Rina Steenkamp - Privacy and technology
[McAfee Threats report - second quarter 2011 | Flash cookies and privacy II - Now with HTML5 and ETag respawning | Trends in circumventing web-malware detection | A policy maker's dilemma - Preventing terrorism or preventing blame | Protecting information privacy | The PII problem - Privacy and a new concept of personally identifiable information | Why Net censorship in times of political unrest results in more violent uprisings - a social simulation experiment on the UK riots | Attitudes on data protection and electronic identity in the European Union | Mobile app security study - appWatchdog findings | Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade | A taxonomy of operational cyber security risks | ICT professional societies in Europe | Science fiction prototyping and security education - cultivating contextual and sociatal thinking in computer security education and beyond | The National Programme for IT in the NHS - an update on the delivery of detailed care records systems | Revealed - Operation shady RAT | A security analysis of next generation web standards | Security threat report - Mid-year 2011 | Wireless evolution | Social media - Federal agencies need policies and procedures for managing and protecting information they access and disseminate]
A report by McAfee Labs.
From the introduction to the report:
"The threat landscape of 2011 is undergoing a year of chaos and change. We see chaos in the major challenges that hacktivist groups such as LulzSec and Anonymous pose, and change in the shifts in new malware classes and targeted devices. [...] The second quarter of the year was clearly a period of chaos, changes, and new challenges."
McAfee Labs: McAfee Threats report - second quarter 2011 (PDF)
[Open link in this window | Open link in new window]
VentureBeat: McAfee says criminal hackers will sell a million email addresses for $25
[Open link in this window | Open link in new window]
Techmeme
[Open link in this window | Open link in new window]
A paper by Mika Ayenson, Dietrich James Wambach, Ashkan Soltani, Nathan Good and Chris Jay Hoofnagle.
From the Abstract:
"In August 2009, we demonstrated that popular websites were using “Flash cookies” to track users. Some advertisers had adopted this technology because it allowed persistent tracking even where users had taken steps to avoid web profiling. We also demonstrated “respawning” on top sites with Flash technology. This allowed sites to reinstantiate HTTP cookies deleted by a user, making tracking more resistant to users’ privacy-seeking behaviors. In this followup study, we reassess the Flash cookies landscape and examine a new tracking vector, HTML5 local storage and Cache-Cookies via ETags."
Mika Ayenson, Dietrich James Wambach, Ashkan Soltani, Nathan Good and Chris Jay Hoofnagle: Flash cookies and privacy II - Now with HTML5 and ETag respawning (SSRN)
[Open link in this window | Open link in new window]
NetKwesties: Supercookies slopen het laatste beetje gebruikerscontrole
[Open link in this window | Open link in new window]
A paper by Moheeb Abu Rajab, Lucas Ballard, Nav Jagpal, Panayiotis Mavrommatis, Daisuke Nojiri, Niels Provos and Ludwig Schmidt.
From the Abstract:
"We analyze data collected over a four year period and study the most popular practices that challenge four of the most prevalent web-malware detection systems: Virtual Machine client honeypots, Browser Emulator client honeypots, Classification based on domain reputation, and Anti-Virus engines. Our results show that none of these systems are effective in isolation. In addition to describing specific methods that malicious web sites employ to evade detection, we study trends over time to measure the prevalence of evasion at scale. Our results indicate that exploit delivery mechanisms are becoming increasingly complex and evasive."
Moheeb Abu Rajab, Lucas Ballard, Nav Jagpal, Panayiotis Mavrommatis, Daisuke Nojiri, Niels Provos and Ludwig Schmidt: Trends in circumventing web-malware detection (PDF)
[Open link in this window | Open link in new window]
Security.nl: Google - Drive-by download gevaarlijkste online dreiging
[Open link in this window | Open link in new window]
A paper by A. Peter McGraw, Alexander Todorov and Howard Kunreuther.
Abstract:
"Although anti-terrorism policy should be based on a normative treatment of risk that incorporates likelihoods of attack, policy makers’ anti-terror decisions may be influenced by the blame they expect from failing to prevent attacks. We show that people’s anti-terror budget priorities before a perceived attack and blame judgments after a perceived attack are associated with the attack’s severity and how upsetting it is but largely independent of its likelihood. We also show that anti-terror budget priorities are influenced by directly highlighting the likelihood of the attack, but because of outcome biases, highlighting the attack’s prior likelihood has no influence on judgments of blame, severity, or emotion after an attack is perceived to have occurred. Thus, because of accountability effects, we propose policy makers face a dilemma: prevent terrorism using normative methods that incorporate the likelihood of attack or prevent blame by preventing terrorist attacks the public find most blameworthy."
A. Peter McGraw, Alexander Todorov and Howard Kunreuther: A policy maker's dilemma - Preventing terrorism or preventing blame (PDF)
[Open link in this window | Open link in new window]
Schneier on Security: The dilemma of counterterrorism policy
[Open link in this window | Open link in new window]
More at... [11/08/25 (NL/01)]
Equality and Human Rights Commission, Research report 69, by Charles Raab and Benjamin Goold.
'Overall finding' from the Executive summary:
"The central finding of this report is that the existing approach to the protection of information privacy in the UK is fundamentally flawed, and that there is a pressing need for widespread legislative reform in order to ensure that the rights contained in Article 8 [of the European Convention on Human Rights] are respected. The report argues for the establishment of a number of key 'privacy principles' that can be used to guide future legal reforms and the development of sector-specific regulation."
Charles Raab and Benjamin Goold: Protecting information privacy (PDF)
[Open link in this window | Open link in new window]
HawkTalk: Make Government beholden to privacy principles says Human Rights report
[Open link in this window | Open link in new window]
The Register: Rights Commish warns of creeping gov data menace
[Open link in this window | Open link in new window]
A paper by Paul M. Schwartz and Daniel J. Solove.
From the Abstract:
"In this Article, Professors Paul Schwartz and Daniel Solove argue that although the current approaches to PII are flawed, the concept of PII should not be abandoned. They develop a new approach called 'PII 2.0,' which accounts for PII’s malleability. Based upon a standard rather than a rule, PII 2.0 is based upon a continuum of risk of identification. PII 2.0 regulates information that relates to either an 'identified' or 'identifiable' individual, and it establishes different requirements for each category. To illustrate their theory, Schwartz and Solove use the example of regulating behavioral marketing to adults and children. They show how existing approaches to PII impede the effective regulation of behavioral marketing and how PII 2.0 would resolve these problems."
Paul M. Schwartz and Daniel J. Solove: The PII problem - Privacy and a new concept of personally identifiable information (SSRN)
[Open link in this window | Open link in new window]
Concurring Opinions: Rethinking the concept of "personally identifiable information" (PII)
[Open link in this window | Open link in new window]
A paper by Antonio A. Casilli and Paola Tubaro.
From the abstract:
"Following the 2011 wave of political unrest, going from the Arab Spring to UK riots, the formation of a large consensus around Internet censorship is underway. Beyond all political consideration of consequences in terms of freedom of expression, the present paper adopts a social simulation approach to show that the decision to 'regulate' or restrict social media in situations of civil unrest results in higher levels of violence."
Antonio A. Casilli and Paola Tubaro: Why Net censorship in times of political unrest results in more violent uprisings - a social simulation experiment on the UK riots (SSRN)
[Open link in this window | Open link in new window]
Techdirt: New research - internet censorship to stop protests... actually increases protests
[Open link in this window | Open link in new window]
Special Eurobarometer 359 by the European Commission.
From the Executive Summary:
"This report presents the results of the largest survey ever conducted regarding citizen’s behaviours and attitudes concerning identity management, data protection and privacy. It represents the attitudes and behaviours of Europeans on this subject."
European Commission: Attitudes on data protection and electronic identity in the European Union (PDF)
[Open link in this window | Open link in new window]
European Commission: Public opinion
[Open link in this window | Open link in new window]
BoF: Europees privacyonderzoek - Nederlanders slecht geďnformeerd
[Open link in this window | Open link in new window]
Security.nl: 69% Nederlanders vindt vingerafdruk persoonlijk
[Open link in this window | Open link in new window]
More at... [11/08/18 (NL/01)]
More at... [11/08/18 (NL/02)]
More at... [11/08/18 (NL/03)]
Sensitive user data stored on Android and iPhone devices, July 2011, by Via Forensics.
ViaForensics: Mobile app security study - appWatchdog findings
[Open link in this window | Open link in new window]
Wired Threat Level: Survey finds smartphone apps store too much personal data
[Open link in this window | Open link in new window]
A paper by Nektarios Leontiadis, Tyler Moore and Nicolas Christin.
Nektarios Leontiadis, Tyler Moore and Nicolas Christin: Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade (PDF)
[Open link in this window | Open link in new window]
Light Blue Touchpaper: Measuring search-redirection attacks in the illicit online prescription drug trade
[Open link in this window | Open link in new window]
A Software Engineering Institute publication by James J. Cebula and Lisa R. Young.
James J. Cebula and Lisa R. Young: A taxonomy of operational cyber security risks (PDF)
[Open link in this window | Open link in new window]
Schneier on Security: "Taxonomy of operational cyber security risks"
[Open link in this window | Open link in new window]
A report by the European Commission / Apintech.
European Commission / Apintech: ICT professional societies in Europe (PDF)
[Open link in this window | Open link in new window]
ICT professional societies in Europe
[Open link in this window | Open link in new window]
European Commission: Role and impact of professional and scientific societies in ICT research, education and innovation
[Open link in this window | Open link in new window]
A paper by Tadayoshi Kohno and Brian David Johnson.
Tadayoshi Kohno and Brian David Johnson: Science fiction prototyping and security education - cultivating contextual and sociatal thinking in computer security education and beyond (PDF)
[Open link in this window | Open link in new window]
Schneier on Security: Using science fiction to teach computer security
[Open link in this window | Open link in new window]
More at... [11/08/11 (NL/01)]
More at... [11/08/11 (NL/02)]
A report by the UK House of Commons Public Accounts Committee.
Public Accounts Committee: The National Programme for IT in the NHS - an update on the delivery of detailed care records systems
[Open link in this window | Open link in new window]
The Guardian: NHS database - digital disaster
[Open link in this window | Open link in new window]
A white paper by Dmitri Alperovitch (McAfee).
Dmitri Alperovitch (McAfee): Revealed - Operation shady RAT (PDF)
[Open link in this window | Open link in new window]
AG: Ruim 70 organisaties gehackt in operatie 'Shady Rat'
[Open link in this window | Open link in new window]
Security.nl: "China achter grootste hackaanval ooit"
[Open link in this window | Open link in new window]
The Register: State-sponsored 5-year global cyberattack uncovered
[Open link in this window | Open link in new window]
Naked Security: Shady RAT - The biggest ever cyber-attack?
[Open link in this window | Open link in new window]
McAfee Blog Central: Revealed - Operation Shady RAT
[Open link in this window | Open link in new window]
NYT: Security firm sees global cyberspying
[Open link in this window | Open link in new window]
The Guardian: Cyber-hacking - prolonged series of attacks by one country uncovered
[Open link in this window | Open link in new window]
Washington Post: Report on 'Operation shady RAT' identifies widespread cyber-spying
[Open link in this window | Open link in new window]
Tweakers.net: McAfee - China voert al vijf jaar grote hackaanval uit
[Open link in this window | Open link in new window]
A report by ENISA.
ENISA: A security analysis of next generation web standards (PDF)
[Open link in this window | Open link in new window]
WebWereld: Europa waarschuwt voor onveilig HTML5
[Open link in this window | Open link in new window]
Security.nl: Europese beveiliger waarschuwt voor HTML5
[Open link in this window | Open link in new window]
ENISA: Web security - EU cyber-sefurity Agency ENISA flags security fixes for new web standards/HTML5
[Open link in this window | Open link in new window]
A report by Sophos.
Sophos: Security threat report - Mid-year 2011 (PDF)
[Open link in this window | Open link in new window]
Naked Security: Sophos security threat report update reveals 2011's top threats so far
[Open link in this window | Open link in new window]
A report by Sophos.
Sophos: Security threat report - Mid-year 2011 (PDF)
[Open link in this window | Open link in new window]
Naked Security: Sophos security threat report update reveals 2011's top threats so far
[Open link in this window | Open link in new window]
A report by the FBI.
FBI: Wireless evolution (PDF)
[Open link in this window | Open link in new window]
FAS: Wireless evolution and challenges to law enforcement
[Open link in this window | Open link in new window]
Wired Threat Level: Document - FBI surveillance geeks fear, love new gadgets
[Open link in this window | Open link in new window]
NetworkWorld Ms. Smith: FBI eyeing Microsoft technologies to assist law enforcement
[Open link in this window | Open link in new window]
A report by the U.S. Government Accountability Office.
U.S. Government Accountability Office: Social media - Federal agencies need policies and procedures for managing and protecting information they access and disseminate (PDF)
[Open link in this window | Open link in new window]
Epic.org: Government Accountability Office - Agencies must improve social networking privacy, security
[Open link in this window | Open link in new window]
More at... [11/08/05 (NL/01)]
More at... [11/08/05 (NL/02)]