The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

Archive for January 2013

It appears that China recently launched a poorly executed Man in the Middle (MITM) attack on GitHub. Greatfire.org has all the details. In short: GitHub.com is an https only website, so the only way to monitor it is to use a MITM attack to decrypt the contents of the communications. There is evidence that GitHub […]

· · · ·

For years I have been telling people to be especially careful when they venture into the dark back alleys of the Internet. My thinking was that these more “wild west” areas would be home to most of the malware and other attacks. Dark Reading analyzes a Cisco report which says that online shopping sites and […]

· ·

A Guest Post by Robin Wilton of the Internet Society   We are the raw material of the new economy. Data about all of us is being prospected for, mined, refined, and traded…   . . . and most of us don’t even know about it.   Every time we go online, we add to […]

No tags

Welcome to first podcast of 2013. In honor of Data Privacy Day, which falls on January 28th, I’ll be discussing current data privacy and security issues facing both consumers and businesses by taking you through the pros and cons of privacy legislation, privacy in the context of social media, and corporate data security at the […]

· · · · · · · ·

The latest Java exploit has given another view into the workings of the cybercrime economy. Although I should not be, I am always startled at just how open and robustly capitalistic the whole enterprise has become. The business is conducted more or less in the open. Krebs on Security has a nice piece on an […]

· ·

I did not post on the recent Java vulnerability because the fixes came out so quickly, however, it looks like I relaxed too soon. Apparently there was a second vulnerability that did not get fixed. At this point, you should probably just disable Java in your browser. Gizmodo has a short article on how to […]

· ·

Gigaom reports on a major security issue at Nokia, first announced in the “Treasure Hunt” blog. Their Asha and Lumia phones come with something they call the “Xpress Browser”. To improve the browser experience, the web traffic is proxies and cached. That is a fairly common and accepted practice. Where Nokia has stepped into questionable […]

· · · · ·