Home / Tag Archives: hash

Tag Archives: hash

Chipworks: Both Samsung and TSMC are making the A9 chip for Apple (Andrew Cunningham/Ars Technica)

Enlarge / Chipworks confirms that both Samsung and TSMC are manufacturing subtly different A9 processors for Apple. Further Reading The only thing that most people will need to know about Apple's A9 is that it's a whole lot faster than last year's A8. But for those of you who are more interested in chip design, Chipworks has unearthed an interesting tidbit : there are two different versions of the A9 chip, one manufactured by Samsung and another by Taiwan Semiconductor (TSMC). Most interestingly, Samsung's version (the APL0898) has a slightly smaller footprint than the TSMC version (APL1022). There have long been  rumors  that Apple was dual-sourcing the A8 from Samsung and TSMC, but this is the first visual proof that we've seen of the practice. iPhone and iPad processors up to and including the A7 were all made by Samsung. Apple buys other parts from multiple sources including NAND flash and RAM, but the SoC is a major component with bigger implications for performance and power. Chipworks promises a more in-depth look at how the two processors are different, but for now, all we know is that they differ in size. We have no way to confirm whether the chips in our review samples  were made by Samsung or TSMC. iFixit's teardowns found the Samsung version of the A9 in the iPhone 6S and TSMC's version in the iPhone 6S Plus, which makes sense—a larger phone has more room to spare for a larger chip—but that doesn't necessarily mean that all of the phones are being put together this way. In our testing, both the iPhone 6S and 6S Plus benchmarked nearly identically, and both behaved well during Geekbench's thermal throttling test. For more information, our full review of the new iPhones is here

Read More »

iOS 9’s space-saving "app slicing" disabled for now, will return in future update (Andrew Cunningham/Ars Technica)

Enlarge / Apple's sample universal binary here is just 60 percent of its original size when downloaded to an iPad or iPhone. Andrew Cunningham Further Reading Back in June, we wrote a bit about App Thinning , a collection of iOS 9 features that are supposed to make iOS 9 apps take up less space on iDevices. Apple has just announced to developers that one of those features, "app slicing," is not available in current iOS 9 versions due to an iCloud bug. It will be re-enabled in a future iOS update after the bug has been resolved. App slicing ensures that your iDevice only downloads the app assets it needs to work. In older versions of iOS, all devices downloaded "universal" versions of apps that included all of the assets those apps needed to work on each and every targeted iDevice. If you downloaded an app to your iPhone 5, for example, it could include larger image assets made for the larger-screened iPhones 6 and 6 Plus, 64-bit code that its 32-bit processor couldn't use, and Metal graphics code that its GPU didn't support. That's all wasted space, a problem app slicing was designed to resolve. Apple says the iCloud bug affects users who are restoring backups to new devices—if you moved from that iPhone 5 to a new iPhone 6S, for example, iCloud would restore iPhone 5-compatible versions of some apps without the assets required by the newer, larger device. For now, Apple says that devices running iOS 9 will continue to download the universal versions of apps along with all their assets, whether they're needed by your specific device or not.  TestFlight , the beta app distribution service that Apple purchased in 2014, will continue to distribute software tailored for specific devices, but regular users will need to wait for that iOS update before they begin to see the feature's benefits.

Read More »

Active malware campaign has hijacked thousands of WordPress sites in just 15 days, has spiked to over 5K new infections daily (Dan Goodin/Ars…

This is what happens at the network level when a browser visits an infected site. Malwarebytes Attackers have hijacked thousands of websites running the WordPress content management system and are using them to infect unsuspecting visitors with potent malware exploits, researchers said Thursday. The campaign began 15 days ago, but over the past 48 hours the number of compromised sites has spiked, from about 1,000 per day on Tuesday to close to 6,000 on Thursday, Daniel Cid, CTO of security firm Sucuri, said in a blog post . The hijacked sites are being used to redirect visitors to a server hosting attack code made available through the Nuclear exploit kit , which is sold on the black market. The server tries a variety of different exploits depending on the operating system and available apps used by the visitor. "If you think about it, the compromised websites are just means for the criminals to get access to as many endpoint desktops as they can," Cid wrote. "What’s the easiest way to reach out to endpoints? Websites, of course." On Thursday, Sucuri detected thousands of compromised sites, 95 percent of which are running on WordPress. Company researchers have not yet determined how the sites are being hacked, but they suspect it involves vulnerabilities in WordPress plugins. Already, 17 percent of the hacked sites have been blacklisted by a Google service that warns users before they visit booby-trapped properties.

Read More »

Google sends out invites for press event on September 29 at 9 AM PT, new Nexus devices and Chromecast expected; event will be livestreamed on YouTube…

Google We know it's late Friday but this little message just popped into our inbox. Google is holding an event September 29 where the company is promising "tasty new treats and much s'more." September 29 has been the rumored launch date for Google's Nexus line for a few weeks now, and it looks like the rumor mill was right on target. Google is expected to launch updates to the Nexus 5 and Nexus 6. The new 2015 Nexus 5 will be built by LG , while Huawei is handling the 2015 Nexus 6. Both are geared up for Marshmallow with fingerprint readers and USB Type C, and have other goodies like laser autofocus for the camera and front-facing stereo speakers. The event should also see the launch of Android 6.0 Marshmallow , and we might even see the rumored Chromecast 2 that leaked today. The event will be livestreamed at youtube.com/google. © 2015 Condé Nast. All rights reserved Use of this Site constitutes acceptance of our User Agreement (effective 1/2/14) and Privacy Policy (effective 1/2/14), and Ars Technica Addendum (effective 5/17/2012) Your California Privacy Rights The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast. Ad Choices

Read More »

US appeals court rules copyright owners must consider fair use before issuing takedown notices, siding with EFF (Joe Mullin/Ars Technica)

The US Court of Appeals for the 9th Circuit today issued a ruling that could change the contours of fair use and copyright takedown notices. In an opinion (PDF)  published this morning, the three-judge panel found that Universal Music Group's view of fair use is flawed. The record label must face a trial over whether it wrongfully sent a copyright takedown notice over a 2007 YouTube video of a toddler dancing to a Prince song. That toddler's mother, Stephanie Lenz, acquired pro bono counsel from the Electronic Frontier Foundation. The EFF in turn sued Universal in 2007, saying that its takedown practices violated the Digital Millennium Copyright Act. Further Reading The judges ruled today that copyright holders "must consider the existence of fair use before sending a takedown notification." Universal's view that fair use is essentially an excuse to be brought up after the fact is wrong, they held. UMG's view of fair use solely as an "affirmative defense" is a misnomer. "Fair use is uniquely situated in copyright law so as to be treated differently than traditional affirmative defenses," wtore US Circuit Judge Richard Tallman for the majority. The long-running copyright case began when Lenz uploaded a video of her son Holden dancing to Prince's "Let's Go Crazy." At that time, Universal had an employee scouring YouTube each day in order to issue takedowns on videos that used Prince music. EFF, looking for a test case over bad DMCA takedowns, found a sympathetic client in Lenz, a mom seeking to simply share a video of her son with his grandmother. Today's ruling isn't an all-out win for EFF, which wanted Universal to be held liable immediately under 512(f), the section of the DMCA that allows for damages over bad-faith takedown notices. Universal will have to face a trial over whether it "knowingly misrepresented" its "good faith belief the video was not authorized by law." But the judges have made clear that copyright owners "must consider fair use before sending a takedown notification," before forming that "good faith belief." To be successful at trial, Universal doesn't have to prove that the video wasn't fair use. It just has to show that it considered fair use before sending the notice. Otherwise, it could be liable for "nominal" damages to Lenz—which wouldn't be much, since her video went back up after a short period, and has been up since then.

Read More »

Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked (Dan Goodin/Ars Technica)

When the Ashley Madison hackers leaked close to 100 gigabytes worth of sensitive documents belonging to the online dating service for people cheating on their romantic partners, there seemed to be one saving grace. User passwords were cryptographically protected using bcrypt, an algorithm so slow and computationally demanding it would literally take centuries to crack all 36 million of them . Further Reading Now, a crew of hobbyist crackers has uncovered programming errors that make more than 15 million of the Ashley Madison account passcodes orders of magnitude faster to crack. The blunders are so monumental that the researchers have already deciphered more than 11 million of the passwords in the past 10 days. In the next week, they hope to tackle most of the remaining 4 million improperly secured account passcodes, although they cautioned they may fall short of that goal. The breakthrough underscores how a single misstep can undermine an otherwise flawless execution. Data that was designed to require decades or at least years to crack was instead recovered in a matter of a week or two. The cracking team, which goes by the name "CynoSure Prime," identified the weakness after reviewing thousands of lines of code leaked along with the hashed passwords, executive e-mails, and other Ashley Madison data . The source code led to an astounding discovery: included in the same database of formidable bcrypt hashes was a subset of 15.26 million passwords obscured using MD5 , a hashing algorithm that was designed for speed and efficiency rather than slowing down crackers. The bcrypt configuration used by Ashley Madison was set to a "cost" of 12, meaning it put each password through 2 12 , or 4,096, rounds of an extremely taxing hash function. If the setting was a nearly impenetrable vault preventing the wholesale leak of passwords, the programming errors—which both involve a MD5-generated variable the programmers called $loginkey—were the equivalent of stashing the key in padlock-secured box in plain sight of that vault

Read More »

Man arrested for parodying mayor on Twitter gets $125K in civil lawsuit (David Kravets/Ars Technica)

An Illinois man arrested when his residence was raided for parodying his town's mayor on Twitter is settling a civil rights lawsuit with the city of Peoria for $125,000. The accord spells out that the local authorities are not to prosecute people for parodies or satire. Further Reading Plaintiff Jon Daniel, the operator of the @peoriamayor handle, was initially accused last year of impersonating a public official in violation of Illinois law. However, the 30-year-old was never charged. His arrest was kicked off after the local mayor, Jim Ardis, was concerned that the tweets in that account falsely portrayed him as a drug abuser who associates with prostitutes. One tweet Ardis was concerned about said, "Who stole my crackpipe?" As part of the agreement , (PDF) which includes legal fees, his attorneys from the American Civil Liberties Union said Peoria will publish a "directive" to the police department making it clear that Illinois law criminalizing impersonation of a public official does not include parody and satire. "The directive makes clear that parody should never be the predicate for a criminal investigation and that the action against Mr. Daniel should never be repeated again," Karen Sheley, an ACLU attorney, said in a statement. Daniel said he never "dreamed" that he would be arrested for his fake Twitter account. "I am satisfied with the outcome in this case," Daniel said in a statement. "I always thought that the twitter account was a joke for me and for my friends." As we previously reported, the city had defended the arrest: In its first response to the lawsuit, the city of Peoria's and Mayor Jim Ardis' attorney told Ars that the mayor and city officials believed Daniel was breaching an Illinois law making it illegal to impersonate a public official. The mayor's attorney said city officials got a judge to issue warrants from Twitter and Comcast to track down Daniel. In short, they were just following the law

Read More »

Pwn2Own loses HP as its sponsor amid concerns of compliance with the Wassenaar Arrangement, an international treaty that has rules governing software…

The next scheduled Pwn2Own hacking competition has lost Hewlett-Packard as its longstanding sponsor out of legal concerns that the company could run afoul of recent changes to an international treaty that governs software exploits. Dragos Raiu, organizer of both Pwn2Own and the PacSec West security conference in Japan, said HP lawyers spent more than $1 million researching the recent changes to the so-called Wassenaar Arrangement. He said they ultimately concluded that the legal uncertainty and compliance hurdles were too high for them to move forward. "I am left being kind of grumpy now that HP is not involved," Raiu told Ars. He said that he plans to organize a scaled-down hacking competition to fill the void at this year's conference, which is scheduled for November 11 and 12. Pwn2Own has become one of the more closely followed events among security professionals. The hacking competition offers hundreds of thousands of dollars for exploits that target software vulnerabilities found in Windows, OS X, iOS, and Android. Besides highlighting the relative ease of exploiting bugs, the contest allows HP's Tipping Point division to update its intrusion prevention software with definitions that detect and block such attacks. Raiu said HP pulled out this year following changes made earlier this year to the Wassenaar arrangement . It added specific curbs around the exports of "intrusion malware" and "intrusion exploits." Raiu said Japan's implementation of Wassenaar is so vague and cumbersome that they expose researchers and organizers to a high amount of legal uncertainty. What, for instance, is the status of thumbdrives containing exploit software that was debugged at the last minute in Japan and is then brought back to the US, where Tipping Point is headquartered. By contrast, Raiu said Canada's implementation of Wassenaar was much more clear and simpler to comply with. That likely explains why HP sponsored the Pwn2Own competition in March at the CanSecWest conference in Vancouver, British Columbia. HP released a statement that read: Due to the complexity of obtaining real-time import/export licenses in countries that participate in the Wassenaar Arrangement, the ZDI has notified conference organizer, Dragos Ruiu, that it will not be holding the Pwn2Own contest at PacSecWest in November.

Read More »

Improved Simplocker Android malware disguises as an NSA app, has infected tens of thousands of devices using XMPP (Sean Gallagher/Ars Technica)

Apparently, NSA only takes payment via PayPal for penalties for bad app downloads? That doesn't seem right... A new variant of mobile ransomware that encrypts the content of Android smartphones is putting a new spin on both how it communicates with its masters and how it spurs its victims into action. The updated version of Simplocker masquerades on app stores and download pages as a legitimate application, and uses an open instant messaging protocol to connect to command and control servers. The malware requests administrative permissions to sink its hooks deep into Android. Once it's installed, it announces itself to some victims by telling them it was planted by the NSA—and to get their files back, they'll have to pay a "fine." Ofer Caspi of Check Point's malware research team wrote in a report posted this week that the team has "evidence that users have already paid hundreds of thousands of dollars to get their files "unencrypted" by this new variant. He estimates that the number of infected devices so far numbers in the tens of thousands, but may be much higher. Because the software can't easily be removed once it is installed, and because the files it encrypts can't be recovered without it, victims have no choice but to either pay $500 to get their files decrypted or  wipe the device and start from scratch. While posing as a legal or governmental authority to intimidate the victim into paying up is not new, the use of Extensible Messaging and Presence Protocol (XMPP), the instant messaging protocol used by Jabber and previously by GTalk, is a shift in tactics to evade detection by anti-malware tools. XMPP communication makes it more difficult for security and anti-malware tools to catch the ransomware before it can communicate with its command and control network because it conceals the communication in a form that looks like normal instant message communications. Most previous ransomware packages have communicated with a website over HTTPS to obtain encryption keys; those websites can generally be identified by their URLs, IP addresses, or the signature of their Web requests and then blocked. An application making a secure HTTP request to a suspicious destination would be a good sign that something bad was afoot. But the XMPP communications channel used by the new Simplocker variant uses an external Android library to communicate with the command and control network through a legitimate messaging relay server.

Read More »

Snapdragon 820’s custom CPU is twice as fast, efficient as disappointing 810 (Andrew Cunningham/Ars Technica)

Qualcomm Further Reading Qualcomm's new Snapdragon 820 flagship won't actually ship in any phones before early 2016, but the company continues to dole out bits of information ahead of the launch . Today it's talking in very broad terms about the CPU, which is based on a brand-new custom 64-bit architecture called Kryo. Kryo is Qualcomm's official successor to Krait, the CPU architecture used in a wide range of Snapdragon chips from the S4 all the way up to the 805. The toasty Snapdragon 810 used a mix of off-the-shelf ARM Cortex A57 and A53 CPU cores to bring 64-bit ARMv8 compatibility to high-end phones while Qualcomm finished its own architecture. Kryo, which will initially run at clock speeds up to 2.2GHz, promises to be twice as fast as the 810 while also being twice as power efficient. Some of this is no doubt due to architectural improvements, but it will help that the 820 will be built on a 14nm FinFET manufacturing process—Qualcomm doesn't name its manufacturing partner, but Samsung is the most likely candidate. The Kryo CPU cores in the 820 will be accompanied by a new Adreno 530 GPU , the first in the Adreno 500-series of products. The GPU will support the latest OpenGL ES, OpenCL, and Vulkan APIs, and Qualcomm says that it will be 40 percent faster and 40 percent more power efficient than the Adreno 430 in the 810. Phones and tablets are such tightly integrated devices that we'll need to see shipping hardware before we can really say how well the Snapdragon 820 performs, but Qualcomm's early numbers all paint an optimistic picture. © 2015 Condé Nast. All rights reserved Use of this Site constitutes acceptance of our User Agreement (effective 1/2/14) and Privacy Policy (effective 1/2/14), and Ars Technica Addendum (effective 5/17/2012) Your California Privacy Rights The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast. Ad Choices

Read More »

Former Secret Service agent Shaun Bridges pleads guilty to theft of $820K in bitcoin during Silk Road investigation (Joe Mullin/Ars Technica)

SAN FRANCISCO—Shaun Bridges, a former Secret Service agent who was investigating the Silk Road drug trafficking website, pled guilty today to charges of money laundering and obstruction of justice. Bridges' scheme was straightforward and very profitable. After Silk Road admin Curtis Green was arrested in January 2013, he debriefed agents in Baltimore. Bridges took his admin credentials, logged in, and started locking Silk Road drug dealers out of their accounts. He then looted the accounts, grabbing about 20,000 Bitcoins, and put them into his own account. US District Judge Richard Seeborg read out each of the government accusations against Bridges in court today, and the man responded "yes sir," acknowledging he had committed each of the acts. Shaun Bridges Bridges moved the Bitcoins into his Mt. Gox account. They were worth more than $300,000 at the time of the theft. Bridges moved the money into a Fideltity account called Quantum International Investments LLC between March and May of that year. By then, the bitcoins were worth about $820,000. Bridges also pled guilty to obstructing the Baltimore investigation of Silk Road and later to the internal investigation of his own behavior. At one point, he talked to a colleague who was being interviewed and agreed "to tell a consistent story" about his unauthorized use of a FINCEN database. The plea agreement includes sentencing recommendations, but it isn't known what those are at this time. "You understand these are simply recommendations, and it will be for me to decide what the appropriate sentence is?" Seeborg asked. "I do," said Bridges

Read More »

KeyRaider malware infecting jailbroken iPhones stole over 225K valid Apple account logins, thousands of certificates, private keys, and purchasing…

A newly discovered malware family that preys on jailbroken iPhones has collected login credentials for more than 225,000 Apple accounts, making it one of the largest Apple account compromises to be caused by malware. KeyRaider, as the malware family has been dubbed, is distributed through a third-party repository of Cydia , which markets itself as an alternative to Apple's official App Store. Malicious code surreptitiously included with Cydia apps is creating problems for people in China and at least 17 other countries, including France, Russia, Japan, and the UK. Not only has it pilfered account data for 225,941 Apple accounts, it has also disabled some infected phones until users pay a ransom, and it has made unauthorized charges against some victims' accounts. Researchers with Palo Alto Networks worked with members of the Chinese iPhone community Weiphone after members found the unauthorized charges. In a blog post published Sunday , the Palo Alto Networks researchers wrote: KeyRaider has successfully stolen over 225,000 valid Apple accounts and thousands of certificates, private keys, and purchasing receipts. The malware uploads stolen data to its command and control (C2) server, which itself contains vulnerabilities that expose user information. The purpose of this attack was to make it possible for users of two iOS jailbreak tweaks to download applications from the official App Store and make in-app purchases without actually paying. Jailbreak tweaks are software packages that allow users to perform actions that aren’t typically possible on iOS. These two tweaks will hijack app purchase requests, download stolen accounts or purchase receipts from the C2 server, then emulate the iTunes protocol to log in to Apple’s server and purchase apps or other items requested by users. The tweaks have been downloaded over 20,000 times, which suggests around 20,000 users are abusing the 225,000 stolen credentials. Some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom. As if the theft of the Apple account credentials wasn't bad enough, the data was uploaded to a website that contained a SQL-injection vulnerability .

Read More »

LTE over Wi-Fi spectrum sets up industry-wide fight over interference (Jon Brodkin/Ars Technica)

A plan to use Wi-Fi airwaves for cellular service has sparked concerns about interference with existing Wi-Fi networks, causing a fight involving wireless carriers, cable companies, a Wi-Fi industry trade group, Microsoft, and network equipment makers. Verizon Wireless and T-Mobile US plan to boost coverage in their cellular networks by using unlicensed airwaves that also power Wi-Fi equipment. While cellular carriers generally rely upon airwaves to which they have exclusive licenses, a new system called LTE-Unlicensed (LTE-U) would have the carriers sharing spectrum with Wi-Fi devices on the unlicensed 5GHz band. Further Reading Verizon has said it intends to deploy LTE-U in 5GHz in 2016. Before the interference controversy threatened to delay deployments, T-Mobile was expected to use the technology on its smartphones  by the end of 2015 . Wireless equipment makers like Qualcomm  see an opportunity to sell more devices and are integrating LTE-U into their latest technology. Using 5GHz will let cellular networks boost data speeds over short distances without requiring users to log in to a separate Wi-Fi network. But companies from all over the technology industry are arguing over how much this new technology will interfere with Wi-Fi networks and how quickly the Federal Communications Commission should move in allowing it. The latest development came yesterday when Verizon, T-Mobile, Alcatel-Lucent, Ericsson, and Qualcomm sent a letter to the FCC opposing a Wi-Fi Alliance proposal that would slow the process of getting LTE-U out of testbeds and into real-world networks. Wi-Fi Alliance seeks delay The Wi-Fi Alliance is an industry trade group that certifies equipment to make sure it doesn't interfere with other Wi-Fi-certified equipment operating in the same frequencies. The group this month  asked the FCC  to avoid authorizing any LTE-U equipment until the Wi-Fi Alliance is able to conduct its own tests on vendor devices using new interference testing guidelines that the Alliance is still developing. The Wi-Fi Alliance has a long list of members  covering pretty much the entire technology industry, including the five companies opposing its request

Read More »

Former FireEye intern pleads guilty to developing Dendroid spyware for Android; sentencing scheduled for Dec. 2 (Dan Goodin/Ars Technica)

A former intern at security firm FireEye has admitted in federal court that he designed a malicious software tool that allowed attackers to take control of other Android phones so they could spy on their owners. Morgan Culbertson, 20, pleaded guilty to federal charges involving Dendroid, a software tool that provided everything needed to develop highly stealthy apps that among other things took pictures using the phone's camera, recorded audio and video, downloaded photos, and recorded calls. According to this 2014 blog post from Android security firm Lookout, at least one app built with Dendroid found its way into the official Google Play market, in part thanks to code that helped it evade detection by Bouncer, Google’s anti-malware screening system. Culbertson, who last month was one of 70 people arrested in an international law enforcement sting targeting the Darkode online crime forum , said in a LinkedIn profile that he spent four months at FireEye. While there, he said, he "improved Android malware detection by discovering new malicious malware families and using a multitude of different tools." He was also a student at Carnegie Mellon University. According to The Pittsburgh Post-Gazette , Culbertson on Tuesday pleaded guilty to developing and selling the malicious tool kit . Culbertson advertised the malware on Darkode for $300, and he also offered to sell the source code, presumably for a much higher price, that would allow buyers to create their own version of Dendroid. He faces a maximum 10 years in prison and $250,000 in fines at sentencing, which is scheduled for December 2. Culbertson said he had spent more than a year designing Dendroid, a timeline that means he worked on the remote access toolkit during or shortly after his four-month tenure at FireEye. FireEye told Forbes that   Culbertson has been suspended from any future work at the company.

Read More »

FTC to hold PrivacyCon in Washington, DC, on January 14 to bring together privacy and security researchers with policymakers (Edith Ramirez/Ars…

View of the Federal Trade Commission from the Newseum. As the chief US agency charged with protecting consumer privacy, the Federal Trade Commission strives to help foster a marketplace where technology flourishes, while also ensuring that consumer privacy is safeguarded. To do this, we need to ensure that we stay on top of the latest research in data security and privacy. We know that innovators need freedom to innovate, and we also know that consumers care deeply about their privacy, whether that involves mobile and online tracking or the collection of other personal data streams such as geolocation. So how can the FTC better protect consumers and promote innovation as personalization, connected cars, health and fitness devices, and other technologies emerge? By making sure our work is informed by the best minds helping to drive the digital revolution. We hear frequently from industry groups, consumer advocates, and government colleagues about policy issues. We also hear from technologists, but not as much as we'd like—we need more of them to weigh in on these important issues. Policymakers need to ensure that privacy is respected while innovation flourishes, and technology academics and researchers are crucial to hitting that sweet spot. To make this meeting of minds happen, the FTC is announcing a new forum called PrivacyCon , which aims to bring together leading privacy and security researchers with policymakers to present and discuss their latest findings. The FTC will host the first PrivacyCon in Washington, DC, on January 14. Technologists are important to policymaking for a number of reasons. They can help shine a light on privacy and security gaps. They can develop honeypots, crawlers, and other tools to highlight the types of information companies collect, to identify what kinds of choices consumers are making, and to assess whether these choices are being respected

Read More »