Tags: Cloud, CyberGhost, data breach, hack, Microsoft, OneDrive, privacy, security, VPN, WIFI, Windows 10
1 comment so far
Below is a guest post from CyberGhost on how to increase privacy on Windows 10. This is very timely and great advice!. I have upgraded to Windows 10 and really think it is a huge upgrade over Windows 8/8.1 but (there is always a but) there are some serious privacy concerns. (SERIOUS) Thanks to CyberGhost’s Silvana Demeter for providing this valuable info! BTW…I am very familiar with CyberGhost really like their products. Check them out!
“On July 29, Microsoft has released its new operating system, Windows 10, available globally in 190 countries. The new version offers new features and completes different gaps. Windows 10 is fluid and fast and its new browser Microsoft Edge might win back a lot of users being super-fast.
Some privacy related concerns appear though, one possible problem being that data such as contacts, calendar, mail, messages are transferred to Microsoft’s servers, creating a more detailed user’s profile. Another feature that is infringing one’s privacy is the advertising ID assigned to individuals that are later targeted with specifically tailored ads. Even encrypting the hard drive won’t make an improvement to the privacy since the keys are stored by default on OneDrive. These new settings and features are aimed at increasing productivity, as they make apps and operating system smarter.
In order to improve the future experience of its users, Microsoft uploads data on their servers. As stated in the Terms of Service, Microsoft has the right to share this data whenever it “has a good faith belief doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services.”
In addition, all these settings are ON by default and will remain enabled if not unchecked while installing or upgrading to Windows 10.
All the data used by the Microsoft account (@live.com, @outlook.com, @msn.com – necessary for most of the new features) is scanned by Microsoft’s services. The location or even the talks with Cortana (searches, reminders, notes, and actions) are also processed by Microsoft’s services: “We also share data with Microsoft-controlled affiliates and subsidiaries; with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our services; and to protect the rights or property of Microsoft.”
How to increase privacy on Windows 10
The Privacy settings can be managed by searching the term privacy in the start menu and most of the modules that send data to Microsoft can be disabled.
Below are some important features that can be changed to obtain more privacy:
- Disable advertiser ID: open the settings and search for “advertising;” open “Choose if apps can use your advertising ID” and disable the first option: “Let apps use my advertising ID for experiences across apps”
- Disable “…info about how I write” so that the text one types and writes with a stylus is not sent to Microsoft servers
- Disabling the Advertising ID in the “Privacy Settings.”
o “Let apps use my Advertising ID…” -> OFF
o “Send Microsoft info about how I write..” -> OFF
o “Location” -> OFF
- Speech, Inking, & typing: If all options are cleared, Cortana will also be disabled
Another new feature introduced by Windows 10 is “Wi-Fi Sense” – a feature that syncs all Wi-Fi passwords to the cloud and shares them with the contact list. Through this functionality, the PC will be able to exchange passwords and automatically connect to WIFI, even to unprotected hotspots. The “Wi-Fi Sense” feature can be disabled by accessing Settings, “Wi-Fi” and then “Change Wi-Fi Settings.” Lucian Crisan, Head of Support and QA at CyberGhost VPN and former Microsoft employee recommends this change in order to avoid man-in-the-middle attacks and phishing attempts.”
Getting into Information Assurance Careers June 2, 2015Posted by Chris Mark in Uncategorized.
Tags: Chris Mark, CIPP, CISSP, Consulting, cybersecurity, InfoSec, privacy, SANS
add a comment
I have had a number of folks email me asking about becoming an InfoSec worker so I am writing this post to (hopefully) help those who are interested. In 2001, I landed in InfoSec by pure luck and I have never looked back. It is an amazing field and a great career path. First..for some marketing. According to the InfoSec Institute, the average CISSP Salary in 2014 is over $100,000 per year. In 2013 there were 209,000 job postings for CyberSecurity Jobs and it is estimated that in 2015, there are 40,000 more jobs than people to take them. In short, it is a very high demand field.
InfoSec? CyberSecurity? Information Assurance? WHAT?
It is even confusing to me sometimes. At a high level I use the term Information Assurance as it encompasses all of the elements of protecting data. This includes data security (protecting data), CyberSecurity (protecting the systems, and infrastructure), Privacy (appropriate use of information) and Compliance (ensuring your company complies with relevant regulations) and Risk Management (evaluating the security risk of your organization). While this short post does not allow for a more comprehensive overview, these are the generic ‘pillars’ that we consider.
What types of Jobs are Out There? (more…)
Chris Mark @ AT&Ts #ChatDPD talking about Privacy July 8, 2014Posted by Chris Mark in Uncategorized.
Tags: #ChatDPD, AT&T, business, Chris Mark, privacy, security, small
add a comment
Join AT&T tomorrow (July 9th) at 3pm Eastern for an AT&T Small Business Twitter discussion where we will be answering questions related to privacy. You can tweet your questions in real time or follow us in real time at: https://twitter.com/hashtag/chatdpd?f=realtime I look forward to catching up on Twitter!
Tags: cybercrime, cybersecurity, data protection, data security, online privacy, privacy, VPN
add a comment
This article is written by Christopher Reynolds, head of business development at IVPN – a VPN service, and EFF member, dedicated to protecting users’ online privacy. I don’t often allow guest posts but Mr. Reynolds and IVPN have done a great job of providing valuable info. Certainly worth taking a look!
Online privacy is coming under increasing attack from governments around the world. Legislation such as CISPA in the US, the CCDP in the UK and Australia’s data retention proposals, have generated real worry among privacy-conscious internet users over our law enforcement’s desire to increase their powers of surveillance to unprecedented levels. This culture of fear is driving more and more people toward commercial Virtual Private Networks (VPNs), which promise to protect user data and offer online anonymity. But choosing a VPN that actually protects privacy is not straightforward. In this blog post I will go over the key issues you must consider before signing up to any VPN service.
The biggest issue when it comes to using a VPN in order to protect your privacy is data retention. Government surveillance is primarily facilitated by the data retention policies of your ISP. In Europe your ISP’s data retention policy is mandated by the EU Data Retention Directive, which forces all European ISPs to retain users’ personal information for between 6 months and 2 years after the user leaves the ISP’s service. This data includes web logs, which essentially means a record of every website you’ve visited and the times you visited them. The data your ISP holds won’t typically contain email logs – despite popular perception- unless you use your ISPs own email service. But it will include which third party email services you use and when you’ve used them. (more…)
“Pleased to meet you…hope you guessed my name…” – Sophisticated CyberAttack hits US Dept of Energy February 4, 2013Posted by Chris Mark in Uncategorized.
Tags: AT&T, china, cyber espionage, cybersecurity, cyberwar, department of energy, privacy, The Counter Terrorist
add a comment
UPDATE: A new report released shows that Chinese military is involved in CyberAttacks. Read the full story here and download the report.
Foxnews released an article today that outlines a sophisticated cyberattack targetting the US Dept of Energy. Surprisingly, the suspect is China. According to the story, the attack compromised the information of several hundred employees with the expected outcome to be to compromise more information . According to the article:
“It’s a continuing story of negligence,” former Energy Department security official Ed McCallum told the Free Beacon, explaining that the department continues to have security problems despite controlling some of the most “sophisticated military and intelligence technology the country owns.”
He said China, as well as Iran, have been after Energy Department secrets. Several groups and agencies have warned about stepped-up cyber activities out of China.
“China continues to develop its capabilities in the cyber arena,” the U.S. China Economic and Security Review Commission said in a November 2012 report to Congress. “U.S. industry and a range of government and military targets face repeated exploitation attempts by Chinese hackers as do international organizations and nongovernmental groups including Chinese dissident groups, activists, religious organizations, rights groups, and media institutions.”