Security - Shawn vs Sean

Security

A collection of 11 posts

Privacy vs. Surveillance in the Age of COVID-19

Privacy vs. Surveillance in the Age of COVID-19

We know that this virus requires us to take steps that would be unthinkable in normal times. Staying inside, limiting public gatherings, and cooperating with medically needed attempts to track the virus are, when approached properly, reasonable and responsible things to do. But we must be as vigilant as we

How Huawei caught up to Apple’s FaceID

How Huawei caught up to Apple’s FaceID

Huawei is often first in line for taking advantage of what these suppliers have learned from Apple. Sometime around 2015, there were rumors in the Chinese smartphone manufacturing community of something called FaceID (leading up to the launch of the iPhone X). There were also rumors of a hardware module,

Ring let police use a heat map to easily see all devices in an area

Ring let police use a heat map to easily see all devices in an area

"The more we learn about Ring, the clearer it becomes that this product poses serious privacy and civil liberty threats," Markey said in a statement to CNET after learning about the video. "Information as sensitive as the street you live on should be kept private and secure. There are gaping

Apple Confirms iPhone 11 Pro Collects Location Data Even with Location Services Disabled

Apple Confirms iPhone 11 Pro Collects Location Data Even with Location Services Disabled

The policy continues: “You can also disable location-based system services by tapping on System Services and turning off each location-based system service.” But apparently there are some system services on this model (and possibly other iPhone 11 models) which request location data and cannot be disabled by users without completely

Keybase and the chaos of crypto

Keybase and the chaos of crypto

Let’s take a look instead at the root of the business problem. From a Normcore perspective, it’s alarmingly easy to understand what’s going on here. Keybase, once they were funded by A16Z, was given a mandate of hypergrowth and gaining users as fast as possible. Now that

Alexa and Google Home devices leveraged to phish and eavesdrop on users, again

Alexa and Google Home devices leveraged to phish and eavesdrop on users, again

The idea is to tell the user that an app has failed, insert the "�. " to induce a long pause, and then prompt the user with the phishing message after a few minutes, tricking the target into believing the phishing message has nothing to do with the previous app with which

Deconstructing Google’s excuses on tracking protection

Deconstructing Google’s excuses on tracking protection

let’s be clear: cookies were not supposed to enable third-party tracking, and browsers were supposed to block third-party cookies. We know this because the authors of the original cookie technical specification said so (RFC 2109, Section 4.3.5). * First, large scale blocking of cookies undermine people’s privacy

Things get weird when they are cheap and mobile.

Things get weird when they are cheap and mobile.

Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and a cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal

Google, Facebook, and The Creepy Line

Google, Facebook, and The Creepy Line

Google also makes most of their money via this same type of keyword-based advertising that doesn’t require any search-history tracking. So why do they track it all then? Because Google is not really a search company; they are an advertising company. On Google, your searches are tracked, mined, and

A Plan to Stop Breaches With Dead Simple Database Encryption

In such a “client-side” encryption scheme, databases utilizing Field Level Encryption will not only require a system login, but will additionally require specific keys to process and decrypt specific chunks of data locally on a user’s device as needed. That means MongoDB itself and cloud providers won’t be

Free Mac Security Tools

LuLu – In today’s connected world, it is rare to find an application or piece of malware that doesn’t talk to a remote server. LuLu is the free, open firewall for Macs that can protect your network connections and detect malicious activity. OverSight – Mac malware often spies on users