So I just got a CGM (Continuous Glucose Monitor). To use your phone to link to the sensor, you have to have their app. Okay, that's not surprising. But to get their app, you MUST create and account using a verified e-mail address. Unlike most people, I read the Privacy Policy before I give my e-mail address to any site. They expressly state that they have the right to use my personal glucose readings to market things to me. Huh? There's no need for them to have my glucose readings at all -- that is data that only needs to be exchanged between the sensor on my skin and the app in my phone.

My first thought was -- where's HIPAA in all this? My guess is that their claim will be that they aren't a healthcare provider, and hence they do not have to conform to HIPAA requirements. So my doctor has to get all kinds of permissions, in writing, to tell my wife what my glucose level is, but this manufacture can require that it be given to them, when they have no legitimate need to ever see it, so that they can give/sell it to anyone they want to.

 

UK porn watchers could have faces scanned

​

Porn users could have their faces scanned to prove their age, with extra checks for young-looking adults, draft guidance from Ofcom suggests. The watchdog has set out a number of ways explicit sites could prevent children from viewing pornography.

 

UK porn watchers could have faces scanned
View attachment 309199​

This is a joke that will be bypassed or fooled in milliseconds. A colossal cluster #... just waiting to happen. Next stupid idea ...

 

Back when license plate readers were being installed at toll booths, people raised concerns about this giving the government the ability to surveil and track the movements of people. We were assured that the data would only be used for toll billing purposes, that it would only be kept long enough to serve that purpose, and that no one else, specifically including law enforcement, would ever have access to it. Opponents pointed out that the fact that the data was being collected meant that, sooner or later, it would be used for other purposes. We were told that such concerns were misguided and alarmist and that there was no slippery slope.

Now hardly a day goes by that there isn't a story on the news about how data from license plate readers enabled this suspect or that fugitive to be tracked down and apprehended.

Yep, no slippery slope here.

 

https://arstechnica.com/tech-policy...-selling-bathroom-spycam-used-to-abuse-minor/
Judge: Amazon “cannot claim shock” that bathroom spycams were used as advertised

Amazon's biggest problem persuading the judge was seemingly the product descriptions that the platform approved. An amended complaint included a photo from Amazon's product listing that showed bathroom towels hanging on hooks that disguised the hidden camera. Text on that product image promoted the spycams, boasting that they "won't attract attention" because each hook appears to be "a very ordinary hook."

A similar item still being sold.

... Hidden Spy Security Camera

... Shower shelf spy camera that looks like an ordinary can of Shower shelf. The camera is so well hidden that no one will know that the Shower shelf actually contains a mini bathroom spy camera. Because it is so well hidden, you can put it anywhere, even in the bathroom, and no one will be suspicious. With this camera, you are able to record everything that happens while you are gone. Thieves and intruders will never suspect that this Shower shelf contains a hidden camera that is capturing their every move. You don't have to worry about thieves or your child's babysitter any longer. With this camera, you can help to keep your family and home safe. Highlights: 1. As Shower Nozzle Rack spy camera, shooting of camouflage technologies and quality is very important. The pinhole camera we used technology lens. The camera is not visible wires, plugs, or buttons, even trained professionals will not be able to tell you, this Shower Nozzle Rack is a hidden camera. Spy camera resolution of 1920 × 1080. There is no doubt that you can from this product high-quality video. Another important thing is the shooting time. In order to increase 32GB storage card, the recording time as set by the inside of the large-capacity battery. On this basis, the camera can work continuously for about 15-18 hours. You can secretly so easy to get a very long and exciting video. It can provide you with an ordinary camera, and can not provide a powerful video evidence. This is the ideal choice for a real CIA agents, police, detector, and spy agency.

 

https://arstechnica.com/security/20...e-vulnerable-to-new-logofail-firmware-attack/
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

 

https://arstechnica.com/security/20...e-vulnerable-to-new-logofail-firmware-attack/
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

Unbelievable ...

 

Unbelievable ...

Unbelievable, nothing shocks me today about our ability to manipulated the machines we create.

 

Unbelievable, nothing shocks me today about our ability to manipulated the machines we create.

Callme naivë, but my shock derives from the sudden realization of how easy it has become to attack hardware now.

 

Callme naivë, but my shock derives from the sudden realization of how easy it has become to attack hardware now.

I know what you mean but:

Technical exploits like this are not easy. A PoC like is shown here is the result of a lot of work and specialized knowledge. It's only easy to execute now that the work has been generalized into a usable exploit.

As a general rule I turn off all computer 'bling' like logo's, lights and sounds as these have been exploit targets in the past. The people that write those sorts of routines ( image parsers) have traditionally been lax about data validation.
https://thehackernews.com/2015/06/Stegosploit-malware.html

My Linux systems don't use UEFI boot, they all use Legacy BIOS Mode.

 

The average user wants more bling. I hate it, but it's increasingly difficult to get rid of it.

The more complex a system, the more potential hooks there are for bad actors to go after, and it doesn't matter whether that complexity serves a useful purpose, or is just eye candy.

In addition to all the bling, that average user also wants a minimum level of utility -- they'll get frustrated if they don't get it. I've often wondered if they would still want all that bling if they were made aware of how much cheaper a machine would be that gave them more utility than they need, but had all the bling stripped out. Or, alternatively, how much more utility they could get from their current machine if it didn't have to waste so much time and resources serving up the bling.

I know which I would choose, but then again, I'm not an average user and it's the average user that products are designed for and marketed to.

 

https://www.hackster.io/news/kevin-...-open-with-a-side-channel-attack-93af376b63ca

Kévin Courdesses Breaks the ESP32-V3, ESP32-C3, and ESP32-C6 Wide Open with a Side-Channel Attack
"There is no software [or] hardware fix available," Espressif warns of vulnerabilities allowing for encrypted flash data exfiltration.
https://www.espressif.com/sites/def...and FI attack on ESP32-C3 and ESP32-C6 EN.pdf

 

Privacy lost,Hope lost,Future lost,...

 

Privacy lost,Hope lost,Future lost,...

View attachment 313011

Selecting which one of the runners is for dinner.
It's OK to be slow, just don't be the slowest.

 

 

It's a money grab.

Ron

 

https://www.bleepingcomputer.com/ne...-toothbrushes-were-not-used-in-a-ddos-attack/
No, 3 million electric toothbrushes were not used in a DDoS attack

 

Just when I thought my toothbrush was safe.

Ron

 

Just when I thought my toothbrush was safe.

Ron

Have you heard about the toilet paper cyberconspiracy?

 

Have you heard about the toilet paper cyberconspiracy?

See this is what happens with all that AI stuff.

Ron