Privacy, Computer Security, Breaches I have been in, September 2, 2018
* I think in general privacy is dead, at least as far as big corporations and the government goes. * I think in general, corporations have too big of incentive to get as much data about us as they can. * Google giving us a switch to turn off location history and then tracking our location * Google wants to aggregate all data * I discovered that LinkedIn is particularly evil about this, when we were let go at L3. I needed everyone to become friends with me, so that I could see their contacts. I needed the contacts to ping people about jobs. Being able to see their contacts is particularly helpful. When they refuse my friend request, I can immediately submit it again and keep asking them to link with me indefinitely. In most cases, they will eventually, sometimes after many tries, connect. * I think the government has too many incentives to not track us. * Terrorism, Illegal activities * I think we have too many incentives that to give up information about ourselves, family and friends * Social media, Facebook, Twitter, LInkedIn, Instagram * Car dash cams. I want a car dash cam. * Ring Doorbells * Location tracking when I go to friends houses * Cell tracking records * We like functions like the great maps we have in our phones these days, and I do want to contribute back to those maps. * For our own security, we like our security cameras, but that means we are tracking all our neighbors. * Cell phones just track the crap out of us. * Where we are * What we are doing * What we are planning * Who we are talking with * What files we put in the cloud * Note, I am keeping this list in the cloud, but I really like the convenience. * We basically have to have electronic travel documents, to move around. My Marta card, my airplane boarding pass, my RFID passport. * Almost always, when a policeman pulls you over, he asks “Where are you going tonight?” * I will do whatever I have to do to get through TSA security. * They can pat me down wherever they want * They can take me in a room and have me take my clothes off (yes they did that) * They can have me turn on my laptops and phones * In general, I will just do whatever they ask, so I can get on the plane. * I think some of this is necessary for the emergence of the global consciousness. * What if we could all think together? * The amount of data breaches is crazy. * The amount of processor flaws being found is crazy. Row Hammer, Ports Smash, Spector, etc. Is there a safe processor out there? * We have to get into the state, where we are not giving companies secrets to keep. We have cryptology that allows this. * Companies always claim that it was a sophisticated attack and they couldn’t have done more, yet they fail to implement anything simple, like two factor authentication or simple segregation of networks. * We see the breach data being actively used, years after the breach. I don’t understand why, if the hackers are intelligently playing the long game or it just takes that long for this information to disseminate to the hackers who would actively use it. * Big companies don’t go out of business for the breaches. They return to business as usual. * How do we get companies to be more responsible?
Breaches I have my info in * Dropbox, 2012, 68 Million, - Hackers know my warrior1 password, August 2016 they forced password resets, including mine, they thought were at risk. I am getting spam that has that old login and password, and they are trying to extort me with the info, claiming they have evidence of access to porn sites. Passwords sold on the black market. * MySpace, 2008, 2016, 360 Million, they know my 99zwarrior password, SHA1 hashes without salt. I am getting spam that has that old login and password and they are trying to extort me with that info, claiming they have evidence of access to porn sites. Passwords sold on the black market. * Last.fm, March 2012, 43 Million, they know my 99zwarrior1 password, passwords were stored using unsalted MD5 hashes. I am getting spam that has that old login and password and they are trying to extort me with that info, claiming they have evidence of access to porn sites. Passwords sold on the black market. * Office of Personal Management, OPM, 22 Million users, including social security numbers, and finger prints in some cases, they were breached and my security clearance application is at risk, I have a physical letter from them * Equifax, 145 Million users affected, social security #s, credit card #s, birth dates, personal information, my credit rating information, Equifax recommends signing up for their free credit monitoring program. * Anthem, 2015, 80 Million accounts affected, all my personal and health information, I have a physical letter from them * Yahoo, 2013 (big one) and 2014, 500 Million users affected or 1 Billion, multiple notifications of my information exposed. * Home Depot, 2014, 56 Million accounts, my credit card information * Chase, 2014, 76 Million accounts, In August 2014, they suddenly sent me two new credit cards, even though neither was expiring * RSA Security, 40 Million accounts, we had to swap out ALL L3 RSA tokens at L3. RSA was compromised by a phishing attack email. * Ebay, 2014, Email and passwords from all users, Ebay forced me to reset passwords. * Jimmy John’s?? Don’t know if my info was in there? * Target, 2013, 110 Million users affected, 70 Million personal information, 40 Million credit card information, including credit card information?? Don’t know if my info was in there? * Marriott, 500 Million users affected, November 30, 2018?? Apparently hackers have been on their network from 2014 (2014 to 2018) This might be the first real test of GDPR. I suspect my info was compromised since I’ve stayed at Starwood with Tucker’s BMX. * Uber, 2016?? Don’t know if my info was in there? * LinkedIn, 2012, 165 Million User IDs, 117 Million LinkedIn passwords, I was forced to reset, passwords sold on the black market. LinkedIn forced me to reset my password. I am receiving black mail emails, trying to extort me, on the email address I only use for LinkedIn. * Quora, December 2018, 100 Million users.