WebProNews

Tag: Data Security

  • FTC Targets ‘Corporate Surveillance’ and ‘Data Security’

    FTC Targets ‘Corporate Surveillance’ and ‘Data Security’

    The Federal Trade Commission (FTC) is targeting “corporate surveillance,” wherein companies profit from the data they collect on consumers.

    Corporate surveillance has become a growing problem, with companies collecting vast quantities of consumer data — often without the individual knowing — and then sharing or selling the data to data brokers and other entities. Obviously, the more data is collected, the more vulnerable individuals become to online threats, identify theft, and more, as the FTC makes clear.

    Commercial surveillance is the business of collecting, analyzing, and profiting from information about people. Technologies essential to everyday life also enable near constant surveillance of people’s private lives. The volume of data collected exposes people to identity thieves and hackers. Mass surveillance has heightened the risks and stakes of errors, deception, manipulation, and other abuses.

    In response, the FTC is investigating whether new rules are needed and soliciting public feedback on the matter.

    The Federal Trade Commission is asking the public to weigh in on whether new rules are needed to protect people’s privacy and information in the commercial surveillance economy.

    Consumer and privacy rights groups have long called for the US to crack down on data brokers and other shady data collection practices. Even corporate executives have called for the US to take action and roll out comprehensive privacy laws.

    The FTC’s public inquiry may be the first step toward US consumers finally being protected from predatory corporate surveillance.

  • China Cracking Down on Exporting Customer Data Internationally

    China Cracking Down on Exporting Customer Data Internationally

    China is cracking down on exporting customer data internationally, requiring that companies get the government’s permission first.

    China has been cracking down on its tech companies in recent months. The video game industry has been particularly hard hit, with Beijing limiting how many hours per week kids can play games.

    According to the AP, in its latest efforts Beijing is restricting how much data companies can collect about their customers.

    A separate law that takes effect Monday establishes security standards, prohibits companies from disclosing information without customer permission and tells them to limit how much they collect. Unlike data protection laws in Western countries, the Chinese rules say nothing about limiting government or ruling Communist Party access to personal information.

    Companies will also have to report what and how much customer information they plan to transfer internationally, as well as what security measures have been implemented to protect the data. Regulators will decide within a week of a report whether to accept and approve it, or whether to launch their own review. If the regulators decide to initiate a review, the process can take up to 60 days.

    The new regulations could put Chinese companies at a major disadvantage when competing globally.

  • Google Introduces Confidential Computing, a New Way of Encrypting Cloud Data

    Google Introduces Confidential Computing, a New Way of Encrypting Cloud Data

    Google Cloud has introduced Confidential Computing in a bid to help secure data in the cloud.

    Google and Microsoft are both founding members of the Confidential Computing industry group. The goal of Confidential Computing is to encrypt and secure data while it is being used and processed. This is far different than current encryption methods, wherein data must be decrypted in order to access it. In its current incarnation, Google Cloud encrypts data in transit and at rest, but the data must be decrypted to work with.

    Confidential Computing is a game-changer since it keeps data encrypted at every step of the process, including when the data is being accessed.

    “Google Cloud encrypts data at-rest and in-transit, but customer data must be decrypted for processing,” write Nelly Porter, Senior Product Manager; Gilad Golan, Engineering Director, Confidential Computing; and Sam Lugani, Lead Security PMM, G Suite & GCP platform. “Confidential Computing is a breakthrough technology which encrypts data in-use—while it is being processed. Confidential Computing environments keep data encrypted in memory and elsewhere outside the central processing unit (CPU).

    “Confidential VMs, now in beta, is the first product in Google Cloud’s Confidential Computing portfolio. We already employ a variety of isolation and sandboxing techniques as part of our cloud infrastructure to help make our multi-tenant architecture secure. Confidential VMs take this to the next level by offering memory encryption so that you can further isolate your workloads in the cloud. Confidential VMs can help all our customers protect sensitive data, but we think it will be especially interesting to those in regulated industries.”

    This is an exciting development in the realm of cloud security, and specifically for Google Cloud. As the first major cloud provider to offer Confidential Computing, this is a big win for Google as it battles its larger rivals in the cloud space.

  • Google Chrome, Mozilla Firefox Leaked Facebook User Data Caused by Browser Vulnerability

    Google Chrome, Mozilla Firefox Leaked Facebook User Data Caused by Browser Vulnerability

    Google Chrome and Mozilla Firefox might have inadvertently leaked the Facebook usernames, profile pictures and even the likes of their users because of a side-channel vulnerability.

    A side-channel vulnerability was discovered in a CSS3 feature dubbed the “mix-blend-mode.” This allowed a hacker to discover the identity of a Facebook account holder using Chrome or Firefox by getting them to visit a specially-designed website.

    This critical flaw was discovered in 2017 by security researchers Dario Weißer and Ruslan Habalov and also by independent researcher Max May.

    The researchers created a proof-of-concept (POC) exploit to show how the vulnerability could be misused. Weißer and Habalov’s concept showed how they were able to visually harvest data like username, profile picture, and “like” status of a user. What’s more, this insidious hack could be accomplished in the background when the user visits a malicious website.

    The visual leak could happen on sites using iFrames that connect to Facebook in via login buttons and social plugins. Due to a security feature called the “same-origin policy,” sites can’t directly access iFrame content. But the researchers were able to get the information by developing an overlay on the cross-origin iFrame in order to work with the underlying pixels.

    It took Habalov and Weißer’s POC about 20 seconds to get the username and about five minutes to create a vague copy of the profile picture. The program also took about 500 milliseconds to check the “like” status. Keep in mind, however, that for this vulnerability to work, the user should be logged into their Facebook account.

    Habalov and Weißer privately notified both Google and Mozilla and steps were taken to contain the threat. Google was able to fix the flaw on their end when version 63 was released last December. On Firefox’s end, a patch was made available 14 days ago with the release of the browser’s version 60. The delay was due to the researchers’ late disclosure of their findings to Mozilla.

    IE and Edge browsers weren’t exposed to the side-channel exploit as they don’t support the needed feature. Safari was also safe from the flaw.

    [Featured image via Pixabay]

  • Cloudflare Makes the Internet More Private With 1.1.1.1 DNS Service

    Cloudflare Makes the Internet More Private With 1.1.1.1 DNS Service

    Cloudflare recently announced a way for the public to enjoy faster and more private Internet. The top performance and security company just rolled out 1.1.1.1, the first DNS service of its kind developed specifically around the concept of putting privacy first and foremost.

    A lot of Internet users are unaware that everything on the web begins with a DNS request. Known as the Internet’s directory, a DNS translates a name into a numerical online address that a computer understands. However, DNS is an unsecured and unencrypted system. It’s also very slow.

    Every Internet Service Provider (ISP) has the capability to monitor DNS requests and see every app or website that a person visits, even if said site is encrypted. This information is sometimes sold and used for ad targeting.

    Cloudflare’s 1.1.1.1 provides an alternative to that. The service offers users unmatched security and speed. With 1.1.1.1, loading time of web pages become shorter and key user data are kept secret from ISPs. The service also supports DNS over HTTPS and encrypted DNS. Plus, data from logs is erased after 24 hours and no user data or IP addresses are stored.

    Cloudflare co-founder and CEO Matthew Prince says the practice of selling user data to advertisers is “creepy,” especially since the data will be used to target consumers without their knowledge and consent. Prince also said that what people do on the Internet is no one’s business and that Cloudflare designed 1.1.1.1 to ensure that the company and the ISPs of the world won’t know what users are doing online.

    The 1.1.1.1 service is reportedly easy to set up. The system doesn’t require any special software or technical skill. Anyone can have the system up and running in less than five minutes. To use the service, the user has to change the DNS server settings on their device. Instructions on how to go about this can be found on Cloudflare’s website.

    Installation is free and is available for desktop computers and mobile devices. However, Cloudflare says paying clients will receive biggest speed boosts.

    [Image via Cloudflare]

  • The State of IT Security [Infographic]

    We all know about threats to the valuable data we store everyday, we hear about them all the time. There’s always some anonymous hacker shutting down a website, or publishing someones private data. It’s just something that has become part of living in the age of information. After all, you can’t have so much information so readily available and not have it fall into the wrong hands once in awhile.

    Unfortunately, there’s a lot more to data breaches than just the hacks we hear about in the press. Verizon has taken a particular interest in tracking breaches of data and has been doing so since 2004. You might not be surprised to learn that last year, 2011, was the second highest year for breaches ever.

    The breaches occurred in all kinds of industry including; banking, healthcare, retail, information management, food service, and probably just about any field you can think of. They also happened all over the world. So what can be done?

    This next infographic from Backgroundcheck.org gives us the lowdown on where these breaches are happening, what we can do to better protect ourselves, and what these breaches are costing us. Everybody should take a look at this one, it’s packed with useful data management information.

    Check it out:

    Data Breaches