26+yrs security engineer; privacy & dfir threat research
Image for post
Image for post
You’re being watched by mass surveillance — the Fourteen Eyes (image credit: PrivacyTools)

Global mass surveillance by governments is all the rage these days in case you’ve been living under a rock somewhere. You, being a private citizen “X” of country “Y” may not wish to be surveilled where and when you can prevent it by using “Z” privacy tool. Now, it’s important to first understand that there are certain aspects of using the internet that are beyond your control. There will be digital breadcrumbs that can be traced back to you, that’s almost guaranteed in all instances. …


Image for post
Image for post
credit: avatara

In what has become a recurring theme of several notably damaging, stealthy, and sophisticated malware samples in recent years, the security firm FireEye recently reported that the SUNBURST malware that compromised the SolarWinds Orion security software employed anti-forensic techniques such as digital steganography to obscure its network traffic between infected hosts and the command and control (C2) server (CISA, 2020). The intent of this article is not to explain what digital steganography is but rather to discuss how it was used in the recent SolarWinds Orion compromise. For an in-depth explanation of what digital steganography is and how it works (i.e., …


Image for post
Image for post
A Trojan horse made of electronic hardware components at Tel Aviv University (circa 2016); credit

Unfortunately, whenever there is a discovery of a massive data breach there is an immediate and predictable knee-jerk reaction trend that occurs both in private industry and in the government. It is unfortunate because it is indicative of a scrambling, unprepared reactive response rather than a successful proactive cybersecurity approach. Alert notifications renew focus on whatever particular attack vector was exploited. The most recent cyberattack example was no different. It was a classic supply chain cyberattack involving the SolarWinds security product vendor that just happens to have over 300,000 customers around the world. But then again, one wonders how many organizations were truly taking the threat of supply chain attack seriously? …


When it comes to email options there are plenty to choose from. But not all email providers are created equally and their services vary in terms of privacy, security, or convenience. If a technology service is not convenient for users, it’s all but guaranteed they will move elsewhere to something that is. After all, life is complicated enough without the increased burdens of exorbitant security. But privacy and security are of paramount importance for many internet users, so is there an in-between option?

There is but let me add that it is beneficial to have more than one email address. Perhaps you might use Protonmail as your primary email and Gmail or something else as the email account you sign up to websites with that gets a lot of spam. Both Protonmail and Gmail boast powerful spam detection services and both offer some level of encryption to protect messages, just not in the same way. …


A concise weekly privacy digest with expert cybersecurity insights.

Image for post
Image for post

“The default posture of our devices and software has been to haemorrhage our most sensitive data for anyone who cared to eavesdrop upon them.” — Cory Doctorow

This week in digital privacy, why that smart TV is actually a dumb purchase in regards to your privacy and security, Microsoft 365 added features that enable employers to track your productivity, and Facebook pays out the biggest privacy settlement in history.

Smart TVs and other Internet of Things (IoT) devices have become ubiquitous and they sell like hotcakes. But did you know that these “smart” devices come pre-manufactured with all kinds of spy technology built into them? It’s true. Don’t believe me, watch this 2019 FBI advisory on smart TVs. While the technology these devices provide is often convenient or entertaining, IoT devices are notorious for being designed with poor or no security such as default or hard-coded passwords that are easily exploited by hackers. …


Un agradecimiento especial a @151mp137471n por traducir del inglés al español

Image for post
Image for post
Tu información biométrica no está a salvo; crédito: GovernmentCIO Media

“Si se prohibe la privacidad, sólo los criminales tendrán acceso a ella. En ningún momento del siglo pasado la desconfianza pública hacia el gobierno ha estado tan extensamente distribuida a través del espectro político como hoy en día.” — Philip Zimmermann, creador de Pretty Good Privacy (PGP)

Bienvenidos de nuevo a la edición semanal del Boletín de Privacidad de z3r0trust. Permítanme preparar el escenario de esta edición poniéndola un poco en el contexto del marco temporal. El mundo ha estado lidiando con la pandemia del Coronavirus (SARS-CoV-2) durante la mayor parte del 2020. Un par de vacunas diferentes se acercan a las etapas finales de las pruebas de ensayo, pero aun llevará varios meses distribuirla a quienes la deseen. El esfuerzo conjunto por parte de Apple y Google para el rastreo del virus no ha jugado casi ningún papel en el control de la propagación de la enfermedad en los EE.UU. …


Un agradecimiento especial a @151mp137471n por traducir del inglés al español

Image for post
Image for post
La vigilancia es rampante en Norteamérica, todos los ojos están sobre nosotros.

“La gente nos ha confiado su información más personal. No les debemos nada menos que la mejor protección les podamos brindar.” — Tim Cook, en la Cumbre de Ciberseguridad de la Casa Blanca, febrero de 2015

Saludos, lectores. Bienvenidos la edición post-electoral del boletín Privacidad. Alégrense, una nueva era está sobre nosotros. He tomado la decisión de hacer de esta serie, a partir de ahora, un boletín semanal. Voy a reducir la longitud del contenido de lo que ha sido una serie esporádica de artículos sobre privacidad, algunos de los cuales fueron un poco largos de leer dada la cantidad de novedades que hay sobre privacidad en el correr de un mes. Los boletines semanales van a ser más cortos, más rápidos de escribir para mí, y estarán numerados según el número de la semana, seguido por un guión y el año. Las ediciones publicadas anteriormente se podrán encontrar como siempre en el enlace de mi perfil. …


Un agradecimiento especial a @151mp137471n por traducir del inglés al español

Image for post
Image for post
credit

“La privacidad no es una opción y no debería ser el precio que aceptamos por sólo entrar en Internet”. — Gary Kovacs, ex CEO de AVG Technologies

Bienvenidos una vez más a esta escalofriante edición preelectoral, entrega número 17 del Boletín de Invisibilidad Digital. En este ejemplar adoptaré un enfoque apolítico de varios de los acontecimientos de privacidad que han surgido en el último mes. Hay mucho en juego en todos los niveles de gobierno por las elecciones presidenciales de EE.UU. de 2020, pero ésta es una serie sobre privacidad, no sobre política. …


A concise weekly privacy digest with expert security insights.

Image for post
Image for post
credit: NPR

“The Supreme Court must strike down the government’s illegal spying program as a violation of our Fourth Amendment right to privacy.” — Rand Paul

This week in digital privacy, how owning a cell phone remains a massive threat to your privacy. Also, several developments with app privacy failures, and browser privacy wars.

On the privacy cringe scale, the smartphone app landscape ranks at the nightmare level. Even with well-intentioned COVID19 contact tracing apps, there are privacy tradeoffs that users are likely unaware of. Professor and technology researcher, Jonathan Albright, published an investigation of 493 COVID-related iOS apps from 98 countries with a data set of March 24, 2020, to October 25, 2020. Albright conducted a deep dive into the data set and organized it into a spreadsheet that is useful and it’s no surprise that the U.S. …


Image for post
Image for post

Status quo is defined by Merriam-Webster as, “the existing state of affairs, especially regarding social or political issues.”

Someone who is content with the status quo typically prefers things the way they currently are and is opposed to change. But life was never supposed to be just status quo, how boring would that be? So then, how then does one go about “opting-out” of the status quo in their life? It’s surprisingly more straightforward than you may think and can also be quite a liberating experience. …

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store