Tagged: security Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:22 am on November 2, 2018 Permalink | Reply
    Tags: , , security   

    Your Facebook account and messages could be sold for just ten cents 

    Your Facebook account and messages could be sold for just ten cents

    Ever since the major security breaches happened at Facebook, the social media titan has been trying to assure us that no sensitive user information has fallen into the hands of bad actors. However, it may be just now that we’re starting to see the veracity of those claims. When the accounts of hundreds of millions of users have been exposed, you have to expect at least some fallout from the exposure. Let’s revisit Facebook’s most recent hack that exposed somewhere between 30 and 50 million users.

    Now, the BBC is reporting that the private messages from over 80,000 Facebook accounts are being sold on the open market. While the majority of the accounts belong to users in the Ukraine and Russia, there are US and UK accounts listed among them. The bad actors in possession of this information were trying to sell each account for ten cents a piece. The BBC claims to have verified with some of the exposed users that the messages are in fact genuine. The hackers also claim that the 81,000 accounts are just a small sample of a larger cache that contains 120 million accounts.

    Not surprisingly, Facebook is trying to deflect blame from themselves, instead blaming the compromised accounts on malicious third-party browser extensions. That may be all well and good but when you put the words Facebook and hacked together it’s still Facebook who is going to take a lion’s share of the blame no matter how you look at it. Considering they’ve allowed close to 350 million accounts to be exposed in the past year is laying blame at their feet really that much of a stretch?

     
  • Geebo 9:00 am on October 9, 2018 Permalink | Reply
    Tags: , , , security   

    Security breach claims Google+ 

    Security breach claims Google+

    Stop me if you’ve heard this one. A major social network run by a major tech corporation exposes a good size chunk of its user data which the company chooses not to disclose until it’s investigated by the media. Normally, you probably wouldn’t be wrong if you thought that this was another story about Facebook but for once you’d be mistaken. This time it’s Google’s failed attempt at a social network known as Google Plus or Google+ as the search engine behemoth has branded it.

    The Wall Street Journal recently uncovered that a flaw in Google+ allowed user data to be exposed for 500,000 users. While this would be a drop in the bucket for Facebook, this is a massive breach for Google+ users. After the Journal report was released, Google almost immediately announced it was shuttering Google+ within the next ten months. So by August of 2019, Google+ will be no more. In a very Facebook-like move. Google reportedly knew of the breach back in Spring of this year but remained silent on it in order to avoid the controversy that Facebook was undergoing after the Cambridge Analytica scandal.

    Now, we can all joke about how barely anyone we know used Google+ but its impending demise shows a greater problem among the tech giants whose services we all use. Whether it’s Facebook, Google, Twitter or whomever, we use their services in exchange for a certain amount of trust that our personal information will be handled with a modicum of responsibility. Many of these companies have betrayed that trust especially in 2018. If these data breaches continue then these companies are just begging for governmental regulation and considering how divisive and partisan the current governmental scene is, it would make it the worst time for any kind of sweeping legislative change.

     
  • Geebo 10:15 am on October 1, 2018 Permalink | Reply
    Tags: , , security   

    Another day, another Facebook leak. 50m users this time. 

    Another day, another Facebook leak. 50m users this time.

    It must be a day ending in Y because once again, a security breach in Facebook has exposed the user information of some 50 million accounts. It was reported this past Friday, that there was a flaw in Facebook security that potentially could have led hackers to have access to these millions of accounts. What makes matters worse with this latest Facebook security breach is that the information could have led to the hijacking of other accounts outside of Facebook.

    The information exposed is called an access token. Access tokens allow you to login to other services using your Facebook account. Facebook is so entrenched in our lives that our Facebook accounts now act as our logins to a multitude of other platforms including those not owned by Facebook. So potentially, not only could your Facebook account have been taken over but most of your online life could have been assumed if you’re that reliant on your Facebook login.

    Facebook has said they have fixed the problem but once again this is Facebook closing the barn door after the horses have already gotten out. The data breaches are becoming so prevalent that we’ve just accepted them as inevitable. Is this really the platform we want to be trusting with our personal information? We share so much on Facebook that even without access bad actors could determine so much about us that they could use to our advantage. With Facebook leaking our information on top of that it shows that we’ve clearly given up on security for convenience.

     
  • Geebo 9:01 am on July 10, 2018 Permalink | Reply
    Tags: , hard drives, , , , security,   

    Wipe your devices before selling them 

    Wipe your devices before selling them

    Congratulations. You just bought a shiny new device, but you’re unsure what to do with still functioning older device. You could either donate it, recycle it, gift it, or even sell it on Geebo. However, before you do any of those things, you want to make sure there is no longer any valuable information left on the device.

    Recently, ABC Action News in the Tampa area bought a number of laptops from people who were selling them on online marketplaces. A number of those laptops still had valuable information on them including bank account and social security numbers. Before parting with a device that has been in your service for years you want to make sure that there is no personal information left on it. While Action News mentions taking your device to be professionally wiped, that costs money and could eat into any potential windfall if you’re planning on selling the device. That’s not even taking into account that while most professionals are on the up and up, there are those bad apples who may use this as an opportunity to harvest your data. After backing up the data you want to save, try these tips for wiping the hard drive on your PC or laptop.

    As the video mentions, software like DBAN is probably your best bet for wiping your hard drives of all important information. Apple computers have their own built-in process for wiping the hard drive. The same goes for Android and iOS devices in case you’re selling a phone or tablet.

    In these days of personal information being leaked from just about everywhere taking these few extra steps and a little bit of time are definitely worth the effort and your peace of mind.

     
  • Geebo 9:29 am on May 8, 2018 Permalink | Reply
    Tags: KeyMe, keys, security   

    Your keys could be a major security risk 

    Your keys could be a major security risk

    Modern technology has made life much more convenient for many people. How many of us can imagine a life where we didn’t have instant access to things like ride-sharing services, instant delivery from almost any retailer, or the myriad of choices we have for consuming our entertainment? However, the price of convenience is often a trade-off for privacy or security. One of the things we most associate with security, our keys, can be copied with some of the most basic elements of technology.

    Recently in Florida, a locksmith-type service has come under scrutiny for what some call a flaw in its security. An app called KeyMe is designed to make a copy of whichever one of your keys you may need in order to avoid calling an expensive locksmith. All you need to do is take a picture of the key and KeyMe will have it delivered by mail or you can take it to a KeyMe kiosk to have the key made quickly. A Florida news station was able to make a key that was not authorized by its owner questioning KeyMe’s security. However, KeyMe has stated since they have electronic financial records through their app, it would be unwise for someone to use their service for criminal means. KeyMe is not the problem here as the video below shows that all someone would need to copy a key is a quick picture of your key taken from any smartphone.

    Think about it for a moment about how casually we treat our keys. When we get to work we throw them on our desks. we constantly hand them to parking attendants or any number of car services such as mechanics and the like. We don’t hand them just the key they need either, we usually hand them our entire key ring. All it would take to make a copy of one of your keys would be a quick photo and a minimal amount of ingenuity. One way to keep your keys safer is to think of them as money. You just wouldn’t throw your money everywhere then lose track of them and you wouldn’t hand it to strangers and expect them to keep it safe just because you asked nicely.

     
  • Geebo 8:59 am on October 16, 2017 Permalink | Reply
    Tags: , KRACK, security   

    Exploit makes all Wi-Fi vulnerable. Is it time to panic? 

    Exploit makes all Wi-Fi vulnerable. Is it time to panic?

    A leading security expert recently discovered an exploit in the algorithm that keeps most Wi-Fi devices secure. The exploit, named KRACK, allows a bad actor to hijack your Wi-Fi and tunnel in to any of your Wi-Fi enabled devices. This means that your private information could be compromised or any sort of malware could be injected into your devices. Here’s all the guts of how the exploit works.

    This makes any Wi-Fi enabled device vulnerable. That means it can effect phones, tablets, PCs, whether they run Windows, Android, iOS, MacOS and even Linux. So what can you do? Unfortunately, mostly wait. This exploit is so new that most distributors have not pushed any updates yet to fix the exploit. That’s not even taking into consideration that a lot of distributors, especially router manufacturers, never even update the firmware of their devices. The same goes for a lot of Android phone manufacturers too. You can use a virtual private network (VPN) to be more secure, however, they can be costly and some VPN providers can be shady themselves. For PCs and laptops you can go back to using your ethernet cables.

    If any good news can come from this exploit it’s that someone has to be within distance of your Wi-Fi source to be able to launch an attack. So if you’re at home, someone would have to be in range of your home router to try to hijack your signal. Businesses will be more vulnerable as a hacker will have better access to try to hijack that signal. Hopefully, manufacturers, distributors and providers will realize just how massive this vulnerability is and will issue patches as soon as possible. If you have additional questions and concerns you can go to krackattacks.com.

     
  • Geebo 9:06 am on September 26, 2017 Permalink | Reply
    Tags: , security   

    Websites may be using your computer to mine for cryptocurrency 

    Websites may be using your computer to mine for cryptocurrency

    Advertising and the internet have a contentious relationship to say the least. While advertising is where the majority of content creators make their money, there are many drawbacks to taking in advertiser money. Many advertising programs, like Google’s Adsense, seem to have arbitrary policies that see some creators penalized while others do not for providing similar content. Not to mention that one only need to look at YouTube’s recent adverting restrictions that users have referred to the as the ‘Adpocalypse’ to see advertisement money can disappear at a moment’s notice. With those dollars disappearing, a number of content creators have turned to cryptocurrency mining.

    It was discovered recently that a number of websites owned by television network CBS, had code injected into their websites that ‘borrowed’ processing power from viewers’ computers in order to help mine concurrency for someone. In this instance, it was reported to be the cryptocurrency Moreno. It’s viewed as a more private alternative to the more popular Bitcoin. While the injection of code into CBS’ websites may have been perpetrated by a bad actor, that hasn’t stopped some websites from using such code on unsuspecting users. Mining cryptocurrencies requires massive amounts of computing power, so it should come as no surprise that some less than legitimate websites have begun using this tactic.

    Not all hope is lost though. There are ways to protect your computer from having its computing power leeched for the benefit of someone else. Many of the popular browsers have extensions that will block mining code. A number of the most used ad blockers already block the coin code and a search for coin blocker should turn up a few more.

     
  • Geebo 8:55 am on August 31, 2017 Permalink | Reply
    Tags: Onliner, security, spam   

    Time to change your password again after massive spam list discovered 

    Time to change your password again after massive spam list discovered

    Cybersecurity experts have discovered a record-breaking spam operation which has compromised a number of email accounts. This spam attack, dubbed Onliner, has harvested over 700 million email addresses. A great number of these email accounts had their passwords divulged as well. Even the operator of Have I Been Pwned, whose website can tell you if your email has been exposed, had his email address listed in this latest leak.

    Speaking of HIBP, it is recommended that you go to their site to see if your email has been harvested in this leak or any previous leak or hack. The only information you have to submit is your email address. HIBP is considered a trusted site in tech circles so you won’t be exposing any sensitive information to them. If your email address is on their list for the Onliner leak, change your email password immediately.

    Thankfully, the only thing the email addresses seem to have been used for, was for sending spam to other email accounts. So far there have been no reports of the email accounts being used for anything nefarious like identity theft or financial chicanery.

     
  • Geebo 9:02 am on August 9, 2017 Permalink | Reply
    Tags: Bill Burr, , security   

    Man who invented P@$$w0rd guidelines regrets it 

    Man who invented P@$$w0rd guidelines regrets it

    Anyone who has held a job that required a computer in the past decade and a half has been subjected to the tedious practice of having to change their password every 30 to 90 days. Then that password has to have an uppercase letter, a number, a symbol, an Egyptian hieroglyph, some ancient Sanskrit, your DNA sequence and that unpronounceable icon Prince used to use as his name. This came about thanks to one man. That man was Bill Burr, a former manager at the National Institute of Standards and Technology. He came up with these guidelines in 2003 in order to better protect government systems. These procedures spread out into the corporate world where they became gospel. Now the man behind the guidelines says not only does he regret these guidelines, but they are no longer effective.

    Now it’s believed shorter passwords with these restrictions are easier to crack than longer passwords that are simple phrases. For example, a password along the lines of “safecommunityclassifieds” is harder to crack than “G33b0c0m”. (BTW, neither of those are used by Geebo.) The problem is a lot of employers and online services require you to use the restrictive password guidelines from 14 years ago, however, you can still use your personal passphrase with just a modicum of alteration to fit those requirements.

    The other problem is the frequency in which some places require you to change your password. In a number of cases, users will alter their previous password by one digit or letter. If one of your old passwords were to be discovered and used one of these one character changes, it would be an easy matter to determine your current password.

    So again, it’s now recommend you use a passphrase to use as your password and you should only change it if there has been some kind of security breach. You can check the security of passwords at this website.

     
  • Geebo 11:31 am on February 28, 2017 Permalink | Reply
    Tags: cloudpets, , , security   

    Cloud connected child’s toy leads to personal data breach 

    Cloud connected child's toy leads to personal data breach

    As seen on TV toy CloudPets is actually a pretty clever concept. By using a smart phone app a traveling parent or a relative that lives far away can leave a voice message to a child on one of the stuffed animals.

    Except there’s that one inherent problem that affects any device connected to the cloud, there’s a chance that personal data stored there could be compromised. CloudPets seems to be having that problem currently as reports say that an insecure database led to third-parties accessing the personal information of many of their users. This information includes names and dates of birth. This is made doubly disturbing considering that a lot of this information belongs to children, not to mention that their voice messages could possibly have been stolen as well. Some reports even state that it’s possible to send unauthorized messages to the devices if someone so desired.

    As with any device that’s connected to the cloud you have to assume a certain amount of risk that the data could be stolen, but when it comes to your children you should double that amount and take proper steps to try and keep that information secure such as using strong passcodes. Or you may want to consider not sharing your child’s personal information at all with a company that advertises on basic cable commercials.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel