Yet Another Security Blog

One of the provisions of the GDPR is that you can request all data about you that a company has.  Now I suspect that much of this is obfuscated even from the company so they can not actually comply at this time.  This case is one in which someone requested their data but also got the data of someone else.  This has a couple of different implications.  First, someones life could be ruined by the disclosure, but secondly, as I have pointed out before, this data is used for all kinds of things.  What happens if your data and that of someone else get intermixed?  How would you ever know?  Did you get turned down for that loan because of something you did or because of something another person did? https://threatpost.com/amazon-1700-alexa-voice-recordings/140201/

Facebook has filed 3 patents that together will help their AI figure out where you are going.  I have noticed that Way's now tells me that on this day you normally go X would you like to get directions to X?  I suspect this is something that many companies will offer in the future.  To get this information though, they have to have a good idea of who you are and what your travel patters are. https://www.buzzfeednews.com/article/nicolenguyen/facebook-location-data-prediction-patent Offline Trajectories patenet http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220180352383%22.PGNR.&OS=DN/20180352383&RS=DN/20180352383 Location Prediction Patent: http://pdfpiw.uspto.gov/.piw?docid=10129705&PageNum=17&IDKey=64AFEDB6BBD7 Predicting Locations and movements based on historic locations patent: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect

Are the Chinese putting tracking devices that collect data in products.  Probably.  Over the summer Super Micro was called out by name from several for having a chip that was allegedly masterminded by the Chinese to gather data and perhaps allow remote control.  After a self and outside investigation, Super Micro claims they have found no evidence to support that claim. https://www.reuters.com/article/us-supermicro-chips/super-micro-says-review-found-no-malicious-chips-in-motherboards-idUSKBN1OA12R

I have to believe that mobile security will be a bigger and bigger issue going forward.  This trojan uses the accessibility features and bypasses even 2 factor.  https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/

State actors are particularly hard to defend against because they are so well funded and have lots of cyber and human resources.  While I am a bit hesitant to ever look to government for a solution to anything, if your opponent is a government, the best resource might be the government. https://www.nytimes.com/2018/12/11/us/politics/trump-china-trade.html