gdp's Comments

Naked Security : Facebook privacy, Google ads, D-Link security, CryptoLocker ransom - 60 Sec Security [VIDEO]

Tue, 12 Nov 2013 11:07:23 +0000

Our Sixty Second Security videos only cover content that we have already written up. You'll find links to articles about each of the subjects covered underneath the video with the heading 'In this episode'.

Naked Security : Lightbeam shines a light on which websites you're really visiting

Mon, 4 Nov 2013 17:14:26 +0000

Fixed, thanks.

Naked Security : 96% of businesses are unprepared for a cyber attack

Mon, 4 Nov 2013 12:58:03 +0000

Thanks Michael, it should be fixed shortly.

Naked Security : Lightbeam shines a light on which websites you're really visiting

Mon, 4 Nov 2013 12:37:07 +0000

John was describing a 3rd party service we use having already explained that 3rd party services can set cookies and track your visit. If you'd like more detail on those services and the cookies they set a full list is provided on the Cookies and Scripts page which John links to from the end of the article.

Naked Security : Facebook mulls silently tracking users' cursor movements to see which ads we like best

Sat, 2 Nov 2013 19:42:20 +0000

But this technology is not unique to Facebook and nor is it new. Facebook are simply saying in public that they might use this technology in future. All of which is to say that taking specific measures against Facebook does not protect your privacy here. For all you know you have been using sites that track you like this for years.

Naked Security : Facebook mulls silently tracking users' cursor movements to see which ads we like best

Sat, 2 Nov 2013 19:16:09 +0000

This article is about tracking the pointer arrow but tracking either is trivial. You can capture the pointer coordinates at any time so long as its over the web page. To capture it as a 'movie' you simply capture the coordinates as many times a second as you need. The cursor, when used, triggers an event called 'focus'. You can track which element has focus, or has lost focus, at any given time. You've probably seen this in action with search fields that grow when you click in them or where default search text disappears. This is done using focus rather than clicks so it works if people use the tab key to navigate between elements.

Naked Security : Cheeky Lavabit did hand over crypto keys to US government after all - printed in a 4-point font

Sat, 2 Nov 2013 10:44:08 +0000

Hi Peter - I was trying to respond in broad brush strokes to Erik's point that it's not technically feasible to protect every user individually. I believe it is and SNI is an example of a technique that might allow it, there are others. Although I don't want to get into designing this imagined system on-the-hoof I will say that Hostnames, IP addresses and usernames are not secrets in my book and shouldn't make you insecure if discovered. If you're relying on those things being secret then I think that's a problem.

Naked Security : "You can't have your privacy violated if you don't know your privacy is violated"

Sat, 2 Nov 2013 10:18:53 +0000

Hi Adam, Our blog uses a comment system called IntenseDebate, if you have javascript disabled or IntenseDebate blocked then you'll see the native comments. In IntenseDebate (that Lisa and I are seeing) the URL is not truncated. In the native comments it's truncated - apologies. We'll get that fixed but in the meantime here's a short link to the same destination that hopefully won't truncate. http://goo.gl/0FIi48

Naked Security : Facebook mulls silently tracking users' cursor movements to see which ads we like best

Fri, 1 Nov 2013 16:55:30 +0000

Quite. But not for this. Anyone can do this and you won't know if they are. So you either have to put up with it, stop using the web or use something like noscript to block the execution of scripts that you're unsure of.

Naked Security : Facebook mulls silently tracking users' cursor movements to see which ads we like best

Fri, 1 Nov 2013 16:54:54 +0000

If Facebook want to do key logging then they can - so long as you're browsing one of their pages they can capture everywhere your cursor goes and everything you type. I'm not saying they do, I've no idea, I'm just saying it's possible - any website can do it and it's very easy. The hardest part is storing and processing the data. For example, if I had decided to stop writing this comment half way through and then deleted it without ever submitting it, it's entirely possible for the web page I'm typing into to have captured everything I typed even though I never 'sent' it.

Naked Security : Facebook mulls silently tracking users' cursor movements to see which ads we like best

Fri, 1 Nov 2013 16:47:58 +0000

Yes. Capturing the X and Y coordinates of where the cursor is on a page is a simple task in javascript and has been for a very, very, very long time.

Naked Security : The "BadBIOS" virus that jumps airgaps and takes over your firmware - what's the story?

Fri, 1 Nov 2013 13:14:32 +0000

Fixed, thanks.

Naked Security : "You can't have your privacy violated if you don't know your privacy is violated"

Thu, 31 Oct 2013 22:05:22 +0000

Its working OK for me - if you entered what you typed into the comment then you appear to have only used half the URL.

Naked Security : Destructive malware "CryptoLocker" on the loose - here's what to do

Wed, 30 Oct 2013 15:35:23 +0000

Yes.

Naked Security : Adobe breach THIRTEEN times worse than thought, 38 million users affected

Wed, 30 Oct 2013 13:33:14 +0000

If, like me, you find you have a lot of strong passwords to remember then I'd suggest you use a password manager and protect it with a very strong password and two factor authentication. As to salts - the Adobe blog post suggests the passwords were encrypted rather than hashed. If the passwords were hashed then we can't assume the salt is safe anyway - Adobe's front door has been well and truly thrown open. The salt *might* be safe and the hashing *might* be deep enough to slow the cracking down to an impractical speed but do you want to rely on that? That would be putting a lot of faith into a series of blind guesses about both Adobe's security expertise and the capabilities of whichever unknown criminals now have possession of the stolen data. We can hope the encryption or hashing hasn't been broken but we should assume it has.

Naked Security : Wordpress 3.7 with automatic security updating is out now

Mon, 28 Oct 2013 23:24:22 +0000

By default the auto update won't update the theme itself, only the Wordpress core. There is a chance that a Wordpress core update will change something that a theme relies upon, however... a) The auto updater is for maintenance and security releases and they tend to be very narrowly focused on fixing specific security holes - the chances of breaking a theme or plugin with one of these updates are very slim. b) If it does break something it's likely to be a small something that is easily patched by the theme vendor. c) The upside is that you are much less vulnerable to having your site hacked or your server into a zombie.

Naked Security : Is your smartphone broadcasting your movements when you shop?

Fri, 25 Oct 2013 18:46:04 +0000

Can it connect to a network that isn't broadcasting its SSID?

Naked Security : Is your smartphone broadcasting your movements when you shop?

Fri, 25 Oct 2013 15:24:14 +0000

I think it could be used for a lot more than that. It could be correlated with interest on a particular visit without needing purchase info. For example: imagine going to the purfume counter at a department store and not buying anything and then seeing nothing but expensive ads for purfume on the way out. All you need to know to do that is that MAC address e4:ce:8f:1f:f7:ba went to the purfume counter, didn't go to the checkout and is now on the stairway. What if the information is shared with other shops in the same mall? After a few non purchases in a few shops you might be able to tell what I'm interested in. Perhaps I've looked at purfume, hand bags and shoes by now. Perhaps at one point I visit the gents toilet. I don't visit the mall often so this shopping trip might register as unusual. By now it looks like I'm a man and it's starting to look like I'm shopping for my wife or girlfriend, perhaps for a present. Perhaps I only come to the mall twice a year - once in December and once at an other time. Since I'm a last minute shopper my wife's birthday is likely to be very soon - in the next few days. With *very little* data we're already honing in on my age, sex, disposable income and marital status. We're also able to do the same data for my wife and even begin to take useful guesses at her birthday.

Naked Security : Is your smartphone broadcasting your movements when you shop?

Fri, 25 Oct 2013 13:06:28 +0000

Phones will do both active and passive scanning. The passive scan is as you describe, the active scan is the phone asking if any of its preferred networks are nearby. The broadcast happens often enough to allow tracking of movement within the confines of a single store.

Naked Security : 4 free tools for Cyber Security Awareness Month - and beyond!

Wed, 16 Oct 2013 15:09:56 +0000

Sophos sells products to business customers and not to home users. The products are very much the products. Offering free home use products and free tools helps to build name recognition, doesn't cannibalise the customer base and allows users to experience what it's like to work with Sophos products. We hope you'll try the UTM and be so impressed you'll wonder how much easier your life would be if you used the not-free one at work too. Sales people are ready and waiting to take your call ; )

gdp's Comments

Naked Security : Facebook privacy, Google ads, D-Link security, CryptoLocker ransom - 60 Sec Security [VIDEO]

Naked Security : Lightbeam shines a light on which websites you're really visiting

Naked Security : 96% of businesses are unprepared for a cyber attack

Naked Security : Lightbeam shines a light on which websites you're really visiting

Naked Security : Facebook mulls silently tracking users' cursor movements to see which ads we like best

Naked Security : Facebook mulls silently tracking users' cursor movements to see which ads we like best

Naked Security : Cheeky Lavabit *did* hand over crypto keys to US government after all - printed in a 4-point font

Naked Security : "You can't have your privacy violated if you don't know your privacy is violated"

Naked Security : Facebook mulls silently tracking users' cursor movements to see which ads we like best

Naked Security : Facebook mulls silently tracking users' cursor movements to see which ads we like best

Naked Security : Facebook mulls silently tracking users' cursor movements to see which ads we like best

Naked Security : The "BadBIOS" virus that jumps airgaps and takes over your firmware - what's the story?

Naked Security : "You can't have your privacy violated if you don't know your privacy is violated"

Naked Security : Destructive malware "CryptoLocker" on the loose - here's what to do

Naked Security : Adobe breach THIRTEEN times worse than thought, 38 million users affected

Naked Security : Wordpress 3.7 with automatic security updating is out now

Naked Security : Is your smartphone broadcasting your movements when you shop?

Naked Security : Is your smartphone broadcasting your movements when you shop?

Naked Security : Is your smartphone broadcasting your movements when you shop?

Naked Security : 4 free tools for Cyber Security Awareness Month - and beyond!

Naked Security : Cheeky Lavabit did hand over crypto keys to US government after all - printed in a 4-point font