Archives

Welcome!

The CIPP Guide provides reliable and accurate information to the privacy professional arena. We hope individuals seeking the Certified Information Privacy Professional designation will find further substance specifically targeted at their CIPP pursuit.
Please review the user agreement for the forums and testing services.  CIPP Guide requires registration before use of the testing services.  We hope you find this service useful, and good luck on the exam!

Share

Phone Data Security at Your Fingertips

Researchers from New York University and Michigan State University say the key to phone data vulnerability is at your fingertips. Biometrics, namely fingerprints, are a common means of user authentication. But, is it as secure as it appears to be? In a study published in IEEE Transactions on Information Forensics and Security, researchers considered the possibility of hackers creating a set of synthetic or real “Master Fingerprints” able to log into a high rate of devices.

Smartphones’ sensor for collecting fingerprint data is too tiny to accommodate the whole print. So, users are prompted to give multiple impressions of the same finger when setting it up. A user is prompted to give [...]

Share

Take Note: Nevermind our Privacy Policy Change

Evernote is revisiting proposed privacy policy changes after user uproar. Makers of the archiving app announced a new policy at the end of 2016 which included Evernote employees the ability to view user notes. The kicker is that while app users could choose to opt out of that, the company policy would leave room for employees to snoop for other reasons.

The Elephant in the Room

Millions of people save text, photos, and documents on Evernote accounts to make their data available on any device. The data is stored and users may choose to share it with family members or coworkers or keep it to themselves. Notes can be pictures, voice recordings, text, [...]

Share

Up in Smoke: Marijuana Dispensary Data Breach

Some Vancouver marijuana dispensary customers’ privacy went up in smoke when their medical records were publicly exposed on the dispensary’s website. Scanned medical documents, passports, prescriptions, birth certificates, mental health reports, biopsy results, and other records were unprotected on the Vancouver Pain Management Society website. The site is offline, and the Office of the Information and Privacy Commissioner of British Colombia is investigating.

Not the First Time 

Just a few days before this breach came to light, Ottawa’s biggest dispensary chain exposed customer email addresses. Magna Terra Health Services fired the employee who sent an email containing 470 medical cannabis customers’ email addresses. But this time, Canadians from several provinces are effected and the damage [...]

Share

Vendor Vulnerabilities: Is NSA Obligated to Let them Know?

Cisco’s Cloud Service Platform customers received word of exposures that could severely risk their data’s privacy. In September 2016, Cisco informed their virtual networking clients of the discovery that more than 840,000 devices are open to two serious vulnerabilities. Fortinet customers’ data were also exposed in the theft. These exploits can lead to man in the middle attacks around the globe.

Shadow Brokers 

A group identifying itself as Shadow Brokers allegedly stole exploits from Equation Group, linked to the National Security Agency three years ago. Using a Twitter account, Shadow Brokers recently announced an auction for firewall exploits they claim they found with a hacking tool used by the NSA. The group demanded Bitcoins in exchange for data with codenames such as EPICBANANA, EGREGIOUSBLUNDER, AND EXTRABACON.

EXTRABACON

One of the exploits that targets Cisco ASA, Cisco Firewall Services [...]

Share