Some big names on this list. Better check for
your site!
by Steven Englehardt, Gunes Acar, and Arvind
Narayanan
Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data behind our findings, including a list of 8,000 sites on which we observed session-replay scripts recording user data.
As one case study of these 8,000 sites, we found health conditions and prescription data being exfiltrated from walgreens.com. These are considered Protected Health Information under HIPAA. The number of affected sites is immense; contacting all of them and quantifying the severity of the privacy problems is beyond our means. We encourage you to check out our data release and hold your favorite websites accountable.
Student data exfiltration on Gradescope
As one example, a pair of researchers at UC San Diego read our study and then noticed that Gradescope, a website they used for grading assignments, embeds FullStory, one of the session replay scripts we analyzed. We investigated, and sure enough, we found that student names and emails, student grades, and instructor comments on students were being sent to FullStory’s servers. This is considered Student Data under FERPA (US educational privacy law). Ironically, Princeton’s own Information Security course was also affected. We notified Gradescope of our findings, and they removed FullStory from their website within a few hours.
Read more on Freedom
to Tinker.
wordpress.com
microsoft.com
adobe.com
godaddy.com
skype.com
An opportunity to talk about proper procedures
with my Computer Security students. One accidental button push?
Also, imagine the little fat kid who runs North Korea ordering his
hackers to send these warnings.
Hawaii
missile false alarm triggers shock, blame and apologies
The alert of an incoming ballistic missile was
sent wrongly on Saturday morning by an emergency system worker.
Victims of the ordeal spoke of hysteria and
panicked evacuations.
The false alarm sparked recriminations, with state
officials apologising and President Donald Trump's response called
into question.
It was a mistake by an employee at Hawaii's
Emergency Management Agency (EMA) who "pushed the wrong button"
during procedures that occur during the handover of a shift.
Mobile phone users received the message at 08:07
(18:07 GMT):
"Ballistic
missile threat inbound to Hawaii. Seek immediate shelter. This is
not a drill."
The
alert was corrected by email 18 minutes later but there was no
follow-up mobile text for 38 minutes, the Honolulu Star-Advertiser
reports.
Tools for all my students.
In 2016, a University of Phoenix study revealed
that two out of three U.S. adults were aware that their social media
accounts had been hacked. Furthermore, a majority of adults limit
what personal information they share.
But the hackers keep on coming.
Microsoft is asking the Supreme Court about this…
David Fraser of McInnes Cooper writes:
Whether a provincial court will grant police a
“production order” under the Criminal Code of Canada requiring a
non-Canadian company to produce any of its records has, to date,
depended on the province in which police seek it. Some courts refuse
an order where the company is wholly outside of Canada; some require
an address in Canada for service to grant the order; and others grant
the order, apparently unconcerned about the company’s Canadian
“presence”. That could however change with the B.C. Court of
Appeal’s January 9, 2018, decision in British
Columbia (Attorney General) v. Brecknell. The Court’s decision
that Craigslist is “present” in B.C. and can be subject to a
Criminal Code production order issued from its provincial court might
lead to greater national uniformity – and more exposure to foreign
companies doing only virtual business in Canada:
[Much
more follows. Bob]
Perspective.
John
Sculley: Why AI Is the Tech Trend to Watch in 2018
… “AI is going to be foundational in every
industry. I’m seeing it in fintech, market tech, health tech….
It’s one of those fundamental changes. In the previous industrial
age, it was all about electricity and oil; in
the future [AI is] going to be a commodity that will be deployed in
many, many different ways, and will be something you can just plug
into.”
Perspective.
39 million
Americans now own a smart speaker, report claims
One in six
Americans now own a smart speaker, according to new research out this
week from NPR and Edison Research – a figure that’s up
128 percent from January, 2017. Amazon’s Echo speakers
are still in the lead, the report says, as 11 percent now own an
Amazon Alexa device compared with 4 percent who own a Google Home
product.
Today, 16 percent of Americans own a smart
speaker, or around 39 million people.
Also one of my favorites.
W3Schools -
Your HTML Reference
W3Schools
is my go-to reference for all questions regarding how to write any
aspect of HTML code. In fact, when I was recently asked a question
about writing HTML that I couldn't immediately answer, I turned to
W3Schools.
W3Schools
offers complete tutorials for learning to write HTML, CSS,
Javascript, and PHP. If you're just getting started, work through
the tutorials in sequences. Each tutorial has a little interactive
section where you can test your new knowledge. If you're experienced
and just need a quick reminder or clarification, W3Schools has that
too.
W3Schools
is a great resource for the student who is capable of directing
himself or herself through a sequence of tutorials. W3Schools is not
great for a student who needs a clearly defined "do this now,"
"do this next" type of lesson. For that type of student, I
would recommend trying Thimble
by Mozilla.
Will the US Navy follow suit?
The Royal
Navy updated a famous WWII propaganda poster to warn its sailors
about tweeting
1 comment:
Hey Thanks for sharing this blog it’s very helpful to implement in our work
Regards
Landscape Company In Chandigarh
Post a Comment