Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Privacy & Other Concerns


  • Please log in to reply
3 replies to this topic

#1 STS-1

STS-1

  • Malware Study Hall Sophomore
  • 225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 AM

Posted 09 May 2018 - 10:38 AM

Mod Edit:  Split from https://www.bleepingcomputer.com/forums/t/674830/question-can-an-email-address-give-someone-your-ip-address/ - Hamluis.

 

Its not a matter of anyone being  "out to get you" but since when did it become "ok" for them to know what everyone is doing all the time, regardless of if they are "up to something" or not... Last time I checked in my country (Canada) and the USA is similar, there is a reasonable expectation of privacy, so if I am not pasting my personal information all over the internet, then I expect it to stay private, and I do not think that is unreasonable!


Edited by hamluis, 22 May 2018 - 02:14 PM.


BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,991 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:10:45 AM

Posted 09 May 2018 - 11:03 AM

Its not a matter of anyone being  "out to get you" but since when did it become "ok" for them to know what everyone is doing all the time, regardless of if they are "up to something" or not... Last time I checked in my country (Canada) and the USA is similar, there is a reasonable expectation of privacy, so if I am not pasting my personal information all over the internet, then I expect it to stay private, and I do not think that is unreasonable!

 

Which has nothing whatsoever to do with the original question.   You cannot use the internet and e-mail without your providers having, and sharing, your IP address during any given session.  It is not "personal information" and never was "personal information."

 

Even the law recognizes that one's full name is not "personal information" since it's public knowledge (among other things).   If you, for any you, are "not pasting my personal information all over the internet" it's not going to show up there by accident (or at least not often).  That stuff gets put up by individual users (not always the person whose information is being shared, but by someone).

 

As an aside, there should be no reasonable expectation of privacy in the way it was known in the age before cyberspace when it comes to using the internet.  The methods of possible compromise are so many and varied that it is probable that data will be obtained by outside parties rather than remotely possible.  And that includes actual personal data.  As I've said before, I was one of those affected by the Anthem and Equifax breaches, and while I wasn't happy about either I also realized that there is no perfect security system and if someone (or some entity) is determined enough and has enough money and skill to throw at it any cyber security measure can be breached.  [Not that different than physical security measures, really, but cyber are obviously more easily breached without being noticed until after the fact.]


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#3 STS-1

STS-1
  • Topic Starter

  • Malware Study Hall Sophomore
  • 225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 AM

Posted 14 May 2018 - 08:57 AM

Correct me if I am wrong, but was the Equifax breech via an unpatched application? What bothers me is these organizations have our sensitive information in their database, but do not take the necessary steps to ensure that it is protected...While it is true that no security system is "perfect" ensuring that software is patched is security 101 and will there be any repercussions for Equifax's obvious *$## up? probably not  .....https://www.wired.com/story/equifax-breach-no-excuse/



#4 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,991 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:10:45 AM

Posted 14 May 2018 - 09:57 AM

I don't honestly know what the mechanism of breach was for any of the more well-publicized ones was.

 

Even if it was due to gross irresponsibility, for which an organization like Equifax should have to pay if that's proven, it's irrelevant once the data is "out there."  Like a bell, you can't "unring" it.

 

My central point is that no matter what the security protocol, and how good it is, there is always going to be someone who can and will break through it, even if the only purpose for doing same is bragging rights.  Cybersecurity is the world's biggest game of cat and mouse, which is why some of the most notorious actors on the "I've broken in" side end up being paid some very big bucks if they decide to switch sides.

 

The article linked to includes the following:  "This vulnerability was disclosed back in March. There were clear and simple instructions of how to remedy the situation. The responsibility is then on companies to have procedures in place to follow such advice promptly," says Bas van Schaik, a product manager and researcher at Semmle, an analytics security firm. "The fact that Equifax was subsequently attacked in May means that Equifax did not follow that advice. Had they done so this breach would not have occurred."

 

My only comment, and it's not to excuse Equifax, either, is that my observation and experience are that IT departments in large organizations are very often loath to apply patches until they've had something bad happen and/or a ridiculous amount of time to "analyze" same.  There is this insane attitude that every patch should be treated as hugely suspect and likely, rather than highly unlikely, to break something.  This is, I believe, part of the reason that Microsoft introduced the "Windows as a Service" concept with automatic updates.  Any software maker wishes they could rely on their users to promptly apply patches, when supplied.  This allows "everyone" to be operating on the same metaphorical page.  The truth is, in practice, far far too many people and organizations will resist applying updates tooth and nail, very often with entirely predictable and devastating results (of which this particular incident is but one).

 

No one has put it better than our own usasma, who wrote the following about Windows Updates, but which is just as applicable to updates in general:

 

             There really isn't a point to checking for updates and not installing them. . .  It's important to install all available updates. I've been doing this since the days of DOS, and I still don't have the confidence to pick and choose among updates.  There are just too many variables involved - and most people can't evaluate the full consequences of installing/not installing updates.

        ~ John Carrona, AKA usasma on BleepingComputer.com, http://www.carrona.org/

 

 

The risk from installing updates, particularly if you are in an enterprise setting and doing so on a small number of testing and production machines before going wide, is much smaller than the risks posed by refusing to install them.


Edited by britechguy, 14 May 2018 - 11:30 AM.

Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users