Something of Doom

Sunday, April 26, 2026

Logscale, dashboards, and DNS

Futurama gif with Fry screaming 'Fix It! Fix it! Fix it!' to Leela

Losgcale, or as it rather be called Crowdstrike Falcon Logscale (say that 3 times fast and Bettlejuice may show up), is a Security Information and Event Management(SIEM) made by Crowdstrike. In other words, it is a glorified log collector that allows you to ask questions, create alerts based on those questions, and present the answers in pretty dashboards and graphs. It is not the only game in town -- there are quite a few open source and commercial ones -- but it is the one we will be talking about today.

Dashboards, dashboards everywhere

A dashboard is way to show what the logs know in a pretty graphical way: most people just want to see what they need to care about the logs; they should not be forced to learn how to do that manually.

For instance, what if you want to show all the times the logs reported a specific event happened? Which event? I don't know. Maybe a failed sshsession. Since we will be using fake data, how about if we want to know if the logs detected the presence of The Dude? Maybe that would look like this in the logs:

<47>Apr 24 08:06:46 192.168.12.9 banana/error[285]: dude-abides=false

Note: This is being fed by my Python-based fake log generator script. So, it says whatever I want.

Now, let's create a quick dashboard since this article is not about how to create one. All we want it to do is to find The Dude and let us know when and where the presence of His Dudeness was detected. Where here would be the host name; it would be nice if we have the full name (balcony.example.org in this example), or FQDN. Technically logscale has a filed called host that should provide us that. Problem is that it gives us whatever the log had: if that was a hostname, we are good. But, what the host does not have the full name, instead just the balcony or IP (192.168.12.9) address? Losgcale provide the query command reverseDNS(), which can return the FQDN:

| reverseDNS(host, as="host_name")

With that, we could create a dashboard whose query looks like this:

tail(100)
| reverseDNS(host, as="host_name")
| has_dude := if(text:contains(string=msg, substring="dude-abides"), then="Yes", else="No")
| table([@timestamp, host_name, type, has_dude, msg])

Just before anyone asks, this is a very simple query because writing dashboards is not the topic of this article. All I want it to do is to get logs like this (one of them has a message body I saved from a real alert down to the IP address)

<63>Apr 24 08:06:41 192.16.94.101 tiktok/error[1197]: Did you see that?
<47>Apr 24 08:06:46 192.168.12.9 banana/error[285]: dude-abides=false
<66>Apr 24 08:06:47 192.168.55.85 tiktok/error[867]: right_droid=false
<1>Apr 24 08:06:48 192.16.55.6 unamed[1155]: Did you see that?
<8>Apr 24 08:06:50 192.168.12.137 rm/error[1733]: Cannot destroy all humans
<20>Apr 24 08:06:51 192.16.55.6 tiktok/error[121]: %RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from 217.69.139.202
<45>Apr 24 08:06:52 192.168.55.85 tiktok[426]: right_droid=false

which have IP addresses for hostnames (note the IP range; it will be important later). The "job" of the query is to identify those logs containing dude-abides. To make it look pretty, we are using the function reverseDNS() to convert the IPs to FQDNs.

The output should look like a table with 4 columns (you can stretch the window to try to make table look pretty):

@timestamp	host_name	has_dude	msg
2026-04-24 04:06:41.000	balcony.example.org	No	Did you see that?
2026-04-24 08:06:46.000	balcony.example.org	Yes	dude-abides=false
2026-04-24 04:06:47.000	saladbar.example.org	No	right-droid=false
2026-04-24 04:06:48.000	kitchen.example.org	No	Did you see that?
2026-04-24 04:06:50.000	bathroom.example.org	No	Cannot destroy all humans
2026-04-24 04:06:51.000	kitchen.example.org	No	%RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from 217.69.139.202
2026-04-24 04:06:52.000	saladbar.example.org	No	right-droid=false

Note: The reason we have 000 in the end of the time (ex: 08:06:46.000) is that logscale can handle/expects/would like that to be in microseconds. When it does not get them, it makes microseconds = 000.

It is broken!

When we run it the dashboard, something goes wrong: where is the host_name?

Screen capture of the logscale dashboard we created (looks like the table above). The host_name column is missing

Here's a representation of the above in glorious ASCII):

@timestamp	has_dude	msg
2026-04-24 04:06:41.000	No	Did you see that?
2026-04-24 08:06:46.000	Yes	dude-abides=false
2026-04-24 04:06:47.000	No	right-droid=false
2026-04-24 04:06:48.000	No	Did you see that?
2026-04-24 04:06:50.000	No	Cannot destroy all humans
2026-04-24 04:06:51.000	No	%RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from 217.69.139.202
2026-04-24 04:06:52.000	No	right-droid=false

So, how to make it work? By default logscale uses the dns servers known by the host it is running on. In Linux they could be defined in resolv.conf (I am going to use dns1, dns2, and so on to define the dns servers instead of using IPs so it is easy to see them; this is getting long):

[banana@logscale-box ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
search example.org
nameserver dns1
nameserver dns2
[banana@logscale-box ~]$

dns1 and dns2, being our internal dns servers, do know all of our hosts in the 192.168.xx.xx (technically I should represent that as 192.168.0.0/16) range, which is a private IP range

Note: Private IP Addresses are those defined by RFC 1918 to belong to one of the following ranges: 192.168.x.x, 10.x.x.x, and 172.16.x.x

It turns out by default (again that word) logscale will not convert IPs in the private IP address ranges, you have to force it to do so. And that is done using 3 environmental variables (I call them constants. but what do I know?) defined in /etc/logscale/humio.conf: RDNS_DEFAULT_SERVER, IP_FILTER_RDNS_SERVER, and IP_FILTER_RDNS:

RDNS_DEFAULT_SERVER

Defines the server used when no server is explicitly specified in the function call
Ex: RDNS_DEFAULT_SERVER=192.168.5.3

IP_FILTER_RDNS

For reverse DNS lookups in reserved IP addresses
Which IP addresses can be queried with rdns() and reverseDns()
Ex: IP_FILTER_RDNS=deny 10.0.5.0/24; allow all
- Cannot query hosts in the 10.0.5.0/24 range
- Can query reserved IP addresses that are in other ranges.

IP_FILTER_RDNS_SERVER

For RDNS server filtering
Only restricts which servers can be explicitly specified in rdns() or reverseDns() function calls
If RDNS_DEFAULT_SERVER is defined, include it
Ex: IP_FILTER_RDNS_SERVER=allow 192.168.7.1; deny all
- Allows 192.168.7.1 (and 192.168.5.3) as rdns servers for reserved IP addresses

Since dns1 and dns2 can resolve the problem, all we would need to do is to add the following lines to /etc/logscale/humio.conf:

IP_FILTER_RDNS_SERVER=allow all
IP_FILTER_RDNS=allow all

The following screen capture does show hostnames under host_name; I just deleted them because I used real names. I will manually alter the file(!) to put mine later.

Screen capture of the logscale dashboard we created (looks like the table above). The host_name column is now visible

Variations on the theme

What if I just want to only allow the use of dns2 for reverse dns?
Edit IP_FILTER_RDNS_SERVER
```
IP_FILTER_RDNS_SERVER=allow dns2; deny all
```
then, optionally, edit the dashboard query
```
| reverseDNS(host, as="host_name", server="dns2")
```

What if I want to only use a dns3 for reverse dns, but not define it in resolv.conf?

Edit humio.conf

RDNS_DEFAULT_SERVER=dns3
IP_FILTER_RDNS=allow all
IP_FILTER_RDNS_SERVER=allow dns3; deny all

then, optionally, edit the dashboard query

| reverseDNS(host, as="host_name", server="dns3")

More Complex Examples

What if I want to add google's dns server to resolv.conf as failover in case my DNS servers are both down?

[banana@logscale-box ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
search example.org
nameserver dns1
nameserver dns2
nameserver 8.8.8.8
[banana@logscale-box ~]$

It depeneds on the other settings:

If you do not add the IP_FILTER_RDNS*humio.conf? Logscale will be in default mode and never try to resolve private IP addresses. And that is what started the events that lead to this article.
If you set humio.conf as in the original example,
```
IP_FILTER_RDNS=allow all
IP_FILTER_RDNS_SERVER=allow all
```
and do not specify a dns server in the dashboard query as in the original case
```
| reverseDNS(host, as="host_name")
```
Logscale may try to that for the private IPs, which will not work but now oyu are telling google, and possibly others who are listening, which private IPs you use. Don't do this!
If you set humio.conf as in the original example,
```
IP_FILTER_RDNS=allow all
IP_FILTER_RDNS_SERVER=allow all
```
and specify a dns server in the dashboard query
```
| reverseDNS(host, as="host_name", server="dns2")
```
Logscale will gracefully not show host_names when dns2 is down, and will not query google's.
If you set humio.conf specifically telling which dns servers to use. This is better than the previous solution
```
IP_FILTER_RDNS=allow all
IP_FILTER_RDNS_SERVER=allow dns1; allow dns2; deny all
```
and do not specify a dns server in the dashboard query as in the original case
```
| reverseDNS(host, as="host_name")
```
Logscale will only show host_names when either dns1 or dns2 is up, and will never try to query google's. This is the best because you are limiting which dns servers to use in one single location (humio.conf) instead of possibly filtering every single dahsboard. If you need to have dashboards quering specific dns servers, add them to the humio.conf file as above and then use the specific one where needed. This add a second layer of protection.

Saturday, June 15, 2024

New Windows WiFi RCE vulnerability

Full Disclosure: I am just posthing this because of the meme. It sure beats the usual "hacker (because wearing hoodie) in a dark room with computers" picture that is so common in these posts. Yes, I am looking at you Tom's Hardware.

A "Remote Command Execution" (RCE) vulnerability just means that someone can send remote commands to something whose software have this vulnerability. A classic case of a RCE Vulnerability that was exploited is the log4j one (hello 2021!). These commands can be something like uploading malicious code to the computer or application which can be unleashed in the computer running this application. On June 12th, Microsoft's Patch Tuesday to address 49 CVE-tagged security flaws. Amongst them there was a patch for CVE-2024-30078, which deals with the WiFi RCE Vulnerability that is the topic of this post.

The main difference here is that this vulnerability is on the (Windows) drivers for a network card. The beauty about such attack is the attacker does not need the help from the user (as in phishing) to get the malware into the computer. In fact, chances are unless the code is patched, there may not be much stopping such an attack; all they need it to send a malicious networking packet to enable the remote code execution, which would then be followed with them uploading their own code to start exploring their new acquisition.

To add insult to injury, the attackers may not even need to be in the same network; all they have to be is within the range of the vulnerable computer. Witht he right equipment, "within range" can be measured in feet or even miles.

Homer Simpson: No exploit code is available so far

from Imgflip Meme Generator

Microsoft, who issued a patch for that, stated that there are no reported malware exploiting this vulnerability and that "Exploitation Less Likely" while the Cyber Security Agency of Singapore thinks it is a high-severity vulnerability and everyone using the Windows versions affected by this (pretty much everything remotely recent) should "update to the latest versions immediately". I do not know about you, but I would side with the Singapore agency on this one.

TL;DR:

Have Windows computer? Patch it. Immediately

Thursday, May 23, 2024

Browsers, expired certs, bad defaults, and risk ASSessment

I have had to access more device/websites with expired or self-signed certs than I would like to admit. There are also those which are just plain insecure (think passwords being sent unencrypted). If you never experienced that, either you are really lucky or, well, welcome to The Planet Earth!

There are those, some of them are my friends, who think that is not acceptable and the only solution is to replace all this junk with new junk which complies with current regulations. Some of them even have CISSP and CISM certificates and have titles like "Senior Security Engineer". They all live in another world with no relationship to ours and our reality.

There, I said it. Call me heretic, but do not be disappointed if you will need to pick a number; you will not be the first or the last. But, I will not change my mind.

from Imgflip Meme Generator

One of those security concepts that those who are CISSP/CISM/etc certified should know by the very reason they are certified is risk. Everything has a vulnerability, a weakness that if exploited (intentionally or accientally) may, well, hurt. If you ever got electrocuted while working on house wires or trying to repair an appliance you know what I mean. Also, boiling oil in a pan can hurt. So you deal with it. For instance, you can just buy a new electric tea kettle instead of trying to replace the old wire. Or, if you are in a business setting, you can decree all computers will have the latest operating system with the latest patches even if that mean replacing the computers

And that is where we disagree

You see, sometimes that is not feasible. Perhaps I have the skills to replace a wire and doing so is much cheaper than getting a new kettle. Or, you have an old UNIX computer connected to a multimillion dollar test device whose software is hardcoded to that specific version of UNIX; replacing it would cost 50 million and you would be throwing away a perfectly good testing system. Or, that medical device only sends data through wireless to a ftp server, so its password is shown for all to see; each of these devices goes for $15,000 on a good day and really there are no better in its class for the service it provides. What to do?

You analysize the risk and make the best choice of how to deal with it. The options are not only "do nothing" (accept the risk) or "replace it" the "Secure All Things" crowd advocates. There are more alternatives (I am using CISSP parlance here):

Acceptance. Decide it does not worth trying to do something about it and move on.
Mitigation. Come up with something to eliminate the threat, like keeping all the computers running the latest versions of their software. This is where the "Secure All Things" crowd gathers.
Deterrence. Can we cut down the risk? In the case of the multimillion testing device, what if we take it off the network and use an external drive to transfer test data between it and a more modern computer we can secure? Or for a network appliance that can only be accessed by a web interface which has a self-signed certificate that may have already expired: if you cannot replace the certificate (licensing cost or just plain bad coding), put these appliances in a secure network with restricted access, and with a specific web browser configure to accept connecting to that appliance using that cert (and perhaps old encryptions).
Avoidance. Stop doing something that causes risk. If printers can be hacked, eliminating all printers takes care of this. If people can attack your wireless, remote the wireless.
Transference. Make it someone else's problem. Buy cybersecurity insurance. This can get expensive quickly and insurance companies have been raising the requirements. For instance, most of them will have a clause that if they found out you were careless, no money for you.
Rejection. The stick-your-head-on-the-ground approach to danger. Pretend it does not exist. I know it is a very common reaction, but try not to do it; this is considered lack of due care.

So, which one should you do? It depends, and we are way ahead of ourselves. We should start finding out what we have, knowing that getting a true full inventory may not be (economically) possible? But, let's say we did find out what we have. These are our assets, and we need to assign values to them, as risk can be seen as a number (usually money): we have to compare how much each risk response (that includes the bottom one, not doing anything) cost and figure out the cheapest one. You see, business exist to make money, and how we manage risk is a cost to the business. If the cost to mitigate the risk is close to that of deter it, maybe mitigation is the best solution. This kind of thought process is expected from someone who is called "senior security engineer/architect." I myself am fine with knowing that most solutions to minimize risk end up being finding a deterrence. And sometimes, you just have to accept the risk and move on. After all, companies (and individuals) have only so much money to deal with risk; a good senior level security professional will make each dollar count.

You are still on the soapbox

Right you are. We still have not detected the vulnerabilities. And the little dirty secret is that the findings generated by the security scanners should not be taken as face value. Some of these scanners are just mindless pattern-matching scripts. A novice security professional will just the tool and sound the alarm. A senior security professional will compare the findings with the information she has about the IT infrastructure (which may have required her sitting with the IT team) and eliminate what does not make sense for her setup and then prioritize it. Even if she uses AI (there, I said it), she will never blindly follow whatever the tool says.

Don't be what I call Qualysguy, that guy who runs Qualys and then sends a ticket to the IT team saying "fix all these things"

Tuesday, April 30, 2024

Logscale's free tier is dead, Jim

Some of you have deployed logscale at home or in a small setting as a way to get some experience with it. That was possible because Crowdstrike provided a free tier on the same lines as Splunk, Burpsuite, and even AWS/Azure/Google: some features were disabled and the amount of data was limited, but you were still able to get your feet wet in it. Now that is benefitial to both the company and you:

You learn how to use a well-known commercial product so when you go apply for a job that uses it knowing enough so you can start using it. Now some will claim the only experience that counts is experience you got from a paid job. Given how active I am in the open source community, I disagree. In fact, I will put my neck on the block and say there were many things I learned in a home lab I could not learn at work because, well, even when you work in a research institution what you can work on their time is dictated by what they think is important.
That does not mean if you install it in your homelab you will be just fiddling with some controls without really understanding the product. Logscale, AWS, Splunk, and Portswiggler (just using the same companies I mentioned because I can't be bothered finding links to others) offer free formal classes with hands-on exercises (and, yes, I know some of the AWS and Splunk videos are cringe but at least they are trying). These classed can lead yo you getting certfied, but that will cost and is a discussion for another post. Which leads to...
Microsoft, Splunk, and all of those companies want you to learn their product well. If you do, when you work at a company using it, you will not suck using it, so their product will not suck. And, if you get to the point you are the one recommeding products, guess which ones will you select?

So, what about this Logscale gripe you have?

Like the other vendors mentioned above, in early 2021 Crowdstrike acquired Humio, which later became Logscale. Later in that year, they announced the Humio Community Edition, the free version of Logscale with similar restrictions as, say, Splunk's (stealing the above from their announcement):

Ingest up to 16GB per day
7-day retention
No credit card required
Ongoing access with no trial period
Index-free logging, real-time alerts and live dashboards
Access Humio’s marketplace and packages, including guides to build new packages

Screen capture of message acknowledging the signing up for Logscale Community Edition

Great! So now you can pick and choose between the two! Not quite. Fast forward to March 2024, when CrowdStrike stopped accepting applications for LogScale Community Edition (link accessible only if you have a customer account unfortunately). Also, while those of you who still have your community account will still access it, if you do not access the Community Account for more than 90 days, it will be removed. Do you want to try before you buy? Sign up for their 15-day trial version after providing enough info about your and your company. Oh, they too have a Crowstrike University, but to get in you need to be a current paying customer; not even Bezos does that.

Bottom line

If you want to learn Logscale, and by that I mean also practcing it, you will have to get hired by a company that already has it.
If you are considering using it but have never used similar products, you will have to spend money. So, you might as well hire someone to see if it is the best solution for your needs. Case in point, a lot of people, me included, make fun of Splunk's price. Thing is, someone who is a Splunk Engineer, as opposite to a Security Engineer with Splunk Experience, knows how to put it together so its yearly cost does not go up the roof.

Tuesday, December 19, 2023

T-Mobile, Firefox, and Incognito mode

Most browsers have what they call a privacy or incognito mode. The idea is that it deletes any cookies and cache created by a website you ventured into once you close the browser (important step here). Note it does not replace a VPN or anonymize your traffic in any way; there are other tools for that. Still, I not only like that but I set my browsers to always start in that mode (we can talk about how to do so in a future post). Cookies is one of the ways websites use to track you (as in what GDPR would consider to be personal data), your habits, so they can know more about you than you do. I would rather not they do that. Also, shadier individuals -- even shadier than certain commercial organizations that I rather not mention -- also like them when they gain access (think phishing attacks) to your system as these files may have fun stuff like session cookies and even passwords they can steal.

Understandly, some companies do not like when I get rid of their cookies, but it is hard for them to do a thing because this is done at the user's end. However, it seems T-Mobile found a way around that: they chose to detect and block the user of Firefox running in Incognito Mode in their website:

T-Mobile message stating they do not support Firefox in incognito mode

Even though I provided the link to the official page, here is the text for those who are using a text based browser or cannot see images:

Firefox is no longer supported in private mode The Firefox browser is no longer supported in private mode on our site. To continue, please take Firefox out of private mode or choose another browser. We recommend Chrome, Safari or Edge.

Why are they singling out Firefox and derivatives (I also tried LibreWolf before writing this article)?

Could it be they assume everyone either uses a Windows, a Mac computer, or at least a Google-derives ystem (think Chromebook and Android), and any user running neither (I use Linux) is to be treated with mistrust?
Could it be that Safari stopped supporting extensions such as UBlock Origin, and Edge, well, is Edge just like the normal (as in not ungoogled) version of Chrome talks too much back to the mothership? After all, these browsers do have their versions of privacy modes, so that can't be the main issue. Nor that most sites, banks included, seem to work just fine with Firefox incognito mode.

Contacting T-Mobile led to nothing, so all I have are the speculations I made here. You too can make your own!

Saturday, December 2, 2023

Websites whose login pages do not work correctly

It is late a night and I just had a thought I want to share: have you ever went to a website, say, your abnk, where when you try to login -- pasting the username and password so there is no possibility of a typo -- it does not work and sends you to a "login failed, try again" page, it then works there?

I do not know about you, but if I were going to try to steal credentials, creating a website that sits in front of the real one (think man in the middle attack) would come into mind.

That is all I have for now: just food for though.

Saturday, November 18, 2023

Online subscriptions: Giveth and Taketh Away

Like many, I too have a gmail account. And I have used it to buy magazines, tv shows, and even subscriptions. My reason is the same as everyone else: it is convenient. Recently I received an email stating

Here is the text version, so people can translate to their language or jut be able to read it without having to rely on the image:

Since 2020, new purchases of magazines have not been available in Google News and very few users now regularly access their magazine subscriptions. We wanted to inform you that support for magazine content in Google News is being discontinued beginning on December 18, 2023, which means access from Google News apps or news.google.com to the library of magazines you previously purchased or subscribed to will be removed. To continue to access previously purchased magazine content, you must export and save each purchased issue before December 18, 2023.

Claiming this to be a security or even privacy topic may sound like a bit of a stretch, but hear me out. When you buy a TV show, movie, or even magazine subscription through Google, Apple, Amazon, Barnes & Noble, or whoever, unless you can download that to your computer and view it without needing to use their website or app, you may lose access to them for different reasons:

Technical issues.

People have reported ebooks purchases they made and downloaded to their book reader -- usually a phone app or Kindle -- one day are no longer in their devices. Or said books are no longer even listed in their accounts. Or, even when said books are in their devices, pages are/became missing. Contacting the publisher (or should we call them streaming providers as they may only be licensing the sale/distribution of the product?) can lead to hours if not months of frustration; they may be equally baffled for the reason of these problems.

This also frustrates authors, whose present and future earnings is directly related to the popularity of their work: imagine if one of your books was #1 bestseller and then because of a computer glitch with the streaming provider it cannot be easily found, downgrading it to #150. This have happened already.

The Wikipedia Effect

Wikipedia is a living document: people are always editing and improving on its contents. So, what you have read last month may have been disputed and edited out of it. That leads to arguments that it should not be quoted as reference source. Some authors and producers may feel the initial version of their book or movie did not portray the story the way they intended and would love to be able to come back, months or years after publication, and change it. George Lucas is the posterchild of this.

With streaming that no longer means a new release: all the old versions can be now updated just like a computer program. I myself have seen shows whose opening credits for specific episodes have changed at least 3 times; the latest of which added hints to events in the episode which really do not add value to it. Bottom line is what you bought last year may no longer be what you have. Is this good or bad? That is up to you. In my opinion while there is a benefit for textbooks and study guides, when we are talking about a work of fiction or even a technical paper, that removes the power from you the buyer to decide which version you have. I am glad I am still able to see the original Star Wars trilogy without the cgi "enhancements" added later.

Licensing issues

Let me cut to the chase: you do not own what you paid for. According to the Amazon's Conditions of Use (not singling them out but it was the one I could easily found),

COPYRIGHT
All content included in or made available through any Amazon Service, such as text, graphics, logos, button icons, images, audio clips, digital downloads, data compilations, and software is the property of Amazon or its content suppliers and protected by United States and international copyright laws. The compilation of all content included in or made available through any Amazon Service is the exclusive property of Amazon and protected by U.S. and international copyright laws.

The part I highlighted (boldfaced?) is the one we want to look at. All those Kindle books and movies and music you bought at Amazon Prime belong to Amazon or whoever they licensed it from. You only paid a license to access them, and contrary to social media sites and even companies you work at this license is not perpetual. There has been cases where, for instance, Kindle owners found books they purchased were removed from their accounts. And it does not end there: the Amazon Services Terms of Use states that this license can be revoked. While its words claims that termination only happens if they decide your are not in strict compliance with the agreement, they do reserve the right to decide if that is the case.

How does that affect privacy?

Some books or movies were removed from streaming sites because they were considered inappropriate; that in itself can mean many things including not politically acceptable. Your purchase/subscription records are in possession of these streaming providers. Depending on the location of residence, what can possibly be personal information -- they can be used to infer religious beliefs, sexual orientation, and so on -- is sold to other merchants, which will certainly use this data to create a profile on you (called an avatar) to better market to you be it by ads on free phone apps or even plain old emails. Others such as government and more criminal-minded organizations can also acquire the data for their own purposes.

How to minimize personal data exposure?

If you like a movie or a book, why not buy the movie on DVD/Blueray or the book either printed or at least as a PDF? At the very least now you own it in a way they cannot remove your access to it. You can find privacy-respecting DPF readers for most phones and computers. You can still convert the movie available in some electronic form so you can watch it without worrying about damaging the disk. There may be legality issues which are beyond this post but the technology is there. As a bonus, you do not have to worry about the content of your purchase changing from the version you paid for.

About Me

Mauricio Tavares has worked in computer research, credit card and medical industry, leading to an interest in the behavioral aspect of data security and privacy. He has previously developed a security program for a $23M federally funded International research program and now helps companies reap the benefits of deploying a well planned data privacy strategy.

A TrustedCI Fellow, he has given talks and published in topics ranging from aerospace engineering to computer automation and data privacy at DEFCON, IEEE, ISSA, KVM Forum, OWASP, NSF Cybersecurity Summit, and AIAA.

About cookies used and data collected on this blog

I have put no ads or links that track you or collect your data on this blog. If you want me to know about you or what you think, do post a comment. What data Google is collecting from you is between you and Google.

Warning

Anything said here does NOT represent the opinions, policies, or tenets of any organization real or imaginary. This side up. Shake well before using. Clean up after use.