Feed aggregator

What role does data destruction play in cybersecurity?

Malwarebytes - Fri, 09/20/2019 - 18:18

When organization leaders think about cybersecurity, it’s usually about which tools and practices they need to add to their stack—email protection, firewalls, network and endpoint security, employee awareness training, AI and machine-learning technology—you get the idea. What’s not often considered is which items should be taken away.

Nearly as important to an organization’s security posture is data destruction, or what to do with data when it’s no longer necessary for the company…or when it falls into the wrong hands.

What exactly is data destruction?

The word “destruction” doesn’t always carry positive connotations. A person might worry about data destruction if their device fails and they haven’t made proper backups or don’t store their data in the cloud. However, organizations must destroy data on a nearly daily basis, whether that’s deleting emails to clean out an inbox or making room on a database by dumping old, no-longer-relevant files.

In days of yore, destroying data was a fairly simple task. Take old papers and run them through the shredder. Then dump at a recycling facility, wipe your hands, and smile at your empty file cabinets.

Modern data destruction is more complex. Data stored on tapes, disks, hard drives, USBs, and other physical hardware must be purged before old devices are thrown away, re-used, or sold. And data no longer in use that’s stored on networks and in the cloud should be systematically destroyed in the interest of organizing relevant data and keeping it out of the hands of criminals.

It’s a step companies must take whenever they stop using something that holds information. A thorough data destruction process involves making what was formerly on an electronic storage device unreadable. Businesses must do this, no matter if they intend to sell an old storage medium or throw it away.

What are the main types of data destruction?

To truly destroy data, merely deleting a file is insufficient. While the file may not be viewable in a particular folder, it is still likely stored in the device’s hard drive or memory chip. Therefore, organizations must take an extra step to ensure the data can no longer be read by an operating system or application.

Companies have a few main choices when deciding how to destroy their data properly:

  • Degaussing
  • Overwriting
  • Physically destroying the storage medium

Degaussing requires using a special tool called a degausser and choosing one designed for the particular storage device. The degausser removes or reduces the magnetic field associated with the storage disk, which renders the data inside unreadable and unrecoverable.

Overwriting means replacing the old data with new. This method only works when the storage medium is undamaged and writable—and of course when an organization plans to continue using the medium instead of throwing it away or reselling.

Physically destroying the storage hardware usually means striking it with a hammer or taking it into a field with a baseball bat, Office-Space style. This is a costly data destruction method, but one that gives exceptionally high confidence that someone could not access the information later.

There are also other types of destruction options within those broader categories. For example, data wiping is a form of overwriting and erasure is another example.

Which cybersecurity risks does data destruction tackle?

A breach is the cybersecurity threat most people probably think of when they ponder what could happen due to insufficient data destruction. Most organizations collect and store sensitive or personally identifying information on its employees and customers, for example. Yet, once those employees or customers move on, businesses may hold onto their data for a little while but eventually want to remove it from their systems so they are not liable for fallout from a breach.

Cybercriminals look to compromise organizations for this very reason; and they do not limit their efforts to data being actively used by an organization. Data at rest, in storage, and in transit are all at risk. And threat actors know that users and organizations often rid themselves of physical devices without completely wiping them of data. According to the BBC, 1 in 10 second-hand hard drives still contain users’ old information.

Obtaining the data may also happen innocently. An individual could buy a USB drive from a third-party source and notice there’s still information on it when they plug the device into a computer, for example. A person could also gain access to sensitive data by noticing that a company is throwing away some hard drives in an easily accessible dumpster, and take the disks out of the receptacle later.

Outside of the data breaches, organizations may be fined for mishandling the information in their care. Businesses can incur millions of dollars in penalties once regulators conclude they’re not meeting minimum standards for data safekeeping.

An IT company called Probrand conducted a data destruction poll a couple of months after the General Data Protection Regulation (GDPR) came into effect. It showed that 71 percent of United Kingdom trade sector businesses did not have an official protocol for getting rid of old computer equipment. Then, 47 percent of respondents admitted they would not know which person in their organization to approach about data destruction.

Companies cannot view data destruction and cybersecurity separately. They go together, and if an organization doesn’t take it seriously, its cybersecurity plan falls short, particularly when it comes to safeguarding information. Enterprises should consider a top-down approach when protecting and disposing of data—especially when the GDPR or other regulations apply to them.

What should organizations consider when choosing a destruction method?

Although the data destruction techniques mentioned above encompass the main options available to organizations, that doesn’t mean companies do or should choose only one option and use it for all cases. Instead, they need to think about time, cost, and and the validation and certification associated with each method.

Time comes into play because some techniques take longer than others to ensure old information is completely gone. The number of devices or drives an organization wants or needs to destroy at once also matters. For example, if a company only needs to delete the data from one or two endpoints, that’ll be a much shorter demand on time compared to dealing with hundreds of machines.

Cost is mainly a factor to keep in mind if an enterprise intends to use the hard drives again for different purposes, or it has limited financial resources. Perhaps their budgets do not allow for getting replacement computers, making physically destroying a hard drive out of the question.

Validation and certification are related. They address how companies many need to work with data destruction service providers that can validate their methods and provide certifications after doing the job. Having a certificate helps a business show its compliance.

For advice on which methods to follow in which scenarios, the National Institute for Standards in Technology (NIST) has published guidelines for data sanitation. Organizations are not legally required to follow the standards put forth by this US Department of Commerce–sponsored report, but they are helpful in outlining best practices for protecting data from infiltration, abuse, misuse, theft, and resale.

Should destroying data be high priority?

IT executives have a growing number of challenges to overcome regarding cybersecurity. Some of them may wonder if data destruction (or lack thereof) is a genuinely confirmed risk or merely a theoretical one. Substantial evidence shows that companies cannot afford to overlook data destruction as they iron out their cybersecurity plans.

Matt Malone is a dumpster diver who confirms that many hacks and identity thefts occur when people go through someone’s trash. Malone often targets the dumpsters of retailers and said that off-hours activity made more money for him than his day job.

Also, a tech company called Stellar performed a residual data study in 2019 that analyzed the information left on 311 devices. It found that more than 71 percent of them contained personally identifiable information (PII). Additionally, 222 of the devices went to the secondary market without their original owners conducting the appropriate information-erasing procedures first.

An earlier study from the National Association for Information Destruction revealed that 40 percent of devices received secondhand had PII on them. Researchers looked at more than 250 items for the study.

Furthermore, research published in 2015 highlighted the need to work with reputable data destruction companies that stand behind their results. The study examined 122 used devices bought from e-commerce sites. In addition to 48 percent of the hard drives containing residual data, 35 percent of the mobile phones had information such as call and text logs, images, and videos.

Even worse, previous deletion attempts occurred on most of the devices— 75 percent of the hard drives and 57 percent of the mobile phones. A closer look told the researchers that people tried to delete the information with widely available but unreliable data destruction methods. A lesson learned here is that it’s crucial to weigh the pros and cons of each option before tasking a reliable company with discarding the information.

Data destruction should not be overlooked

Cybersecurity is a hot topic for organizations, which are increasingly being targeted by cybercriminals for their troves of valuable PII. Data that is no longer useful to an organization is still a goldmine for threat actors. As the saying goes: One person’s trash is another person’s treasure.

And while organizations might spend a fortune on protecting their active data from getting into the wrong hands, what’s often overlooked is how inactive or old data is improperly secured or destroyed. Removing all traces of old data is important for saving consumers from continued exploitation, plus it sends a message to criminals that your organization has air-tight defense—even around its dumpsters.

The post What role does data destruction play in cybersecurity? appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Super Sturdy Crochet Basket with Handles

Moogly - Fri, 09/20/2019 - 14:54

The Super Sturdy Crochet Basket with Handles is a free crochet pattern that will stand up all on its own! With a hard base, thick yarn, and convenient handles, you’ll want to make one for each room of the home – or as packaging for your next special gift! Disclaimer: This post includes affiliate links;...

Read More

The post Super Sturdy Crochet Basket with Handles appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

2
Categories: Crochet Life

Cryptozoic Will Showcase Upcoming Collectibles, Trading Cards, and Games at Toy Fair Dallas 2019

Cryptozoic - Fri, 09/20/2019 - 13:00

Cryptozoic will showcase new and upcoming collectibles, trading cards, and games at Toy Fair Dallas, October 2-4. In Room #8400, Cryptozoic will display prototypes of Cryptkins Unleashed, the first 5-inch figures based on the company’s popular original IP, and the final version of the anticipated Wonder Woman: Princess of Themyscira Statue. addition, Cryptozoic will preview two trading card sets coming later this year: CZX Super Heroes & Super-Villains and DC Bombshells Trading Cards III. In terms of tabletop games, it will offer looks at Steven Universe: Beach-a-Palooza Card Battling Game, a 2020 release, and DC Deck-Building Game Crossover Pack 8: Batman Ninja, coming later in 2019. 

 

Categories: Tabletop Gaming Blogs

PRESALE: Black & Gold Batman DC Lil Bombshells: Series 3 Vinyl Figure (L.A. Comic Con Exclusive)

Cryptozoic - Fri, 09/20/2019 - 13:00

For his 80th anniversary, the Dark Knight is going even darker! This is your opportunity to own the Black & Gold Batman DC Lil Bombshells vinyl figure created exclusively for L.A. Comic Con 2019! You can make sure that you get this limited collectible by purchasing it now and then picking it up at Cryptozoic’s Booth #1731 during the event.

Categories: Tabletop Gaming Blogs

Link Love: My Favourite Things This week

Knitted Bliss - Fri, 09/20/2019 - 11:00

www.knittedbliss.com

My Favourite Articles and Links This Week The anatomy of annoying. This rocking chair can knit you a hat. Don’t let your career define who you are. This was such fascinating quiz on what the best solutions are for climate change – and I thought I knew my stuff, but I only scored 34.4%. I

The post Link Love: My Favourite Things This week appeared first on %%www.knittedbliss.com%%.

4
Categories: Knitting Feeds

Unmarriageable

The Rational Man - Thu, 09/19/2019 - 23:22

This week there’ve been a rash of articles all outlining the latest statistics about marriage in this decade. US marriage rates are at a 150 year low and, if you believe the all-female article writers, it’s of course men’s fault for failing to be marriageable. These articles are referencing a study published last week titled Mismatches in the Marriage Market and this study reveals large deficits in the supply of potential male spouses. One implication is that the unmarried may remain unmarried or marry less well‐suited partners.

That’s right gentlemen, you’re unmarriageable and the ladies want you to shape up. If you want to experience marital bliss – despite all the inherent personal dangers for men in today’s “marriage economy” – you must make yourself “economically attractive“:

“Most American women hope to marry, but current shortages of marriageable men — men with a stable job and a good income — make this increasingly difficult,” says lead author Daniel Lichter in a press release.

The stats don’t lie and they are pretty bleak. More women are enrolled in college than ever before and more are expected to enter through the middle of the coming decade. Now, a degree doesn’t guarantee a woman a job, and it says nothing about the majors and job sectors women prefer, but a college education does reinforce the idea that women are entitled to marry an economically attractive man who himself has an education and enough aspiration to make something of himself to become marriageable.

That’s some real shit right there and we’re not even half way through this post. We’ve gotten to the point where the truth of the past five decades is apparent; gendered politics has actively, openly, disadvantaged men in terms of education. Whether this hobbling of men is via educational dispensations (Title IX) or social conventions (divorce, child support, Duluth model feminism) the outcome is now unignorable.

In most western societies today there is a separate standard of justice that applies to women. Women are receive far fewer consequences and are sentenced much more leniently than men for committing the exact same crimes. These are easily proven statistics, but even when they are brought to light the gynocentric social order doubles down and justifies them because, women.

My intent here today isn’t to depress anyone. Neither am I drawing attention to this because I’ve made a new turn to the Men Rights Movement. No doubt there’ve been many article already written about the female hubris inherent in these revelations – revelations the Red Pill community has been pointing out for almost two decades now.

The manifestations of about 50 years of social changes produced by a feminine-primary social order are unignorable. Even mainstream media sources are finally seeing these stories as the red meat du jour for the masses now. A lot of the Red Pill principles and I and many other men in the Manosphere have been drawing attention to about intersexual dynamics are now coming to light in popular consciousness.

Aww Quit Complaining

Last year I delivered the State of the Manosphere Address, and in that talk I outlined the rise of what I saw as a new Gender War (or gender cold war). Naturally I was called a reactionary, and have been since described as “overly negative” even by the organization that asked me to deliver that speech. But yet, everything in that outline has come to pass in less than a year. Of course, the easy dismissal is to blame this on election year propaganda. More than one mainstream talkshow conservative has jumped on the Toxic Masculinity bandwagon, pointing out how the Left and mainstream feminism are one and the same.

However, there have been many swings of the political pendulum in the past 50 years. Conservative zeitgeists have contributed to the same feminine-primary social order that’s resulted in men being unmarriageable today. It’s just been good politics to appeal to the Feminine Imperative no matter what side of the political aisle you happen to sit on.

But I’m a man. I’m not supposed to be overly concerned with issues like this. As long as I’m measuring up to my Burden of Performance any marginal raising-of-awareness to truths like the ones above make me seem like I’m complaining. And that’s something men are never allowed to do. It’s a very effective way of silencing men. Get them to feel like they ought to silence themselves. Real men don’t complain.

Meanwhile, it’s Broke Men who are hurting American Women’s Marriage Prospects. My good friend Dalrock once wrote a series of post around the idea that feminism would be so much more successful if men would only cooperate with it. When women are unable to optimally complete their mating (and life’s) strategies it’s men’s fault for being uncooperative. It’s men’s fault when women’s life plans don’t come together as Sheryl Sandberg told them it would. It’s men’s fault when they won’t play the approved role they should when women hit their Epiphany Phase and their sexual priorities shift.

Confirming the Red Pill

If you needed a better illustration of the Solipsism inherent in women’s nature you’ll be hard pressed to find it on a bigger scale than the dozens of stories bemoaning the lack of marriageable men today. Furthermore, it goes to prove another Red Pill truth: as a man, women don’t care who you are as much as what you are. I’ve taken a lot of heat over the years over my assessment of how men and women have different concepts of love. Men love idealistically. I rarely get any pushback on that assertion, but when I layout how women’s Hypergamous natures predispose them to a concept of love based on opportunism men and women lose their minds.

Yet, here we are. Women enthusiastically proving my point for me without me having to do any heavy lifting. As women become more comfortable in Open Hypergamy we see this embracing of their nature proudly flaunted. Naturally women will double down on this.

Of course women don’t wanna marry no bum!

And then the Trad-Cons join the chorus,

It’s men’s fault they aren’t measuring up to being the men all women are entitled to.

There are dozens of studies that correlate divorce with women earning more than their husbands. In fact, women are reluctant to admit that they out-earn their husbands. Throughout the history of this blog I’ve shown the evolved reasons for this dynamic, but what the articles all dance around is women’s natural evolutionary desire for men who exceed them in all aspects. But because we’ve opted to believe in, and standardized on, social constructionism we lay all of that on “societal expectations” of men and women. In a future essay I’ll be defining how the cope of humans being ‘above it all’ in their evolved instincts is the root source of many deliberate misgivings about intersexual conflict. For now, understand that blaming any inconvenient intersexual truth on a nebulous “society” is the go-to rationale for a feminine-primary social order.

If only men would evolve and rise above what society foists on them we women would be happy” versus “Men need to accommodate women’s success by making themselves more ‘economically desirable’

And “Oh, but love is important too, *wink wink*.”

“Many young men today have little to bring to the marriage bargain, especially as young women’s educational levels on average now exceed their male suitors’,” Lichter says.

It’s interesting that some articles advocate for marriage as a “stabilizing force” in society, all while never (maybe deliberately) seeing the economic risks of disaster that the divorce industry incentivizes in women. There’s nothing stabilizing about promoting marriage between men you’ve deemed “economically unattractive” and women who feel entitled to a man who exceeds their Hypergamous expectations. There’s nothing ‘stabilizing’ about the incidence of divorce between couples where the man is unable to out-earn his wife.

Naturally we want to make this a ‘his‘ problem. He can’t get over the fact that she makes more, has more education, etc. He’s insecure in his masculinity and must feel threatened by Her success. Or it could be the fact that on an instinctual level he understands that it’s an evolved imperative for a man to provide for and protect his family. This is the fallacy of Rise Above It. No matter how enlightened and progressive we’d like to think we are nature drags us back to reality. It’s not a socially constructed problem – if it were it would be easily solved – it’s a human nature problem. Women reveal the true Hypergamous nature in articles like these. They want a man who they can naturally look up to, respect and admire. That’s the natural truth coming out, but they source the problem in a socially constructed fantasy that it’s men’s insecurities that are holding them back from completing women’s mating/life strategies.

Women don’t need to get married anymore. The average age of first marriage is hovering around 27 years old for most couples. Studies also show that more than half of young people in America don’t have a romantic partner. We’ve all but eliminated the Beta Bucks side of the Hypergamous equation for women. Open Hypergamy (and Open Cuckoldry) are the logical outcomes of this provisioning insurance we’ve made ubiquitous for women over the last 40 years. Yet, women still want to be married to a man who outclasses them in all areas of life. They feel they deserve that guy. Their hindbrain knows they do, but the nebulous society still encourages women to believe there’s never been a better time for them to be single. This is the message women are being fed as they complain about men’s not living up to being their “equals”.

Nearly half of working-age women will be single in 2030, a new Morgan Stanley study predicts, a demographic that will drive increased sales for companies in the athletic wear, cosmetics and clothing sectors.

The investment bank’s “Rise of the SHEconomy” report says 45 percent of working-age women between 25 and 44 in the U.S. will be single women in 10 years, Forbes reported.

Single women will drive the economy in the next decade and savvy businesses are already planning on exploiting this demographic. But yet it’s men’s fault for not being marriageable and/or avoiding marriage altogether?

Too many people think I’m down on marriage. Apparently 23 years of what most guys would consider an ideal marriage isn’t enough to convince them. Honestly, as an institution – socially enforced monogamy – I think marriage, based on evolved gender difference complementarity has been the foundation of the success of western culture. But maybe we’re at a turning point in human history where traditional marriage is left behind, replaced by feminine-primary polygamy with all its inherently violent risks. It seems we’re heading in a direction where we convince Beta men it’s in their reproductive interests to abandon their evolved need to be invested in their own paternity – and that attending to and raising the children of men that women selected before them makes them ‘better men’.

There’s a lot more to the anti-marriage reasoning than just the “losing half my stuff” arguments.

It really sucks for a guy like me who’s managed to make a Red Pill aware marriage work in spite of all this. Guys get confused. How can I be anti-marriage and still married? But it’s just that dichotomy that tells the you about the nature of what marriage has become for men today. The way we do marriage today has the potential to be the most damaging decision a man can make in his life. It may even end his life. But despite all that I still believe men and women are better together than we are apart. We still evolved to be complements to the other.

It’s the coming together and living together, and all the downside risks to men today that I have no solution for at the moment. Maybe it’s going to take a war or a meteor striking the earth to set gender parity back in balance, but at the moment there’s only a future of sexual segregation to look forward to.

Categories: Miscellaneous Blogs

Browser Guard combats privacy abuse, tracking, clickbait, and scammers

Malwarebytes - Thu, 09/19/2019 - 18:27

In July 2018, we introduced the Malwarebytes Browser Extension, a beta plugin for Firefox and Chrome aimed at delivering a safer, faster, and more private browsing experience.

Our extension blocked tech support scams, hijackers, pop-up ads, trackers, and more to keep users secure and free from online harassment. And thanks to our loyal Malwarebytes community, we’ve been able to test and improve on this beta for more than a year. We’re pleased to release the full version, named Malwarebytes Browser Guard, which is now available in the Chrome and Firefox web stores.

In this post, we’ll cover the features included in Browser Guard, its main functionality, how to whitelist preferred websites, and the difference between our extension and flagship PC and Mac software, Malwarebytes for Windows and Malwarebytes for Mac.

What does Browser Guard do?

Browser Guard, a free extension, blocks unwanted ads and trackers that intrude upon users’ privacy, while also protecting against clickbait and scams. The extension prevents browser hijackers, lockers, and annoying and sometimes malicious pop-ups, all known scare tactics to trap consumers in tech support scams, exposing them to unwanted content and forcing them into purchasing unnecessary, expensive technical support.

Recent independent tests from AV Lab recently recognized Malwarebytes Browser Guard for having the best protection among competitive browser security offerings, blocking 98.07 percent of malware.

What’s new in Browser Guard?

After continuous testing of functionality with thousands of users for more than a year, the most prominent change we made from beta to final release is to the graphical user interface (GUI). While people were happy with the way the beta worked, many wished for more granular control in the settings, as well as more elaborate statistics on blocked ads, malware, scams and other items.

I have Malwarebytes Premium. Do I still need Browser Guard?

Browser Guard does have extra protection features, as well as benefits for privacy, including ad and tracker blocking. And of course, Malwarebytes Premium versions have anti-exploit technology, real-time malware protection, anti-ransomware, and stalkerware protections that Browser Guard does not.

Where the web blocking module of Malwarebytes Premium and Browser Guard share a database of blocked IPs and domain, there is an overlap.

Looking at Malwarebytes Premium, it blocks the IPs and domains for all running applications, where Browser Guard does this only for the browser the extension is installed on.

On the other hand, Browser Guard blocks more than just domains and IP addresses. Not only does it recognize malicious websites based on their behavior that are not in the database (yet), it also blocks advertisements and trackers. These are not always malicious, but they usually do not improve user experience and blocking them can speed up your browsing up to four times.

This gif shows a site before and after enabling Browser Guard and how much it blocked False positives

Behavioral detection is prone to false positives. Of course, we do our utmost to avoid them as much as we can, but they can’t be totally avoided. Luckily, the worst that can happen is that you will be initially denied access to a website that turns out to be harmless. But that doesn’t mean you’re blocked for good.

When you are sure the website is harmless, you can change the settings in Browser Guard to allow that specific site. That way, you can grant yourself access to the site without having to lower your global settings. Where some programs would require you to disable protection or lose your protection completely, our extension allows you to change site-specific settings without making your browser vulnerable on other sites.

Whitelisting items for a website

In Browser Guard, you can allow specific items by excluding them from certain types of protection and adding them to the “Allow list.” Here’s how to do it:

  • In the Browser Guard GUI, click the hamburger menu icon (the three vertical dots next to the gear icon).
  • In the dropdown menu, click Allow list.
  • Here you can specify the site(s) that the exception will apply to in the form of a URL or an IP address.
  • And you can choose the types of protection that you wish to disable for the site(s). These types are Ads/Trackers, Malware, Scams, and PUPs.
  • Then click Done to confirm the exclusion.
Browser Guard blocks items on Malwarebytes’ own website. How come?

We do not discriminate between trackers and websites. Our own Malwarebytes website uses trackers to monitor how readers engage so that we can offer better content, design, and functionality. We do not gather any personal information. But they are trackers, nonetheless, and if you don’t want them, we feel you should have the power to disable them everywhere, even on our own website.

No discrimination also means we do not take money from advertisers to allow their advertisements, like some other ad-blockers have been known to do.

Permissions

Malwarebytes Browser Guard needs to be able to read and change data on the websites you visit so it can remove advertisements and other unwanted elements. It also needs to be able to manage your downloads to protect you from downloading dangerous files on your system.

The Chrome installer prompt also mentions that our extension can “Communicate with cooperating websites.” What does that mean?

Certain sites use ad-serving techniques that are intrusive in nature, so when we block ads on those sites, it breaks the user experience. The permission “Communicate with cooperating websites” allows Browser Guard to work with sites to interactively block ads without affecting any content. This provides a better user experience than could be achieved without communication.

Browser Guard use case

Magecart is a group that specializes in stealing credit card information using a technique that is called skimming. They basically intercept traffic from payment sites to exfiltrate credit card information. Below you can see how Browser Guard can protect your information on a site that has been infiltrated by Magecart.

Support

If you need help or guidance for the install or settings of Malwarebytes Browser Guard, we are happy to refer you to our online support guide.

Happy surfing, everyone!

The post Browser Guard combats privacy abuse, tracking, clickbait, and scammers appeared first on Malwarebytes Labs.

Categories: Techie Feeds

CEOs offer their own view of a US data privacy law

Malwarebytes - Thu, 09/19/2019 - 15:54

Last week, the chief executives of more than 50 mid- and large-sized companies urged Congress to pass a national data privacy law to regulate how companies collect, use, and share Americans’ data.

Buried deep within the chief executives’ recommendations for such a law, presented as a policy framework for guidance, was a convenient proposal: Private individuals should not be allowed to sue companies if those companies violate the data privacy law itself.

That idea is just one of a few from the CEOs’ framework that, if included in a federal data privacy law in the United States, would disenfranchise members of the public from asserting their data privacy rights. Other ideas offered by the CEOs include potential pay-for-privacy schemes and overriding the large number of state data privacy protections already signed into law in states including Vermont, Nevada, Maine, and California.

A representative for the CEO group did not respond to questions sent by Malwarebytes Labs.  

The involved CEOs are all members of the corporate public policy group “Business Roundtable.” They include Amazon’s Jeff Bezos, Comcast’s Brian Roberts, AT&T’s Randall Stephenson, IBM’s Ginni Rometty, Accenture’s Julie Sweet, and Qualcomm’s Steve Mollenkopf, along with the chief executives for Target, Visa, FedEx, Bank of America, and Dell.

In a letter addressed to the Majority and Minority Leaders of both the US Senate and the House of Representatives, the Business Roundtable CEOs urged Congress to pass, “as soon as possible, a comprehensive consumer data privacy law that strengthens protections for consumers and establishes a national privacy framework to enable continued innovation and growth in the digital economy.”

As the country continues to grapple with how to appropriately codify data privacy into the law, here’s a look at what the Business Roundtable’s framework would allow in terms of data collection, use, and sharing.

No “private right of action”

The last item on the Business Roundtable’s framework is potentially the most important. The Roundtable does not want any federal data privacy law to include a “private right of action.”

That means that, should this proposal get worked into a national data privacy law, if a company violates that law, you, your neighbor, and your family would not have the right to sue the company.

This proposal goes directly against what Todd Weaver, founder and CEO of the company Purism, told Malwarebytes earlier this summer, when he described what should be included in a federal data privacy law. Without a private right of action, Weaver said, members of the public have no meaningful tools to defend their rights.

“If you can’t sue or do anything to go after these companies that are committing these atrocities, where does that leave us?” Weaver said.

The digital rights organization Electronic Frontier Foundation also supports a private right of action for any national consumer privacy law, as such a right would further enable members of the public to fight back against companies that violate the law.

“It is not enough for government to pass laws that protect consumers from corporations that harvest and monetize their personal data. It is also necessary for these laws to have bite, to ensure companies do not ignore them,” wrote EFF Associate Director of Reseach Gennie Gebhart and Senior Staff Attorney Adam Schwartz. “The best way to do so is to empower ordinary consumers to bring their own lawsuits against the companies that violate their privacy rights.”

In lieu of a private right of action, the Business Roundtable proposed that only state Attorneys General should be allowed to file lawsuits against companies on behalf of their state’s residents—a similar scheme visible in the lacking data privacy protections offered to consumers today.

The Business Roundtable also proposed that the US Federal Trade Commission serve as an enforcer, doling out fines to companies that violate the potential privacy law.

But, following the FTC’s recent slap-on-the-wrist fine issued against Facebook earlier this year—a fine that actually caused Facebook shares to increase in value—it is difficult to see how and why these enforcement measures would effectively curb would-be privacy violations. For instance, it didn’t stop YouTube from violating COPPA regulations.

Pre-emption of state laws

The Business Roundtable framework recommends that a national consumer privacy law “should pre-empt any provision of a statute, regulation, rule, agreement, or equivalent of a state or local government for organizations with respect to the collection, use, or sharing of personal data.”

Here, the Business Roundtable is asking that Congress pass a national consumer privacy law that tosses aside and in fact overrides the current data privacy laws cropping up across the nation.

That means recent state efforts to improve residents’ data privacy would be nullified, including California’s landmark privacy law—the California Consumer Privacy Act (CCPA)—Maine’s ISP privacy bill, Nevada’s new K-12 student data protection law, and Montana’s recent law to allow residents to opt-out of the sale of their data to third parties.

Further, legislative efforts in Hawaii, Massachusetts, New York, Pennsylvania, Rhode Island, and Texas, which have all introduced statewide data privacy bills modeled after the CCPA, and similar privacy efforts in Illinois, Minnesota, Connecticut, New Jersey, South Carolina, Louisiana, Oregon, and Washington, could likely be washed away.

Johnny Ryan, chief policy officer at the privacy-forward browser Brave, told Malwarebytes this summer that he did not support a weak federal data privacy bill that pre-empted state laws.

“The federal law should be of equal or higher standard to state laws, and should not undermine state laws,” Ryan said.

EFF also opposes any national data privacy law that would pre-empt state privacy laws.

“Avoiding such preemption of state laws is our top priority when reviewing federal privacy bills,” the organization said. It continued:

“State legislatures have long been known as ‘laboratories of democracy’ and they are serving that role now for data privacy protections. In addition to passing strong laws, state legislation also allows for a more dynamic dialogue as technology and social norms continue to change.”

Privacy opt-in consequences

The Business Roundtable’s national consumer privacy law framework includes recommendations for what rights should be afforded to the public. The individual rights include “transparency,” “consumer control,” “access and correction,” and “deletion.”

At first blush, these rights mirror many of the rights championed by some of the small, privacy-focused companies we interviewed in July. Upon closer inspection, though, the Business Roundtable’s proposed rights leave much to be desired.  

Under the umbrella term of “consumer control,” the Business Roundtable framework explains that consumers “should have opportunities to exert reasonable control with regard to the collection, use, and sharing of personal data.”

That’s good!

The framework then goes on to say that “consumers should understand under what circumstances their decision to opt-out (or not opt-in) may result in the organization no longer providing them certain goods and services (for example, free content).”

That’s bad.

This individual consumer right focuses on the wrong issue. It recommends that consumers simply be made aware of unfair treatment and does nothing to address the actual unfair treatment.

Malwarebytes Labs previously reported on a similar issue in the federal data privacy law introduced by US Senator Ron Wyden of Oregon. The Senator’s proposal, for all its positive data protections, also includes a “pay-for-privacy” stipulation, in which companies could literally charge consumers a fee for opting out of data collection and sharing.

Though it does not include any mention of a fee, the Business Roundtable framework does present a hypothetical in which consumers can face “circumstances” for opting out of a company’s data collection, and those circumstances can include “no longer providing them certain goods and services.”

That’s not just bad. It’s wrong.

Malwarebytes pushed back against pay-for-privacy schemes earlier this year, and we continue our stance against any legislative scheme that would allow companies to punish consumers for choosing to protect their privacy.

Areas of agreement

Despite the few areas we covered above, the Business Roundtable framework includes several recommendations that echo others made by smaller companies we interviewed this year when asking them about what should be included in a federal data privacy law.

For one, the framework asks that any new national data privacy law achieve “global interoperability,” which the framework describes as “[supporting] consumer privacy while also respecting and bridging differences between US and foreign privacy regimes.”

When Malwarebytes spoke with Ryan from Brave, he emphasized the importance of the world’s most famous data privacy law today—the European Union’s General Data Protection Regulation (GDPR). A national US data privacy law, Ryan added, could benefit from being modeled after GDPR.

“The standard of protection in a federal privacy law, and the definition of key concepts and tools in it, should therefore be compatible and interoperable with the emerging GDPR de facto standard that is being adopted globally,” Ryan said.  

The Business Roundtable framework also includes individual rights for consumers to access and correct data collected and stored on them, along with the right for consumers to require organizations to delete personal data collected on them.

Weaver, the CEO at Purism, spoke of similar concepts when describing a “digital bill of rights” that he would like to see codified into US law.

Purism’s implementation and interpretation of these concepts, however, goes much further, with recommendations that any federal data privacy law include a consumer right to change providers, a right to protect personal data—including the right to “own and control” the master keys to encrypt their data—and the right to not be tracked.

What’s next?

The Business Roundtable’s consumer privacy law framework is just the latest proposal for what data privacy should look like in the future US legal landscape. It is surrounded by other proposals, like the draft bill written by Center for Democracy and Technology, the current data privacy laws being considered in several states, and the no-less-than six data privacy bills introduced by US Senators this year.

Further, while the Business Roundtable may count some of the largest, most revenue-driving, marquee corporations in America as members, when it comes to data privacy legislation, big money does not always mean big success.

Earlier this year, the technology industry lobbying group TechNet, which includes some of the exact same companies as Business Roundtable members (Amazon, AT&T, Comcast, Dell, General Motors, Visa, and Accenture), failed to convince California lawmakers to pass two bills that would have weakened the CCPA before it goes into effect on January 1, 2020.

On September 13, TechNet released a statement by Executive Director Courtney Jensen about the fate of California’s data privacy law. In the statement, Jensen sounded like she was asking for pre-emption:

“While we hope the rulemaking process will allow for additional improvements [to CCPA], the importance of federal action to avoid a patchwork of privacy laws has never been clearer, and we urge Congress to act,” Jensen said.

A quick look at the US Senate’s upcoming calendar shows a different reality: No scheduled votes on data privacy. No scheduled hearings on any of the six current, submitted bills.

Instead, individual US states continue to press forward.

The post CEOs offer their own view of a US data privacy law appeared first on Malwarebytes Labs.

Categories: Techie Feeds

MooglyCAL2019 – Afghan Block #19

Moogly - Thu, 09/19/2019 - 15:00

A lovely new block in the MooglyCAL2019 is here, courtesy of The Lindsey Life! This square pattern is simply beautiful – relaxing without being boring! Here are all the details on Block #19! Disclaimer: This post includes affiliate links; materials provided by Yarnspirations, Furls, and Chetnanigans. Just getting started with the Crochet Along? CLICK HERE...

Read More

The post MooglyCAL2019 – Afghan Block #19 appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

0
Categories: Crochet Life

Bayt Al Azif #2: Unboxing Video

Zenopus Archives - Thu, 09/19/2019 - 14:37


Over on YouTube, MaxWriter* has an unboxing video of the print-on-demand of issue 2 of Bayt Al Azif. He pages through all of the articles, so at 4:33 in the video you can get a glimpse of the reprint of Holmes' 1983 review of Call of Cthulhu and Chris Holmes' new art that accompanies it. For more details see my previous post. 


Purchase link:

Bayt al Azif issue 2
(link includes my DrivethruRPG affiliate number)
*MaxWriter also has a long-running thread at ODD74, "Role Playing Journals", that details  game sessions he's run.

Bayt Al Azif #2 UnboxingThe second issue of Bayt Al Azif is out and it looks as amazing as the first. It's available as a softcover, hardcover, and PDF. Check it out. Bayt Al Azif Issue #2 - https://www.drivethrurpg.com/product/246849/Bayt-al-Azif-2-A-magazine-for-Cthulhu-Mythos-roleplaying-games Hi everyone - I'm Andy and I've been doing Minecraft videos for some time in addition to IRL stuff and tabletop roleplaying games.
Categories: Tabletop Gaming Blogs

Three Policlubs of the City Gyre

Sorcerer's Skull - Thu, 09/19/2019 - 11:00
In conceptual realms like the outer multiverse, there are few armchair philosophers. In Gyre, the ring city at the center of the multiverse, policlubs are registered and tolerated organizations formed around philosophic principals with elements of street gangs, secret societies, and sometimes, organized crime. Here are three of them:

Annihilists (Doomsters)
Things fall apart, in the planar multiverse as well as on the mundanes. It's a cold fact more eternal than any promise of Law, and more certain than any ephemera of Chaos. You can deny it or even fight it, but you can't defeat it. The Annihilists choose to embrace it to varying degrees, some by taking the time (as it slowly ticks away) to appreciate, even revel in, its workings, others by actively joining in and hastening things along. What comes after everything crumbles to dust also divides the group. Some feel that only by the destruction of the current multiverse can make way for a new, better, one. Others hold that there will be a final oblivion, and the wounded Godhead will finally rest in peace.

The headquarters of the more action-minded wing of the Annihilist movement is the metal club Rough Beast, located in an abandoned industrial foundry. The official policlub's current leader is a young tiefling woman who sings lead for the house band, The Eves of Destruction.

The Free (The Wardens, The Jailers)
There is a harsh purpose to the multiverse and that is to confine souls. The Black Iron Prison, the Plane of Confinement, is just the maximum security section of a larger and more subtle prison. The Free's founder claims to have escaped the Black Iron Prison but only after achieving a sort of enlightenment while he was in solitary. He and his followers offer this enlightenment to the worlds, but it comes at price. None can truly experience the truth of it without first going through a great trial.

The Free are based in a prison in Gyre; both guards and prisoners are members. Their aim isn't punishment but the stern refinement of the souls in their charge.

Ontic Programmer Collective (Reality Hackers)
Everyone agrees that the mundane universes are essentially patterns in ether and the planar multiverse is a pattern vibrating in the astral manifold, but the question of what structure supports those patterns has been left up to theologians, who obviously have no consistent answer. The OPC believes that the answer is nothing less than the Godhead, and the name of the Godhead is math. The OPC plan is to obtain power beyond even the so-called gods by understanding and manipulating the computational underpinings of the multiverse.

The OPC is an eclectic group of academics, corporate programmer wage slaves, and gifted dropouts. There main need is etheric network time and bandwidth, and they are quite willing to acquire it by almost any means. They seldom rumble in the physical realm with other policlubs, but have been known to make things very difficult for rivals by their machinations on the net.

1332

Looking For Group - Thu, 09/19/2019 - 04:00

The post 1332 appeared first on Looking For Group.

Categories: Web Comics

5150 Working Grave - Out Friday! Here's a Bat Rep

Two Hour Wargames - Wed, 09/18/2019 - 20:40








From start to finish it took 30 minutes, much of it writing the report. Just to be sure that everyone knows, this can be played with miniatures or counters, the Battle Board will work with minis as well.Look for 5150 Working Grave to be released this Friday.
Categories: Tabletop Gaming Blogs

International students in UK targeted by visa scammers

Malwarebytes - Wed, 09/18/2019 - 16:49

A new visa scam has come to light targeting international students from China studying in the UK. At least, it’s being presented as new. In truth, it comes around every so often and has been on the radar for a few years.

The scam works by presenting a threat to students’ immigration status and uses various techniques to extract sizable payments from the victims. In the worst cases, it also embroils them in money mule scams and that’s a bad result for the students.

Many of these attacks target specific regions in the UK with a high density of overseas students, and because all manner of immigration-related statistics are published regularly in the UK, it’s an open-source goldmine for people wishing to create a list of targets.

A broad surface area of attack

The UK is hugely popular with international T4 visa students from China, with applications up some 30 percent since 2018. Data available from the Higher Education Statistics puts this trend into sharp perspective. As they mention: 

Since 2012/13 the number of entrants from China each year has exceeded the number from all EU countries combined.

In the 2017/18 academic year alone, the biggest international cohort was from China, with 106,530 first year students. India was a distant second with just 19,750. What’s particularly interesting is you can break this data down further and see which universities have the most students from specific regions.

Some of those universities, as well as others with a strong Chinese student community, have had to give out repeated warnings to students about these attacks.

Why are scammers targeting Chinese students?

Being a student in the UK on a T4 student visa is expensive, so every penny counts. As one student notes in the article linked above regarding application increases, there is a persistent incorrect stereotype that Chinese students in the UK all come from wealthy families. As many of these attacks result in large payouts for scammers, they’ll simply keep doing what they see is working whether the target is actually wealthy or just surrounded by multiple student loans. After all, they only need to strike it lucky once.

So, now that we’ve looked at why these particular students are hot targets, let’s take a walk through a timeline of attacks stretching back to 2007.

Back in the day

In 2007, student Jaiyue Wang was tricked into handing over £6,000 to scammers based in Nigeria who’d convinced her of half a million pounds in lottery winnings. When the prize didn’t turn up, it hit her hard and she eventually committed suicide at her residence in Nottingham. An absolutely tragic end to a commonplace scam, and notable for potentially being one of the first well-known confirmed UK deaths off the back of one of these groups (here’s another awful one from 2004).

These two attacks probably weren’t targeting students specifically; they just landed in people’s mailboxes, like so many scams did way back when. However, targeting specific groups of people (students, workers, people from a certain region, and so on) would soon become commonplace.

Wind forward a decade, and students are treated as an amazing opportunity for bad people to exploit and ruin while making a tidy profit in the bargain.

2018–2019

2018 and 2019 have been fertile years for money mules. A typical scam usually plays out like this, with students caught passing stolen sums of cash between various bank accounts. Elsewhere, the scale of the crimes committed are quite significant. Criminal gangs don’t just exploit one or two students; they’ll make use of as many as they can, resulting in hundreds of bank accounts being frozen by the National Crime Agency and students galore brought in for questioning.

Because these scams often rely on unwitting students, many are found to have already returned to China long after the fraud is discovered, which makes investigating even more difficult. And US$4.6 million in money mule shenanigans is not pocket change. Here’s a similar scam from August of this year, which involved another Chinese student, a “business opportunity,” and a US$19 million money laundering operation targeting multiple students.

The visa scam makes its move

The earliest reference I found to this visa threat targeting Chinese students is from 2015, though there are quite likely others prior to that. The UK Council for International Student Affairs warn of the following:

  • Criminals pretending to be in education, UKCISA itself, or the Home Office
  • Fictitious claims of immigration problems related to their visa, resulting in a claim
  • Potential mention of some personal information to make the scam seem more genuine
  • Payment demanded via Western Union to avoid problems or deportation

The attack tactics may vary, but most of the common elements repeat themselves with minor variations.

By 2018, the scam has widened to target Indian students, too. The scammers switch things up a little and instead of vague claims of problems with immigration status, they now mention dubious packages addressed to the student. The only way out, of course, is to send a sizable chunk of money to fake police officers, who are cloning numbers to make it appear as though they’re really the Shanghai police department.

Renewing a visa scam

In 2019, the fake visa threat scam adds an unexpected development into the mix. A first year student had their laptop stolen at Heathrow Airport, and then shortly after the phone calls began.

The scammers claimed to be the Chinese embassy, insisting the student had been referred by Chinese police officials claiming they were involved in a money laundering scam. At that point, they were passed onto the “police” themselves. So far, so typical. The only real odd thing up to this point is the stolen laptop. If you’re wondering how it fits into things, wonder no more.

Bogus websites and data uploads

A website purporting to belong to the prosecutor general’s office contained uploads of the student’s personal details, including her national ID card and photograph. All this information plus banking details had been left unsecured on the stolen device, and now the criminals were determined to make full use of it.

By the time they’d forced the student to upload a recorded statement to the social media site QQ and threatened her with deportation and imprisonment via web streams of men dressed up as police, they were likely too panicked to realise where they’d obtained all this information from in the first place.

A dent in your personal finances

£30,000 was sent to the fake police/embassy officials, and the money was gone forever. Organisations have warned of similar attacks taking place on Chinese students, but the airport connection is particularly disturbing. It’s possible students are being targeted on arrival, with the stolen details sent to mainland China where the groups set up the fake websites then set about contacting potential victims.

It could, of course, be an entirely random theft, though it stretches probability somewhat to think the laptop stealer randomly decided to hand over personal information—quite randomly—to random scammers in China, who then very randomly indeed start dressing up as policemen.

In my humble opinion, this seems…unlikely.

Pressure points

This attack is particularly insidious, as there are a huge amount of changes to take in for a new arrival to the UK, and new students would just put a laptop theft down to bad luck. They almost certainly wouldn’t know about the targeting taking place or have had a chance to see one of many warning pages on university websites.

They’ll just receive a strange, terrifying phone call one day and then see themselves plastered all over fake embassy websites. At that point, they’re almost certainly doomed to send fraudsters large sums of money. Even without the bogus threat of jail time on return to China, penalties for visa holders in the UK can severely impact future career prospects.

Portable device security tips

We’ve published a lot of advice on the Labs blog over the years regarding physical device security, and quite a bit of it is applicable here for students who are always out and about with devices galore. While none of these will neatly fit into your own personal threat model, you’ll hopefully be able to pick and choose the tips most relevant to your needs.

Do you have an iPhone you need to lock down? Passwords, screen notifications, and event loss procedures are all covered here.

Do you want some methods for securing sensitive data? Look no further, especially if you need some advice for secure messaging apps, locking down data, and whether to store it in the cloud.

Would you like some general travel tips? We’ve got you covered.

If you really want to make sure nobody has tampered with your device while away from your dorm, there’s an awful lot of options to choose from. Be warned, not all of these are probably warranty friendly.

Finally, don’t forget the old classic of putting your leg through a laptop bag strap when sitting at a busy location to prevent chance snatch and grab attacks.

Keep visa scam thieves at bay

These are terrible attacks aimed at people who spend a small fortune to be able to go to the UK and study, often with significant student debt—even if some do come from rich families. Universities aren’t often best equipped to know about sophisticated scams, much less warn students about them. Indeed, it’s to their credit that so many do.

Even so, criminals don’t just target students in the UK. They also go after students from mainland China studying in Hong Kong, with one unfortunate victim handing over just shy of half a million dollars to scammers.

This is one attack where not only education is key, but a little bit of preventative action, too. The Home Office via UKVI will never cold call you demanding money for vague-sounding immigration problems, nor will they tell you about suspicious packages addressed in your name. Neither will law enforcement agencies jump into a quick VoiP chat asking for cash. Should you run into anything like this, don’t send them a thing and report what happened to your university immediately.

Students have enough to worry about without this adding to their woes, so let’s see if we can help steer them safely in the direction of “not today, thanks” and keep their money exactly where it should be. 

The post International students in UK targeted by visa scammers appeared first on Malwarebytes Labs.

Categories: Techie Feeds

DC Bombshells Trading Cards III: Sketch Card Preview, Part 2

Cryptozoic - Wed, 09/18/2019 - 16:00

Please enjoy the second preview of Sketch Cards from DC Bombshells Trading Cards III

Categories: Tabletop Gaming Blogs

DIY Leather Notepad with Crochet Pouch: Quick Cricut Craft

Moogly - Wed, 09/18/2019 - 15:00

This DIY Leather Notepad with Pouch is a fun and quick Cricut craft on Moogly! With a refillable custom notepad and a crocheted pouch that’s perfect for both your pens and your favorite hooks and stitch markers, this project is perfect for crafting and creating on the go! Disclaimer: This is a sponsored conversation written...

Read More

The post DIY Leather Notepad with Crochet Pouch: Quick Cricut Craft appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

2
Categories: Crochet Life

Wednesday Comics: New Episode! Lois Lane #114

Sorcerer's Skull - Wed, 09/18/2019 - 11:54
There's a new episode of the Bronze Age Book Club podcast available on Apple Podcasts, Google Podcasts, Spotify, or right here:

Listen to "Episode 5: SUPERMAN'S GIRLFRIEND, LOIS LANE #114" on Spreaker.

Trivia Night

Mark Hughes (Church of the Rock) - Wed, 09/18/2019 - 03:00

How’s your trivia game?

Trivia Night
Thursday, September 19
Youth Room
7:30 PM

Do you have what it takes to be Smarter Than a 5th Grader? How well do you know popular TV shows and better yet the Bible? Are you a true gamer when it comes to Nintendo? Put your brains together to compete in our trivia challenge! No team required to participate. Meet in the Youth Room at 7:30 PM.

The post Trivia Night appeared first on Church of The Rock.

Categories: Churchie Feeds

IDW Flips the Script in the G.I. JOE #1 Preview

Stash My Comics - Tue, 09/17/2019 - 16:13
Preview by Gaumer Everything is backwards in this brand new era for Joe comics, and the new status quo works perfectly for our modern times. Here’s the G.I. JOE #1 preview. G.I. Joe #1 Preview Writer: Paul Allor Artist: Chris … Continue reading →
Categories: Comic Book Blogs

Geek Picks for September 18th, 2019!

Stash My Comics - Tue, 09/17/2019 - 16:05
From the Outrightgeekery Staff… This week is filled with some super-hot new releases. Our staff of intrepid Geeks have been scouring the trades to make their recommendations for New Comic Wednesday just for you! Take a look at their Geek … Continue reading →
Categories: Comic Book Blogs

Pages

Subscribe to Furiously Eclectic People aggregator