eff

(get it in RSS or Atom)

Security must come first! 60 Sec Security [VIDEO]

60ss-video-250

Here's this week's 60 Second Security.

News you can learn from, in just one minute...

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

chet-chat-logo-featured-250

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

Panopticlick reveals the cookie you can't delete

Panopticlick reveals the cookie you can't delete

You know about cookies, and how to delete them, but what if there was a cookie you couldn't delete, and what if the steps you took to guard your privacy made you easier to track? The EFF's Panopticlick tool determines how easy you are to identify based on your web browser's 'fingerprint'.

SoHo routers to get hacker-style scrutiny in return for "awesome" prizes

soho-250

Buy a $50 SoHo router, plug it in, press a couple of buttons.

Bingo! A connected household! What could possibly go wrong?

If history is any guide, quite a lot...

EFF sues NSA over hoarding of zero days

nsa-250

Wouldn't it be nice to know just how, exactly, the spy agency decides whether to silently exploit zero days for snooping purposes while leaving businesses and individuals in the dark with their bellies exposed? The EFF has filed a FOIA lawsuit to help find answers.

SSCC 148 - Cloud privacy policies not related to data security [PODCAST]

sscc-148-250

The Chet Chat comes to you this week from Hanoi, Vietnam with special guest Sean Richmond from Sophos Australia.

This week they tackle the FBI's crackdown on the Blackshades malware, more flaws in Chip-and-PIN, the latest Apple updates, and the EFF's "Who has got your back" report.

Snapchat, AT&T, Amazon = worst privacy protectors says EFF

Snapchat, AT&T, Amazon = worst privacy protectors says EFF

Snapchat makes its debut on the list with the lowest ranking of all when it comes to who's got our backs. The good news is that many companies have made vast strides in criteria including publishing transparency reports about government data requests and fighting for users' data privacy rights both in the courts and in Congress.

Massive FBI facial recognition database raises privacy fears

Facial recognition. Image courtesy of Shutterstock.

The FBI is building a massive facial recognition database that could contain as many as 52 million images by 2015, including 4.3 million non-criminal images, according to information obtained by the EFF via a freedom of information request.

Google accidentally improves Android privacy, just for a moment

Google accidentally improves Android privacy, just for a moment

App Ops Launcher, a hidden feature that allowed Android users to deny selected permissions to apps, was an experiment that was never supposed to be released and that could break apps instead of just policing them, Google said.

AT&T hacker and internet troll 'Weev' appeals 41-month prison sentence

AT&T hacker/Internet troll 'Weev' appeals 41-month prison sentence

The EFF has filed an appeal seeking to free the hacker and self-described internet troll, who exploited a hole in AT&T's publicly facing website to siphon the personal data of more than 100,000 iPad owners.

ACLU: Cops should have a tougher time sucking up 7 months of mobile phone data

ACLU: Cops should have a tougher time sucking up 7 months of mobile phone data

The ACLU joined other legal activist groups to file a brief in what they call a potentially pivotal case in determining whether the government needs a warrant to track our mobile phones.

Ridiculously redacted interpretation of FISA snooping law released

Ridiculously redacted interpretation of FISA snooping law released

US privacy organization EFF invites you to click on thumbnails of the summaries it managed to pry out of the government, but let's save your finger muscles the workout with this summaries summary: ------------------------------.

Ubuntu pipes search queries to Amazon, worrying privacy experts

Ubuntu pipes search results to Amazon

Revolution OS - or adware? An update to the popular Ubuntu Linux distribution will pass searches through Amazon.com's search engine. Now the Electronic Frontier Foundation calls that move a "major privacy problem."

$20 million is not enough! How much should Facebook pay for settling sponsored stories dispute?

thumb word cloud_thumb

A judge has rejected Facebook’s settlement offer of $10 million for lawyers and $10 million for privacy groups in a privacy lawsuit over the use of users’ names and faces in "Sponsored Stories" ads.

Google to demote websites with pirated content

Google logo

Google has announced changes to its search algorithms, pushing down websites with several copyright take-down requests from the prime position in search results. Not everyone thinks this is a good idea.

Megaupload users who want their data have to pay (or sue), feds say

megaupload_thumb

It's not looking good for those Megaupload users who want their files returned, unless they want to pay, or sue, to get it back.

CISPA debate rages on in the US, what's all the fuss about?

CISPA debate rages on in the US, what's all the fuss about?

A new law being debated in the US is causing concern among privacy advocates. The law is designed to encourage information sharing to thwart cybercrime, yet even the White House is expressing concerns over the privacy implications of the bill.

Canadian resident sentenced to death for writing a computer program

Saeed Malekpour with wife

A Canadian resident has been sentenced to death in Iran for offending the faith, after his computer program was used without his knowledge to upload pornography.

Can you be forced by law to decrypt your computer? US v. Fricosu court case rages on

Passwords screenshot

Ramona Fricosu, accused of committing financial fraud, is currently in a court battle fighting to keep her encrypted data private. The prosecution say that if the government fail to demand data decryption, it will harm public interests. This article looks at the arguments for both sides and asks whether this would be possible under UK law.

Google and EFF propose improvements to HTTPS as GlobalSign releases CA breach report

GlobalSign gives itself clean bill of health after Iranian hacker's braggadocio

GlobalSign released their report on security incident the certificate authority suffered earlier this year. They're clean, but that doesn't take the spotlight off of the need for a fix to the SSL certificate trust system that is in place.