Your own personalised stalker
It always seemed slightly creepy that your computer shows advertising that is strangely accurately targeted at things you might have been interested in. On the surface, that seems quite useful. If you have to tolerate ads on your screen, at least having them show things you were interested in seems helpful.
Instead, we wonder how the system knows. It feels like a breach of our privacy.
It all starts when you install an app, and it pops up a question asking for permission to use your location, and/or your camera and/or your microphone.
This is useful for advertisers. For example, they can use your location. If the app reports this back to the content provider, they can match up your location and compare you to other people nearby. If you tend to go to the same places as other people, you are probably interested in the same things, so an advertiser might use that assumption to present advertising to you, or other people that you spend time with.
That does sound a bit overreaching, but we reluctantly agree to the presented terms simply because we want to use the app. If that is a condition of use, and we want to use the app, then we agree.
So, now we are seeing consumers getting the choice to push back.
Apple
Now, with iOS15, Apple are saying that you will get to see what apps are accessing your data. You will be able to see when an app used that permission, and there it was sent to. Whether that list of third party sites is any use or not is meaningful is unclear.
Not quite as advanced but following quickly behind is Google Android. With Android 12, you will have the option to de-personalise your data. They will still track usage, but won’t link it back to you.
Is there any truth to the rumour that your phone or TV is listening to you, and presented content based on private conversations it overhears?
Given how poor the voice recognition is on phones , cars, or tools like Alexa or Siri, its pretty evident this can’t be reality. If it, is, then heaven only knows what it thinks it’s hearing. The voice recognition tools are getting better all the time, but there is a long way to go.
Zero-Trust IT Security
'Zero-Trust' is a tough headline. Zero-trust in a world where we trust people all the time is an unpleasant concept. We trust that when we order a package online, that the vendor will take our order and not just our money, that our product will be passed to a courier...
HAFNIUM Microsoft Email Attack
Over the last few days, you may have read about a zero-day attack impacting Microsoft Exchange Servers. We became aware of this vulnerability on Wednesday last week (it was discovered on the 2nd in the USA so we were on to it immediately, allowing for time-zones) . ...
5 simple steps to stay cloud-cyber-secure
We’ve posted repeatedly about cyber-security and the need to be more vigilant and more careful, and we’ve shared real-world stories to reinforce the concern. It’s a concern then that we still see a number of organisations that remain reluctant to increase their...
Cyber-risk mitigation – why Multi-Factor Authentication (MFA) is vital, but NOT enough
We keep making the point that nothing can guarantee you won’t be hacked. But you can, and must, mitigate your cyber-risk. We think tools like Multi-Factor Authentication is crucial for protecting your IT systems – and MFA should be on EVERYTHING you use – your email...
The Worst Hack in US History
In the last week, we’ve seen two major successful attacks on critical US IT management and Cyber security tools. The first we learned about was on FireEye which is one of the leading and most trusted cyber security tools, used by much of the Fortune 500. ...
Look out for more ransomware in 2021
2020 saw a crazy amount of ransomware attacks. We've warned repeatedly of the increasing sophistication and organisation of these bad actors. Names like RangarLocker and Dharma are cyber-businesses or do it yourself cyber-crime kitsets designed to cause havoc for...
DDOS – Distributed Denial of Service Attack (aka what went wrong at the NZ Stock Exchange)
Denial of Service (aka what went wrong at the NZX?) In September the NZ Stock Exchange was the victim of an attempted extortion via a DDOS attack. The attack took them offline serval times over a number of days. Many business are now asking, what is DDOS and could...
Keeping our Security tools up to speed
Cyber-crime is estimated to earn criminals US$7 Trillion a year That sort of money buys cyber criminals a lot of resources. It’s no surprise then that cybercrime has its own support industries. You don’t need to access the "Darknet" to purchase hacker tools. Many...
GOOD PROCESS WASN’T GOOD ENOUGH – SCAMMERS STILL WON
In August we all heard about Team NZ falling prey to a $2.8 million invoice payment fraud. It was the now-familiar story of a fake or hacked email, asking for payment to go to a different bank account. We should all be familiar with these tales by now. I’m sure that...
What is Double Key Encryption and why should you care?
Double Key Encryption (DKE) is coming soon to Microsoft 365 (E5 plans required) Like the name suggests, this is even MORE secure than the levels of encryption previously seen. Microsoft are saying that you need it if: You want to ensure that only you can ever decrypt...