• livemarks

info@qualityplusconsulting.com l +1 262-553-6510

QPC podcasts have moved

Please forgive our old content here while we reorganize and redo our old website.

All new QPC podcasts are hosted on a more convenient platform for all of us.

Please visit https://qpcsecurity.podbean.com where you can use the Podbean mobile app, stream directly from the site, and sign up for the RSS feed.

Breakfast Bytes - Avoiding Identity Theft and Location Data Sharing

7/20/2018, 8/3/2018

Avoiding Identity Theft, Location Data Sharing, Dell System Update

Tips for avoiding identity theft, avoiding credit/debit card theft, Dell System Update, and 5G Cellular radiation concerns

MP3 - Identity Theft, Privacy, and Dell System Update

MP3 - Website Security Issues Reveal Security Strategy Failure

MP3 - Protecting Against Business Email Compromise

 

 

Avoiding identity theft, privacy issues with location data sharing, and Dell System Update

We cover tips to avoid identity theft via credit card / debit card skimmers, privacy issues associated with location data sharing agreements with cellular service providers, and how and why to use Dell System Update.
 

Avoid credit card / debit card skimming theft

https://krebsonsecurity.com/2018/06/how-to-avoid-card-skimmers-at-the-pump/
 

Create online accounts for all your services to avoid identity theft

https://krebsonsecurity.com/2018/06/plant-your-flag-mark-your-territory/
 

The futility of transitive trust - issues with location data sharing agreements

https://krebsonsecurity.com/2018/06/verizon-to-stop-sharing-customer-location-data-with-third-parties/

“The carriers basically have arrangements with these location aggregators that contractually say, ‘You agree not to use this access we provide you without getting customer consent’,” Reid said. “Then that aggregator has a relationship with another aggregator, and so on. So what we then have is this long chain of trust where no one has ever consented to the provision of the location information, and yet it ends up getting disclosed anyhow.”
 

5G cellular radiation dangers

https://www.newstarget.com/2018-07-20-cities-of-the-future-that-use-5g-technology-increase-public-exposure-to-emf-pollution.html
Smart Cities are a big danger of Orwellian totalitarian spying also
This already exists in China where people are fined and called out on loud speakers for jaywalking under the total information awareness and facial recognition system.
Foxconn is pushing smart cities, which I have no doubt it will profit from, but this is another downside to having companies in the United States that do not match our freedom-loving and Constitutional culture.

Some back stabbing senators are putting forward bills that remove local communities' ability to have a say in where these high power microwave radiation 5G antennas will be placed.
So Verizon could put a 5G antenna on the pole outside of your house and you would have no say in the matter.
This reminds me of the issues with living within the high EMF zone from high tension power lines.
If you are over 800 ft away from a high tension power line, your exposure will be minimal. But long term evidence shows that within that range, humans who reside there, and therefore have a high exposure rate suffer from higher incidence of cancers such as leukemia.
This is problematic as 5G technology has been scientifically shown to harm human life by causing things like insomnia, nosebleeds, and even stillbirths.

https://www.naturalnews.com/2018-05-22-scientists-warn-5g-tech-found-in-wifi-street-lamps-is-causing-insomnia-nosebleeds-stillbirths.html

The National Toxicology Program (NTP) invested $25 million to study the nature of EMF radiation with the aim of proving that all mobile phone radiation is safe. What it ended up finding is that even primitive technologies like 2G can cause DNA damage and brain cancer – suggesting that much stronger 5G emitted from far more towers will be exponentially worse.

https://www.smartcitiesdive.com/news/verizon-still-anticipates-2018-5g-rollout/522114/
 

Google's AI Assistant sounds and acts like a real human

This is going to open up new avenues for fraud and abuse.
https://www.infowars.com/google-ai-replaces-wife-running-errands/
 

TLS 1.3 is coming

Speaking of why it's so important to put certs on sites and keep the sites secured, TLS 1.3 is coming
https://www.secplicity.org/2018/03/28/tls-1-3-is-coming-and-thats-just-fine/
Removal of all static RSA and Diffie-Hellman cipher suites
Only cipher suites that offer PFS will be allowed.
With PFS, every session uses a new unique key meaning a single compromised session doesn't impact any other session.
This is absolutely why you must have your website being presented over HTTPS even when you think that it is not hosting any secure data. You need to ensure that you have done your part to make sure that visitors to your site have a secure interaction experience with your site because your organization's reputation is on the line.
If you allow for MitM attacks to occur because you are lazy about security, then ultimately your organization will look foolish and to be at fault especially when you can get certificates for free.
See https://letsencrypt.org/

In May, Chrome made TLS 1.3 mandatory.
Linkedin