InfoSec privacy links October 23, 2014

How to restore privacy - fix macosx

It appears that Apple's Spotlight app, which helps search for various items, on Max OS X Yosemite devices sends your search data to Apple. This website will show you how to disable the features that send this information. I went ahead and disabled everything, because I don't use Spotlight. For more information click here. To open Spotlight, simply swipe down on the home screen.

Bahraini Activists Hacked by Their Government Go After UK Spyware Maker - Kim Zetter - WIRED

Not long after the phantom Facebook messages, Ali discovered spyware on his computer—a powerful government surveillance tool called FinFisher made by the UK firm Gamma International. Human rights groups and technologists have long criticized Gamma International and the Italian firm Hacking Team for selling surveillance technology to repressive regimes, who use the tools to target political dissidents and human rights activists. Both companies say they sell their surveillance software only to law enforcement and intelligence agencies but that they won’t sell their software to every government. Gamma has, in fact, denied selling its tool to Bahrain, which has a long history of imprisoning and torturing political dissidents and human rights activists.

More Crypto Wars II - Bruce Schneier - Schneier on Security

I'm not sure why he believes he can have a technological means of access that somehow only works for people of the correct morality with the proper legal documents, but he seems to believe that's possible. As Jeffrey Vagle and Matt Blaze point out, there's no technical difference between Comey's "front door" and a "back door."

This post first appeared on Exploring Information Security.

WARNING: Nude celebrity photos leaked

Nude photos of several female celebrities has apparently been leaked on 4chan, a message board that allows users to post content anonymously

Jennifer Lawrence's Nude Photos Leak Online, Other Celebs Targeted - Stephanie Marcus - Huffington Post.

A screenshot taken by New York Daily News of the forums post shows a list that includes:

  • Jennifer Lawrence - Hunger Games

  • Kate Upton - Model

  • Lea Michele - Glee

  • Lady Sybil [potentially Jessica Findlay] - Downton Abbey

  • Ariana Grande - actress/singer

  • Victoria Justice - actress/singer

  • Brie Larson - Don Jon

  • Kristen Dunst - Spiderman

  • Becca Tobin - Glee

  • Jessica Brown Findlay

  • Hope Solo - Soccer player

  • Teresa Palmer - Warm Bodies

  • Kristen [Krysten] Ritter - actress/model

  • Mary Elizabeth Winstead - actress/recording artist

  • McKayla Maroney - gymnast and internet meme

  • Yvonne Strahovksi - Chuck

Celebrity responses have ranged from acceptance, prosecution threats and outrage to straight up denials.

notmine

From what I've gathered so far, it appears as if the photos may have been uploaded to iCloud via Photo Stream and then compromised by someone. As we wait for more details, there are some warnings and lessons to be learned here.

WARNING

Searching for nude photos on the celebrities above will increase your chances of getting some sort of malware on your computer. This is exactly the kind of big news that nefarious people will take advantage of to get something installed on your computer that could compromise it. Which could lead to several awful scenarios including your own nude photos being made publicly available.

Automatic Uploads

Turn it off.

Unless you don't mind your photos being backed up on a server you have no control over, turn the automatic upload feature off. Googling 'disable Photo Stream automatic upload' should get you to some resources that will tell you how to do this.

Taking nude photos with a device that can potentially upload it to the internet is bad enough; having it upload automatically is simply not a very good idea.

Two-Factor Authentication

Turn it on.

While we don't have all the details yet on how the pictures got stolen, it's possible that the theft could have been avoided if two-factor authentication was enabled. In cases like these, most of the time it's found that had two-factor authentication been enabled the compromise would not have happened. Two-factor authentication isn't perfect nor the ultimate solution, but it does increase difficulty of a compromise significantly.

Most applications and services you use have two-factor authentication available, use it. Apple and it's iCloud server has it available and it's fairly easy to setup.

Get On Twitter

#ifmyphonegothacked

Hash tags are the best thing since sliced bread and for events like these make the world a little brighter.

Get on Twitter and join in the fun.

This post first appeared on Exploring Information Security.

InfoSec links June 19, 2014

iOS 8 to stymie trackers and marketers with MAC address randomization - Lee Hutchinson - ars technica

The good: MAC address randomization when looking for a WiFi sounds fantastic.

The bad: This looks like a business move, which forces companies to use iBeacon. iBeacon (or as I like to call it, iBacon) is a "location-based service that can be used to track users and issue alerts (or ads) to iOS device." Essentially, it's a business move for Apple.

Why the iOS 'Limit Ad Tracking' setting is more important than ever - Jason D. O'Grady - ZDNet

In my search for more information on MAC address randomization, I discovered the setting in the above link. The setting is believed to add a little more privacy to your iOS devices.

Designers create a Faraday-cage cloak to foil NSA, other spies - Casey Johnston - ars technica

I love this. Not only cause it's privacy clothing, but because I would be a hat and a staff away from looking like a wizard. On a more serious note, this is awesome because it's one step closer to feasible clothing that protects your privacy.

This post first appeared on Exploring Information Security.