Podcast Episode Details

Back to Podcast Episodes

The Shared Security Podcast Episode 49 – Google Search Privacy, Smart TV Attacks, Internet Router Risks

This is the 49th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded December 16, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast:

People’s Deepest, Darkest Google Searches Are Being Used Against Them

You should really always be thinking about how your search queries could end up putting you on a “sucker list”.

There there seem to be two levels of exploiting your search queries:

  • Direct categorization by the search engine, which leads to more targeted advertising – We may not think about how the entities that have access to our search queries might use them against us (or for us, in their interpretation – “all the better to serve you relevant content, my dear”). In fact, Mikko Hypponen says in his Ted Talk from October, 2013, “We are brutally honest with search engines. You show me your search engine history, and I will find something incriminating or embarrassing in 5 minutes.” So, I’d like you to ask yourself, “Do you really want to trust the guys – whose livelihood is derived from selling information about you – to know exactly what your most burning questions are?”
  • Luring to pages that collect information – These pages try to get you to “self-screen”, using the byproducts of failed searches and application forms (called remnants), which have value to some bottom-feeders

There’s a big profit in just trying to categorize people, especially if they can identify people who are better than average candidates for any type of businesses they can sell the lists to.

There can also be a lot of bait and switch tactics to get around Google’s predator defences. This is one of the reasons that “data never dies”. As soon as it’s captured, the data is copied and correlated with other data that makes it more valuable. It will quickly end up in a place where you can’t delete it.

– Scott

Man-in-the-middle attack on Vizio TVs coughs up owners’ viewing habits

Product vendors need to stop assuming that nobody cares about the data they collect and/or send over the Internet. It used to be that the Internet was mostly insecure because not much was encrypted.

Now, with Google, Facebook, Twitter and many of the most popular sites using the TLS standard for encrypting all data to and from their sites (even if it’s not a form with sensitive data), there’s an expectation that if your product doesn’t secure its communications, it can be the weakest link for customer privacy. So, all data has to be encrypted properly, which means using standard protocols for authenticating end points and encrypting messages.

Not using proper data security within new products is inexcusable.

The reason I say “standard protocols” is that very often, vendors think they are being clever by inventing their own way of hiding or securing data. This rarely works, especially these days, when virtually every new product is being analyzed by researchers or bad guys to find vulnerabilities.

There’s plenty of free software available that can do security properly (e.g. http://libsodium.org ), so why would you try to invent your own, which is going to cost a lot of money, and more than likely will be bypassed at some point.

This is al

Published on 10 years ago





If you like Podbriefly.com, please consider donating to support the ongoing development.

Donate

© 2025 Developer Service

DevAsService

DevAsService

Cloud Home Lab

Developer Service

Imaginator

Courses Developer Service

Is It Clickbait