and fingerprint scans.

Full article: How criminals might use stolen fingerprints.

Amazon’s Ring Is a Perfect Storm of Privacy Threats

Recent reports show that Ring has partnered with police departments across the country to hawk this new surveillance system—going so far as to draft press statements and social media posts for police to promote Ring cameras.

This creates a vicious cycle in which police promote the adoption of Ring, Ring terrifies people into thinking their homes are in danger, and then Amazon sells more cameras.

Source: Amazon’s Ring Is a Perfect Storm of Privacy Threats | Electronic Frontier Foundation

Facebook is Opening Privacy Check-Up Cafes

In an attempt to convince its two billion users that it truly cares about their privacy, Facebook is opening a number of pop-up privacy check-up cafes.

At the five Facebook cafes, visitors will get free drinks and a tutorial on how to customize their privacy settings — something you’d normally have to pay people to do in their spare time.

Source: Facebook is Opening Privacy Check-Up Cafes, for Some Reason

4 Dating Apps Pinpoint Users’ Precise Locations – and Leak the Data

Grindr, Romeo, Recon and 3fun were found to expose users’ exact locations, just by knowing a user name. Four popular dating apps that together can claim 10 million users have been found to leak precise locations of their members.

“By simply knowing a person’s username we can track them from home, to work,” explained Alex Lomas, researcher at Pen Test Partners, in a blog on Sunday. “We can find out where they socialize and hang out. And in near real-time.”

Source: 4 Dating Apps Pinpoint Users’ Precise Locations – and Leak the Data | Threatpost

DSAR test reveals huge data breach potential

A phoney data subject access request (DSAR) made by a woman’s partner to companies in the UK and the US prompted a return of personal data from 25% of the firms contacted.

The security specialist making the request leveraged the terms of the GDPR to make his claim. He got in touch with dozens of companies on both sides of the Atlantic, stating in each case that he wanted information held on his fiancée. One of the data returns held his fiancée’s criminal record check.

Source: DSAR test reveals huge data breach potential

Contractors at Microsoft eavesdrop on some Skype calls

Amazon and Google have been in the headlines recently over how the tech giants’ workers eavesdrop on the audio footage picked up by smart assistants. Now Microsoft has explaining to do following reports that its employees listen in on real Skype conversations that have gone through translation software processing.

People contracted to work with Microsoft take dialogues in for review as a means of translation quality control. No mention of this surveillance appears in Skype’s terms and conditions.

Source: Contractors at Microsoft eavesdrop on some Skype calls

Data Breaches Show it’s Time to Rethink Use of Social Security Numbers

The Social Security number — created in 1936 to track Americans’ social benefits — was never meant to be a form of identity verification. But that line disappeared in the mid-1970s, and the single identifier proved convenient when it came time for the U.S. to handle information using computers.

But we shouldn’t be using an unchangeable nine-digit code for verification. It’s a little like having a Facebook password that we can’t change even if we know somebody else has it.

Full article: Data Breaches Show it’s Time to Rethink Social Security Numbers | Time.com

New DPIA on Microsoft Office and Windows software: still privacy risks remaining

Three new DPIAs, which Privacy Company has carried out for the central Dutch government, show that Microsoft has mitigated the eight previously identified privacy risks for Office 365 ProPlus through a combination of technical, organisational and contractual measures.

However, the new privacy conditions for the central Dutch government do not yet apply to the data processing via Windows 10 Enterprise or the mobile Office apps. Moreover, certain technical improvements that Microsoft has implemented in Office 365 ProPlus are not (yet) available in Office Online.

Therefore, SLM Rijk advises government institutions to, for the time being, refrain from using Office Online and the mobile Office apps, and to opt for the lowest possible level of data collection in Windows 10.

Full article: New DPIA on Microsoft Office and Windows software: still privacy risks remaining (long blog)

1 2 3 99
>