fbpx

Written By Bram Jansen

A lot more people are concerned about privacy today than used to be the case a few years ago. The efforts of whistleblowers like Edward Snowden have a lot to do with this. Things have changed now that people realize just how vulnerable they are when browsing the web. When we say things have changed we mean people are starting to take their online privacy more seriously. It does not mean that the threats that you face while browsing has reduced. If anything, they have increased in number. If you still don’t look after your online privacy, there’s no time to think about it anymore. You have to take action now.

5 reasons to protect online privacy

1- Hide from government surveillance

Almost all countries of the world monitor the online activity of their citizens to some degree. It doesn’t matter how big or developed the country is. If you think that your government doesn’t look into your online privacy at all, you’re deluding yourself. The only thing that varies is the extent to which your internet activity is monitored and the information that is recorded.

2- Bypass government censorship

There are large parts of the world where internet is not a free place. Governments censor the internet and control what their citizens can and cannot access and do on the internet. While most people know about The Great Firewall of China and the way middle-eastern countries block access to social networking and news websites, the problem is there are a lot more countries.

3- Protect your personal data

You use the internet to share a lot of personal data. This includes your private conversations, pictures, bank details, social security numbers, etc. If you are sharing this without hiding it, then it is visible to everyone. Malicious users can intercept this data and make you a victim of identity theft quite easily. While HTTPS might protect you against them, not all websites use it.

4- Hiding P2P activity is important

P2P or torrenting is a huge part of everyone’s internet usage today. You can download all sorts of files from P2P websites. However, many of this content is copyrighted and protected by copyright laws. While downloading copyrighted content for personal usage is legal, sharing it is illegal. The way P2P works you are constantly sharing the files as you download them. If someone notices you downloading copyrighted content, you might be in trouble. There is a lot of vagueness when it comes to copyright laws, so it’s best to hide your torrent activity. Even those in Canada have to use P2P carefully. The country provides some of the fastest connections but is strengthening its stronghold on P2P users.

5- Stream content peacefully without ISP throttling

When you stream or download content, your ISP might throttle your bandwidth to balance the network load. This is only possible because your ISP can see your activity. You are robbed of a quality streaming experience because of this. The solution is to hide your online activity.

Online privacy is fast becoming a myth, and users have to make efforts to have some privacy on the internet. The best way to do this is to use a VPN, for they encrypt your connection and hide your true IP address. But be careful when you choose a VPN. If you don’t know how to choose the best VPN, visit VPNAlert for the detailed solution. Or choose a VPN that does not record activity logs and does not hand over data to the authorities, otherwise all your efforts will be for naught.  

Categorized in Internet Privacy

It’s powerful, it’s shiny, and everyone wants one, including thieves and hackers. Your MacBook holds your world: work files, music, photos, videos, and a lot of other stuff you care about, but is your MacBook safe and protected from harm?  Let’s take a look at 5 MacBook Security Tips you use to make your MacBook an impenetrable and unstealable mobile data fortress:

1. LoJack Your Mac Now So You Can Recover it After it’s Been Stolen

We’ve all heard about the iPhone and the Find My iPhone app, where users of Apple’s MobileMe service can track down their lost or stolen iPhone via a website by leveraging the iPhone’s location awareness capabilities.

 That’s great for iPhones, but what about your MacBook? Is there an app for that? Yes, there is! 

For a yearly subscription fee, Absolute Software’s LoJack for Laptops software will provide both data security and theft recovery services for your MacBook.  The software starts at $35.99 and is available in 1-3 year subscription plans.  LoJack integrates at the BIOS firmware level, so a thief who thinks that just wiping the hard drive of your stolen computer will make it untraceable is in for a real surprise when he connects to the net and LoJack starts broadcasting the location of your MacBook, without him even knowing it.  Knock, knock!  Who’s there?  It’s not housekeeping!

There is no guarantee that you will get your shiny MacBook back, but the odds are greatly improved if you have LoJack installed versus if you don’t.  According to their website, Absolute Software’s Theft Recovery Team averages about 90 laptop recoveries per week.

2. Enable your MacBook’s OS X Security Features (Because Apple Didn’t)

The Mac operating system, known as OS X, has some great security features that are available to the user. The main problem is that while the features are installed, they are not usually enabled by default. Users must enable these security features on their own.

 Here are the basic settings that you should configure to make your MacBook more secure:

Disable Automatic Login and Set a System Password

While it’s convenient not to have to enter your password every time you boot up your computer, or when the screensaver kicks in, you might as well leave the front door to your house wide open because your MacBook is now an all-you-can-eat data buffet for the guy who just stole it. With one click of a checkbox and the creation of a strong password, you can enable this feature and put another roadblock in the hacker or thief’s path.

Enable OS X’s FileVault Encryption

Your MacBook just got stolen but you put a password on your account so your data is safe, right? Wrong!

Most hackers and data thieves will just pull the hard drive out of your MacBook and hook it to another computer using an IDE/SATA to USB cable. Their computer will read your MacBook’s drive just like any other DVD or USB drive plugged into it. They won’t need an account or password to access your data because they have bypassed the operating system’s built-in file security. They now have direct access to your files regardless of who is logged in. 

The easiest way to prevent this is to enable file encryption using OSX’s built-in FileVault tool.

FileVault encrypts and decrypts files associated with your profile on the fly using a password that you set. It sounds complicated, but everything happens in the background so you don’t even know anything is going on. Meanwhile, your data is being protected so unless they have the password the data is unreadable and useless to thieves even if they take the drive out and hook it to another computer.

For stronger, whole disk encryption with advanced features, check out TrueCrypt, a free, open source file, and disk encryption tool.

Turn on Your Mac’s Built-in Firewall

The built-in OS X Firewall will thwart most hacker’s attempts to break into your MacBook from the Internet.

It’s very easy to setup. Once enabled, the Firewall will block malicious inbound network connections and regulates outbound traffic as well. Applications must ask permission from you (via a pop-up box) before they attempt an outbound connection. You can grant or deny access on a temporary or permanent basis as you see fit.  

We have detailed, step--by-step guidance on how to Enable OS X's Security Features

All of the security features mentioned here can be accessed by clicking on the Security icon in the OS X System Preferences window

3. Install Patches? We Don’t Need no Stinking Patches! (yes we do)

The exploit/patch cat and mouse game are alive and well. Hackers find a weakness in an application and develop an exploit. The application’s developer addresses the vulnerability and releases a patch to fix it.  Users install the patch and the circle of life continues.

Mac OS X will automatically check for Apple-branded software updates on a regular basis and will often prompt you to download and install them. Many 3rd party software packages such as Microsoft Office have their own software update app that will periodically check to see if there are any patches available. Other applications have a manual “Check for Updates” feature often located in the Help menu. It is a good idea to perform or schedule an update check on at least a weekly basis for your most used applications so that you aren’t as vulnerable to software-based exploits.

4. Lock it Down. Literally. 

If someone wants to steal your computer bad enough they are going to, no matter how many layers of defense you put up.

 Your goal should be to make it as difficult as possible for a thief to steal your MacBook.  You want them to become discouraged enough to move on to easier targets. 

The Kensington Lock, which has been around for decades, is a security device for physically connecting your laptop with a steel cable loop to a large piece of furniture or some other object that is not easily moved.  Every MacBook has a Kensington Security Slot, also know as a K-Slot.  The K-Slot will accept a Kensington-type lock. On newer MacBooks, the K-Slot is located to the right of the headphone jack on the left side of the device.  

Can these locks be picked?  Yes.  Can the cable be cut with the right tools?  Yes. The important thing is that the lock will deter the casual theft of opportunity.  A would-be thief who breaks out his lock picking kit and Jaws of Life wire cutters in the Library to steal your MacBook will likely arouse more suspicion than if he just walked away with the laptop sitting next to yours that wasn’t tethered to a magazine rack. 

The basic Kensington Lock comes in many varieties, costs about $25, and is widely available at most office supply stores.

5. Protect Your Mac’s Gooey Center With a Hard-shell Configuration

If you are really serious about security and want to delve way down deep into your settings to make sure your Mac’s security is as bulletproof as possible, then surf on over to the Apple support website and download the OS X security configuration guides. These well put together documents detail all the settings that are available to lock down every aspect of the OS to make it as secure as possible.

Just be careful that you balance security with usability. You don’t want to lock your MacBook up so tight that you can’t get into it yourself.

Source: This article was published lifewire.com By Andy O'Donnell

Categorized in Internet Privacy

FILE - CIA Director Mike Pompeo testifies before a Senate Intelligence hearing during his nomination process, in Washington, Jan. 12, 2017.

WASHINGTON — If this week’s WikiLeaks document dump is genuine, it includes a CIA list of the many and varied ways the electronic device in your hand, in your car, and in your home can be used to hack your life.

It’s simply more proof that, “it’s not a matter of if you’ll get hacked, but when you’ll get hacked.” That may be every security expert’s favorite quote, and unfortunately, they say it’s true. The WikiLeaks releases include confidential documents the group says exposes “the entire hacking capacity of the CIA.”

The CIA has refused to confirm the authenticity of the documents, which allege the agency has the tools to hack into smartphones and some televisions, allowing it to remotely spy on people through microphones on the devices.

Watch: New Generation of Hackable Internet Devices May Always Be Listening

Screenshot 1

WikiLeaks also claimed the CIA managed to compromise both Apple and Android smartphones, allowing their officers to bypass the encryption on popular services such as Signal, WhatsApp and Telegram.

For some of the regular tech users, news of the leaks and the hacking techniques just confirms what they already knew. When we’re wired 24-7, we are vulnerable.

“The expectation for privacy has been reduced, I think,” Chris Coletta said, “... in society, with things like WikiLeaks, the Snowden revelations ... I don’t know, maybe I’m cynical and just consider it to be inevitable, but that’s really the direction things are going.”

The internet of things

The problem is becoming even more dangerous as new, wired gadgets find their way into our homes, equipped with microphones and cameras that may always be listening and watching.

One of the WikiLeaks documents suggests the microphones in Samsung smart TV’s can be hacked and used to listen in on conversations, even when the TV is turned off.

Security experts say it is important to understand that in many cases, the growing number of wired devices in your home may be listening to all the time.

“We have sensors in our phones, in our televisions, in Amazon Echo devices, in our vehicles,” said Clifford Neuman, the director of the Center for Computer Systems Security, at the University of Southern California. “And really almost all of these attacks are things that are modifying the software that has access to those sensors so that the information is directed to other locations. Security practitioners have known that this is a problem for a long time.”

Neuman says hackers are using the things that make our tech so convenient against us.

“Certain pieces of software and certain pieces of hardware have been criticized because, for example, microphones might be always on,” he said. “But it is the kind of thing that we’re demanding as consumers, and we just need to be more aware that the information that is collected for one purpose can very easily be redirected for others.”

Tools of the espionage trade

The WikiLeaks release is especially damaging because it may have laid bare a number of U.S. surveillance techniques. The New York Times says the documents it examined layout programs called “Wrecking Crew” for instance, which “explains how to crash a targeted computer, and another tells how to steal passwords using the autocomplete function on Internet Explorer.”

Steve Grobman, chief of the Intel Security Group, says that’s bad not only because it can be done, but also because so-called “bad actors” now know it can be done. Soon enough, he warns, we could find our own espionage tools being used against us.

“We also do need to recognize the precedents we set, so, as offensive cyber capabilities are used ... they do give the blueprint for how that attack took place. And bad actors can then learn from that,” he said.

So how can tech-savvy consumers remain safe? Security experts say they can’t, and to remember the “it’s not if, but when” rule of hacking.

The best bet is to always be aware that if you’re online, you’re vulnerable.

Source: This article was published voanews.com By Kevin Enochs

Categorized in Online Research

IC Realtime introduces video search engine technology that will augment surveillance systems using analytics, natural language processing, and machine vision.

LAS VEGAS--(BUSINESS WIRE)--PEPCOM at CES 2018 – IC Realtime, a leader in digital surveillance and security technology announces today the introduction of Ella, a new cloud-based deep-learning search engine that augments surveillance systems with natural language search capabilities across recorded video footage.

#helloella - @ICRealtime introduces Ella, a deep learning engine for #surveillance systems at #CES2018

Ella uses both algorithmic and deep learning tools to give any surveillance or security camera the ability to recognize objects, colors, people, vehicles, animals and more. Ella was designed with the technology backbone of Camio, a startup founded by ex-Googlers who realized there could be a way to apply search to streaming video feeds. Ella makes every nanosecond of video searchable instantly, letting users type in queries like “white truck” to find every relevant clip instead of searching through hours of footage. Ella quite simply creates a Google for video.

“The idea was born from a simple question: if we can search the entire internet in under a second, why can’t we do the same with video feeds,” said Carter Maslan, CEO of Camio. “IC Realtime is the perfect partner to bring this advanced video search capability to the global surveillance and security market because of their knowledge and experience with the needs of users in this space. Ella is the result of our partnership in fine-tuning the service for security applications.”

The average surveillance camera sees less than two minutes of interesting video each day despite streaming and recording 24/7. On top of that, traditional systems only allow the user to search for events by date, time, and camera type and to return very broad results that still require sifting, often taking hours of time.

Ella instead does the work for users to highlight the interesting events and to enable fast searches of their surveillance & security footage for the events they want to see and share. From the moment Ella comes online and is connected, it begins learning and tagging objects the cameras sees. The deep learning engine lives in the cloud and comes preloaded with recognition of thousands of objects like makes and models of cars; within the first minute of being online, users can start to search their footage.

Hardware agnostic, Ella also solves the issue of limited bandwidth for any HD streaming camera or NVR. Rather than push every second of recorded video to the cloud, Ella features interest-based video compression. Based on machine learning algorithms that recognize patterns of motion in each camera scene to recognize what is interesting within each scene, Ella will only record in HD when it recognizes something important. By learning from what the system sees, Ella can reduce false positives by understanding that a tree swaying in the wind is not notable while the arrival a delivery truck might be. Even the uninteresting events are still stored in a low-resolution time-lapse format, so they provide 24x7 continuous security coverage without using up valuable bandwidth.

“The video search capabilities delivered by Ella haven't been feasible in the security and surveillance industry before today,” said Matt Sailor, CEO for IC Realtime. “This new solution brings intelligence and analytics to security cameras around the world; Ella is a hardware agnostic approach to cloud-based analytics that instantly moves any connected surveillance system into the future.”

Ella works with both existing DIY and professionally installed surveillance and security cameras and is comprised of an on-premise video gateway device and the cloud platform subscription. Ella subscription pricing starts at $6.99 per month and increases with storage and analysis features needed for the particular scope of each project. To learn more about Ella, visit www.smartella.com.

For more information about IC Realtime please visit http://www.icrealtime.com.

For more information on Camio please visit https://camio.com.

About IC Realtime

Established in 2006, IC Realtime is a leading digital surveillance manufacturer serving the residential, commercial government, and military security markets. With an expansive product portfolio of surveillance solutions, IC Realtime innovates, distributes, and supports global video technology. Through a partnership with technology platform Camio, ICR created Ella, a cloud-based deep learning solution that augments surveillance cameras with natural language search capabilities. IC Realtime is revolutionizing video search functionality for the entire industry. IC Realtime is part of parent company IC Real Tech, formed in 2014 with headquarters in the US and Europe. Learn more at http://icrealtime.com

Connect with IC Realtime on Facebook at www.facebook.com/icrealtimeus or on Twitter at www.twitter.com/icrealtime.

Contacts

Caster Communications
Peter Girard
This email address is being protected from spambots. You need JavaScript enabled to view it.

Source: This article was published businesswire.com

Categorized in News & Politics

IOT IS COMING and a lot of IT execs are scared silly. Or maybe it’s more accurate to say they are resigned to their fates.

In a May study of 553 IT decision makers, 78% said they thought it was at least somewhat likely that their businesses would suffer data loss or theft enabled by IoT devices. Some 72% said the speed at which IoT is advancing makes it harder to keep up with evolving security requirements.

Such fears are rooted in reality. Last October, hackers took down the company that controls much of the Internet’s domain name system infrastructure using some 100,000 “malicious endpoints” from IoT devices. More recently, the WannaCry ransomware attack crippled some Bank of China ATM networks and washing machine networks. For naysayers, those attacks validated fears that hackers could cause mayhem by commandeering our IoT devices.

At the same time, the IoT industry continues its steady growth path. Gartner predicts that by 2020 there will be some 21 billion IoT devices in existence, up from 5 billion in 2015. About 8 billion of those devices will be industrial, not consumer devices. Both present a juicy target for hackers.

For some, it seems like IoT is a slow-motion wreck playing out in real time. “The reason that the industry hasn’t backed off is the value proposition is very powerful,” said Chris Moyer, CTO, and VP-cybersecurity at DXC. “The risk proposition is also very powerful and that’s where the balancing is going on.”

Regardless of the industry’s appetite, IoT isn’t likely to get a scale until the industry addresses its security issue. That will take a cooperation among vendors, government intervention, and standardization. In 2017, none of those things appear to be on the horizon.

What’s wrong with IoT security

The consensus is that IoT is still under-secured and presents possibly catastrophic security risks as companies trust IoT devices for business, operational and safety decisions.  Existing standards are not in place and vendors keep struggling to embed the right level of intelligence and management into products.  Add the increasing collaboration among attackers and then it creates a need to address these challenges across a set of dimensions.

Consider what we face with the security of IoT devices;

  • Unlike PCs or smartphones, IoT devices are generally short on processing power and memory. That means that they lack robust security solutions and encryption protocols that would protect them from threats.
  • Because such devices are connected to the Internet, they will encounter threats daily. And search engines for IoT devices exist that offer hackers an entrée into webcams, routers and security systems.
  • Security was never contemplated in the design or development stages for many of these Internet-connected devices.
  • It’s not just the devices themselves that lack security capability; many of the networks and protocols that connect them don’t have a robust end-to-end encryption mechanism.
  • Many IoT devices require manual intervention to be upgraded while others can’t be upgraded at all. “Some of these devices were built very rapidly with limited design thinking beyond Iteration 1 and they’re not update-able,” said Moyer.
  • IoT devices are a “weak link” that allows hackers to infiltrate an IT system. This is especially true if the devices are linked to the overall network.
  • Many IoT devices have default passwords that hackers can look up online. The Mirai distributed denial of services attack was possible because of this very fact.
  • The devices may have “backdoors” that provide openings for hackers.
  • The cost of security for a device may negate its financial value. “When you have a 2-cent component, when you put a dollar’s worth of security on top of it, you’ve just broken the business model,” said Beau Woods, an IoT security expert.
  • The devices also produce a huge amount of data. “It’s not just 21 billion devices you have to work with,” said Kieran McCorry, director of technology programs at DXC. “It’s all the data generated from 21 billion devices. There are huge amounts of data that are almost orders of magnitude more than the number of devices that are out there producing that data. It’s a massive data-crunching problem.”

Taking such shortcomings into account, businesses can protect themselves to a certain extent by following best practices for IoT security. But if compliance isn’t 100% (which it won’t be) then, inevitably, attacks will occur and the industry will lose faith in IoT. That’s why security standards are imperative.

Who will set the standards?

Various government agencies already regulate some IoT devices. For instance, the FAA regulates drones and the National Highway Traffic Safety Administration regulates autonomous vehicles. The Department of Homeland Security is getting involved with IoT-based smart cities initiatives. The FDA also has oversight of IoT medical devices.

At the moment though, no government agency oversees the IoT used in smart factories or consumer-focused IoT devices for smart homes. In 2015, the Federal Trade Commission issued a report on IoT that included advice on best practices. In early 2017, the FTC also issued a “challenge” to the public to create a “tool that would address security vulnerabilities caused by out-of-date software in IoT devices” and offered a $25,000 prize for the winner.

Moyer said that while the government will regulate some aspects of IoT, he believes that only the industry can create a standard. He envisions two pathways to such a standard: Either buyer will push for one and refuse to purchase items that don’t support a standard or a dominant player or two will set a de facto standard with its market dominance. “I don’t think it’s going to happen that way,” Moyer said, noting that no such player exists.

Instead of one or two standards, the industry has several right now and none appears to be edging toward dominance. Those include vendor-based standards and ones put forth by the IoT Security Foundation, the IEEE, the Trusted Computing Group, the IoT World Alliance and the Industrial Internet Consortium Security Working Group. All of those bodies are working on standards, protocols and best practices for security IoT environments.

Ultimately what will change the market is buyers, who will begin demanding standards, Moyer said. “Standards get set for lots of reasons,” Moyer said. “Some are regulatory but a lot is because buyers say it’s important to me.”

Lacking standards, Woods sees several paths to improve IoT security. One is transparency in business models. “If you’re buying 1,000 fleet vehicles, one might be able to do over-the-air updates and the other we’d have to replace manually and it would take seven months,” Woods said. “It’s a different risk calculus.”

Another solution is to require manufacturers to assume liability for their devices. Woods said that’s currently the case for hardware devices, but it is often unclear who assumes liability for software malfunctions.

AI to the rescue?

A wildcard in this scenario is artificial intelligence. Proponents argue that machine learning can spot general usage patterns and alert the system when abnormalities occur. Bitdefender, for instance, looks at cloud server data from all endpoints and uses machine learning to identify abnormal or malicious behavior. Just as a credit card’s system might flag a $1,000 splurge in a foreign country as suspicious, a ML system might identify unusual behavior from a sensor or smart device. Because IoT devices are limited in function, it should be relatively easy to spot such abnormalities.

Since the use of machine learning for security is still new, defenders of this approach advocate using a security system that includes human intervention.

The real solution: A combination of everything

While AI may play a bigger role in IoT security than initially thought, a comprehensive IoT solution will include a bit of everything, including government regulation, standards, and AI.

The industry is capable of creating such a solution, but the catch is that it needs to do it on a very accelerated timetable. At the moment, in the race between IoT security and IoT adoption, the latter is winning.

So what can companies do now to latch on to IoT without making security compromises? Moyer had a few suggestions:

  1. Take an integration approach. This is a case where more is better. Moyer said that companies using IoT should integrate management solutions and bring the IoT platform in for primary connectivity and data movement and pull that data into an analytics environment that’s more sophisticated and lets them do a behavioral analysis, which can be automated. “By integrating those components, you can be more confident that what you’ve got from a feed in an IoT environment is more statistically valid,” he said.
  2. Pick the right IoT devices. Those are devices that have a super-strong ecosystem and a set of partners that are being open about how they’re sharing information.
  3. Use IoT Gateways and Edge Devices. To mitigate against an overall lack of security, many companies are using IoT gateways and edge devices to segregate and provide layers of protection between insecure devices and the Internet.
  4. Get involved in creating standards. On a macro level, the best thing you can do to ensure IoT security over the long run is to get involved in setting standards both in your particular industry and in tech as a whole.

This article was produced by WIRED Brand Lab for DXC Technology.

Categorized in Internet of Things

Rather than becoming ubiquitous in homes as expected, the Internet of Things (IoT) has become the butt of jokes, in part because of major security and privacy issues. UK mobile chip designer ARM -- which created the architecture used by Qualcomm, Samsung and others -- has a lot to lose if it doesn't take off. As such, it has unveiled a new security framework called Platform Security Architecture (PSA) that will help designers build security directly into device firmware.

ARM notes that "many of the biggest names in the industry" have signed on to support PSA (sorry ARM, that's a bad acronym). That includes Google Cloud Platform, Sprint, Softbank, which owns ARM, and Cisco. (A complete list is shown in the image below.)

The main component of it is an open-source reference "Firmware-M" that the company will unveil for Armv8-M systems in early 2018. ARM said that PSA also gives hardware, software and cloud platform designers IoT threat models, security analyses, and hardware and firmware architecture specifications, based on a "best practice approach" for consumer devices.

Despite Intel's best efforts, ARM is far and away the most prevalent architecture used in connected homes for security devices, light bulbs, appliances and more. ARM says that over 100 billion IoT devices using its designs have shipped, and expects another 100 billion by 2021. Improving the notoriously bad security of such devices is a good start, but it also behooves manufacturers to create compelling devices, not pointless ones.

Source: This article was published engadget.com By Steve Dent

Categorized in Internet of Things

Check out these four tips to make the most of DuckDuckGo’s privacy and security features | Shutterstock


DuckDuckGo is a fantastic search engine if you’re fed up with the spying eyes of Google and other search providers. The service vows to never collect information about you and certainly never sell your searches to advertisers.

While that’s enticing in itself, there are features within DuckDuckGo you can take advantage of to enhance your privacy and security even more. The search engine is highly customizable, so that puts the control in good hands: your own. Make the most of DuckDuckGo with these useful tips to boost your privacy online and intensify your security.

1. Turn on WOT Icons

Enabling WOT icons in your search results means you’ll be able to stay away from potentially dangerous websites. WOT stands for Web of Trust, which is a service that analyzes the possible security threats from each website. A green circle means it’s in the clear (safe), yellow means take caution before visiting the website and red means avoid at all cost.

duckduckgo-privacy-security-wot-cloud-redirect-directions-6

Since DuckDuckGo has this functionality built in, you can turn this on from the Advanced Settings. Click the Menu icon at the top right of the DuckDuckGo homepage and choose Advanced Settings. Click the Appearance tab, then scroll all the way down to find the WOT Icons option. Click Off to then turn it on and be sure to click Save and Exit to apply the changes.

duckduckgo-privacy-security-wot-cloud-redirect-directions-5

Tip: All tips in this article will require you to first click the Menu icon and choose Advanced Settings so keep that in mind for later.

2. Ditch Google Maps

If you’re particularly anti-Google and don’t want any aspect of your online life tracked, then you probably don’t want DuckDuckGo using Google Maps to find you directions. Depending on your current settings, however, this might be the case.

duckduckgo-privacy-security-wot-cloud-redirect-directions-2

To ensure that DuckDuckGo uses a different provider for directions, head into your DuckDuckGo Advanced Settings to pick something different. Under the General tab, scroll to find Directions Source.

duckduckgo-privacy-security-wot-cloud-redirect-directions-1

Then pick your preference: either Bing Maps, Google Maps, HERE Maps or OpenStreetMap. Apple Maps is also available if you’re using a Mac.

3. Prevent Websites from Knowing How You Got There

DuckDuckGo has a nifty little feature called Redirect. With Redirect enabled, websites won’t be able to track which search term you used to land on the page. This is because when you click a link, DuckDuckGo temporarily redirects to a subdomain before bringing you to the website. (You won’t even notice.)

duckduckgo-privacy-security-wot-cloud-redirect-directions-3

Note: While this prevents the websites from gathering information about your search, it can still gather your information just from the browser itself. Check out our guides for enabling Do Not Track in Google Chrome and Internet Explorer to stop this snooping activity as well.

Head to the Advanced Settings on DuckDuckGo, click the Privacy tab then click to ensure that Redirect is on to enable this feature. Click Save and Exit to apply.

4. Anonymous Cloud Save

Since DuckDuckGo doesn’t collect information about you, that means it can’t always recognize that it’s you performing your search. However, if you’re one to tweak with settings (like the ones above) or the theme, you might want to keep these settings in sync across multiple devices. That way you don’t have to go back and make the changes every time.

duckduckgo-privacy-security-wot-cloud-redirect-directions-8

DuckDuckGo’s Cloud Save feature is completely anonymous, so it still won’t collect information about you. When you have all your settings lined up that you want to sync, just click Save Settings under Cloud Save in the Advanced Settings. This will prompt you to Enter a pass phrase that you’ll need to remember for the future to restore your data later. Click Save and you’re all set.

duckduckgo-privacy-security-wot-cloud-redirect-directions-7

Now, when you want to restore your DuckDuckGo preferences, you can do so in the same spot: click Load Settings under Advanced Settings and enter in that pass phrase.

Source: This article was published on guidingtech.com By George Tinari

Categorized in Search Engine

Think your password is secure? You may need to think again. People's perceptions of password strength may not always match reality, according to a recent study by CyLab, Carnegie Mellon's Security and Privacy Institute.

For example,  expected ieatkale88 to be roughly as secure as iloveyou88; one said "both are a combination of dictionary words and are appended by numbers." However, when researchers used a model to predict the number of guesses an attacker would need to crack each password, ieatkale88 would require four billion times more guesses to crack because the string "iloveyou" is one of the most common in passwords.

"Although participants generally had a good understanding on what makes passwords stronger or weaker, they also had some critical misunderstandings of how passwords are attacked and assumed incorrectly that their passwords need to withstand only a small number of guesses," said Blase Ur, the study's lead author and a Ph.D. student studying societal computing in Carnegie Mellon's School of Computer Science.

Participants, on average, also believed any password with numbers and symbols was a strong password, which is not always true. For example, [email protected] was thought to be more secure than pAsswOrd, but the researchers' attacker model predicted that it would take 4,000 times more guesses to crack pAsswOrd than [email protected] In modern day password-cracking tools, replacing letters with numbers or symbols is predictable.

"In order to help guide users to make stronger passwords, it is important for us to understand their perceptions and misperceptions so we know where interventions are needed," said Lujo Bauer, a co-author on the study and a professor in Carnegie Mellon's Department of Electrical and Computer Engineering and Institute for Software Research.

The CyLab researchers' study was presented and awarded an honorable mention at this week's Association for Computing Machinery (ACM) Conference on Human Factors in Computing Systems in San Jose, California.

The team of researchers, based in the CyLab Usable Privacy and Security (CUPS) Lab, asked 165 online participants—51% male, 49% female from 33 U.S. states ranging from 18 to 66 years of age—to rate the comparative security and memorability of 25 carefully juxtaposed password pairs. In addition, participants were asked to articulate how they would expect attackers to try to guess their passwords.

"As companies are designing tools that help people make passwords, they should not only be giving users real-time feedback on the strength of their , but also be providing data-driven feedback on how to make them stronger," Ur said.

The team will incorporate these findings into an open-source password feedback tool, which they aim to release before the end of the year.

Other authors of the study included Research Assistant Sean Segreti, Institute for Software Research and Engineering and Public Policy professor Lorrie Cranor, Electrical and Computer Engineering Assistant Research Professor Nicolas Christin and Penn State undergraduate engineering student Jonathan Bees.

Test your perceptions of password security through an online passwords quiz, produced by Nature

Source : This article was published in techxplore.com By Daniel Tkacik

Categorized in Internet Privacy

How much damage can a ‘smart’ toaster do? Lots, and not just burning your bread.

In the beginning, devices on the internet were fun. My favorite was the Carnegie-Mellon’s Computer Science Department Coke Machine. Starting in the 1970s, you could “ping” it to see if it had sodas ready and if they were cold yet. It was good, silly fun. Now everything except the cat* is hooked to the internet, and that’s not so funny at all.

Oh, sure, some internet of things (IoT) devices are enjoyable and useful. I have an Amazon Echo in my bedroom and a Google Home in my kitchen. I use them every day. But I’m aware of their privacy problems. You should be too.

For example, both devices are always listening to you. And when I say “always,” I mean every single second of every single day. In theory, they’re both just waiting for their activation phrases, “Alexa” and “OK Google,” respectively. In practice, that means they’re listening to you constantly.

I’m not too worried about this. Unlike with Windows 10 Cortana, you can tell these devices to stop listening. Of course, they’ll be a lot less useful that way, but at least you have the option.

No, what really concerns me about the IoT aren’t the new devices that are explicitly connected to cloud services, it’s the ordinary gadgets that are now listening in.

Take, for example, my Vizio M50-C1 50-inch 4K ultra-HD smart LED TV. It’s a fine TV, but until recently it was tracking my viewing habits and sharing this information with advertisers. Vizio wasn’t the only TV company guilty of snooping. LG and Samsung have peeked into your viewing habits too.

Even devices such as “smart” toasters — yes there is such a thing — can tell their vendors what time you make toast in the morning. Or, more seriously, a hacker camping in your internet connection can track your toasting habits to figure out when you’re not at home.

You see, IoT devices tend not to have any security to speak of. Heck, even IoT security systems have been shown to be as secure as a lock made out of rubber bands.

Leaving aside how much damage home IoT devices can do for their owners, IoT gadgets are becoming the agents of choice for massive distributed denial-of-service (DDoS) attacks. Who knew your DVR could help wreck a business over the internet? Hackers knew, that’s who!

If that weren’t bad enough, IoT firmware tends not to be updated at all. Once someone finds a security hole — and it can be as brainless as a single administrative password for all devices — it’s open forever.

Let’s say your gadget can be updated. IoT devices tend to be patched automatically by the maker. Do you really want to try to get a drink of cold water from your refrigerator only to be greeted by a “Update 32% complete” message? I don’t think so!

I love gadgets. I really do. But when it comes to the IoT, I prefer most of my devices to be dumb. They just work better that way.

Source: This article was published on computerworld.com By Steven J. Vaughan-Nichols

Categorized in Internet of Things

Security researcher Gal Beniamini — who works for Google’s Project Zero — recently unearthed a serious vulnerability affecting the Wi-Fi chipsets used in both iOS and Android devices. Detailing the proof-of-concept attack at length, Beniamini explains in an interesting blogpost how an attacker within range on a shared Wi-Fi network could potentially execute arbitrary code on a targeted device.

By chaining together a pair of exploits, Beniamini managed to demonstrate a “full device takeover by Wi-Fi proximity alone, requiring no user interaction.” The attack was deemed to be serious enough that Apple wasted no time in patching up the vulnerability, having released iOS 10.3.1 earlier in the week.

Apple’s release note for the iOS update reads:

Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chipDescription: A stack buffer overflow was addressed through improved input validation.

Google, meanwhile, is obviously aware of the vulnerability but a security patch for Android devices isn’t yet widely available. As ArsTechnica notes, “the fix is available only to a select number of device models, and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible.”

There haven’t been any reports of a device, iOS or Android, being compromised but you’ll want to upgrade your mobile OS as soon you can. As a final point of interest, the vulnerability impacts all iPhones models since the iPhone 4s, a number of Nexus smartphones and most of Samsung’s Galaxy lineup.

Source : bgr.com By Yoni Heisler

Categorized in Internet Privacy
Page 3 of 5

AOFIRS

World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.