Facebook wants you to share as much information about yourself as possible. It wants your friends to do the same. After all, the more personal details you feed into the network, the less likely you are to pack your data suitcase and leave. Advertisers tend to like all that data too. All this means your default privacy settings probably don’t jibe with how you want to actually share your information.
Luckily, you’re not defenseless. With a few small setting adjustments, you can take back control and make sure you share only what you want with the world.
One key thing to remember before we proceed though: The Internet is forever. Once you have posted something online, it does not belong to you anymore. If you’ve shared a photo or status update with anyone, it’s possible that they could screenshot it and share it with the world. So when in doubt, don’t post it.
via Use These Facebook Privacy Settings to Eradicate Over-Sharing | Gadget Lab | Wired.com.
One of those methods, though, is hinted at in the Clapper summary — and it’s interesting. Clapper briefly notes some programs the intelligence agencies are closing or scaling back, as well as those they’re pouring additional funds into. Overhead imagery captured by spy satellites was slated for reduction, for example, while SIGINT, the electronic spying that’s been the focus of the Snowden leaks, got a fresh infusion.
“Also,” Clapper writes in a line marked “top secret,” “we are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic.”
The Post’s article doesn’t detail the “groundbreaking cryptanalytic capabilities” Clapper mentions, and there’s no elaboration in the portion of the document published by the paper. But the document shows that 21 percent of the intelligence budget — around $11 billion — is dedicated to the Consolidated Cryptologic Program that staffs 35,000 employees in the NSA and the armed forces.
via New Snowden Leak Reports ‘Groundbreaking’ NSA Crypto-Cracking | Threat Level | Wired.com.
Statements to TNW from Melbourne IT explain that the SEA was able to enter its IT system by using a reseller’s username and password. It’s not clear which reseller was breached, or how the SEA landed the details, [Update] Melbourne IT has confirmed that the SEA used phishing tactics to get hold of the log-in details, and its efforts show that the organization went to great lengths to plan this operation. It was not a quick hack for lulz.
Once inside Melbourne IT’s system, the group had access to a range of data and information. It presumably knew exactly what it was looking for and proceeded to change the DNS records of “several domain names,” Melbourne IT says, one of which was nytimes.com.
Shreateh, a Palestinian researcher, got attention last week when he “hacked” the Facebook page of Facebook founder Mark Zuckerberg after the company’s security team gave him the brush off for a security flaw he reported. The bug would have allowed anyone, including spammers and scammers, to post messages to another user’s account, even if the person is not on the user’s Friends list.
“That would be an extremely valuable bug,” says Maiffret. “There’s so many ways to leverage that in cybercrime attacks.”
As proof-of-concept, Shreateh posted an Enrique Iglesias video to a Facebook page that belonged to one of Zuckerberg’s college friends, then sent a note to Facebook’s security team. Facebook’s team initially told him the issue was not a bug, so Shreateh said he’d take the matter straight to Zuckerberg. He then proceeded to use the bug to post a message to Zuckerberg’s personal page.
“First, sorry for breaking your privacy and post(ing) to your wall,” the message read. “I (have) no other choice to make after all the reports I sent to (the) Facebook team.”
via Security Community Raises Money for Researcher Snubbed by Facebook Bounty Program | Threat Level | Wired.com.
A survey done recently by IPSwitch, an FTP software organization, includes some of the reasons employees are putting sensitive data into places where IT has no control over what happens to it:
- To circumvent file-size limits prescribed for work email
- Third-party mail is faster and has fewer restrictions than corporate email tools
- For use in their next place of employment
- They find it difficult to connect to work email when outside of the office
- IT doesn’t monitor what they’re sending via personal email
via 6 Ways Employees Are Putting Your Company’s Data at Risk – CIO.com.
Experts say there’s simply no way to ever be completely sure your data will remain secure once you’ve moved it to the cloud.
“You have no way of knowing. You can’t trust anybody. Everybody is lying to you,” Security expert Bruce Schneier said. “How do you know which platform to trust? They could even be lying because the U.S. Government has forced them to.”
via No, Your Data Isn’t Secure in the Cloud – CIO.com.