Weekend Reads 090718

Did the passage of gDPR impact the amount of spam on the ‘net, or not? It depends on who you ask.

The folks at the Recorded Future blog examined the volume of spam and the number of registrations for domains used in phishing activity, and determined the volume of spam was not impacted by the implementation of Europe’s new privacy laws.

There were many concerns that after the European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018, there would be an uptick in spam. While it has only been three months since the GDPR went into effect, based on our research, not only has there not been an increase in spam, but the volume of spam and new registrations in spam-heavy generic top-level domains (gTLDs) has been on the decline.

John Levine at CircleID, however, argues the measures used in the Recorded Future piece are not useful measures of spam volume in relation to the controls imposed by GDPR:

To understand the effect of GDPR, the relevant questions are: Is GDPR enabling damage, because it makes detection, blocking, and mitigation harder?

Note that the CircleID article only addresses the domain registration question, and does not address the question of spam volume directly.

I would normally download a paper like this and post a synopsis of it as a research post later on, but the synopsis provided by Monday Note is good enough just to read directly.

Testing across 7 browsers and 46 browser extensions, the authors find that for virtually every browser and extension combination there is a way to bypass the intended security policies.

Acoustic side channels are being discovered all the time; this new one uses the “whine” from electronic components in a monitor to determine what someone is looking at by listening to their microphone. While this might not seem like a big deal at first, consider this: anyone on a web conference can use this technology to determine what is on your screen.

Daniel Genkin of the University of Michigan, Mihir Pattani of the University of Pennsylvania, Roei Schuster of Cornell Tech and Tel Aviv University, and Eran Tromer of Tel Aviv University and Columbia University investigated a potential new avenue of remote surveillance that they have dubbed “Synesthesia”: a side-channel attack that can reveal the contents of a remote screen, providing access to potentially sensitive information based solely on “content-dependent acoustic leakage from LCD screens.”