SoylentNews is people
SoylentNews
Renowned security researcher Bruce Schneier has a story up on his blog On the Equifax Data Breach:
Last Thursday, Equifax reported a data breach that affects 143 million US customers, about 44% of the population. It's an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver's license numbers -- exactly the sort of information criminals can use to impersonate victims to banks, credit card companies, insurance companies, and other businesses vulnerable to fraud.
Many sites posted guides to protecting yourself now that it's happened. But if you want to prevent this kind of thing from happening again, your only solution is government regulation (as unlikely as that may be at the moment).
The market can't fix this. Markets work because buyers choose between sellers, and sellers compete for buyers. In case you didn't notice, you're not Equifax's customer. You're its product.
This happened because your personal information is valuable, and Equifax is in the business of selling it. The company is much more than a credit reporting agency. It's a data broker. It collects information about all of us, analyzes it all, and then sells those insights.
Its customers are people and organizations who want to buy information: banks looking to lend you money, landlords deciding whether to rent you an apartment, employers deciding whether to hire you, companies trying to figure out whether you'd be a profitable customer -- everyone who wants to sell you something, even governments.
It's not just Equifax. It might be one of the biggest, but there are 2,500 to 4,000 other data brokers that are collecting, storing, and selling information about you -- almost all of them companies you've never heard of and have no business relationship with.
Surveillance capitalism fuels the Internet, and sometimes it seems that everyone is spying on you. You're secretly tracked on pretty much every commercial website you visit.
Bruce continues with observations about the data gathering activities of such on-line behemoths as Google and Facebook, as well as companies as mundane as your cell phone provider. Sadly, massive data breaches such as what happened at Target, Home Depot, and Yahoo! gathered media attention for a while, but after a matter of time faded from public awareness and concern.
He suggests the only solution is government regulation. Maybe. But that also runs up against the problem of regulatory capture.
What, if anything, can be done? Mandate a minimum payment of, say, $100.00 to each person who had information disclosed? That would certainly boost a company's willingness to implement security best-practices.
(Score: 1, Offtopic) by MichaelDavidCrawford on Friday September 15 2017, @04:32AM (3 children)
I Am Absolutely Serious.
Yes I Have No Bananas. [gofundme.com]
(Score: 2, Offtopic) by Hyperturtle on Friday September 15 2017, @03:38PM (2 children)
If you are responsible for a few computers, then adding this to a locally managed DNS server can be quick and easy. This is just a general gist of what one can do; you will need to alter this to suit your DNS server. (the example below is an export from dns in windows server)
Name Type Data
hosted-pixel.com
(same as parent folder) Host (A) 127.0.0.254
(same as parent folder) Start of Authority (SOA) [7], yourlocaldnsserver.domain.int., hostmaster.domain.int.
(same as parent folder) Name Server (NS) yourlocaldnsserver.domain.int
(you can add more of these Name Server entries, if you have more DNS servers at your disposal--just make sure your dns server can resolve your other dns servers!)
You don't really need a server name specific as an A record for a domain you want to block, unless you identify what the servers are within the domain and want to uniquely identify them with differing host records. Just giving the FQDN itself an A record is enough to prevent *all* of the servers in that domain from resolving and leaving 1x1 pixels (or whatever) on your PC.
My choice of 127.0.0.254 is associated with other trackers I block. 127.x.x.x is all wasted for loopbacks; there is no reason to limit everything to 127.0.0.1. That way, if I suspect I need to add a new primary DNS zone, I can first look up if the domain even resolves to an IP, and then if it already does internally on my DNS, I can determine how I have categorized it, just by the 127.x.x.x that replies back.
FB has its own address, as do its domains, google does, and then generic ones that I don't see acting with numerous domains get a unique one, but might be under a 'subnet' within 127.x.x.x -- for tracking, marketing, or both like with pixels. .254 is sort of my "its everywhere" bucket.
Using alternate loopback IPs helps me determine what a site is doing, if half the connection attempts go to numerous 127.x.x.x IP addresses (as resolved by my DNS server). It gives me a very good idea as to what a site is trying to about my visit, besides just showing me what I came to the site to see.
Of course, you can always point stuff to an actual local server or something else -- an IP address is an IP address. Just make sure it goes somewhere you want it to, if not a loopback, otherwise your experience may get wonky waiting to time out. (don't use 0.0.0.0 for example; that often does not work well for numerous platforms --loopbacks, however, always do).
It also helps me understand when changes take place on the backend, without any visible gui differences as presented in the web browser. Sometimes, I find that there is a new business partner that wasn't there before.
I don't do much in the way of analyzing the data.. its mostly for my curiosity. At first I just had a bazillion 127.0.0.1 entries, but it got frustrating when everything came back with that IP and i wasn't sure what it was doing besides being something I already 'blocked' via poisoning my DNS, so to speak.
Anyway, it is a constant battle, and to set it up took half a day or so out of a weekend. I set up a couple VMs on other hardware for redundancy, and that lets me use my primary DNS server for other things without fear of breaking all my dns filtering if I reboot my DNS server or otherwise prevent it from resolving names for a while. Hey, sometimes windows server blue screens and I don't even notice because my other servers fill the gap.
The only real problem I have with this method of dns filtering (I just set it up once on the server, and every device on my network is then 'protected') is that if I take my portable devices somewhere else... they can't benefit. For those, I have a large hosts file.
The hosts file is very good for blocking things locally, that other people want to access and you might not want to put on the DNS server. I am not above using host files in favor of an actual DNS server--I try to use both as the situation merits and I'm not a purist. (Besides, it can be tough to update host files on mobile phones, too...but when using wifi at home, your local DNS server and block a whole lot of ads and tracking.)
(IPV6 trackers are a problem, too, but the DNS for that is similar.)
(Score: 0) by Anonymous Coward on Friday September 15 2017, @04:43PM (1 child)
Another benefit of spreading it out in the address space is that most browsers limit requests to the same host, which includes IP address. With the increased number of different "hosts," you end up with less waiting for timeouts or dummy payloads.
(Score: 2) by Hyperturtle on Sunday September 17 2017, @02:02PM
I agree.
It's usually better to use 127.x.x.x for such entries, since 0.0.0.0 (often in pre-made lists available for download at various places) is sometimes parsed as a place to go, and causes a delay while it times out. 127.x.x.x never do that.