dcsimg

Consumers have few legal options for protecting privacy

There are no promises in the words, “We care about user privacy.” Yet, these words appear on privacy policy after privacy policy, serving as disingenuous banners to hide potentially invasive corporate practices, including clandestine data collection, sharing, and selling. This is no accident. It is a strategy. In the US, companies that break their own privacy policies can—and do—face … [Read more...]

What is personal information? In legal terms, it depends

In early March, cybersecurity professionals around the world filled the San Francisco Moscone Convention Center’s sprawling exhibition halls to discuss and learn about everything infosec, from public key encryption to incident response, and from machine learning to domestic abuse. It was RSA Conference 2019, and Malwarebytes showed up to attend and present. Our Wednesday afternoon session—“One … [Read more...]

The global data privacy roadmap: a question of risk

For most American businesses, complying with US data privacy laws follows a somewhat linear, albeit lengthy, path. Set up a privacy policy, don’t lie to the consumer, and check the specific rules if you’re a health care provider, video streaming company, or kids’ app maker. For American businesses that want to expand to a new market, though, complying with global data privacy laws is more akin to … [Read more...]

GDPR Overview: Complying with EU Laws for Personal Data

With the EU’s General Data Protection Regulation (GDPR) now in effect, GDPR preparedness should be top of mind for businesses everywhere, not just those based in the European Union (EU). This guide will take you through the basics of GDPR, including the seven principles that drive regulation and enforcement. … [Read more...]

US Congress proposes comprehensive federal data privacy legislation—finally

The United States might be the only country of its size—both in economy and population—to lack a comprehensive data privacy law protecting its citizens’ online lives. That could change this year. Never-ending cybersecurity breaches, recently-enacted international privacy laws, public outrage, and crisis after crisis from the world’s largest social media company have pushed US Senators and … [Read more...]

Location data leaks from family tracking app database

An app called Family Locator, which allows family members to keep track of one another recently experienced an exposed database issue of the worst kind. Specifically: the MongoDB database was left exposed with no password, like so many other recent infosec tales of woe. The end result is the location of about 280,000 users leaking in real time. For a location tracking app that also includes … [Read more...]

Facebook’s plain text misstep, and other password sins

Two days after an article by Brian Krebs disclosed that hundreds of millions of Facebook account passwords had been stored in plain text for years, Facebook released a statement indicating they hash and salt passwords, more or less in accordance with industry best practice. Plain text storage of credentials is a fairly egregious security misstep, but there’s a variety of other ways … [Read more...]

A week in security (March 18 – 24)

Last week on Malwarebytes Labs, we touched on the susceptibility of hospitals against phishing attacks, password reuse, the risk of interactive TV shows to side-channel attacks, and Facebook’s new and out-of-character plan to promote privacy in the platform. Other cybersecurity news A study highlighted that 20 percent of Americans do not trust anyone with the protection of their data, … [Read more...]

Researchers go hunting for Netflix’s Bandersnatch

A new research paper from the Indian Institute of Technology Madras explains how popular Netflix interactive show Bandersnatch could fall victim to a side-channel attack. In 2016, Netflix began adding TLS (Transport Layer Security) to their video content to ensure strangers couldn’t eavesdrop on viewer habits. Essentially, now the videos on Netflix are hidden away behind HTTPS—encrypted and … [Read more...]

Facebook’s history betrays its privacy pivot

Facebook CEO Mark Zuckerberg proposed a radical pivot for his company this month: it would start caring—really—about privacy, building out a new version of the platform that turns Facebook less into a public, open “town square” and more into a private, intimate “living room.” Zuckerberg promised end-to-end encryption across the company’s messaging platforms, interoperability, disappearing … [Read more...]