Tagged: security Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 10:17 am on January 29, 2019 Permalink | Reply
    Tags: , Facetime, , , security   

    Apple bug let you spy on friends 

    Apple bug let you spy on friends

    If you’re a fan of Apple products and are deeply entrenched within the iOS ecosystem, you’ve probably used the popular app Facetime. For those of you who may not know, Facetime is an app that allows you to make video calls to your friends on many Apple devices. While Apple prides itself on user privacy, the hacking of iCloud accounts notwithstanding, a major bug was recently discovered in Facetime that potentially allowed users to spy on their contacts.

    According to unofficial Apple new site 9 to 5 Mac, a bug in Facetime allows you to connect a Facetime call without the other party having to accept the call. In order to enact the bug, you would need to add yourself as a contact in a Facetime group call and the call would connect automatically while it appears to the other contact that they have not accepted the call yet.

    In order to prevent these types of Facetime calls from happening it was recommended that you disable Facetime in the settings of your iOS device. However, Apple has since reacted to the news of the bug by disabling group chat ion Facetime across most devices. Apple claims that there will be a patch for the bug later this week.

    This privacy gaffe comes in the wake of Apple taking out a massive billboard at this year’s Consumer Electronics Show in Las Vegas that touted their reputation of iOS devices being secure than other devices.

     
  • Geebo 10:00 am on January 18, 2019 Permalink | Reply
    Tags: Collection #1, , security   

    Data breach could potentially expose millions of email accounts 

    Data breach could potentially expose millions of email accounts

    If you’re the type that doesn’t change their online passwords frequently, you may want to change your passwords today. It’s been reported that a massive amount of data known as ‘Collection #1’ has been floating around on the internet for a while and contains 773 million email addresses and 21 million passwords. The list itself is a few years old so if you’ve been using the same password for while you should probably go ahead and start changing your passwords on your online accounts.

    Now you may think that you’ve probably changed your passwords since this data was collected. Well, there’s a reason this data dump has been called Collection #1. THat’s because there is a Collection #2 on the horizon which contains even more recently exposed data from within the past year. Collection #2 is said to have ten times the data that Collection #1 had. While we’re waiting for Collection #2 to hit the internet like a wrecking ball you can check to see if your email account was included in Collection #1 by checking your email address at Have I Been Pwned.

    While you’re changing your passwords there are some good practices that everyone should follow. You should never use the same password for all of your online accounts. If you have trouble remembering all your passwords there are a plethora of secure password managers that will create and remember secure passwords for your accounts. If you are going to manage your own passwords don’t fall into the trap of using the most common passwords. You may think your clever by using ‘password’, ‘qwerty’, and ‘football’ as your passwords but you’re not fooling anyone. Instead, most security experts agree that passwords should contain no dictionary words, contain a mix of uppercase and lowercase letters and numbers and at least one non-alphanumeric symbol.

    If a bad actor were to gain access to your email account they could wreak some fairly damaging havoc to your life since most of your online accounts are probably tied to that email address.

     
  • Geebo 10:19 am on January 11, 2019 Permalink | Reply
    Tags: , , security   

    Ring doorbells caught in potential privacy gaffe 

    Ring doorbells caught in potential privacy gaffe

    If you’re unfamiliar with the Ring brand of video doorbells it’s actually an ingenious device. The doorbell not only has a built-in camera but also has built-in two-way communication. When someone rings your doorbell, not only can you see them through an app on your phone or tablet but you can also talk to them as if you were home. Many homeowners swear by the devices as if it was the answer to solving any potential security concerns. Privacy, on the other hand, may now be a completely different matter.

    It’s being widely reported that Ring gave unfettered access to customer cameras and recorded videos to their researchers in Ukraine. Not only that but that the video recordings sent to Ring through their cloud service were unencrypted in an effort to cut costs. While some Ring customers may not care who sees their video feed in Ukraine it also turns out that some US Ring employees and executives had around the clock access to some live feeds from customers whether their job required them to have the access or not. These allegations become even more disturbing when you realize that Ring also sells security cameras for inside the home as well.

    Ring themselves have claimed that no impropriety has been taken part in by their employees, however, the reports state that Ring employees found workarounds to the company blocking their employees from certain access. Not only does this not bode well for Ring but also for its parent company Amazon who purchased the company in 2018. Amazon itself is no stranger to privacy concerns with the company trying to sell allegedly invasive facial recognition software to several law enforcement agencies last year. It will be interesting to see if this alleged breach of privacy will catch the eye of legislators or whether or not the market will control the future of Ring going forward.

     
  • Geebo 10:12 am on December 17, 2018 Permalink | Reply
    Tags: , , , security   

    Here we go again: Facebook bug exposes millions of accounts 

    Here we go again: Facebook bug exposes millions of accounts

    In what is starting to become an almost weekly event, Facebook announced this past Friday that yet another bug exposed close to 7 million accounts to third-party app developers. The bug was first discovered in September and was active for a few weeks before being corrected. The bug is said to have exposed pictures that users had posted to Facebook but did not give permission for the pictures to be seen by third-parties.

    In the grand scheme of things, this bug is not that big of a security risk as other Facebook data leaks have been in the past year. The pictures that were exposed were only those that were started to be uploaded but for some reason were never posted to the user’s timeline. Or they were photos that were posted to Facebook Marketplace. However, it further shows Facebook’s long-standing disregard not just for user privacy but for Facebook’s own security.

    This was a bug that was discovered back in September after being active for weeks. Why did it take Facebook upwards of three months before informing the public? According to the New York Times, Facebook didn’t notify government officials about the bug until November because they needed to “create a notification page” first. Again, this shows that Facebook is really more concerned about covering their own tails from regulators rather than protecting user privacy.

     
  • Geebo 10:00 am on December 11, 2018 Permalink | Reply
    Tags: , , , security   

    Google+ shutting even earlier due to more massive breach 

    Google+ shutting even earlier due to more massive breach

    If you’ll recall, back in October, Google announced that it would be shuttering its underused social network Google+ in August of 2019 due to a security breach that left 500,000 user accounts vulnerable. This was after the Wall Street Journal discovered a flaw in the comically underused platform. In a world where Facebook is continually exposing millions of accounts to third parties in an almost regular basis, 500,000 users seemed like a thimble of water in the ocean in comparison. Now, a new breach has put Google in very similar company with Facebook.

    During internal testing by Google, it was recently discovered that Google+ had another bug in it that left 100 times the amount of accounts exposed than the last breach. Over 52 million accounts could have been potentially exposed with such information as a user’s name, email address, occupation, and age to third-party developers. Google has stated that there’s no evidence that any of the exposed information was used by bad actors but this latest breach has caused Google to move up the timetable for the demise Google+. Now Google has scheduled the shutdown for April of 2019.

    Besides being in amazement that Google+ actually had that many users at one point, this bug could not have come at a worse time. Maybe Google will be able to weather this storm since Google+ was nowhere near as popular as its competitors but when you add it to the multitudes of other security breaches in similar spaces this could invite even more governmental eyes looking to regulate companies like Google and Facebook. And as we’ve mentioned before, in today’s highly partisan climate it might not be the best time for any kind of sweeping legislative change.

     
  • Geebo 9:22 am on November 2, 2018 Permalink | Reply
    Tags: , , security   

    Your Facebook account and messages could be sold for just ten cents 

    Your Facebook account and messages could be sold for just ten cents

    Ever since the major security breaches happened at Facebook, the social media titan has been trying to assure us that no sensitive user information has fallen into the hands of bad actors. However, it may be just now that we’re starting to see the veracity of those claims. When the accounts of hundreds of millions of users have been exposed, you have to expect at least some fallout from the exposure. Let’s revisit Facebook’s most recent hack that exposed somewhere between 30 and 50 million users.

    Now, the BBC is reporting that the private messages from over 80,000 Facebook accounts are being sold on the open market. While the majority of the accounts belong to users in the Ukraine and Russia, there are US and UK accounts listed among them. The bad actors in possession of this information were trying to sell each account for ten cents a piece. The BBC claims to have verified with some of the exposed users that the messages are in fact genuine. The hackers also claim that the 81,000 accounts are just a small sample of a larger cache that contains 120 million accounts.

    Not surprisingly, Facebook is trying to deflect blame from themselves, instead blaming the compromised accounts on malicious third-party browser extensions. That may be all well and good but when you put the words Facebook and hacked together it’s still Facebook who is going to take a lion’s share of the blame no matter how you look at it. Considering they’ve allowed close to 350 million accounts to be exposed in the past year is laying blame at their feet really that much of a stretch?

     
  • Geebo 9:00 am on October 9, 2018 Permalink | Reply
    Tags: , , , security   

    Security breach claims Google+ 

    Security breach claims Google+

    Stop me if you’ve heard this one. A major social network run by a major tech corporation exposes a good size chunk of its user data which the company chooses not to disclose until it’s investigated by the media. Normally, you probably wouldn’t be wrong if you thought that this was another story about Facebook but for once you’d be mistaken. This time it’s Google’s failed attempt at a social network known as Google Plus or Google+ as the search engine behemoth has branded it.

    The Wall Street Journal recently uncovered that a flaw in Google+ allowed user data to be exposed for 500,000 users. While this would be a drop in the bucket for Facebook, this is a massive breach for Google+ users. After the Journal report was released, Google almost immediately announced it was shuttering Google+ within the next ten months. So by August of 2019, Google+ will be no more. In a very Facebook-like move. Google reportedly knew of the breach back in Spring of this year but remained silent on it in order to avoid the controversy that Facebook was undergoing after the Cambridge Analytica scandal.

    Now, we can all joke about how barely anyone we know used Google+ but its impending demise shows a greater problem among the tech giants whose services we all use. Whether it’s Facebook, Google, Twitter or whomever, we use their services in exchange for a certain amount of trust that our personal information will be handled with a modicum of responsibility. Many of these companies have betrayed that trust especially in 2018. If these data breaches continue then these companies are just begging for governmental regulation and considering how divisive and partisan the current governmental scene is, it would make it the worst time for any kind of sweeping legislative change.

     
  • Geebo 10:15 am on October 1, 2018 Permalink | Reply
    Tags: , , security   

    Another day, another Facebook leak. 50m users this time. 

    Another day, another Facebook leak. 50m users this time.

    It must be a day ending in Y because once again, a security breach in Facebook has exposed the user information of some 50 million accounts. It was reported this past Friday, that there was a flaw in Facebook security that potentially could have led hackers to have access to these millions of accounts. What makes matters worse with this latest Facebook security breach is that the information could have led to the hijacking of other accounts outside of Facebook.

    The information exposed is called an access token. Access tokens allow you to login to other services using your Facebook account. Facebook is so entrenched in our lives that our Facebook accounts now act as our logins to a multitude of other platforms including those not owned by Facebook. So potentially, not only could your Facebook account have been taken over but most of your online life could have been assumed if you’re that reliant on your Facebook login.

    Facebook has said they have fixed the problem but once again this is Facebook closing the barn door after the horses have already gotten out. The data breaches are becoming so prevalent that we’ve just accepted them as inevitable. Is this really the platform we want to be trusting with our personal information? We share so much on Facebook that even without access bad actors could determine so much about us that they could use to our advantage. With Facebook leaking our information on top of that it shows that we’ve clearly given up on security for convenience.

     
  • Geebo 9:01 am on July 10, 2018 Permalink | Reply
    Tags: , hard drives, , , , security,   

    Wipe your devices before selling them 

    Wipe your devices before selling them

    Congratulations. You just bought a shiny new device, but you’re unsure what to do with still functioning older device. You could either donate it, recycle it, gift it, or even sell it on Geebo. However, before you do any of those things, you want to make sure there is no longer any valuable information left on the device.

    Recently, ABC Action News in the Tampa area bought a number of laptops from people who were selling them on online marketplaces. A number of those laptops still had valuable information on them including bank account and social security numbers. Before parting with a device that has been in your service for years you want to make sure that there is no personal information left on it. While Action News mentions taking your device to be professionally wiped, that costs money and could eat into any potential windfall if you’re planning on selling the device. That’s not even taking into account that while most professionals are on the up and up, there are those bad apples who may use this as an opportunity to harvest your data. After backing up the data you want to save, try these tips for wiping the hard drive on your PC or laptop.

    As the video mentions, software like DBAN is probably your best bet for wiping your hard drives of all important information. Apple computers have their own built-in process for wiping the hard drive. The same goes for Android and iOS devices in case you’re selling a phone or tablet.

    In these days of personal information being leaked from just about everywhere taking these few extra steps and a little bit of time are definitely worth the effort and your peace of mind.

     
  • Geebo 9:29 am on May 8, 2018 Permalink | Reply
    Tags: KeyMe, keys, security   

    Your keys could be a major security risk 

    Your keys could be a major security risk

    Modern technology has made life much more convenient for many people. How many of us can imagine a life where we didn’t have instant access to things like ride-sharing services, instant delivery from almost any retailer, or the myriad of choices we have for consuming our entertainment? However, the price of convenience is often a trade-off for privacy or security. One of the things we most associate with security, our keys, can be copied with some of the most basic elements of technology.

    Recently in Florida, a locksmith-type service has come under scrutiny for what some call a flaw in its security. An app called KeyMe is designed to make a copy of whichever one of your keys you may need in order to avoid calling an expensive locksmith. All you need to do is take a picture of the key and KeyMe will have it delivered by mail or you can take it to a KeyMe kiosk to have the key made quickly. A Florida news station was able to make a key that was not authorized by its owner questioning KeyMe’s security. However, KeyMe has stated since they have electronic financial records through their app, it would be unwise for someone to use their service for criminal means. KeyMe is not the problem here as the video below shows that all someone would need to copy a key is a quick picture of your key taken from any smartphone.

    Think about it for a moment about how casually we treat our keys. When we get to work we throw them on our desks. we constantly hand them to parking attendants or any number of car services such as mechanics and the like. We don’t hand them just the key they need either, we usually hand them our entire key ring. All it would take to make a copy of one of your keys would be a quick photo and a minimal amount of ingenuity. One way to keep your keys safer is to think of them as money. You just wouldn’t throw your money everywhere then lose track of them and you wouldn’t hand it to strangers and expect them to keep it safe just because you asked nicely.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel