Take Note: Nevermind our Privacy Policy Change

Evernote is revisiting proposed privacy policy changes after user uproar. Makers of the archiving app announced a new policy at the end of 2016 which included Evernote employees the ability to view user notes. The kicker is that while app users could choose to opt out of that, the company policy would leave room for employees to snoop for other reasons.

The Elephant in the Room

Millions of people save text, photos, and documents on Evernote accounts to make their data available on any device. The data is stored and users may choose to share it with family members or coworkers or keep it to themselves. Notes can be pictures, voice recordings, text, [...]

Share

Up in Smoke: Marijuana Dispensary Data Breach

Some Vancouver marijuana dispensary customers’ privacy went up in smoke when their medical records were publicly exposed on the dispensary’s website. Scanned medical documents, passports, prescriptions, birth certificates, mental health reports, biopsy results, and other records were unprotected on the Vancouver Pain Management Society website. The site is offline, and the Office of the Information and Privacy Commissioner of British Colombia is investigating.

Not the First Time 

Just a few days before this breach came to light, Ottawa’s biggest dispensary chain exposed customer email addresses. Magna Terra Health Services fired the employee who sent an email containing 470 medical cannabis customers’ email addresses. But this time, Canadians from several provinces are effected and the damage [...]

Share

Vendor Vulnerabilities: Is NSA Obligated to Let them Know?

Cisco’s Cloud Service Platform customers received word of exposures that could severely risk their data’s privacy. In September 2016, Cisco informed their virtual networking clients of the discovery that more than 840,000 devices are open to two serious vulnerabilities. Fortinet customers’ data were also exposed in the theft. These exploits can lead to man in the middle attacks around the globe.

Shadow Brokers 

A group identifying itself as Shadow Brokers allegedly stole exploits from Equation Group, linked to the National Security Agency three years ago. Using a Twitter account, Shadow Brokers recently announced an auction for firewall exploits they claim they found with a hacking tool used by the NSA. The group demanded Bitcoins in exchange for data with codenames such as EPICBANANA, EGREGIOUSBLUNDER, AND EXTRABACON.

EXTRABACON

One of the exploits that targets Cisco ASA, Cisco Firewall Services [...]

Share

Privacy Shield

The ways American companies and the United States government can collect, process, transfer, and store European citizens’ private data are changing. In 2015, European Union courts invalidated the US/EU privacy “Safe Harbor,” invalidating the decade-old information sharing agreement. American businesses, European citizens, and privacy advocates all over the globe have closely watched the development of Safe Harbor’s replacement policy. In the summer of 2016, Privacy Shield came to fruition and is enforced as of August 2016. This article takes a look at what Privacy Shield is and how it came to be.

Safe Harbor

Unlike in Europe, the United States does not [...]

Share

Data Obfuscation: Proceed with Caution

There are many methods of guarding private data, and oftentimes companies still need to preserve the data’s utility while doing so. This is especially crucial for enterprises that process data for business without the complexity and time it takes for cryptographics. IT professionals should be aware, in hiding data from view, they may be creating a completely different set of problems.

Data masking and obfuscation allow some parts of sensitive data to remain seen while hiding the entire value. The most widely seen use of masking shortens a Social Security number to the last four digits. Masking also takes place when [...]

Share