A Review of the Best News of the Week on Identity Management & Web Fraud

Our Face Recognition Nightmare Began Decades Ago. Now It’s Expanding (VICE, Sep 04 2019)
Biometric systems used by ICE to round up migrants and separate families didn’t come from nowhere. They’ve been built over decades by both parties.

Facial Recognition Becomes Opt-in Feature at Facebook (SecurityWeek, Sep 03 2019)
Facebook on Tuesday said facial recognition technology applied to photos at the social network will be an opt-in feature.

Firefox now blocks third-party tracking cookies, cryptomining scripts by default (Help Net Security, Sep 04 2019)
It took a lot of testing and tweaking, but Mozilla’s Firefox browser is finally being delivered with Enhanced Tracking Protection and a web-based cryptomining blocking feature on by default. The changes “Enhanced Tracking Protection works behind-the-scenes to keep a company from forming a profile of you based on their tracking of your browsing behavior across websites — often without your knowledge or consent.


One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


China’s new face-swapping app Zao gets whiplash-fast privacy backlash (Naked Security – Sophos, Sep 03 2019)
Fast trip: in two days, it debuted, shot to the top of China’s App Store, sparked privacy outrage, and got banned by WeChat.

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming (Krebs on Security, Sep 02 2019)
“Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct, an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening salvo in a much larger, ongoing federal investigation into the company’s commercial email practices.”

Biometric ID Cards Ahoy! (Infosecurity Magazine, Aug 30 2019)
India announces plan to issue its seafarers with biometric identity cards.

Spam In your Calendar? Here’s What to Do. (Krebs on Security, Sep 03 2019)
“Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time and attention stops working. But periodically they circle back to old tricks, and few spam trends are as perennial as calendar spam, in which invitations to click on dodgy links show up unbidden in your digital calendar application from Apple, Google and Microsoft. Here’s a brief primer on what you can do about it.”

Privacy 2019: We’re Not Ready (Dark Reading, Aug 29 2019)
To facilitate the innovative use of data and unlock the benefits of new technologies, we need privacy not just in the books but also on the ground.

Facial Recognition Technology Creates a Fine Mess in Sweden (Infosecurity Magazine, Aug 29 2019)
A Swedish municipality may still introduce facial recognition technology in schools despite receiving the country’s first GDPR violation fine for trialing it.

Cardholders still dropping the ball when it comes to basic ID theft prevention (Help Net Security, Sep 03 2019)
Four in 10 people with a credit or debit card have provided their full Social Security number in an online form in the past month…

Businesses Blighted by Impersonation Phishing Attacks (Infosecurity Magazine, Sep 03 2019)
Over 40% of UK SMEs suffered an impersonation phishing attack in the last 12 months

Municipal Government Calls For Facial Recognition Ban (Infosecurity Magazine, Sep 02 2019)
Brookline has become the third Massachusetts municipality to call for a ban on the use of facial recognition technology by a municipal government.

Meet Domen, a New and Sophisticated Social Engineering Toolkit (SecurityWeek, Sep 03 2019)
The basic premise is to compromise a website, usually WordPress, and use that to display an overlay (loaded as an iframe) on the viDomensitors’ screens. The overlay entices visitors to install an update that really downloads the NetSupport RAT. In this it is very similar to the Fake Updates campaign described in April 2018.

Companies Making False Privacy Claims Settle with FTC (Infosecurity Magazine, Sep 04 2019)
Five companies settle FTC allegations that they falsely claimed participation in the EU–U.S. Privacy Shield.

EFF and Mozilla scold Venmo over app’s privacy failings (Naked Security – Sophos, Sep 04 2019)
The tense stand-off between privacy campaigners and the popular mobile payment app Venmo has taken another turn for the worse.

Credit Card Privacy (Schneier on Security, Sep 04 2019)
I posted this last week, but worth posting again: “Good article in the Washington Post on all the surveillance associated with credit card use….”