Twelve Million Phones, One Dataset, Zero Privacy

Twelve Million Phones, One Dataset, Zero Privacy is part one of One nation, tracked, an New York Times investigation series.

Twelve Million Phones, One Dataset, Zero Privacy

is part one of One nation, tracked, an New York Times investigation series of smart phone information tracking and by Stuart A. Thompson and Charlie Warzel, within their privacy project. The research covers multiple topics, only starting out with an analysis of the potential contained in smartphone tracking information.

What we learned from the spy in your pocket.

Twelve Million Phones, One Dataset, Zero Privacy

The authors analyse a large dataset of location information from New York and Washington, DC, cell phone users. With the analysis, the article debunks myths about data privacy. The key takeaway of the analysis, to my interpretation are:

Twelve Million Phones - One Mobile Phone User in Munich
Mobile Phone User – Munich
  1. Data is not anonymous – the authors successfully identified a Senior Defense Department official and his wife. And this was possible during the Women’s March. According to authors, nearly half a million descended on the capital for this event. (Other sources only mention one hundred thousand attendants)
  2. Data is not safe – the authors point out complex relationships of companies in the tracking business. Complexity makes it impossible to ensure ownership. There is no foolproof way for anyone or anywhere in the chain to prevent data from falling into the hands of a foreign security service.
  3. Affected persons cannot consent – the authors criticism seems reasonable. Virtually all companies involved with tracking require user consent. And even cell phones make the geo-tracking feature visible to users. Only barely anyone in the business makes purpose transparent. In other words, no company prominently announce how they package and sell data or insight.

One Nation, Tracked

The article is a creepy read, but worth the time spending. The series One Nation, Tracked continues with 6 other parts:

  1. discussing how to Protect Yourself
  2. National Security, which is for the the US in the article.
  3. details on How it works
  4. individual spying in One Neighborhood
  5. Protests is about how this business betrays democracy
  6. And offers Solutions through privacy rights.

Source: Opinion | Twelve Million Phones, One Dataset, Zero Privacy – The New York Times

Security Nightmares beim 36C3

Security Nightmares – Frank und Ron beim 36C3 in Leipzig

Wie jedes Jahr , jedenfalls seit 1999 während des 19C3 in Berlin, haben Frank und Ron auch dieses Jahr wieder Ihren Vortrag Security Nightmares beim 36C3 zu Sicherheitsbezogenen Vor- und Rückschauen gehalten.

Frank und Ron zu Security Nightmares 0x14 auf dem #36c3
Security Nightmares 0x14

In einer Rückschau auf diesen ersten Vortrag “vor zwanzig Jahren” blicken die beiden auf die Vorhersagen von Damals und die Ereignisse der letzte Jahre zurück und fassen den ganzen Zeitraum der beiden Jahrzehnte damit zusammen, ob man Makros erlauben möchte. Makros waren schon 1999 (Melissa, I love you) wie heute (Emotet) einer der wichtigsten Angriffsvektoren für Malware. Der folgende Rückblick auf die letzten zehn Jahre alleine fällt etwas technischer aus. Trotzdem ruft der Teil einige schöne Ereignisse noch einmal ins Gedächtnis. Darunter z.B. den Aufschrei Deutschlands gegen Streetview, die Debatte um intelligente Stromzähler oder die elektronische Gesundheitskarte. Themen, die auch bis heute nicht vollkommen abgeschlossen sind.

Ein “Internet-Normalitätsupdate” setzt jüngere und auch noch laufende Angriffe mit bekannten Zahlen in Perspektive.

Darüber hinaus setzt der Vortrag sich mit Rückschauen in den Themenfeldern E-Gov, Datenreichtum und Crypto (SPD Mitgliederbefragung!), Geschäftsfelder, Crypto, Sport und Bemerkenswertem auseinander, bevor sich Frank und Ron den Stichworten für 2020 widmen. Wenig technisch wagen die beiden eine Prognose zu Berufsfeldern, die die Cyber-Situation hervorbringen könnte. Das reicht von der Cyber-Nachsorge für das Seelenheil Betroffener, über die Cyberfantasy-Geschichtenschamanen, die magiehafte Technologie nachvollziehbar erzählen können, bis zu Verzerrungs-Sucher und IPv6 Exorzisten

Wie jedes Jahr ein interessanter und unterhaltsamer Vortrag. Auch wenn ich die Lesung nicht selbst hören habe können, lohnt sich die Aufzeichnung auf nachzusehen.

Netflix (Security) on Youtube

Netflix (Security) on Youtube: Netflix Security runs a YouTube Channel! As opposed to the company channel, it does not only broadcast previews! This is a great subscription for security practiconers!

Via Stephanie Olsen (on LinkedIn).

Unbekannte dringen in Server von Conrad Electronic ein

Ist hier jemand Online-Kunde von Conrad-Elektronik?

Conrad Elektronik
Conrad Elektronik Markt

Durch eine Sicherheitslücke verschafften sich Unbekannte Zugriff auf Conrad-Server mit 14 Millionen Kundendatensätzen.

Source: Unbekannte dringen in Server von Conrad Electronic ein | heise online

Thoma Bravo to buy Sophos

Sophos Logo
Sophos Logo

Both company announce the plans for the acquisition today. The private equity company Thoma Bravo plans to buy the UK-based cyber-security giant Sophos for $7.40 per share, for a total value of $3.9 billion, at a 37% market premium.

Safari in iOS sends data to Tencent

Engadget reports, that with iOS 13 Apple started checking website details against fraudulent behavior with Tencent. While Apple already uses “Google Safe Browsing” to improve security, this behavior has been difficult before. With the latest developments in Hong Kong and China, this approach is – at a minimum – questionable and overshadows trustworthiness of Apple hardware. Engadget comments accordingly:

You might not have to worry outside of China, but it’s still a concern.

Source: Safari in iOS sends some Safe Browsing data to Tencent

Github acquires Semmle

Github acquired Semmle, a service to scan code for vulnerabilities with a semantic code analysis engine. According to The Next Web, no financial details have been disclosed.

Github Blog”Welcoming Semmle to Github

The acquisition happened only one day after Github became a CVE Numbering Authority (CNA)

Facebook lost phone numbers

Again, it’s Facebook, that made news with a data breach. TechCrunch reported first about midnight Euroean time, but it’s all over the news by today, noon. It’s time to realize social media is a mistake.

Gefährdete Website



Someone is pulling emergency brakes on subways

New York is facing an unusual incarnation of Denial of Service, in this case public transport. Just like on the web, thats’s extremely annoying and in this case, really has impact on peoples’s lives. From the article:

“The reports caused major disruption,” says Wikipedia, “affecting approximately 140,000 passengers and 1,000 flights.”

Asymmetric warfare: someone is pulling emergency brakes on NYC subway cars

Source: Asymmetric warfare: someone is pulling emergency brakes on NYC subway cars / Boing Boing