Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: E-Mail

It’s Scary How Much Personal Data People Leave on Used Laptops and Phones

Gizmodo: “A recent experiment by Josh Frantz, a senior security consultant at Rapid7, suggests that users are taking few if any steps to protect their private information before releasing their used devices back out into the wild. For around six months, he collected used desktop, hard disks, cellphones and more from pawn shops near his home in Wisconsin. It turned out they contain a wealth of private data belonging to their former owners, including a ton of personally identifiable information (PII)—the bread and butter of identity theft.

Frantz amassed a respectable stockpile of refurbished, donated, and used hardware: 41 desktops and laptops, 27 pieces of removable media (memory cards and flash drives), 11 hard disks, and six cellphones. The total cost of the experiment was a lot less than you’d imagine. “I visited a total of 31 businesses and bought whatever I could get my hands on for a grand total of around $600,” he said.

Frantz used a Python-based optical character recognition (OCR) tool to scan for Social Security numbers, dates of birth, credit card information, and other sensitive data. And the result was, as you might expect, not good.

The pile of junk turned out to contain 41 Social Security numbers, 50 dates of birth, 611 email accounts, 19 credit card numbers, two passport numbers, and six driver’s license numbers. Additionally, more than 200,000 images were contained on the devices and over 3,400 documents. He also extracted nearly 150,000 emails…”

Google user data collection is extensive, massive and lucrative

Google Data Collection, Professor Douglas C. Schmidt, Vanderbilt University August 15, 2018: “Google is the world’s largest digital advertising company.1It also provides the #1 web browser, the #1 mobile platform,3and the #1 search engine4worldwide. Google’s video platform, email service, and map application have over 1 billion monthly active users each.5Google utilizes the tremendous reach of… Continue Reading

Pwned Passwords

“Pwned Passwords are 551,509,767 real world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they’re at much greater risk of being used to take over other accounts. They’re searchable online below as well as being downloadable for use in other online systems. Read more about how HIBP protects… Continue Reading

National Archives Releases New Batch of Kavanaugh Records

Via EPIC – “In response to EPIC’s Freedom of Information Act lawsuit, the National Archives has just released thousands of records about Justice Kavanaugh work in the White House Counsel’s office after 9-11. The records include e-mails from 2002-2003, briefings, meeting memos, and correspondence, and office files about anti-terrorism legislation and access to presidential records.… Continue Reading

Google Quiz – Can you spot when you’re being phished?

Fortune: “…Google has a new phishing quiz you can take to test how well you can recognize malicious emails. Released by Jigsaw, a subsidiary of Google parent company Alphabet Inc., the quiz displays several samples of common phishing techniques, such as using an hyperlink with a domain name that was disguised to look like a… Continue Reading

Internet Privacy – Additional Federal Authority Could Enhance Consumer Protection and Provide Flexibility

Internet Privacy: Additional Federal Authority Could Enhance Consumer Protection and Provide Flexibility GAO-19-52: Published: Jan 15, 2019. Publicly Released: Feb 13, 2019. “In April 2018, Facebook said that up to 87 million users’ personal data may have been improperly disclosed. This was one of many recent Internet privacy incidents. We found that there is no… Continue Reading

Study – Password Managers: Under the Hood of Secrets Management

Independent Security Evaluators: “Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine… Continue Reading

Consumer privacy concerns as Amazon buys Eero net routers

Consumer Reports: “Amazon’s agreement to buy the wireless router manufacturer Eero could make it easier for homeowners to manage a wide array of wireless devices, like smart thermostats and video doorbells, according to analysts and Consumer Reports’ in-house experts. But some of them expressed concern over how often high-profile startups get bought by the tech… Continue Reading

Want to Really Block the Tech Giants? Here’s How

Gizmodo: “Amazon, Facebook, Google, Microsoft, and Apple move more money than many medium-sized nations. Their extraordinary profits are won through extraordinary reach—this is not a secret. That a few companies are afforded unprecedented and shamefully unregulated access into our homes is now an unremarkable fact of living with tiny computers everywhere. When Gizmodo reporter Kashmir… Continue Reading

Study – Open-Plan Offices Are Now the Dumbest Management Fad of All Time

Inc.com – A new study from Harvard reveals that open-plan offices decrease rather than increase face-to-face collaboration: “Over the decades, a lot of really stupid management fads have come and gone, including: Six Sigma, where employees wear different colored belts (like in karate) to show they’ve been trained in the methodology. Stack Ranking, where employees… Continue Reading

Scammer groups are exploiting Gmail ‘dot accounts’ for online fraud

ZDNet: “Cyber-criminal groups are exploiting a Gmail feature to file for fraudulent unemployment benefits, file fake tax returns, and bypass trial periods for online services. The trick is an old one and has been used in the past. It refers to Gmail’s “dot accounts,” a feature of Gmail addresses that ignores dot characters inside Gmail… Continue Reading

Hackers Are Passing Around a Megaleak of 2.2 Billion Records

Wired: “When hackers breached companies like Dropbox and LinkedIn in recent years—stealing 71 million and 117 million passwords, respectively—they at least had the decency to exploit those stolen credentials in secret, or sell them for thousands of dollars on the dark web. Now, it seems, someone has cobbled together those breached databases and many more… Continue Reading