Privacy

A new survey of cyber security professionals from information management company Nuix shows that businesses are placing greater emphasis on insider threats.

The report reveals that 71 percent of respondents report that they have an insider threat program or policy, and 14 percent say that they allocate 40 percent or more of their budget to insider threats.

The demise of Flash has been long, lingering, and painful -- and highly over due in many people's books. There has been a spate of high profile ditchings of Flash recently: Speedtest.net, Twitch, Chrome and Netflix to name but a few. Now Facebook has thrown its hat in the ring switching to HTML5 video.

This is a move that is browser-agnostic, and means that every single video you see on the social network will default to HTML5. While many will see this as a cause for celebration, the change does not completely spell the death of Flash -- it will continue to be used on Facebook for many games.

You might think that talking about Facebook and privacy in the same breath is a little odd. The two just don’t go hand in hand, surely? Trying to use Facebook whilst maintaining your privacy is an exercise in futility, right? Well, yes, it’s certainly true that hitting a social network is not the thing to do if you want to fly under the radar, but many people do not realize just how easy it is to unwittingly hand over reams of personal information to companies and persons unknown.

While a majority of users are aware that anything they post -- essentially -- becomes Facebook's property, and can be exploited in a variety of ways. Anything shared to the social network can be used to dig up an ever-more accurate picture of who you are, where you are, what you do, what you like, and who you know. Quizzes, personality tests, friend comparisons, and year in review apps, however, are blackholes for personal data -- and the huge range of apps from Meaww have been singled out as being a major cause for concern.

We are living in a post NSA-world (and I am a post-NSA girl...) and privacy is in the public consciousness more than ever before. After the government surveillance revelations that came courtesy of Eddy Snowden, most tech companies have been trying to stress to customers and clients just how willing they are to stand up for privacy.

But not BlackBerry. Company CEO John Chen has used a blog post to lash out at his contemporaries for supporting strong encryption. He makes a thinly-veiled reference to Apple, accusing that an unwillingness to comply with law enforcement requests put us all in a "dark place". Chen says that "our privacy commitment does not extend to criminals", seemingly failing to recognize that privacy is very much an all-or-nothing concept.

There is roughly 685TB of private data from MongoDB instances sitting online, without any protection, researchers have uncovered.

Following the recent discovery by security researcher Chris Vickery, who saw the data of more than 13 million MacKeeper users exposed, another researcher ventured even deeper and found even more unprotected data.

For the religiously-inclined the appeal of installing an electronic bible on a phone is (somewhat) understandable. But as well as providing a biblical fix when out and about, apps of a religious bent could also harbor a worrying payload.

The Threat Insight team from Proofpoint looked at thousands of iOS and Android apps, and found that a disturbing percentage of seemingly innocent apps pose a threat to users. Apps were found to include secret tracking components, as well as data-stealing elements and the ability to make unauthorized calls. The figures make for frightening reading.

Ad-blocking tools are more popular than ever before, and this spells potential disaster for anyone who relies on ad revenue from their web site. Previously something only available to desktop users, the widespread hatred of ads saw the tools spreading even to iOS.

A while back Adblock Plus revealed that its Acceptable Ads program -- which gives users the options of permitting the display of certain non-intrusive ads -- would be independently overseen. Today we not only learn about the latest updates to the program criteria, but also how monetizing is possible.

Microsoft managed to irritate a lot of people with its heavy-handed pushing of Windows 10, and now Apple has taken a leaf out of the company's book. December may be the time when many people think about getting a new phone -- and Apple is likely to fare very well out of upgrades -- but some iPhone owners have been upset by the appearance of spam in the App Store.

We're not talking about a mass mail-out inviting people to upgrade to the latest iPhone, but ugly, unsolicited popup ads used to push Apple's mobile. Describing the iPhone 6s as 'ridiculously powerful' the ads have been seen by those running iOS 9.1 and 9.2. It's something that could be dismissed, but spamming is unchartered waters for Apple.

Just a few days ago, we heard about the potential for the web-enabled Hello Barbie to provide hackers with personal data. Numerous vulnerabilities open up the potential for data to be stolen, but this could be the start of a worrying trend. If you thought the surveillance activities of the NSA and GCHQ are disturbing, things could be about to get much worse.

There is a movement underway that sees every conceivable device being transformed into a connected device. This is more than just the Internet of Things -- security experts are warning that not only could any devices connected to the internet (including web-enabled toys) could be used to spy on users, placing children at risk.

There’s a lot of talk about encryption these days. Often the issue arises when moving data to the cloud, using solutions like Dropbox or Box. We start to wonder if our information will be safe if it’s no longer stored locally on computers in our offices. We are confident that Dropbox and Box store everything in a secure way -- we have little reason to believe that they don’t, right?

Next, we think, "OK, what happens when information leaves or enters the cloud? Is our communication safe? Maybe that information should be encrypted, too". Actually, there’s no question about it. Data should be encrypted when it moves in and out of a network and when it’s stored in the cloud.

When the Eagles released "Hotel California" in 1977, they were singing about drugs and the grip that addiction can hold over people. "We are all just prisoners here of our own device" is a stark reminder of how our own actions can end up trapping us, from which "we can never leave". But in the 21st century, these lyrics have taken on a new meaning. Look around any crowded place nowadays and it’s quite clear that many of us have become prisoners of literally our own devices -- smartphones, tablets, laptops, anything and everything with an Internet connection. Our lifestyles practically require us to always be on and connected to everyone else.

The Internet is our digital drug, and while it has proven immensely useful as a communications utility and public good, it has also enabled a select handful of powerful companies to take advantage of that need by monopolizing the Internet and segmenting it -- and us with it -- into silos under their control.

It can be hard enough to avoid advertising online, and Mozilla has been experimenting with yet another way to pull in money. The Tiles experiment has been running for a few months and saw ads brought to the Firefox homepage via, funnily enough, tiles.

The company has decided that the experiment is a failure, and now wants to shift its focus to delivering "relevant, exciting and engaging" content to users instead. Mozilla has been scrambling to find way to make its browser bring in the pennies, but admits that "advertising in Firefox [...] isn't the right business for us at this time".

It seems oddly fitting that this week -- a week scarred by the bizarre and violent mass murder in San Bernardino -- that I received a LinkedIn invitation to connect with someone who listed this as their job description:

Install, maintain, and repair GPS, Wi-Fi, and security camera systems on tour buses. In 2010, working with grant money from Homeland Security, I installed security systems on a fleet of tour buses and I have been maintaining those systems since then. In 2011, I helped install multi-language listening systems on tour buses and have been the lead maintenance technician. Currently, I am project manager for upgrading a fleet of 50 tour buses with new GPS systems using Homeland Security grant monies. This requires coordinating with engineers of service providers to solve unusual, complex problems.

Personal details of hundreds of thousands of JD Wetherspoon customers have been accessed and leaked following a hack of its database. The cyber attack affects more than 650,000 customers, the UK pub chain has announced.

The leaked data includes names, birth dates and email addresses, as well as the partial credit and debit card details of some customers who bought gift vouchers. Although the attack occurred back in June, JD Wetherspoon has only just gone public about it.

Hot on the heels of last Friday's news of the potential of the Wi-Fi enabled Hello Barbie doll to be hacked, new research has uncovered security issues with the mobile app associated with the doll and with its connections to cloud servers.

Application security specialist Bluebox working with independent researcher Andrew Hay has revealed that the app can be modified to reveal confidential information including passwords.