Cyber Privacy & Security News of the Week: It’s Black Hat Season
With the Black Hat USA going on, cars being hijacked and countries spying on each other, the first week of August has been all about zero day hacks and growing concerns about personal and national privacy.
What does the New Do-Not-Track Standard Mean?
The Electronic Frontier Foundation (EFF), privacy company Disconnect and a coalition of Internet companies have announced a stronger “Do Not Track” (DNT) standard – a policy meant to protect Internet users from data tracking and loging.
But what does it really mean? Track and log data but not retarget in advertising purposes? EFF explains all the details about how the new standard works.
With websites like medium.com having already adopted the new standard, the question remains which – if any – other big players will follow.
Black Hat Season, Zero Days Vulnerabilities, and New Malvertising Campaigns
It seems that every day we find out about new ways of spying and hacking, especially on Black Hat Season. This week the controversy was all about the types of malware that broadcast your private life through the lens of your webcam without you even noticing.
Meanwhile, a group of US researchers demonstrated how simple it is to hack computers, printers and other devices by simply picking up sound waves with a radio antenna.
Even your phone’s battery can compromise your privacy. All it takes is a Battery Status API that lets websites check your battery level with such precision that it allows them to track you in short time intervals.
Car hacking took focus this month. After several stories about hackers making their way into cars’ software, Tesla announced a security update to its Model S car. The reason – six flaws that allowed security researchers to hijack it.
The end of July brought a massive malvertising campaign targeting Yahoo’s 7 billion monthly visitors. Infosecurity Magazine reported more on the subject, citing security researchers that explain how malicious ads work.
International spying and censorship
Wikileaks revealed this week information about how the NSA spied on 35 top Japanese officials and companie, passing the intelligence to Australia, New Zealand, Canada and the UK. Wikileaks even published a list of Washington’s targets, including Japan’s Central Bank, Finance Ministry and companies such as Mitsubishi and Mitsui.
Later this week NBC cited sources stating that Russia launched a “sophisticated cyberattack” against the Pentagon’s Joint Staff unclassified email system, which has been shut down and taken offline for nearly two weeks. According to the officials, the “sophisticated cyber intrusion” occurred sometime around July 25 and affected some 4,000 military and civilian personnel who work for the Joint Chiefs of Staff.
India has been under the media spotlight this week after its government announced a ban on more than 800 adult content websites. Less than a week from this announcement, the Government partially lifted the restriction, following widespread outcry. The ban has been limited only to sites that contain child pornography.
Is protection from cyber attacks just an excuse for more censorship in China? The country wants to plant internet police in top online firms, raising concerns about the government control over the Internet. Already, websites based in China have to respect strict censorship measurements and very often delete comments considered offensive by the government.
Not even VPNs are what they seem to be in China. Security experts at RSA Research say they’ve identified an archipelago of Chinese-language virtual private network (VPN) services marketed to Chinese online gamers and those wishing to evade censorship, but which also appear to be used as an active platform for launching attacks on non-Chinese corporations while obscuring the origins of the attackers.