security

Zoom and Prostitution

Zoom really made a splash during the pandemic and I think overall it improved people’s lives during a hard time. But, it also proved to be dishonest and pretty gross. Now they are finally paying a tiny amount as a penalty. But this line from Bruce Schneier really caught my attention: …for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent.

I Can Haz Gratitude

Great blog post about the burdens of running a tiny piece of software that became a critical piece of global infrastructure. There was a phase for a few years where malware authors kept writing malware that would call out to icanhazip.com to find out what they had infected. If they could find out the external IP address of the systems they had compromised, they could quickly assess the value of the target.

What I Learned Trying To Secure Congressional

Maciej Cegłowski (of Pinboard fame) writes about the Sisyphean effort of trying to secure political campaigns against hacking. Very few people are aware that there is a big jump in safety between using a laptop and using a phone/iPad. Even I forget that little tidbit. iOS (and the App Store) dramatically reduce the risks of using a computer.

Does Australia's access and assistance law impact 1Password?

Does Australia’s access and assistance law impact 1Password? One of the most disturbing things about the Assistance and Access Act is that it apparently authorizes the Australian government to compel someone subject to its laws to surreptitiously take actions that harm our customers’ privacy and security without revealing that to us. Would an Australian employee of 1Password be forced to lie to us and do something that we would definitely object to?

ProtonMail launches standalone iOS app | Computerworld

ProtonMail launches standalone iOS app | Computerworld Proton’s VPN routes users through encrypted tunnels, and the VPN app for iOS supports advanced security features, such as Secure Core, which passes mobile user traffic through multiple servers (325 servers are available) to defend against bad actors attempting to trace mobile IP addresses, and Tor via VPN. The new app also uses the latest Internet Key Exchange (IKEv2) protocol, which provides for higher speeds and stability on a VPN network.

Anti-SLAPP Suit After Trying To Punish Paper For Exposing Its Redaction Failure

What was delivered to the Sun Sentinel by the district had black redaction bars covering two-thirds of the document. Unfortunately, the redactions were merely cosmetic. Anyone with a copy of the PDF could select the “redacted” text in the PDF and paste it into a text editor to see what was supposed to have been withheld. People, please learn how to work with PDFs. It’s a 25 year old technology that is now the gold standard for information archiving.

Configure an Encrypted TimeMachine For High Sierra

I purchased a nice external drive to use for TimeMachine on my Mac.1 After formatting the drive and configuring encrypted TimeMachine backups I noticed it was taking a very long time to complete. I waited a day for it to complete and discovered I had a new problem. Every backup took an hour to complete and several more hours to encrypt. That definitely didn’t seem right. I stumbled across this MacRumors thread about properly creating an encypted TimeMachine volume so I thought it was worth summarizing what worked for me.

PayPal Data Sharing

I found out about this through one of my Pinboard feeds. PayPal documents around 600 different third parties they share user data with. I only use PayPal as a last resort but I might be changing that too. It’s really no more secure than just using a credit card online plus I’ve read plenty of stories about how hard it can be to reverse fraudulent charges through PayPal.

MoviePass and Location Data

From Jon Fingas at Engadget: MoviePass' approach to gathering viewer data might raise eyebrows. According to Media Play News, CEO Mitch Lowe told those at a business forum that the movie subscription service’s app not only tracks your location, but follows you to and from the theater. “We watch how you drive from home to the movies,” he said, adding that “we watch where you go afterwards.” Not surprisingly, the company is hoping to understand customer habits and “build a night at the movies.

Graphite on Blockstack

I’d never heard of Graphite or Blockstack before this week. I usually avoid all articles concerning blockchain tech because it’s the new Web 2.0 trend that feels more like marketing than anything else. On the other hand, I really like the idea of Graphite. It’s a secure alternative to Google Docs that can be used pretty much anywhere I have an internet connection. I don’t claim to understand exactly how the blockchain works to decentralize a document editor but I know just enough to think it’s still a neat idea.