blog trackingRealtime Web Statistics Drive Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Drive’

Google Drive Vulnerability Leaks Users’ Private Data

Another privacy issue has been discovered in Google Drive which could have led sensitive and personal information stored on the cloud service exposed to unauthorized parties. The security flaw has now patched by Google, but its discovery indicates that the vulnerability of cloud data when accessed via a link can allow “anyone who has the link” to access your private data without any

For more information go to, http://www., or

View full post on National Cyber Security



View full post on Select From Our Menu

Secure Strategy Group to help drive revenues for Microsoft’s global security team and its technology partners

Jacob Goodwin Top Priority Sector:  access_control_identification Read More….

View full post on The Cyber Wars

Drive by shooting in West Palm Beach

One person is dead, another hospitalized, after an early morning shooting in West Palm Beach. The shooting started near Australian Avenue and 45th Street. We… Read More….

View full post on Select From Our Menu

HACKS: Unlock a car door with a USB drive

________________________ – – –

The Lawnmower Man (PAL) Part 1 SEGA Mega Drive

The Lawnmower Man (PAL) Part 1 SEGA Mega Drive 480p is recommended for best quality. PLOT: Dr. Lawrence Angelo (Pierce Brosnan) is a scientist working for Virtual Space Industries (VSI) in “Project 5″, a secret research facility that attempts to increase the intelligence of primates using psychotropic drugs and virtual reality (VR) training. The research [...]

View full post on The Cyber Wars

Dropbox, Google Drive and SkyDrive: What Should Your Agency Use?

View full post on Government Technology Security News

View full post on National Cyber Security

Should you worry about Google Drive privacy?

The wording of the Google Drive terms of service has ruffled some feathers. However, the short answer to the question posed in the title of this article is “no”. Allow me to explain.Should you worry about Google Drive privacy?, Blog, Google, about, Privacy, Should, Drive, worry

Should you worry about Google Drive privacy?, Blog, Google, about, Privacy, Should, Drive, worry Should you worry about Google Drive privacy?, Blog, Google, about, Privacy, Should, Drive, worry

Should you worry about Google Drive privacy?, Blog, Google, about, Privacy, Should, Drive, worryShould you worry about Google Drive privacy?, Blog, Google, about, Privacy, Should, Drive, worry

View full post on security

View full post on National Cyber Security » Computer Hacking

Google Drive privacy concerns raised by YRO advocates

Google Drive has been criticised by privacy advocates, who have voiced strong concerns over how stored data may be used during and after customers are actively engaged in the cloud storage service.

“The terms of service are bad, but even worse is that Google has made clear it will change its terms of service whenever it wishes,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC).

On March 1, Google “ignored the views of users” and consolidated all of its terms of service, Rotenberg said, so that it could “do more data profiling.”

“After the unilateral changes on March 1, I don’t understand why users would trust Google to stand by its terms of service,” he said.

Rotenberg is not alone in his concerns.

Users commenting in online forums said privacy was the reason they would not use Google Drive.

On Dropbox’s online forum a user by name of Chen S. wrote, “My big concern with Google Drive is that they already have all my emails, web analytics, and search terms. Do I really want to give them even more data?”

Another user, Christopher H., said : “Like many other users, I’m not excited about Google having more data points on my life via the files I will be storing in their cloud.”

Still another Dropbox user, – Mark Mc., noted that while Google might not sell or disclose data without a user’s permission, “they can, however, use that data in anyway shape or form the like internally – and if that includes selling personalised sic ad’s based on data farming of the files that I’ve uploaded I’m out of there!”

But a Google spokesman said Drive’s terms of service make it clear, “what belongs to you stays yours” and the company’s policies are no more onerous than other service providers.

“You own your files and control their sharing, plain and simple. Our Terms of Service enable us to give you the services you want – so if you decide to share a document with someone, or open it on a different device, you can,” he said. “Many who have covered this simply ignored that paragraph and quoted only the one immediately following it, which grants us the licence required by copyright law to display or transmit content on a user’s behalf. Other companies use very similar language.”

Dropbox’s terms of use says: “You retain full ownership to your stuff. We don’t claim any ownership to any of it. These Terms do not grant us any rights to your stuff or intellectual property except for the limited rights that are needed to run the Services, as explained below.”

Similarly, Microsoft’s SkyDrive terms of use also claim no ownership of user data.

According to Microsoft’s policy, a user controls who may access their content. However, if you share content in public areas of the service or in shared areas available to others you’ve chosen, then you agree that anyone you’ve shared content with may use that content.

“If you don’t want others to have those rights, don’t use the service to share your content,” the policy states. “You understand that Microsoft may need, and you hereby grant Microsoft the right, to use, modify, adapt, reproduce, distribute, and display content posted on the service solely to the extent necessary to provide the service.”

Google’s terms of use say: “You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours. When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide licence to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.”

Google states in its official blog that its new privacy policy allows it to build a more “intuitive user experience.” For example, if you’re working on Google Docs and you want to share a file with someone on Gmail, “you want their email right there ready to use.”

“Our privacy policies have always allowed us to combine information from different products with your account. However, we’ve been restricted in our ability to combine your YouTube and Search histories with other information in your account. Our new Privacy Policy gets rid of those inconsistencies so we can make more of your information available to you when using Google,” the company states.

“I don’t know of any legislation on this subject,” said John Webster, a senior partner with Evaluator Group, a market research firm that specialises in data storage issues. “You have to ask yourself, what’s the business model. If the business model is to make money from a service or money from advertising, that’s one thing. If it’s trying to make money off the sale of data, that’s another thing.”

While older internet users tend to be wary of how their data is used and protected, younger users rarely consider the consequences of where they store personal information, Webster said. “They may not be reading the fine print.”

The other issue to consider is what happens to your data when you leave a cloud service behind, he said.

Google’s terms also state that when a user discontinues use of its service, it continues to retain the right to use customer information.

Article source:

View full post on National Cyber Security » Computer Hacking

Report: Stuxnet delivered to Iranian nuclear plant on thumb drive

CBS Interactive)

(CNET) An Iranian double agent working for Israel used a standard thumb drive carrying a deadly payload to infect Iran’s Natanz nuclear facility with the highly destructive Stuxnet computer worm, according to a story by ISSSource.

Stuxnet quickly propagated throughout Natanz — knocking that facility offline and at least temporarily crippling Iran’s nuclear program — once a user did nothing more than click on a Windows icon. The worm was discovered nearly two years ago.

ISSSource’s report yesterday was based on sources inside the U.S. intelligence community.

These sources, who requested anonymity because of their close proximity to investigations, said a saboteur at the Natanz nuclear facility, probably a member of an Iranian dissident group, used a memory stick to infect the machines there. They said using a person on the ground would greatly increase the probability of computer infection, as opposed to passively waiting for the software to spread through the computer facility. “Iranian double agents” would have helped to target the most vulnerable spots in the system,” one source said. In October 2010, Iran’s intelligence minister, Heydar Moslehi said an unspecified number of “nuclear spies” were arrested in connection with Stuxnet.33 virus.

As CNET first reported in August 2010, Stuxnet, as a worm intended to hit critical infrastructure companies, wasn’t meant to remove data from Natanz. Rather, it left a back door that was meant to be accessed remotely to allow outsiders to stealthily control the plant.

The Stuxnet worm infected industrial control system companies around the world, particularly in Iran and India but also companies in the U.S. energy industry, Liam O’Murchu, manager of operations for Symantec Security Response, told CNET. He declined to say how many companies may have been infected or to identify any of them.

“This is quite a serious development in the threat landscape,” he said. “It’s essentially giving an attacker control of the physical system in an industrial control environment.”

According to ISSSource, the double agent was likely a member of the Mujahedeen-e-Khalq (MEK), a shadowy organization often engaged by Israel to carry out targeted assassinations of Iraninan nationals, the publication’s sources said.

As CNET reported in August 2010:

The Stuxnet worm propagates by exploiting a hole in all versions of Windows in the code that processes shortcut files, ending in “.lnk,” according to…[the] Microsoft Malware Protection Center….Merely browsing to the removable media drive using an application that displays shortcut icons, such as Windows Explorer, will run the malware without the user clicking on the icons. The worm infects USB drives or other removable storage devices that are subsequently connected to the infected machine. Those USB drives then infect other machines much like the common cold is spread by infected people sneezing into their hands and then touching door knobs that others are handling.

The malware includes a rootkit, which is software designed to hide the fact that a computer has been compromised, and other software that sneaks onto computers by using a digital certificates signed two Taiwanese chip manufacturers that are based in the same industrial complex in Taiwan–RealTek and JMicron, according to Chester Wisniewski, senior security advisor at Sophos…. It is unclear how the digital signatures were acquired by the attacker, but experts believe they were stolen and that the companies were not involved.

Once the machine is infected, a Trojan looks to see if the computer it lands on is running Siemens’ Simatic WinCC software. The malware then automatically uses a default password that is hard-coded into the software to access the control system’s Microsoft SQL database.

This story originally appeared on CNET.

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

Page 1 of 3123»

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?

Find Out More, Click Here!