Wednesday 30 December 2015

SumRando Messenger for iOS

In order to bring you the best, most secure services available, we will be updating and adding new features to our SumRando Messenger iOS app in 2016. During this time, we will be suspending the availability and support of this service.  Beginning 1 January 2016, SumRando Messenger for iOS will no longer be available.

SumRando Messenger for iOS will return in mid-2016 with more features including cross-platform capability and end-to-end encryption.  SumRando Messenger for Android will continue to be available as we work to integrate end-to-end encryption in the beginning months of 2016.  
If you have any questions, please email support@sumrando.com.

SHA-1 Sunset Highlights Internet Instability for Poor, Repressed and War-Torn Countries

For 37 million users across the globe, portions of the Internet will no longer exist on Friday.

January 1, 2016 marks the day that Secure Hash Algorithm 1 (SHA-1) will cease to provide users with an encrypted connection. For 98.31% of the population online, browsers will default to SHA-2 and life will continue as usual. For everyone else, the encrypted Internet is about to look like this:

encryption, net neutrality, SHA-1, SHA-2, SHA-1 sunset, Africa, Asia, Latin America, Middle East

As CloudFlare pointed out, 1.69% of the Internet population may not sound like a lot, but these nearly 40 million users are clustered in areas of the world already operating at a disadvantage: “Unfortunately, this list largely overlaps with lists of the poorest, most repressive, and most war-torn countries in the world. In other words, after Dec. 31, most of the encrypted Web will be cut off from the most vulnerable populations of Internet users who need encryption the most. And, unfortunately, if we’re going to bring the next 2 billion Internet users online, a lot of them are going to be doing so on secondhand Android phones, so this problem isn’t going away anytime soon.”

The unlucky 37 million are largely found in Africa, Asia, Latin America and the Middle East and typically aren’t carrying the latest technology in their back pockets. (Beware, users of Windows XP before Service Pack 3, Android before Gingerbread and pretty much any phone more than five years old.) A CloudFlare report listed the 25 countries most affected by the change: approximately 1 of every 20 browsers will be unable to support SHA-2 in Cameroon, Yemen, Sudan, Egypt, Libya, Ivory Coast and Nepal; other countries significantly affected include China, Ghana, Nigeria, Ethiopia, Iran, Tanzania, Syria, Paraguay, Angola, Kenya, Algeria, Bahrain, Nicaragua, Myanmar, Senegal, Bangladesh, Venezuela and Pakistan.

It’s undeniable that the shift away from SHA-1 will negatively affect the very users who have long been the Internet’s second class citizens, but the alternative leaves little to be desired. The decision to migrate away from 20-year-old SHA-1 is rooted in insecurity, as the algorithm is widely understood to be increasingly easy to break.

Such is the Internet for the poor, repressed and war-torn—at best, insecure and at worst, nonexistent. As efforts continue to bring the next 2 billion online, users must keep in mind that their security ultimately remains in their own hands, and also that the planet is far from a being a net neutral place. When SHA-1 appeared in 1995, it was widely supported across all browsers; twenty years later, SHA-2 does not come with the same universality. In an era in which the desire to advance technology has outpaced the desire to meet the needs of all users, no one should take whatever Internet connection or security they have for granted.



Want to know more about the current state of an encrypted, net neutral Internet? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Friday 25 December 2015

CISA: Not the Christmas Surprise We Had Hoped For

United States, CISA, government surveillance, legislation, Ron Wyden, Access NowIt came without ribbons. It came without tags. It came without packages, boxes or bags.

That’s right—the United States' Cybersecurity Information Sharing Act (CISA) that we thought we had avoided has snuck into our lives, all but unannounced.

After months of much-publicized debate, a late-night, mid-December session of the United States Congress quietly tacked CISA onto a must-pass funding bill. On Friday, December 18, President Obama signed the bill into law, and so, CISA is here to stay.

Widely seen to align more closely with surveillance than cybersecurity, the legislation encourages companies to share cyber-threat data with the United States federal government by strengthening protections against privacy lawsuits for businesses.

In response, longtime opponent Senator Ron Wyden explained that CISA has only become more of a threat to individuals since its inception: “The latest version of CISA is the worst one yet – it contains substantially fewer oversight and reporting provisions than the Senate version did.  That means that violations of Americans’ privacy will be more likely to go unnoticed. And the Intelligence Authorization bill strips authority from an important, independent watchdog on government surveillance, the Privacy and Civil Liberties Oversight Board. This will make it easier for intelligence agencies – particularly the CIA – to refuse to cooperate with the Board’s investigations. Reducing the amount of independent oversight and constricting the scope of the PCLOB’s authority sends the wrong message and will make our intelligence agencies less accountable.”

Nathan White, of digital rights defender Access Now, similarly had little patience for Congress' Grinch-like trick: “We’re all feeling a collective sense of deja vu. This is like a bad sequel where we all know the ending, but shouting at the characters doesn’t change anything. Just like the USA PATRIOT Act, CISA was a collection of old ideas that Congress had repeatedly rejected. And just like the PATRIOT Act, they re-wrote the final bill in secret and snuck it through Congress before most people could even read it. And just like the PATRIOT Act, CISA will be used for far more than members of Congress think that they are authorizing. Ultimately this will be embarrassing for Congress.”

Much as individuals did in response to the Patriot Act, now is again a time for users to take privacy into their own hands. The United States government is well-positioned to enter 2016 with greater powers of surveillance for Americans and non-Americans alike, but users must remember that privacy and anonymity remain universally recognized human rights. In 2016, it is every users’ responsibility to be just as stealth as Congress was when it passed CISA and provide no business with any more information than necessary.



Want to know more about government infringements of citizens' rights? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Wednesday 23 December 2015

Shortened WhatsApp Ban Signifies a New Norm in Favor of User Choice

Brazil, WhatsApp, SumRando Messenger, government surveillance
Two noteworthy events took place last week: the banning of an American app affected the ability of an estimated 93 million Brazilians (nearly the entire online population) to communicate and, shortly thereafter, the suspension was reduced from 48 hours to far less than a day.

A Brazilian court had attempted to impose a two-day ban of messaging app WhatsApp as punishment for parent company Facebook not complying with a court-ordered police request for information. Facebook countered that the use of encryption made the data requested inaccessible, a choice that CEO Mark Zuckerberg defended in a post: “I am stunned that our efforts to protect people’s data would result in such an extreme decision by a single judge to punish every person in Brazil who uses WhatsApp."

Zuckerberg was far from alone in his sentiments. Just as #Nessas48HorasEuVou (#Inthese48hoursIwill) and its accompanying suggestions for finding ways to pass the time became Twitter’s latest trend, a second judge stepped in. Judge Xavier de Souza reinstated the service only hours after the ban began, suggesting a fine as a more appropriate way to address the situation, as it was “not reasonable that millions of users be affected by the inertia of the company."

This is one story that summarizes the current state of the Internet quite well:

  • Even the strongest Internet law is penetrable: Marco Civil, Brazil’s Internet law, was passed in 2014 amidst praise for its capacity to protect online rights. An unannounced, nearly unexplained interruption of a communication service utilized by half of Brazil’s total population that disrupted everyday users more than WhatsApp itself is certainly a violation of the very rights Marco Civil purports to protect.
  • There is strength in numbers: Judge de Souza’s argument for bringing WhatsApp back boiled down to one simple argument: everyone is on it. 
  • Communication knows no country lines: The unusually high cost of services provided by Brazil’s telecom companies initially prompted millions of Brazilians to turn to WhatsApp, a foreign, low-cost alternative. If last week's brief outage was an attempt to get Brazilians to communicate the old-fashioned way, the takeaway is this: during the outage, Brazilians were at a loss for what to do with themselves—until they remembered that alternatives exist. Foreign-based services such as Telegram and SumRando Messenger were able to affordably fill a void that national services simply could not. 
 Last week's abbreviated WhatsApp ban signifies the coming of an era in which concerned citizens will dictate country policies. SumRando looks forward to a 2016 in which user choice brings the world closer to a free and open Internet for all.



Want to know more about government infringements of citizens' rights? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday 17 December 2015

Draft Cybercrimes Bill Would Be a ‘Sin’ For South Africa

South Africa, draft Cybercrimes and Cybersecurity Bill, legislation, government surveillance, civil liberties, human rightsSouth Africa has spoken: the draft Cybercrimes and Cybersecurity Bill made public in September is not what she wants. The criticism poured in as the comment submission deadline approached:

Right2Know, a movement focused on freedom of expression and access to information, submitted a significant rebuttal to the Bill, and also condensed its complaints to “Seven Deadly Sins”, as the Bill would:
  1.  Hand over control of the internet to the Ministry of State Security
  2.  Give the state security structures the power to effectively declare ‘national key points’ of the internet—and potentially grant backdoor access to any network
  3. Criminalise journalists and whistleblowers by sneaking in the worst parts of the “Secrecy Bill”
  4. Increase the state’s surveillance powers and be even more invasive than RICA
  5. Undermine South Africans’ civil liberties and particularly the constitutional right to privacy.
  6. Contain 59 new criminal offences involving computer usage—many of which are so broad that they could ensnare ordinary computer users. The Bill considers suspects guilty until proven innocent.
  7. Contain anti-copyright provisions so harsh you could be criminalized for even posting a meme. 
In a more concise statement, PEN South Africa expressed “extreme concern” over the Bill’s potential for harm: “We have submitted feedback to the Department of Justice and Constitutional Development, requesting that the Bill be withdrawn and redrafted with input from civil society. We have asked that the Bill be reformulated in such a way that it achieves the protections sought in the safest way and which takes into consideration the freedom of expression clauses in the Constitution and protection of the public interest.” PEN South Africa, an affiliate of PEN International, defends free expression and encourages literature.
Similarly, the concluding remarks of the Freedom of Expression Institute’s submission argued, “The Cybercrimes and Cybersecurity bill is a ‘necessary evil’ addition to South Africa’s legislations; however, there are aspects of the Bill that unreasonably infringe on the rights of access to information and freedom of speech. These infringements must be expeditiously remedied in the revised versions of the proposed legislation.”
The Open Web Application Security Project (OWASP) of Cape Town, which focuses on improving the security of software, provided a detailed analysis that noted a close-to-home concern for SumRando Cybersecurity: “[The Bill] offers no protection to whistleblowers or personal privacy, and adds significant risk to any person or business who wish to operate in the information security field…The result will be that the very people that we need to develop to enhance cybersecurity will find other alternatives rather than run the risk of bad legislation possibly criminalizing their actions. Those that are interested in cybersecurity will in all likelihood leave the country to pursue their profession elsewhere.”

In short, a cybercrimes bill is very much needed, but concerned citizens and organizations are not about to bite the apple that has been offered. Now that the public comment period has closed, expect the real discussion to begin.



Want to know more about government infringements of citizens' rights? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday 15 December 2015

SumVoices: Unauthorized Access to Private Data Common in Pakistan

Our last installment of SumVoices featured Algerian journalist Rim Hayat Chaif, in English and Arabic. This week we bring you the insight of Fahad Desmukh, journalist and digital human rights activist with Bytes for All, Pakistan.

Fahad Desmukh, SumVoices, Pakistan, BlackBerry, digital privacy, government surveillanceWe welcome Blackberry's decision to walk away from the Pakistani market rather than compromise the privacy of its Pakistani customers. The open and frank announcement by Blackberry gave Pakistanis an idea of the extents to which our government is going to get unauthorised access to our private data. However, it has hardly caused any ripples within the country for a number of reasons.

First, we already know that the government is doing all it can to get access to our private data by the fact that it has pushed legislation such as the "Fair Trial Act" of 2013 and the upcoming cyber crime bill ("Prevention of Electronic Crimes Bill") which formalises the procedure for law enforcement agencies to surveil citizens and mandates mobile and Internet service providers to share customer data. Second, we have reason to believe that the government has already acquired intrusive surveillance software such as Finfisher, and has sought to set up a mass surveillance system which would tap the fibre optic cables that carry the bulk of network communication data to, from and through Pakistan.

So the desire and, to some degree, capability of Pakistani authorities to monitor our private information comes as no surprise. In fact, even as far back as 2011, it was clear that the authorities wanted to block Blackberry's encrypted traffic in Pakistan.

For the average Pakistani mobile and Internet user, Blackberry's suspension of services will not have a huge impact because, for one, there are not that many Blackberry users in the country any more. And even those who still rely on Blackberry's services for private encrypted communication will find that there are plenty of alternatives, some which are arguably more secure. Here we can mention the encrypted messaging app Signal for Android and iOS which is notable because it is free and open source software, meaning that the design blueprints for the app are publicly available and can be audited for security by anyone who understands the code. The end-to-end encryption offered by Signal means that no one other than the sender and recipient can decrypt the messages -- even the makers of Signal themselves. Signal is just one of a number of alternatives to Blackberry's encrypted messaging.

Finally, we should also state that while we welcome Blackberry's stance towards protecting the privacy of its customers in Pakistan, we also want to encourage it to consider applying the same principled position towards its customers in other countries, such as India, the UAE and Saudi Arabia, where it has reportedly made agreements with law enforcement agencies to share some level of data of its Blackberry Enterprise Service customers.

Bytes for All, Pakistan focuses on the intersection of human rights and Information and Communication Technologies (ICTs). Desmukh leads PakVoices, a Bytes for All project that seeks to bring greater transparency and accountability to governance in marginalized regions of Pakistan by promoting the flow of information within those regions, and by highlighting the most pressing local issues in national media outlets.

A quick glance at Freedom House's 2015 Freedom on the Net Pakistan report reveals a dire situation: Pakistan boasts a 14% Internet penetration rate, blocks platforms such as YouTube and was referred to as "one of the world's most dangerous countries for traditional journalists." For further explanation, take a look at our report on the factors that led to BlackBerry's Pakistan exit, including the troubled Prevention of Electronic Crimes Bill (PECB).  

Take steps to protect yourself online. Start by downloading SumRando VPN.

VPN



Want more SumVoices? Read on!


SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday 10 December 2015

Blackberry Exits Pakistan Amidst Overwhelming Privacy Concerns

Pakistan, BlackBerry, government surveillance, VPN
In a reminder that user security will be 2016’s bottom line, on November 30, BlackBerry decided the best way to do business with Pakistan would be to not do business at all.

At stake is BlackBerry Enterprise Service (BES), which provides secure email and messaging communications. Pakistan wanted backdoor access to all BES traffic; BlackBerry responded by exiting the country altogether.

“BlackBerry provides the world’s most secure communications platform to government, military and enterprise customers. Protecting that security is paramount to our mission. While we recognize the need to cooperate with lawful government investigative requests of criminal activity, we have never permitted wholesale access to our BES servers,” explained BlackBerry Chief Operating Officer Marty Beard in a blog post.

BlackBerry’s exit is a fitting end to a year that has made Pakistan synonymous with surveillance state. Currently under review is a proposed Prevention of Electronic Crimes Bill (PECB), a document that has accurately been described as “a clear and present danger to human rights.” A joint statement from concerned parties including ARTICLE 19, Human Rights Watch, Privacy International and Pakistan’s Bolobhi and Bytes for All highlighted several flaws of the Bill:

  • It would enable government to order service providers to remove or block access to any speech, sound, data, writing, image, or video, without any approval from a court.
  • It would allow the Federal Government to share intelligence gathered from investigations with foreign spy agencies like the United States National Security Agency, without any independent oversight.
  • It would mandate service providers to retain data about Pakistanis’ telephone and email communications for a minimum one year.
  • It would enable the government to “seize” programs or data, defining seizing as to “make and retain a copy of the data”, without specifying the procedures by which the seized data is retained, stored, deleted or further copied.
 “Tipping the scales: Security & surveillance in Pakistan,” a July 2015 report from Privacy International, further exposed Pakistan’s less-than-impressive record. According to the report, mass surveillance has been in place since at least 2005 and has been used to target journalists, lawyers, activists and opposition politicians, amongst others. Since 2011, all Internet service providers and phone companies have been ordered to ban encryption and virtual private networks. The report concludes on a grim note: “The practical capacity of the Pakistani government for communications surveillance now outstrips the current capacity of domestic and international law for effective regulation of that surveillance.”

Farieha Aziz of Bolo Bhi, a Pakistani pro-digital security and privacy not-for-profit that has drafted a letter in protest of PECB, was quick to predict that BlackBerry wouldn’t be the only company to resist the draconian Pakistani state. November 29th tweets from Aziz include: “Data demands by govt forcing Blackberry to exit Pak. Yet govt claims Amazon, eBay & PayPal are coming” and “Companies to whom privacy of data and protection of speech matters will be weary of presence in Pakistan. Getting worse, not better.”

Aziz may be right that BlackBerry will be the first of several businesses to refuse to do business in Pakistan, but this also may be one situation that has to get worse before it can get better. In 2016, a surveillance state without business will soon be no state at all.



Want to know more about government infringements of citizens' rights? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday 8 December 2015

Let’s Encrypt: Free, Automated and Open

Let's Encrypt, encryption, HTTPS, Internet Security Research Group, ISRG, Josh Aas
[Source: Let's Encrypt]
It’s a Christmas miracle: Let’s Encrypt has entered public beta, making free HTTPS certificates readily available to all.

‘HTTPS’, usually accompanied by a padlock, are the five letters preceding a website URL that tell you all data sent between your browser and the website will be encrypted, making it safe for you to enter your password, credit card information or anonymous comment. Without Hyper Text Transfer Protocol Secure, your information could easily be compromised by anyone interested in taking it.

As Jacob Hoffman-Andrews of the Electronic Frontier Foundation recently reminded readers, “A huge percentage of the world’s daily Internet usage currently takes place over unencrypted HTTP, exposing people to illegal surveillance and injection of unwanted ads, malware, and tracking headers into the websites they visit.”

When reached for comment, Internet Security Research Group (ISRG) Executive Director Josh Aas reported, “I’m not 100% sure what the future holds, but demand for Let’s Encrypt’s services seems to be strong. Ultimately what we care about most is seeing two numbers go up: 1) the percentage of sites using HTTPS and 2) the percentage of encrypted traffic on the Web. We want those numbers as close to 100% as possible. That’s the next big step for the Web to take in terms of privacy and security.”

Let’s Encrypt, a joint project stemming from ISRG, was born in 2012 when Aas and then-Mozilla coworker Eric Rescorla concluded that the best way to increase transport layer security (TLS) usage on the Internet would be to provide a free and fully automated certificate authority. Three years later, Let’s Encrypt has issued more than 26,000 invite-only HTTPS certificates, a number that will only grow exponentially now that the service is accessible to all.

Anyone who owns a domain name is welcome to obtain a Let’s Encrypt certificate; for information regarding installation or renewal, go to https://letsencrypt.org/howitworks/. In keeping with an open internet, Let’s Encrypt is a transparent, cooperative effort that makes publicly available all issued and revoked certificates, publishes open standard protocols for adoption and is overseen by independent experts and those from supporting organizations alike. Although still in beta, Let’s Encrypt is committed to closely monitoring user feedback and quickly making improvements.

Here’s to an encrypted 2016!




Want to know more about the encryption debate? Read on! 
SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday 3 December 2015

To Encrypt or Not to Encrypt? That Is Not the Question

encryption, ProtonMail, Silent Circle, Information Technology Industry Council
[Source: EFF Photos]
If there were need for further proof that 2015 has become Orwell’s 1984, look no further than the renewed debate over encryption prompted by the recent Paris bombing. For every claim that this is the reason why encrypted communications must be stopped exists a counterclaim pointing out that the Islamic State did not necessarily even rely on encrypted communications to carry out their attacks.

The release of an ISIS security manual—providing a host of suggestions for safely accessing email, publishing pictures and using the Internet—has intensified the scrutiny several leading technology providers find themselves under. Rather than let their services be written off as facilitating acts of terrorism, SumRando Cybersecurity applauds the companies that have taken advantage of this opportunity to reframe the encryption conversation.

In a statement released last week, ProtonMail co-founder and CEO Andy Yen clarified that the company is standing by its tagline of “secure email with absolutely no compromise”:
“But even if the communications were encrypted, it is illusory to believe that you can block terrorists from communicating by banning encryption. With or without ProtonMail, terrorists will continue to have encrypted email capabilities, in the same way that they will continue to have access to weapons regardless of a ban on assault rifles. What we do know for sure is that banning encryption would certainly lead to an increase in cyberattacks, data breaches, and an end to online banking and online shopping. This is not to mention the numerous dissidents, journalists, and activists whose lives will be put at risk…We must remember that ISIS doesn’t just use ProtonMail, they also use Twitter, mobile phones, rental cars. We couldn’t possibly ban everything that terrorists use without disrupting democracy and our way of life, and in effect achieving the goal of terrorism.”

Similarly, President and CEO Dean Garfield of the Information Technology Industry Council (ITI), the “global voice of the tech sector”, responded:
Encryption is a security tool we rely on everyday to stop criminals from draining our bank accounts, to shield our cars and airplanes from being taken over by malicious hacks, and to otherwise preserve our security and safety. We deeply appreciate law enforcement's and the national security community’s work to protect us, but weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy. Weakening security with the aim of advancing security simply does not make sense.”

Bill Conner, President and CEO of Silent Circle, actively dissociated his company from terrorism while also acknowledging the need for ubiquitous encryption in everyday life:
Of course, encryption plays an important part of maintaining digital security in everyday life—from online banking and corporate intellectual property to the communications of our governments and intelligence services. But when tragic and abhorrent events happen, the focus inevitably turns to whether encryption is being used for hostile purposes instead…So, we will continue to be transparent in how we protect your communications and how we vet our members, but we will also continue to advocate the responsible use of end-to-end encryption to protect the legitimate concerns of businesses, governments and individuals.”

The Paris attacks and the released ISIS security manual are currently being leveraged to fuel a side on the encryption debate that lacks perspective. In truth, encryption is an important and fixed feature of the landscape we all live in. Think about it: What would your day be like without encryption? (Hint: You might think twice about using the ATM, checking your PayPal account or booking a flight.)




Want to know more about the encryption debate? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday 1 December 2015

It’s a Vulnerable World: November 2015

It's a Vulnerable World, security vulnerabilities, Africa, Middle EastNovember was a month filled with insecure phones, credit cards and websites of all kinds.

The big trend, however, was the growing threat of cybercrime to Africa and the Middle East. The BBC called cybercrime Africa’s “next big threat”; a Fire Eye report found that cybercrimes doubled in the Middle East, Africa and Turkey in the first half of 2015; and ACLU principal technologist, Chris Soghoian, argued, “We now find ourselves in not just a digital divide but a digital security divide. The phone used by the rich is encrypted by default and cannot be surveilled, and the phone used by most people in the global south and the poor and disadvantaged in America can be surveilled.”

With that in mind, we bring you November’s vulnerability roundup:
Android phones: Google is capable of unlocking all Android phones prior to Android 5.0 that utilize a pattern lock. Protect yourself by switching to a PIN, password or fingerprint lock.

Credit card numbers: Security researcher Samy Kamkar cracked the code to American Express credit cards, enabling him to predict future card numbers. “The day that card is cancelled, as soon it gets rejected, two seconds later I know what your new number and expiration date will be. If I were doing fraud, that would be pretty useful,” Kamkar said.

Linux-based operating systems: Ransomware Linux.Encoder.1 has been found to target Linux-based operating systems, demanding a one Bitcoin/$500 ransom. If there remains any uncertainty about the future of ransomware, a recent Intel Security report predicted it will be 2016’s greatest threat to cybersecurity.

Dating websites: In case Ashley Madison wasn’t evidence enough of the insecurity of dating websites, Tantan (the Tinder of China) was recently found guilty of not encrypting or otherwise protecting phone numbers, passwords, gender, sexual orientation, interests and hobbies listed on the website.

…And nearly all other websites: A study done at the University of Pennsylvania revealed that “nearly 9 in 10 websites leak user data to parties of which the user is likely unaware.” The data, in turn, is leaked to 9 domains on average.

...And software of all kinds: Zerodium, a broker of “zero day exploits” (hacker techniques), has brought attention to the hush-hush market by publishing a list of going rates. The price for cracking a browser such as Chrome, Internet Explorer, Tor, or Firefox is $30,000; for an Android or Windows phone is $100,000; and for an Apple iOS phone is $500,000. Zerodium’s customers, in turn, are corporations and government organizations.  

Data collection: The data breach of childrens’ technology firm VTech compromised the information of 5 million parents and 200,000 children, including profile photos, audio files and chat logs, leaving many to wonder why there was so much information to steal. Mark Nunnikhoven of Trend Micro wisely advised, “Don’t collect data because it might be useful at some point. This opens the organizations up to unnecessary risk.” 

As always, let us know if there are any vulnerabilities we missed in the comments below.



Want to know more about previous security vulnerabilities? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!