Twitter posted yesterday that it has been storing your password in plain text on their servers. Which means anybody could have your password right now. Now if your smart and have been reading this blog for awhile you already know never to use the same password on all your accounts. And it should be an easy fix to log back into twitter and change that password.
If like most people I encounter, you use the same password on every account this means ALL your accounts could be compromised. So it’s even more important to change your password. Hopefully you will use a DIFFERENT password on each account so that no security flaw will ever leave all your accounts in jeopardy in the future.
While Facebook has been on the bad end of the news cycle for a time now with all their privacy issues. It might surprise some (or not) all the information Google keeps on you.
Searches, visited websites, tablet and phone access and more. A warning here if your on a shared computer (everybody using the same browser and account) you might not want to see this.
But if your curious how much google has on you click the link to your account information… You can also delete this information from this page. Which I might suggest becomes a new habit for you.
Somebody found a flaw in the way gmail treats email addresses with “.” in the email address. To put it simply if my email address was james@gmail.com but somebody sends an email to j.ames@gmail.com. Gmail assumes it is for james@gmail.com and sends it to me. Even though the address is not mine. In other words gmail ignores periods in email addresses.
Why is this bad? Well it makes it easier to trick you into thinking you are getting a legitimate email from people and companies when in fact you might be getting setup for an attack. How would this attack work?
A hacker can sign up for common services like netflix, hulu or amazon prime and use the suspect version of your gmail address. From there when they are done signing up they can order products or services with a bogus credit card number and when it fails you (the one with a good gmail address) may get an invoice or request to update your credit card from these companies and you might assume it’s your normal bill and pay it.
This would then mean the hacker got you to pay for services because gmail assumed the bogus address was yours and you thought it was legit because it came from a service you use already.
How to protect yourself beside deleting your gmail accounts? Always check carefully where and email came from AND who it was addressed to. For any email asking for money or account information.
Seems like cloudflare wants to get into the DNS (Domain Name Server) business. They are promising faster and more secure name resolution along with not storing information for more than a week. Should give google and opendns a run for their money. If you want to try it yourself (at your own risk) change your computer or router settings to 1.1.1.1 or 1.0.0.1 and you can check them out at…
US cert has issued an alert (about 5 years late) regarding Tech support fraud. Where fake antivirus companies pretend to be Microsoft or some other well known company and demand that you must “fix” your computer or be reported or even arrested if you do not immediately comply with their demands for money.
I have written about this for many years, so it is nice to see when the government catches up with the rest of us in the computer support world.
Some of the highlights from the alert are…
HOW THE FRAUD OCCURS
Initial contact with the victim typically occurs through the following methods:
Telephone: A victim receives an unsolicited telephone call from an individual claiming the victim’s device or computer is infected with a virus or is sending error messages to the caller.
Search Engines: Individuals in need of tech support may use online search engines to find technical support companies. Criminals pay to have their fraudulent tech support company’s link show higher in search results hoping victims will choose one of the top links in search results.
Pop-up message: The victim receives an on-screen pop-up message claiming a virus has been found on their computer. In order to receive assistance, the message requests the victim call a phone number associated with the fake tech support company.
Locked screen: The victim’s device displays a locked screen with instructions to contact a faketech support company. Some victims have reported being redirected to alternate Web sites before the locked screen occurs.
The report goes through a few different attack scenarios but in the end comes down to not doing anything a new popup or person cold calling you on the phone tells you to do.
If you see such a popup or get the phone call, hang up and call your normal IT support company to make sure your ok.
You can read the full report here…
https://www.ic3.gov/media/2018/180328.aspx
And as always feel free to call RenoGeek for any tech support question you may have.
Seems with the loss of 5 billion or so in wall street value Facebook has finally found a reason to start taking some of its end users privacy concerns seriously.
Starting with a simplified interface you can now go into the depths of Facebook land and change “some” of the things you are shown while on their website.
If you are a long time user you may wish to plan some “away” time to wade through the hundreds if not thousands of categories that have been connected to your account and I would definitely suggest that you expand the settings to view to find all the ways the big “F” has been tracking you.
But if you take the time and go back once in awhile to review what new things they have learned about you delete them. You can keep what they know about you to a minimum.
Of course if you don’t have a reason to share everything with everybody on the planet you can also change the settings so that only your friends can see what you post.
At any rate it might be fun to see how much Facebook as learned about you.
(or not).
You can review and change your Facebook Ad privacy settings here..
Windows Spring Creators Update will feature a new utility called Timeline. It will let users see in chronological order all the activities they have performed on their computers. While this utility is being touted as something of a super “recently used” list. It may turn out to be a privacy issue. As anybody logged into your account will have an even easier time seeing what you have been up to.
While Microsoft says users will be able to change the settings of Timeline to show less (or no) information, it will as most settings on Windows 10 systems be buried. Meaning many if not most people will have little clue as to where they can adjust what is saved and shown.
I predict that this utility will be used against end users in a number of ways. Bosses at work demanding to see this log from workers to check up on them. (easier than asking the IT department to keep tabs on people).
And even IT support scammers using it instead of event viewer to give the impression that hackers are tracking their every move. In addition this provides a new attack vector for fake system utility programs. Claiming they will “clean” this new tracker and instead infecting users unknowingly.
Hopefully the good folks in Redmond, WA. Have already considered these possibilities and will provide some kind of hardening of this new program to prevent misuse of this utility.
But as with web browsers and email it will once again be up to the end user or their IT support staff to monitor and clean out the digital junk this new utility will create.
Cambridge Analytica is in the news for allegedly stealing user data from Facebook and then using it to help the GOP in the 2016 election. In short they took user data from Facebook profiles while users were interacting with a personality quiz.
While this company claims that they did not violate Facebook’s rules on how they handle data and that they also complied with their own “privacy” policy. It just goes to show that when using almost any “free” service online, you are paying for it in the end by supplying information about yourself to that company and any 3rd party they share or sell that information to.
While this case seems to deal primarily with people clicking on a Facebook link and then going to a 3rd party website to take a quiz. There are many ways that Facebook (or the companies they “work” with) can take (steal) your data.
So how do you protect yourself while in “Zuckerberg Land”? There are a number of ways to limit (but never eliminate) the chances your data ends up where you never expected it to.
Limit what information you share in your bio:
Do you real need to put every school you went to? Where you worked or work at? What your favorite restaurant or movies are? How you voted last time around? The State and city you live in? The more information you give away, the easier it is to collect and then refine what is know about you. Share less and be safer.
Change the privacy settings on Facebook:
Click on the help icon then settings and then privacy. Under “Your Activity” change your settings from “public” to “friends only”. Look at the other settings and decide what levels you feel comfortable with. For me I don’t wish to share my phone numbers and other info with strangers.
Don’t play that Game:
Every game, survey, quiz and who were you in a past life link on Facebook is for the most part paid for by an outside company. And that company somehow needs to pay to run the website that said link game or quiz is running from.
Most companies don’t give away stuff for free unless they are somehow going to make money from you. So the vast majority of these companies are gathering your information and selling it. Don’t play the games and take the quizzes and they will have less of your information.
The Takeaway:
The less information you give to Facebook (or any company online) the more privacy you will enjoy. So the next time a Facebook recommend or sponsored post appears in your feed offering to show you what Egyptian Pharaoh you were in a past life pops up. Keep scrolling…
It seems that the computer security company CTS has found 13 different flaws in modern AMD CPU’s. So for thoses that were going to jump off the Intel ship and switch to AMD, it may all be for not.
While I won’t get to far into why CTS released this information with only one days notice to AMD (and giving them no chance to repair the issues). It just highlights the need for much better testing of all CPU’s before being released for general use.
It also shows us all the need for more than just one or two big companies controlling the manufacture of most of the worlds CPU’s. As this forms a security bottleneck, where the failure of these two companies now jeopardises the security for almost everybody using a computer on the planet.
The fixes I predict, will take the same path as Intel’s did over the last few months. Deny a major problem, have O/S and software manufacturers try and patch things and then come out with their own firmware patches to address the issue.
But in the end these companies loose little because when they do come out with new “fixed” chipsets, people will flock to buy up the new, more “secure” CPU’s.
The big losers here are the companies and end users that will have to contend with less secure machines and the slowdowns of said machines once the patches are released.
As always make sure your IT staff or your personal computer technician or shop is up to date on these problems, so that they may protect both you and your company.
Every website you go to, every app you install and each social media account you open, more than likely has a privacy policy. The fine print as it were, that you must accept if you wish to use most modern services today. They are even baked into Microsoft Windows (I see the disclaimer each time I setup Windows in my computer repair shop), the ISP you used to get here and read this, your credit card issuers, banks, your home, car and student loans. As well as TV’s that can stream movies, Alexa and too many other products to list.
But of course these agreements let you know about the many protections these companies take to insure what they learn about you never gets out to the real world and that all your information is safe and sound with an army of employee’s guarding it with their very life’s, right?
To bad that is not the case in the 21st century. These privacy agreements let most companies sell, share and use your information almost any way they want. All those “free” websites, accounts and apps are paid for with every click you make and each cat video you watch. Ever notice after watching a bunch of videos about a subject, you see ads for something similar for weeks afterward? That’s your “privacy” in action. And it’s all legitimate and legal. All because you really “read” all the pages in your EULA and the Privacy policy, right?
Some of these documents can contain north of 100+ printed pages. So companies know they are safe stuffing almost anything they want into these “fair warning” agreements.
But while all this is bad enough, the really scary part is in many (if not most) cases deep, deep down in this document will be something to the effect of this…
“From time to time we may share some (or all) of your information with our partners, suppliers and on occasion with law enforcement or other legal entities that may have jurisdiction over data we have collected about you.”
And all these different companies and agencies in many cases are free to do whatever they like with your information once they acquire it from the primary company you shared your data with. In other words once one company gets your information in can then be shared or bought by other companies, who can then share or resell it to yet other companies.
So the fact that you might stay up every Friday night watching cat’s in tuxedo videos at 3am while also on review websites for the best pot shops in California could, after being shared over and over with different companies, end up being bought by your car insurance company that now raises your rates out of the blue because you have a higher risk of driving while under the influence.
The gist here is that you should read all agreements before clicking on the “agree” button. It might not be worth installing the next add rabbit ears to all my face shoots app, if your giving up information you never thought anybody can or should see.
As an example, here is a link to paypals “3rd party list”. They only share with 500+ companies. What could go wrong?
