Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 60
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,163

    Default

    HIPPA only applies to medical records, and PCI only applies to CC transactions. Telemetry data doesn't really impact the integrity of the data content itself. So I don't see how HIPPA and PCI compliance even apply. You're PCI compliant if you use an Android or iOS based cellphone to accept CCs and have been so for years, with all of the same data being collected by the OS manufacturer, device manufacturer, and everyone else that gets you to agree to let them install on it.
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Banned
    Join Date
    Nov 2014
    Posts
    192

    Default

    I sometimes supervise audit responses - it will be very interesting to see how Win10 fares once it becomes widely deployed. Especially considering the deep telemetry - including what amounts to a keylogger. We do a lot of our work through DLP (Fortigate) to maintain some compliance for various organizations. It concerns me about how much data Win10 is spilling but it's still early in testing.

    I'm tempted to build a blocking rule for Fortgate to pre-emptively block most of the Win10 telemetry in an enterprise environment.

    The last PCI audit I received for a corporation we service was 145 pages. It's quite costly for a company to deal with a failed audit, then send a report to an MSP like us - then pay us $190 an hour per engineer to sift through and correct it. Win10 could add to the complications if the telemetry is over the top.
    Last edited by Mayahana; 08-30-2015 at 06:08 PM.

  3. #13
    Untangle Ninja f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    1,495

    Default

    Quote Originally Posted by Mayahana View Post
    it will be very interesting to see how Win10 fares once it becomes widely deployed. Especially considering the deep telemetry - including what amounts to a keylogger...It concerns me about how much data Win10 is spilling but it's still early in testing.
    I agree today's computer technology has become very (privacy) problematic and with the acknowledgment that with every data point gathered (however small) = greater perspective (empowerment). This collection is very concerning, but its been with us since computing was created...and only gaining momentum.
    I find it incredibly ironic knowing all modern OS's, Apps, and services today basically collect (deep telemetry) your "keystorkes" in hopes of gaining an advantage over their competitors (i.e., understand what you're doing in/with their software/service and how they can enhance your "experience or need") to their monetary prosperity. Is Microsoft (i.e., Windows 10) collecting more than others (e.g., Google, Facebook, etc.)? Doubtful.
    Anyway, show me such an electronic product or service that doesn't collect, and I'll show you an inevitable market loser. Consumers want to eat all their cake and not be responsible for the consequence associate with such...The question is when is enough, enough? Have we reached that threshold with all the bytes getting into the wrong hands on such a huge scale lately, my hope is we're beginning to awaken.
    There have been many, many sentinel's warning of the scale of this collection...have we reached a tipping point? Hmm, I wonder...
    Last edited by f1assistance; 08-31-2015 at 03:28 AM.
    Vanguard Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM
    And building #7 didn't kill itself!

  4. #14
    Banned
    Join Date
    Nov 2014
    Posts
    192

    Default

    Quote Originally Posted by f1assistance View Post
    I agree today's computer technology has become very (privacy) problematic and with the acknowledgment that with every data point gathered (however small) = greater perspective (empowerment). This collection is very concerning, but its been with us since computing was created...and only gaining momentum.
    I find it incredibly ironic knowing all modern OS's, Apps, and services today basically collect (deep telemetry) your "keystorkes" in hopes of gaining an advantage over their competitors (i.e., understand what you're doing in/with their software/service and how they can enhance your "experience or need") to their monetary prosperity. Is Microsoft (i.e., Windows 10) collecting more than others (e.g., Google, Facebook, etc.)? Doubtful.
    Anyway, show me such an electronic product or service that doesn't collect, and I'll show you an inevitable market loser. Consumers want to eat all their cake and not be responsible for the consequence associate with such...The question is when is enough, enough? Have we reached that threshold with all the bytes getting into the wrong hands on such a huge scale lately, my hope is we're beginning to awaken.
    There have been many, many sentinel's warning of the scale of this collection...have we reached a tipping point? Hmm, I wonder...
    Great post!

    Not only do we need to concern ourselves with the telemetry, but where that telemetry is going, how it is stored and with whom it is shared with. The considerations are many and great. Since most of the organizations we've seen are not responsible caretakers of our data then we need to either create laws/regulations for that storage or we need to stop that telemetry until we can guarantee the integrity of the data/transmission/storage/sharing.

    I was the first to discover a password manager named 'PasswordBox' - a PAID product was sending deep telemetry and keystrokes to Mixpanel. I exposed this immediately at the risk of a lawsuit and a short time later the company was sold to Intel. PasswordBox was harvesting data such as every website you visit, what you click, how many times you use the password for that site and even things like how long you visited that site! This is NOT something you want a password product sending in 'plain text' over the internet is it?

    Note: Mixpanel is only blocked on Untangle WF with the 'Marketing Services' filter checked, or you create a blocklist item for it. I discovered Bit Defender Trial was functioning as a MITM on Google Searches. I installed Bit Trial in the lab and we noticed when we searched for antivirus products Bit Defender would truncate searches and place links to it's products and affiliates ahead of other search results.

    It is a mistake to assume paid products aren't gathering deep telemetry. In previous years it was more a subject of free services. We know AvastAV used their security toolbar to harvest extensive data and even to redirect searches.


    Those big expensive ASUS Routers with Trend AiProtection on them? I've noticed that one thing the router does (if you have enabled any part of AiProtection) is sending the full url of visited webpages to Trend Micro. Within between 20 seconds to a few minutes, a Trend Micro bot then connects to that exact same url, if your original url uses GET then it can even include your session tokens and all the other key/pairs that were in the original url. So it can receive an exact copy of the page you visited, even if you're logged in on a regular/unencrypted http:// website, this MAY include POST activity. This means that Trend Micro can collect, monitor and store your complete browsing history and technically can even take over web sessions by using the token you use yourself. This is a huge privacy and security issue in my opinion.

    I will admit I am a bit anal about my home network connectivity/security. I want to know what is leaving my network and exert a fairly deep level of control over it. I confess that much of my work involves blocking telemetry.

  5. #15
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,163

    Default

    Digital property rights...

    We don't have them. I've been screaming until I'm blue in the face and only small groups care. Congress is too busy passing more H1B Visa allowances so large tech firms can abuse more slaves to bother to do something as earth shatteringly simple as equate digital property to physical property.

    We have laws that regulate putting cameras in a dressing room, I see little difference between that and a private mailbox. The world however, doesn't seem to. What happens if someone messes with your mailbox out in front of your home? Federal crime right? Yet... How long has Google been doing exactly that?

    So don't assume just because I think Win10 is PCI / HIPPA compliant that I like it. It's a great platform, but it seems to be greater for Microsoft than it is for the user.
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #16
    Banned
    Join Date
    Nov 2014
    Posts
    192

    Default

    I agree man..

    Also - Microsoft is tossing new, intrusive telemetry into Win 7, 8, and 8.1 now too!

    http://www.pcworld.com/article/29782...acy-storm.html

    You can bet the NSA/CIA are readily harvesting this stuff. Actually I've caught DISA on my networks more than anyone else and have a feeling DISA is doing quite a good number of spying on Americans since DISA isn't the least bit hampered by domestic spying laws. So I'm sure DISA is loving the new Microsoft telemetry. A lot of corporations we handle MSP for view our own govt. (CIA/NSA,etc) as malicious actors and seem to want to avoid the prying eyes of them.

    Fortinet's recent signing of a partnership with the NSA has cost us business.
    Last edited by Mayahana; 08-31-2015 at 08:15 PM.

  7. #17
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,163

    Default

    That's one of the primary reasons why I love Untangle so much.

    Root access, to the platform. Untangle is free to do whatever they want, and I'm free to audit and control whatever access I want. As far as I'm concerned that's the only way a security device should function. Perfectly trustworthy because all of the technology can be tested, manipulated, and controlled by the admin should he or she wish to.
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #18
    Untangle Ninja f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    1,495

    Default

    Hmm...obviously, it's easier to ignore and deny, then understand and alert...I won't be surprise to discover in the future it was the State demanding MS (and "all" others) to provide the capacity for deeper collective activity collection. It's not enough they store every single byte moving across the global interweb, because today "stuff" still can be hidden. Now, if you touch every endpoint (currently 1.25 billion Windows machines and growing), and think of IoT, where the hiding takes place, well, sadly, 1984 is now...
    Did you really think the NSA was trying to give an example of a capacity of their shinny new data center in Utah when they stated; "when completed they'd be able to hold 100 years of the worlds data", and not believe they actually planned to do exactly that? Personally, I couldn't then, and still can't now, comprehend this volume of information.
    This is more than a war game on a global scale people, all States are involved, and any too late, means it's over. I think we all lost and most didn't even know they were a part of such an undertaking. GAME OVER?
    Ignorance is bliss! :-) Party on Wayne, party on Garth...

    P.S. I'll continue to move against hackers and their endeavor, and not try to deny the State.
    Last edited by f1assistance; 09-01-2015 at 04:31 AM.
    Vanguard Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM
    And building #7 didn't kill itself!

  9. #19
    Banned
    Join Date
    Nov 2014
    Posts
    192

    Default

    We've moved to more of a secure your crucial data aspect. You can't really control everything anymore, so control what is very important. Stacked VPN's moving file encrypted data that's crucial to a business, or contains industrial secrets. Pretty easy to avoid anyone snagging that - even the state. While they CAN break stacked VPN's they aren't likely going to get into the data that's AES+Twofish encrypted. My personal data I am 'concerned' about is always encrypted. But I don't fret as much about the 'other' stuff.. You know - those take out orders, an email to a friend about a computer game, or an Amazon order. But personal, financial, and family documents/photos/data is always heavily secured.

    The state isn't as hard to shake off as people think - if you have a reason to. What worries me is not so much the state, but the data the state has and how they are securing OUR data. The govt. has shown they are hideous with data control. Also of some concern are third party contractors utilized by the state - spreading malware and then selling that data to the highest bidder. It is well known that some telemetry gathering firms sell data to states... If you can get your telemetry from the 100 million people Mixpanel snoops on why bother doing it yourself? Just pay them to do it. Hence why I feel it's important to block it - or at the least reduce exposure to it.

  10. #20
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,163

    Default

    Telemetry Control, a new module for Untangle?
    Last edited by sky-knight; 09-01-2015 at 09:19 AM.
    RiffRaff likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 6 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2