InfoSec trickery links December 16, 2014

Whisper CTO says tracking "anonymous" users not a big deal, really - Sean Gallagher - Ars Technica

The Guardian was exploring a potential editorial relationship with Whisper, and staff from the news organization spent three days at Whisper’s offices in Los Angeles. While there, the Guardian team witnessed Whisper employees using an in-house geolocation tool to track posts made from various locations and found that the company is tracking specific Whisper users believed to be “potentially newsworthy,” including members of the military, government employees, and employees of companies such as Disney and Yahoo. The company also shares information about posters and their locations with the Defense Department, FBI, and the UK’s MI5, the Guardian’s Paul Lewis and Dominic Rushe reported.

Now Everyone Wants to sell You A Magical Anonymity Router. Choose Wisely - Andy Greenberg - WIRED

Maintaining your privacy online, like investing in stocks or looking good naked, has become one of those nagging desires that leaves Americans with a surplus of stress and a deficit of facts. So it’s no surprise that a cottage industry of privacy marketers now wants to sell them the solution in a $50 piece of hardware promising internet “anonymity” or “invisibility.” And as with any panacea in a box, the quicker the fix, the more doubt it deserves.

How to Tell Data Leaks from Publicity Stunts - Brian Krebs - Krebs on Security

Fortunately, there are some basic steps that companies, journalists and regular folk can take to quickly test whether a claimed data leak is at all valid, while reducing unwarranted damage to reputation caused by media frenzy and public concern. The fact-checking tips come in a paper from Allison Nixon, a researcher with Deloitte who — for nearly the past two years — has been my go-to person for vetting public data breach claims.