background preloader

Security & Privacy

Facebook Twitter

'Thousands' of known bugs found in pacemaker code. Image copyright Science Photo Library Pacemakers, insulin pumps and other devices in hospitals harbour security problems that leave them vulnerable to attack, two separate studies warn.

'Thousands' of known bugs found in pacemaker code

One study solely on pacemakers found more than 8,000 known vulnerabilities in code inside the cardiac devices. The other study of the broader device market found only 17% of manufacturers had taken steps to secure gadgets. The reports come soon after more than 60 health organisations in the UK fell victim to a cyber-attack.

The report on pacemakers looked at a range of implantable devices from four manufacturers as well as the "ecosystem" of other equipment used to monitor and manage them. Researcher Billy Rios and Dr Jonathan Butts from security company Whitescope said their study showed the "serious challenges" pacemaker manufacturers faced in trying to keep devices patched and free from bugs that attackers could exploit. A higher percentage of makers, 17%, took steps to secure the equipment they made. Adoption of safer credit-card technology slow.

It was supposed to be a technological change to rival the big Y2K computer upgrades at the turn of the century.

Adoption of safer credit-card technology slow

More than six months ago, everyone was supposed to have credit cards embedded with chip technology that would make it more difficult for customers' account information to be stolen and used to make fraudulent purchases. Most shoppers know that implementation is going way slower than expected. But the overall story is complicated, involving the nation's biggest retail chains and banks, and how they cover the costs when fraud occurs. "This whole experience has been frustrating for consumers," said Bob Sullivan, author of the best-selling book "Stop Getting Ripped Off. " "The big surprise is when they use the chip and it takes a long time. DocuSign users sent phishing emails after data breach.

Image copyright Getty Images Electronic signature service provider DocuSign has admitted customer emails were accessed in a data breach.

DocuSign users sent phishing emails after data breach

The addresses were then targeted in a series of phishing emails from "a malicious third party". The messages invited recipients to click on a link to a Microsoft Word document containing malware. DocuSign says that no other information was accessed in the incident, and the e-signature service remained secure. "No names, physical addresses, passwords, social security numbers, credit card data or other information was accessed," the company said in a statement. Investigatory Powers: 'Real-time surveillance' in draft update. Image copyright Getty Images The "live" surveillance of British web users' internet communications has been proposed in a draft technical paper prepared by the government.

Investigatory Powers: 'Real-time surveillance' in draft update

If made law, such access would occur via the Investigatory Powers (IP) Act, which includes provisions for the removal of encryption on content. The paper was allegedly leaked to civil liberties body the Open Rights Group, which received the document on 4 May. US government 'monitored bank transfers' Image copyright Getty Images A huge range of security weaknesses, said to be worth more than $2m (£1.6m) if sold on the black market, have been leaked online by a hacking group.

US government 'monitored bank transfers'

The tools are said to have been created by the US National Security Agency. Accompanying documents appear to indicate it was able to monitor money flows among some Middle East and Latin American banks. It apparently did this by gaining access to two service bureaus of the Swift global banking system. Such a hack could have enabled the US to covertly monitor financial transactions, researchers said. The files were released by Shadow Brokers, a hacking group that has previously leaked malware. If genuine, it represents perhaps the most significant exposure of the US agency's files since the Edward Snowden leaks in 2013.

The way people tilt their smartphone can give away passwords and pins. Garadget faces backlash after locking out irate user. Image copyright Garadget The maker of an internet-enabled garage door device is facing a backlash after blocking its use by a customer who had complained about the tech.

Garadget faces backlash after locking out irate user

The owner had written negative comments about Garadget's kit on both Amazon and the start-up's own site after having problems with its app. People have expressed concern about the US firm's actions. The block has been reversed and founder Denis Grisak agreed his first reaction was not the "slickest PR move". But he noted that Tesla's Elon Musk had once cancelled a customer's order after criticising the automaker online.

Web inventor Sir Tim Berners-Lee slams UK and US net plans. Image copyright Getty Images The web's creator has attacked any UK plans to weaken encryption and promised to battle any moves by the Trump administration to weaken net neutrality.

Web inventor Sir Tim Berners-Lee slams UK and US net plans

Sir Tim Berners-Lee was speaking to the BBC following the news that he has been given the Turing Award. It is sometimes known as the Nobel Prize of computing. Tomorrow's cities: Are your shoes giving away data? Shops and retailers are taking over where street cameras left off, watching shoppers' every move.

Tomorrow's cities: Are your shoes giving away data?

According to a 2015 survey of 150 retail executives from IT services firm Computer Services Corporation, a quarter of all British shops and 59% of fashion retailers use facial recognition software. Such technology is vital as offline stores attempt to keep up with online retailers, said Duncan Mann, chief operating officer at retail analysis firm Hoxton Analytics. Image copyright Hoxton Analytics "Online retailers gather all kinds of information about shoppers and physical stores also want to understand how people behave in a shop," he said. Google DeepMind's NHS deal under scrutiny. Image copyright Getty Images A deal between Google's artificial intelligence firm DeepMind and the UK's NHS had serious "inadequacies", an academic paper has suggested.

Google DeepMind's NHS deal under scrutiny

More than a million patient records were shared with DeepMind to build an app to alert doctors about patients at risk of acute kidney injury (AKI). Author Hal Hodson said that it was "inexcusable" patients were not told how their data would be used. Google's DeepMind said that the report contained "major errors". It told the BBC that it was commissioning its own analysis and rebuttal, which the authors said they welcomed. When the deal between London's Royal Free Hospital and DeepMind became public in February 2016, some three months after the data started to be collected, it caused controversy over the amount of patient information being shared and the lack of public consultation. The criticisms in the paper included: Should you take your phone to the United States? Image copyright Getty Images "The next time you plan to cross a border, leave your phone at home.

Should you take your phone to the United States?

" That is the rather startling advice in a blogpost that is being widely shared right now. Its author, Quincy Larson, is a software engineer, who has previously written about the importance of protecting personal data. German parents told to destroy Cayla dolls over hacking fears. Image copyright Getty Images An official watchdog in Germany has told parents to destroy a talking doll called Cayla because its smart technology can reveal personal data. The warning was issued by the Federal Network Agency (Bundesnetzagentur), which oversees telecommunications. WhatsApp is rolling out two-step verification to all billion-plus users - The Verge. You can’t use US law to search foreign servers, appeals court confirms - The Verge.

WhatsApp backdoor allows snooping on encrypted messages. Cookie banner frustration to be tackled by EU. Plans to cut down on the "annoying" cookie banners that web users face have been released by the European Union. Instead of giving consent to cookies on every website they visit, users would be able to set general preferences.

The European Commission said the plans, which would also remove banners for non-intrusive cookies, would help to tackle an "overload" of such requests. But experts warned the plans could harm advert-funded media, as well as platforms such as Facebook and Google. Anti-surveillance clothing aims to hide wearers from facial recognition. The use of facial recognition software for commercial purposes is becoming more common, but, as Amazon scans faces in its physical shop and Facebook searches photos of users to add tags to, those concerned about their privacy are fighting back. Berlin-based artist and technologist Adam Harvey aims to overwhelm and confuse these systems by presenting them with thousands of false hits so they can’t tell which faces are real.

The Hyperface project involves printing patterns on to clothing or textiles, which then appear to have eyes, mouths and other features that a computer can interpret as a face. This is not the first time Harvey has tried to confuse facial recognition software. During a previous project, CV Dazzle, he attempted to create an aesthetic of makeup and hairstyling that would cause machines to be unable to detect a face. The resultant patterns, which Harvey created in conjunction with international interaction studio Hyphen-Labs, can be worn or used to blanket an area.

Facebook lurking makes you miserable, says study. Image copyright iStock Too much Facebook browsing at Christmas - and seeing all those "perfect" families and holiday photos - is more likely to make you miserable than festive, research suggests. A University of Copenhagen study suggests excessive use of social media can create feelings of envy.

It particularly warns about the negative impact of "lurking" on social media without connecting with anyone. The study suggests taking a break from using social media. EU data retention ruling goes against UK government. Image copyright PA The UK government says it is "disappointed" after the European Court of Justice said the "indiscriminate" collection of data was against EU law. What every Browser knows about you.

Phone encryption: Police 'mug' suspect to get data. 'Frighteningly easy' for criminals to get Visa card details, study claims. IPhone users hit by 'calendar spam' Apple iPhone owners are reporting a rise in unwanted event invitations appearing in their calendars. The invitations often offer discounts on designer labels, but they are from spammers, not the brands they claim to represent. Whether the recipient accepts or rejects the invitation, it notifies the spammer that the message has been received, so that more can follow. Sometimes they take the form of photo-sharing alerts.

Rather like spam email, the invitations are sent at random to huge email lists, and they appear as calendar notifications. The flaw has existed for a while but has only recently been exploited, particularly in the run up to Black Friday. Hackers hit San Francisco transport systems. IoT is a security nightmare but Google and others have a plan to fix it. "Get your premium internet-connected toasters here! " LinkedIn blocked by Russian authorities. Social network LinkedIn will be blocked in Russia, after a court found the company guilty of violating local data storage laws. VoCo. Adobe MAX 2016 (Sneak Peeks) Adobe Voco 'Photoshop-for-voice' causes concern. Image copyright Adobe A new application that promises to be the "Photoshop of speech" is raising ethical and security concerns.

Adobe unveiled Project Voco last week. The software makes it possible to take an audio recording and rapidly alter it to include words and phrases the original speaker never uttered, in what sounds like their voice. One expert warned that the tech could further undermine trust in journalism. Another said it could pose a security threat. However, the US software firm says it is taking action to address such risks. Voice manipulation. The FCC just passed sweeping new rules to protect your online privacy. The FCC approved new rules to ensure broadband providers do not abuse their customers' app usage and browsing history. Can anyone keep us safe from a weaponized ‘Internet of Things?’ FBI director: Hackers 'poking around' voter systems. Germany orders Facebook to stop collecting data on WhatsApp users - The Verge. Google Deepmind: Should patients trust company with their data? Google weakens Allo chat app privacy promise.

WhatsApp to give Facebook more data. Instagram scam preys on bank followers. EFF condemns Windows 10 data collection. France data authority criticises Windows 10 over privacy. Why Google wants your medical records. Microsoft wins appeal over U.S. government access to emails held overseas. MIT’s anonymous online communications protocol Riffle could beat Tor at its own game. Ransomware 'stopped' by new software. Privacy Shield data pact gets European approval. Teachers fired over offensive private messages. US border authority seeks travellers' social media details.

Privacy Shield: White House makes EU spying promise. Mark Zuckerbeg masks Mac webcam and microphone. Facebook uses AI to understand text-based posts. Google given access to UK patient records for research. Researchers hack Samsung SmartThings, exposing vulnerabilities.