Advanced CIA firmware has been infecting Wi-Fi routers for years

27 01 2018
Home routers from 10 manufacturers, including Linksys, DLink, and Belkin, can be turned into covert listening posts that allow the Central Intelligence Agency to monitor and manipulate incoming and outgoing traffic and infect connected devices. That’s according to secret documents posted Thursday by WikiLeaks.

CherryBlossom, as the implant is code-named, can be especially effective against targets using some D-Link-made DIR-130 and Linksys-manufactured WRT300N models because they can be remotely infected even when they use a strong administrative password. An exploit code-named Tomato can extract their passwords as long as a default feature known as universal plug and play remains on. Routers that are protected by a default or easily-guessed administrative password are, of course, trivial to infect. In all, documents say CherryBlossom runs on 25 router models, although it’s likely modifications would allow the implant to run on at least 100 more.

more 

The content in this post was found at https://arstechnica.com/security/2017/06/advanced-cia-firmware-turns-home-routers-into-covert-listening-posts/ Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

 

Powered by WPeMatico



A Republican contractor’s database of nearly every voter was left exposed on the Internet for 12 days, researcher says

27 01 2018

The Republican National Committee’s database of nearly every registered American voter was left vulnerable to theft on a public server for 12 days this month, according to a cybersecurity researcher who found and downloaded the trove of data.

more

The content in this post was found at https://www.washingtonpost.com/news/the-switch/wp/2017/06/19/republican-contractor-database-every-voter-exposed-internet-12-days-researcher-says/ Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico



Gmail will no longer snoop on your emails for advertising purposes

27 01 2018

The change is coming later this year.

more

The content in this post was found at https://www.washingtonpost.com/news/the-switch/wp/2017/06/26/gmail-will-no-longer-snoop-on-your-emails-for-advertising-purposes/ Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico



FTC Updates Guidance on Children’s Privacy Law, Includes Connected Toys

27 01 2018

The Federal Trade Commission has updated its guidance for businesses on complying with the Children’s Online Privacy Protection Act. The new guidance clarifies that connected toys, Internet of Things devices, and other products intended for children must comply with the Act. “When companies surreptitiously collect and share children’s information, the risk of harm is very real,” FTC acting Chair Maureen Ohlhausen recently wrote. An EPIC-led coalition filed a complaint with the FTC in 2016 alleging that Intenet-connected dolls violate U.S. privacy law. EPIC’s complaint spurred a congressional investigation and toy stores across Europe have removed Cayla from their shelves. The FTC acknowledged EPIC’s complaint but has yet to act on it.

more

The content in this post was found at https://epic.org/2017/06/ftc-updates-guidance-on-childr.html Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico



Appeals Court Considers Case that Aligns Privacy and FOI

27 01 2018

The Ninth Circuit U.S. Court of Appeals heard oral arguments today in an open government case with implications for informational privacy. A group of anonymous medical employees challenged the release of personal information sought under a state public records act. EPIC filed a “friend-of-the-court” brief in the case arguing that withholding personal information is consistent with open government and constitutionally required. “Open government laws and privacy laws are complimentary: the aim is to maximize both the public’s access to information about the government and to safeguard personal privacy to the greatest extent feasible,” EPIC wrote. EPIC has argued for similar privacy protections in ATF v. Chicago, Chicago Tribune v. University of Illinois, Ostergren v. Cuccinelli, NASA v. Nelson, and FCC v. AT&T.

more

The content in this post was found at https://epic.org/2017/07/appeals-court-considers-case-t.html Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico



Travelers just won back a bit of their privacy at the border

27 01 2018

U.S. customs officials are a bit more limited in their searches than you might think.

more

The content in this post was found at https://www.washingtonpost.com/news/the-switch/wp/2017/07/14/travelers-just-won-back-a-bit-of-their-privacy-at-the-border/ Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

 

Powered by WPeMatico



FBI Warns of Privacy Risks with Internet-Connected Toys

27 01 2018

The FBI released a Public Service Announcement warning consumers about the privacy risks of internet-connected toys. “Smart toys and entertainment devices for children are increasingly incorporating technologies that learn and tailor their behaviors based on user interactions,” the FBI wrote in the PSA, adding that the toys “could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.” Last year, EPIC and several consumer organizations filed a complaint with the Federal Trade Commission alleging that the “My Friend Cayla” doll violates U.S. privacy law. EPIC’s complaint spurred a congressional investigation and toy stores across Europe have removed Cayla from their shelves.

more

The content in this post was found at https://epic.org/2017/07/fbi-warns-of-privacy-risks-wit.html Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico



European Court Halts Retention, Bulk Transfer of Passenger Data

27 01 2018

The top EU Court has struck down an EU-Canada agreement on the processing of airline passenger records. The Passenger Name Record agreement mandated data retention and permitted the bulk transfer of personal data provided by passengers booking a flight. The Court of Justice of the EU explained “the PNR agreement may not be concluded in its current form because several of its provisions are incompatible with the fundamental rights recognised by the EU.” The data can reveal “a complete travel itinerary, travel habits, relationships existing between two or more individuals, and information on the financial situation of air passengers, their dietary habits or their state of health.” The European Digital Rights Initiative praised the outcome. The EU and US have a similar agreement that permits retention of personal data for 15 years. EPIC has criticized overbroad passenger data transfers, and argued the EU-US agreement violates the EU data protection directive.

more

The content in this post was found at https://epic.org/2017/07/european-court-halts-retention.html Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico



Google’s new program to track shoppers sparks a federal privacy complaint

26 01 2018

A program hailed as an advertising breakthrough leads to a privacy complaint before a federal agency.

more

The content in this post was found at https://www.washingtonpost.com/news/the-switch/wp/2017/07/30/googles-new-program-to-track-shoppers-sparks-a-federal-privacy-complaint/ Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico



Data Breaches on the Rise

26 01 2018

2017 marked the “worst year ever” for data breaches, according to a pair of reports by Thales and the Online Trust Alliance. Data breaches nearly doubled from 2016 to 2017, and 73% of all U.S. companies have now been breached. Noteworthy were the data security failures of Equifax and Uber. In testimony before the Senate Banking Committee following the Equifax breach last year, EPIC called on Congress to enact meaningful reforms, including default credit freezes and prompt data breach notification. Two years ago, EPIC launched the DataProtection2016 campaign to promote stronger privacy safeguards in the U.S.

more

The content in this post was found at https://epic.org/2018/01/data-breaches-on-the-rise.html Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.

Powered by WPeMatico