Tagged: security Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on October 15, 2019 Permalink | Reply
    Tags: , , , security, sim jacking, sim swapping,   

    SIM Swapping can cost you thousands if you’re not careful 

    SIM Swapping can cost you thousands if you're not careful

    Freelance British food writer Jack Monroe recently made news when she found out that someone stole the phone number to her smartphone. They were then able to transfer the number to another phone where they had access to some of her financial information and were able to steal £5,000 from her personal account. That amount equates to close to $6,300 in the U.S. This is a trick known as SIM_Swapping or SIM-Jacking named after the SIM cards in most smartphones that contain your calling information including your phone number. Unfortunately, there’s not a lot you can do to protect yourself against the attack.

    SIM Swapping works when the victim is targeted by someone with knowledge of how the attack works. First, they get your name, address, and date of birth, then they contact your cell phone carrier to try and convince them that they are you. If the attacker is successful, he can get the carrier to switch your number to their phone. The attacker can then receive all your calls, texts, emails and the like. That way they can receive the two-factor authentication texts that would allow them to access any of your sensitive online accounts including banking.

    While most victims of SIM Swapping don’t notice the attack until it’s too late, there are some steps you can take to try to protect yourself although nothing is a guarantee of preventing such an attack. You can instruct your cell phone carrier to require a PIN number if anyone calls to try and have any portion of your service changed. As with most PINs, don’t make it something obvious that an attacker can guess like your birthdate. You can also sign up for a Google Voice number which is much more secure and tougher to attack than a traditional cell phone number but work just like a traditional phone number and they are also free to get.

     
  • Geebo 8:00 am on October 9, 2019 Permalink | Reply
    Tags: , , , , security, ,   

    Twitter leaks phone numbers to advertisers 

    Twitter leaks phone numbers to advertisers

    We’ve mentioned two-factor authentication, or 2FA as it’s known, a few times lately. It’s the security protocol that has two or more layers of authentication that better secures your online accounts. The most common form of 2FA is through text messaging. For example, if you have 2FA enabled, when you sign in to an online account not only would you have to provide your password but you’d also have to provide a code that had been texted to you. While authentication sent through SMS texts isn’t the most secure form of 2FA it is better than nothing. However, thanks to so many platforms using SMS texting for 2FA it has led one platform to issue an apology recently.

    Twitter recently announced phone numbers that users had registered with them for two-factor authentication were used for targeted advertising. The numbers were used to match users to marketing lists provided by advertisers. In some people’s eyes, that goes against everything that 2FA is supposed to stand for. One security expert even compared Twitter’s practice to that of trying to secure a tent against bears by using raw meat.

    Like we said, While SMS text messages are the most common form of 2FA, they’re not the most secure. There are alternatives that you can use that are more secure. There are hardware keys that act as authenticators that can be used on both computers and mobile devices. There are also software alternatives that are free, that create something along the lines of a temporary secondary password that can be used for the second layer of authentication. This way, you won’t have to worry about even more robocalls from advertisers and other bad actors from plaguing your phone.

     
  • Geebo 8:00 am on October 3, 2019 Permalink | Reply
    Tags: , formjacking, security   

    New online attack is undetectable! 

    New online attack is undetectable!

    With most online threats there is a lot that consumers can do to protect themselves. For example, with phishing attacks, you can go to a website directly rather than using the link provided in an email or text. To avoid malware you can avoid risky websites and install an anti-malware program in case you do get infected. However, security experts are now warning about an online threat that has virtually no protection. It’s called formjacking and there’s no way to detect it until it’s too late.

    Formjacking is when a third-party injects code into a secure website that uses forms for anything from a job application to payment methods. If a website has been compromised then the attackers can lift any information submitted through the form. As you can imagine, this can include your home address, your social security number, and any credit or debit card numbers. The only defense against formjacking is for the company that owns the website to do a constant review of the site’s code to make sure there is no malicious code in there.

    Not all hope is lost though. There are services that can provide you with temporary charge card numbers that can be assigned to individual services that you may use. Your bank or credit card provider may also offer such a service. Both Google and Apple Pay are reportedly said to be secure as well. But we fill out so many forms online there isn’t anything that can guarantee 100% protection. Your best defense is to keep a watchful eye on your charge statements and credit history to make sure that no one has lifted your information and used it for their gain.

     
  • Geebo 8:00 am on September 26, 2019 Permalink | Reply
    Tags: , , , , security, ,   

    When a smart home isn’t so smart 

    When a smart home isn't so smart

    Many people think that they are better securing their home by installing smart devices. These devices can range from anything from cameras to door locks and anything in between. These classes of smart devices are known as the internet of things or IoT for short. That means that these devices are connected to the internet so the user can control them from just about anywhere. The major drawback to IoT devices is that they can also be controlled by bad actors if the user isn’t careful.

    A couple in Milwaukee found that the hard way this week when someone was able to take control of some of their smart devices. The couple had a nest camera and thermostat installed. When one of them came home they found that the thermostat was set at 90 degrees. After that, someone started verbally harassing them through the speaker on their security camera. Even after the couple changed all their passwords the abuse continued until the devices were disconnected. The couple lays the blame at Nest, which is owned by Google, but the fault may lie elsewhere.

    It’s not hard to hack into IoT devices if the users are using the same password or weak passwords to secure their network and devices. Also, as we discussed with the recent YouTube hack, two-factor authentication (2FA) should also be enabled on these devices. While 2FA has its own flaws, it’s more secure than using an easily guessed password. These devices are designed to help protect your home, but if you’re not using 2FA it’s like having the most expensive lock that you just leave the key in.

     
  • Geebo 8:00 am on September 24, 2019 Permalink | Reply
    Tags: , , security, ,   

    What you can learn from the massive YouTube hack 

    What you can learn from the massive YouTube hack

    Recently, a large number of YouTube channels with substantial subscriber counts had been hijacked by hackers. This way the hackers can sell the accounts to bad actors who can then potentially claim a channel with a large built-in subscriber base. It’s not easy to cultivate a successful YouTube channel. Some creators have spent years carefully growing their audience in a highly competitive market. To possibly see it all disappear in an instant could be a devastating blow to any moderately successful channel.

    The plot against some of YouTube’s creators was a coordinated phishing attack. Authentic looking emails were sent to creators asking them to log into their accounts. Like most phishing attacks, the creators were then directed to phony login pages where the hackers could steal their login credentials. The hackers could then assign the channels to new owners, locking the creators out of their channels. What’s particularly troubling about this attack is that it allegedly bypassed what’s known as two-factor authentication. 2FA, as it’s known, is the process of requiring a user to securely log in to their accounts using a two-step process that usually involves signing in with their log-in credentials then verifying their access request by replying to a text message. it’s believed that the hackers were able to intercept the 2FA messages.

    If you’re not using 2FA, you should be. While it’s not unhackable it does go a long way in stopping someone from accessing your sensitive accounts. While SMS text messages are the most common form of 2FA, they’re not the most secure, however, there are alternatives. One way of protecting yourself is by purchasing a hardware key that works on both your computer or phone that you have to have in your possession to access your accounts. There are also software approaches to 2FA like Google Authenticator or Microsoft Authenticator, both of which are free.

    Some of these YouTube creators may have lost their life’s work. With a more secure 2FA option you may not have to worry about losing anything important that you access online.

     
  • Geebo 8:00 am on June 20, 2019 Permalink | Reply
    Tags: Firefox, Google Calendar, Nest Cameras, , security   

    Tech Security news to protect your privacy! 

    Tech Security news to protect your privacy!

    Today we have a handful of stories that could potentially affect your privacy and we start off with Google Calendar. You may not realize that you even use Google Calendar but if you use Gmail to make any kind of appointments, the odds are you’ll receive a reminder from your Google Calendar. Now, reports are being circulated the Google Calendars are being used for phishing attacks. Reports say that you’ll receive a Google Calendar notification that says things like that you’ve received a cash reward or asking you to take a survey. Attached will be a link the phishers will want you to click on to try to glean your personal or financial information. Mental Floss has some tips on how to block these annoying invitations in Calendar, but as always you should never click on strange links from correspondents that you don’t know.

    If you’ve recently purchased a used Nest cam for your home you may want to know that in some instances the previous owners could still access the cameras. While that does sound scary it does not apply to all previously owned Nest cameras. The cameras must have previously been connected to a Wink branded home hub then the previous owners could still access the cameras through the Wink app. If you own a Nest camera and you feel it could be potentially compromised you may want to consider purchasing a new set of cameras as so far there has yet to be a fix for the issue. According to The Wirecutter, even a factory reset won’t help.

    Lastly, if you use the Firefox web browser you’ll want to perform an update as soon as possible. Mozilla, the company behind Firefox, recently issued a statement asking users to update their browsers after an exploit was found that could compromise user security. Mozilla didn’t go into detail about what the exploit was except to say that there have been documented accounts of attacks against the exploit. It’s relatively easy to perform an update on Firefox. All you need to is click on the open menu icon on the upper right of the browser. Scroll down the menu to the help option, click on help, then click on About Firefox. Then a prompt should come up asking you to update Firefox. Click on the update button and Firefox will update and your browser will be more secure.

    Hopefully, these tips will keep your privacy and security a little more private and secure.

     
  • Geebo 10:17 am on January 29, 2019 Permalink | Reply
    Tags: , Facetime, , , security   

    Apple bug let you spy on friends 

    Apple bug let you spy on friends

    If you’re a fan of Apple products and are deeply entrenched within the iOS ecosystem, you’ve probably used the popular app Facetime. For those of you who may not know, Facetime is an app that allows you to make video calls to your friends on many Apple devices. While Apple prides itself on user privacy, the hacking of iCloud accounts notwithstanding, a major bug was recently discovered in Facetime that potentially allowed users to spy on their contacts.

    According to unofficial Apple new site 9 to 5 Mac, a bug in Facetime allows you to connect a Facetime call without the other party having to accept the call. In order to enact the bug, you would need to add yourself as a contact in a Facetime group call and the call would connect automatically while it appears to the other contact that they have not accepted the call yet.

    In order to prevent these types of Facetime calls from happening it was recommended that you disable Facetime in the settings of your iOS device. However, Apple has since reacted to the news of the bug by disabling group chat ion Facetime across most devices. Apple claims that there will be a patch for the bug later this week.

    This privacy gaffe comes in the wake of Apple taking out a massive billboard at this year’s Consumer Electronics Show in Las Vegas that touted their reputation of iOS devices being secure than other devices.

     
  • Geebo 10:00 am on January 18, 2019 Permalink | Reply
    Tags: Collection #1, , security   

    Data breach could potentially expose millions of email accounts 

    Data breach could potentially expose millions of email accounts

    If you’re the type that doesn’t change their online passwords frequently, you may want to change your passwords today. It’s been reported that a massive amount of data known as ‘Collection #1’ has been floating around on the internet for a while and contains 773 million email addresses and 21 million passwords. The list itself is a few years old so if you’ve been using the same password for while you should probably go ahead and start changing your passwords on your online accounts.

    Now you may think that you’ve probably changed your passwords since this data was collected. Well, there’s a reason this data dump has been called Collection #1. THat’s because there is a Collection #2 on the horizon which contains even more recently exposed data from within the past year. Collection #2 is said to have ten times the data that Collection #1 had. While we’re waiting for Collection #2 to hit the internet like a wrecking ball you can check to see if your email account was included in Collection #1 by checking your email address at Have I Been Pwned.

    While you’re changing your passwords there are some good practices that everyone should follow. You should never use the same password for all of your online accounts. If you have trouble remembering all your passwords there are a plethora of secure password managers that will create and remember secure passwords for your accounts. If you are going to manage your own passwords don’t fall into the trap of using the most common passwords. You may think your clever by using ‘password’, ‘qwerty’, and ‘football’ as your passwords but you’re not fooling anyone. Instead, most security experts agree that passwords should contain no dictionary words, contain a mix of uppercase and lowercase letters and numbers and at least one non-alphanumeric symbol.

    If a bad actor were to gain access to your email account they could wreak some fairly damaging havoc to your life since most of your online accounts are probably tied to that email address.

     
  • Geebo 10:19 am on January 11, 2019 Permalink | Reply
    Tags: , , security   

    Ring doorbells caught in potential privacy gaffe 

    Ring doorbells caught in potential privacy gaffe

    If you’re unfamiliar with the Ring brand of video doorbells it’s actually an ingenious device. The doorbell not only has a built-in camera but also has built-in two-way communication. When someone rings your doorbell, not only can you see them through an app on your phone or tablet but you can also talk to them as if you were home. Many homeowners swear by the devices as if it was the answer to solving any potential security concerns. Privacy, on the other hand, may now be a completely different matter.

    It’s being widely reported that Ring gave unfettered access to customer cameras and recorded videos to their researchers in Ukraine. Not only that but that the video recordings sent to Ring through their cloud service were unencrypted in an effort to cut costs. While some Ring customers may not care who sees their video feed in Ukraine it also turns out that some US Ring employees and executives had around the clock access to some live feeds from customers whether their job required them to have the access or not. These allegations become even more disturbing when you realize that Ring also sells security cameras for inside the home as well.

    Ring themselves have claimed that no impropriety has been taken part in by their employees, however, the reports state that Ring employees found workarounds to the company blocking their employees from certain access. Not only does this not bode well for Ring but also for its parent company Amazon who purchased the company in 2018. Amazon itself is no stranger to privacy concerns with the company trying to sell allegedly invasive facial recognition software to several law enforcement agencies last year. It will be interesting to see if this alleged breach of privacy will catch the eye of legislators or whether or not the market will control the future of Ring going forward.

     
  • Geebo 10:12 am on December 17, 2018 Permalink | Reply
    Tags: , , , security   

    Here we go again: Facebook bug exposes millions of accounts 

    Here we go again: Facebook bug exposes millions of accounts

    In what is starting to become an almost weekly event, Facebook announced this past Friday that yet another bug exposed close to 7 million accounts to third-party app developers. The bug was first discovered in September and was active for a few weeks before being corrected. The bug is said to have exposed pictures that users had posted to Facebook but did not give permission for the pictures to be seen by third-parties.

    In the grand scheme of things, this bug is not that big of a security risk as other Facebook data leaks have been in the past year. The pictures that were exposed were only those that were started to be uploaded but for some reason were never posted to the user’s timeline. Or they were photos that were posted to Facebook Marketplace. However, it further shows Facebook’s long-standing disregard not just for user privacy but for Facebook’s own security.

    This was a bug that was discovered back in September after being active for weeks. Why did it take Facebook upwards of three months before informing the public? According to the New York Times, Facebook didn’t notify government officials about the bug until November because they needed to “create a notification page” first. Again, this shows that Facebook is really more concerned about covering their own tails from regulators rather than protecting user privacy.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel