Connected Consumer-Grade Equipment: The Next Attack Surface
Rife with vulnerabilities that are actively probed by MCAs, connected consumer-grade equipment is poised to be the next attack surface.
Data privacy defines who has access to an individual’s personal data, and allows individuals to control how Personally Identifiable Information (PII) is collected, stored, and used.
Data privacy has become front and center of the privacy vs security debate when it comes to the internet. The general lack of regulation around in previous years fostered widespread corporate abuse of end user data to drive greater profits. The backlash to abuse led to greater protections for individuals which limits how organizations may collect, store, and use any Personally Identifiable Information (PII).
The European Union (EU) was the first to act on with the General Data Protection Regulation (GDPR) in May of 2018. The state of California followed suit in June 2018 with its own version – the California Consumer Privacy Act (CCPA). And these regulations continue to expand across the globe to support greater protections for individuals with regards to keeping their personal data private.
Rife with vulnerabilities that are actively probed by MCAs, connected consumer-grade equipment is poised to be the next attack surface.
Today’s world of hyperconnectivity positions privacy vs security as one of the most fiercely contested global debates. Can you have both without compromise?
We’re only just beginning to understand how mass data surveillance systems and data privacy impacts us. Will GDPR-like regulation come to the U.S. in 2019? It will require time to craft legislation, achieve some level of adoption, and put it up for a vote—but what’s next?
I was recently debugging a nasty issue in one of our backend services and needed to view the exact HTTP request & response being sent to an authentication server. Fortunately, Go’s standard library provides http.RoundTripper, httputil.DumpRequestOut & httputil.DumpResponse, which are great for dumping the exact out-bound request & the response. But since an authentication request contains credentials and a response contains a security token, it would have been insecure to record credentials & tokens in our logging systems. How could I securely exfiltrate the information I needed, while maintaining security and not requiring a whole lot of changes to my codebase or deployment environment?
The Journey of Building a Next-generation SOA Data Services Platform. Several years ago, zvelo systems and cloud infrastructure was completely overhauled—leveraging machine learning and cloud computing to improve web content categorization, our URL database, and other systems. This is story.
EU Commission and United States agree on new framework for transatlantic data flows A new US/EU arrangement puts stronger regulations on companies in the U.S. to protect the personal data of Europeans and stronger monitoring and enforcement by the U.S. A few highlights that new arrangement will include: Strong obligations on companies handling Europeans’ personal…
Our willingness to surrender personal privacy in exchange for services that we now consider essential, as discussed in a previous article, has made it much easier for large governments and private individuals alike to collect information.
We are constantly reminded of the growing number of privacy concerns from the use of Information and Communications Technology (ICT). Some are quick to blame governments or commercial entities when our personal information is compromised. Very few stop to think whether or not the blame should be pointed at ourselves. To what extent are we as end-users responsible for facilitating our own personal privacy?
People don’t seem to worry much about privacy when “checking in” to a favorite local restaurant or coffee shop, or from other social media posts that reveal one’s location. What if you were approached by a complete stranger who knew your name and other personally indefinable information within minutes after making an upload? A few socialites got quite the shock after a social media experiment revealed how much personal information can be extracted from publicly viewable status updates.
Consumers will soon know exactly how much of their personal information is being collected online, by whom, and may one day be able to correct errors or opt-out entirely from such activity. The name of the game is “privacy” and thanks to a combination of recent investigative reporting and pressure from advocacy groups, regulatory entities and politicians, the urgency to reach this point is now mainstream news.