data protection – SSL and internet security news

Data Wallets Using the Solid Protocol

July 25, 2024 infossl

data privacy, data protection, inrupt, security standards, Security technology, Uncategorized

I am the Chief of Security Architecture at Inrupt, Inc., the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here, but basically a digital wallet is a repository for personal data and documents. Right now, … Read More “Data Wallets Using the Solid Protocol” »

On IoT Devices and Software Liability

January 12, 2024 infossl

academic papers, cyberattack, data protection, Internet of Things, Security technology, software liability, Uncategorized

New law journal article: Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data protection legislation, there is no equivalent pathway available to third-party victims who suffer … Read More “On IoT Devices and Software Liability” »

New iPhone Security Features to Protect Stolen Devices

December 27, 2023 infossl

apple, computer security, data protection, iphone, Security technology, theft, Uncategorized

Apple is rolling out a new “Stolen Device Protection” feature that seems well thought out: When Stolen Device Protection is turned on, Face ID or Touch ID authentication is required for additional actions, including viewing passwords or passkeys stored in iCloud Keychain, applying for a new Apple Card, turning off Lost Mode, erasing all content … Read More “New iPhone Security Features to Protect Stolen Devices” »

Cars Have Terrible Data Privacy

September 12, 2023 infossl

cars, data protection, privacy, Security technology, Uncategorized

A new Mozilla Foundation report concludes that cars, all of them, have terrible data privacy. All 25 car brands we researched earned our *Privacy Not Included warning label—making cars the official worst category of products for privacy that we have ever reviewed. There’s a lot of details in the report. They’re all bad. BoingBoing post. … Read More “Cars Have Terrible Data Privacy” »

The Conviction of Uber’s Chief Security Officer

November 7, 2022 infossl

courts, cover-ups, cyberattack, cybersecurity, data breaches, data protection, Security technology, uber, Uncategorized

I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. It’s a complicated case, and I’m not convinced that he deserved a guilty ruling or that it’s a good thing for the industry. I may still write something, … Read More “The Conviction of Uber’s Chief Security Officer” »

Leaking Passwords through the Spellchecker

September 26, 2022 infossl

browsers, data protection, leaks, passwords, Security technology, Uncategorized

Sometimes browser spellcheckers leak passwords: When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Depending on the website you visit, the form data may itself include PII—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, … Read More “Leaking Passwords through the Spellchecker” »

More Log4j News

December 16, 2021 infossl

data protection, patching, Security technology, Uncategorized, vulnerabilities, zero-day

Log4j is being exploited by all sorts of attackers, all over the Internet: At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. “Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by … Read More “More Log4j News” »

ProtonMail Now Keeps IP Logs

September 10, 2021 infossl

anonymity, courts, data collection, data protection, e-mail, privacy, Security technology, Uncategorized

After being compelled by a Swiss court to monitor IP logs for a particular user, ProtonMail no longer claims that “we do not keep any IP logs.” Powered by WPeMatico

Colorado Passes Consumer Privacy Law

July 15, 2021 infossl

data collection, data protection, privacy, Security technology, Uncategorized

First California. Then Virginia. Now Colorado. Here’s a good comparison of the three states’ laws. Powered by WPeMatico

The Problem with Treating Data as a Commodity

February 26, 2021 infossl

data protection, laws, privacy, reports, Security technology, Uncategorized

Excellent Brookings paper: “Why data ownership is the wrong approach to protecting privacy.” From the introduction: Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal information even if they choose to “sell” it. Data is not … Read More “The Problem with Treating Data as a Commodity” »