Search the Community
Showing results for tags 'data compromise'.
Found 1 result
Who Do You Trust Vs. Who Should You Trust
LSW posted a topic in CybersecurityI cannot help with the first, but the second I can… Nobody. This is called the “Zero Trust Model” That said, it is not always possible. But here is the issue, unless you are new here, you trust KillerSites. But under the zero-trust model you should not. Is Steff going to steal your data or sell it? No. He may even say that somewhere here. But will he going to jail for you? What if law enforcement walks in with a warrant? This is just one issue to be considered. If you use a VPN (Virtual Private Network) for privacy, are they really private? How do you know? Even if they say they do not log you, they may be lying. Or they may start logging users next year, or they may be forced to log users by law enforcement or new laws later. How can you trust people you don’t know, how do you know what they claim is true and how to know what they claim today may change tomorrow by choice or force? Just look at these headlines as examples: Equifax Hack Exposes Personal Info of 143 Million US Consumers Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach You should be able to trust Equifax, but clearly you can’t because they failed to keep up to date Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server You should be able to trust Viacom, luckily it was not customer info, but hackers could use this data to trick you into entering incorrect sites US Defense Contractor left Sensitive Files on Amazon Server Without Password Passwords For 540,000 Car Tracking Devices Leaked Online Database of Over 198 Million U.S. Voters Left Exposed On Unsecured Server Smart Vacuum Cleaners Making Map Of Your Home — And Wants to Sell It Sweden Accidentally Leaks Personal Details of Nearly All Citizens You Had One Job, Lenovo Hotspot Shield accused of snooping on its users’ VPN usage In the end, you have to trust, I realize that. You have to trust your bank (but don’t forget Well Fargo’s headlines of late), you have to trust your ISP (you really should not) unless you use a VPN that you then need to trust. Just tell yourself that you may have to trust them, but not blindly trust them. Be informed, investigate them and if you see something you don’t like, leave. All companies are out for profit, not you. They sell your data for profit, then track you so they can send you targeted advertisements from partner companies paying them to do so (Yea, you Google). Freeware is not free, your personal data is the price you pay. They collect it and sell it further and all you have to show for it is a silly game. If you want privacy of your personal data, pay for services. Do not let companies track you. Protect your personal data because it may not seem important to you but someone out there is selling and buying it and studying it. This is a link to a list of big companies and their policies for personal information and government requests by the non-profit Electronic Frontier Foundation: Who Has Your Back? Government Data Requests 2015 Finally, please notice I have tried to get a few examples of trust not warranted. The vacuum cleaner will sell your info where, Equifax, Viacom, and the contractor are just doing stupid stuff. So whether it is a blatant money grab, incompetence or even government pressure, your data is still compromised, so just remember the governments own Axim, “Need to know”. Does that app or web site really need to know or just want to know that? Does that app need that access to your phone or can you live without that app? But as I have said, I am in the security business now and it is my job to be paranoid for you. There are good people out there too. Killersites and Steff are one in my opinion and I write this to help you be more secure for free. I don’t even have my own business doing this for a living. I would like to introduce you to one last person and headline. If you have never heard the name Ladar Levison, it is a shame. He was the founder of a secure email company named “Lavabit” who closed his successful company rather than give up user’s information to the US Government. This was the company used by Edward Snowden. Regardless of your position on Snowden, I personally have to admire a man like Levison who shuts down his company rather than sell out what he believes in, our right to privacy. How the Government Killed a Secure E-mail Company.