Archive | Privacy RSS for this section

CISPA Bill Passed by Representatives Again – Trouble on the Horizon!

The Cyber Information Sharing and Protection Act, AKA CISPA, has once again passed in the US House of Representatives. Reminder that this bill gives government agencies and their other agencies access to personal, private user data to help monitor for the presence of hackers.

Now, when CISPA was first passed, Senate said NO! Also, President Barack Obama has said that he’d veto the bill if it came through his office. Because of the different privacy issues, many advocates against this bill will fight it to the end.

This bill has been backed by bigwig business for a long period of time, almost since the beginning of the talks of this bill. Maybe it could be the big government contract ($$$) for these big businesses that seem attractive or maybe could be the fact that these business truly believe to end hackers’ abilities.

Will it completely stop hacker initiatives? Probably not. However, it would provide the ability to try to limit some of the bigger initiatives.

Government sectors of China, Russia, etc. are a bit of a cyberthreat to the United States, information access is what the US will need if it wants ahead of the game. Do you agree?

Of course the president of the US doesn’t want it passed if it violates the rights of citizens. But, in the end, realize that if money among other things, like personally-identifiable-information were to be stolen every year — and people would realize this, then people should have no problem with their data being accessible to US authorities rather than hackers.

The bright side would be, is if government authorities have access to your private data, it isn’t going to spread around like wildfire, unlike what’d happen if a hacker got a hold of it.

It’s easy to do an Internet search for lists of email addresses, and pull up loads upon loads of private email addresses that hackers posted in public to humiliate those that haven’t been smart enough to keep it secret.

Spammers and phishers, all the time, access your private information on Facebook, if you accidentally click the wrong link or follow a malicious email link – which asks you to ‘enter your Facebook username and password to continue.’

Some people argue that the government doesn’t care for internet users but rather cares for the money they’d get. Well, actually, if you think about it, the government is paying these big businesses to participate in the information sharing process, so the American people’s pocketbooks/wallets can be protected, and their own privacy.

Who else has protested this? Anonymous:

Even the Reddit co-founder is urging the US Government to NOT pass it.

What should be our take? You decide. My vote is neutral. I see this bill as a good thing in spots (because of potentially ending hacker initiatives and malware/virus threats), however, it poses a major privacy threat. For most advocates of privacy, I agree with them.

Your opinion matters too! Contact your local senator and let your voice be heard. It’s usually best to write a letter, which provides good results. Providing written documentation of a fair but firm protest is the best way to go.

Facebook Home complicated with security problems: better wait!

fbhome

Seems like Facebook Home, new launcher app for certain Android apps, will allow you to put updates from Facebook News Feed right onto your lock screen. While this brings Facebook to life for you, it isn’t exactly the safest. There are many reasons.

Let’s put it this way: adding a PIN code lock to your phone doesn’t keep people locked out of your Facebook account. People, even if they don’t access your phone, can still access the Facebook account on the lock screen, because the PIN code does not secure Facebook Home.

Maybe it’s a good idea to wait to use Facebook Home, so security features can be enhanced.

 

Do you have a phone enabled with Facebook Home and a PIN code? Let me know, comment below!

Recent Hacks: NBC.com, Twitter, and Zendesk – Warnings: Tumblr, Pinterest

After dealing with multiple attacks on several sites, including Apple, Facebook, and Twitter – this being Java exploits. Now, it’s time to deal with more hacks, including NBC.com (which has been serving up malware for a day now) and Twitter. As in recent reports now, Tumblr and Pinterest have been forewarned.

The latest high profile organization that was recently hacked is the National Broadcast Company (NBC), more specifically on their website. The idea from the hackers is to use the website to infect visitors, using exploits and other JavaScript injections.

NBC.com’s hacked pages were modified to include additional HTML component called IFRAME, which is inline frame. This allows at least a 1px x 1px frame to be included independently in the webpage, which may contain malicious code. In HTML code, frames can be made to host web content. But, in the hands of the evildoers, aka cybercriminals, it is used as an effort to launch malware campaigns.

Malicious JavaScript was added to the mix, and also used the exploit kit called RedKit. It delivers one of two exploit files to try to take control of your browser.

I recognized something was wrong with NBC.com, which may have already been hacked a few weeks ago, and I posted the information on my Twitter account that a downloaded file was sent to my browser asking me to save or open it. This was on a sister site/blog, RedTape. I asked people to replicate it. The Twitter status can be found here.

What type of malware was delivered? Citadel or ZeroAccess, which are both crimeware families and botnets. They are usually part of several exploit kits.

This drive-by download situation is no good, as the pages were taken offline. Therefore, that dropped the traffic of those specific areas of the site. It is sure that this situation is a matter of cybercrime aimed at a financial side of things, not defacement or pranks.

Was it a big deal that it was NBC? No. In fact, it is sure the hackers were aimed at using a high-profile site, and apparently NBC.com was the easiest or quickest to access. Hackers rely on time and many other factors to make their approach(es).

Zendesk hacks and other various warnings

Zendesk is all about customer support…therefore no one really knows, except for those in the business of customer support. Big names use this service, which include Tumblr, Twitter, and Pinterest, among others. Hackers broke into the Zendesk systems, accessing email addresses of those big name customers, namely Twitter, Tumblr, and Pinterest.

How “pinteresting” that another hack has been born, which is related to a social network. Zendesk detailed the hack:

We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.

The companies involved made a point to tell its customers that they haven’t been hacked, but private information was stolen. Luckily, no password thievery was involved.

Obviously, an incident like this, just like the NBC.com incident, needs to be taken very seriously. Something must be done to stop the continuous hacks.

Twitter hacks additionally are nothing new. Many times, hackers used a backdoor, such as the tools the support team uses, to infiltrate the information of Twitter users. It’s not a huge gain, more possibly a waste of time.

Your Webcam: a Big Security Risk?

From spyware to hackers, even sextortionists. What is this? Webcam exploitation. It’s becoming a major security risk. Some of the latest details in different news stories show that people are taking advantage of webcams, just as many had feared in the past.

Cyber extortion

Recent reports show that male computer users in are being extorted by women through the use of webcam shows. Women are coaxed in to stripping for a specific male, and then the female ask men to strip for them back. However, the females are recording the male strip show and then using it to threaten and extort the male. The threats include sharing it on YouTube, Facebook, and other related social media. In order for the female not to post it, the male must pay her.

This has been on the reversal as well, where men do the same to women when it comes to selling the taping of a live strip.

The rules with this type of situation include that you should always be wary of strangers whom befriend you on a social network, especially if showing a sudden romantic interest in you. Usually, after the sudden onset of romantic interest, the women invite the men (or the other way around) to a webcam show. Then, the extortion takes place.

Never put yourself in a compromising position when it comes to a webcam. Keep the clothes on, as much as it is an idea to take them off…don’t do it.

If the extortionist threatens and tries to get money from you, contact the police immediately to help remediate the situation. It may be a bit embarrassing for what the person may post on a social network, however, it’ll be better if the police handle it.

Don’t click on any links to payment systems, in case any extortion occurs, or in any case of any chat system. Untrusted links could lead to malicious software and/or scam.

Is someone spying on me?

Webcams are standard equipment now, and video chat is getting to become very popular. Whether it’s the photo-megacity online, or the video-sharing extravaganza, webcams are pretty popular. Have you ever stopped to think if anyone was watching you?

Many times there are indicator lights that supplement a webcam. These tell you if any current activity is detected within the webcam. However, there are techniques that hackers can use to disable the indicator light.

What do we do? Cover up the camera with some tape, put something in front of it, etc. Hackers can’t reach in through your computer and move it, can they? No way! Therefore, grab some electrical tape or some other very dark, opaque tape to cover up the camera.

If you have a USB webcam, that gets attached to the monitor or put onto the desk, it can simply be unplugged when not in use.

If it is a built-in webcam, then the tape above will do well, or if it’s a notebook computer – close the lid when not using.

Paranoia has existed for a long time, and it is no surprise issues happen with webcams.

FBI Report: Hacker Blackmailed over 350 Women to Strip on Webcam

The FBI has taken into custody a 27-year-old man, claiming that he hacked the accounts of Facebook users coaxing hundreds of women to strip on their webcams, while watching on Skype.

The man identified by the FBI as Karen (“Gary”) Kazaryan of Glendale, CA, was arrested yesterday on federal computer hacking charges.

According to a US Department of Justice press release, Kazaryan is claimed to have broken into victims’ Facebook and email accounts, changing their passwords, and searching for naked and half-naked photographs. He also gathered personally-identifiable information from the users, including passwords, personal details, names of friends, etc.

The report details also that Karen threatened the users who did not comply to his demands of stripping, that he would post nude photos of them on their own Facebook pages. It is also reported that approximately 3,000 photos were seized from the man’s computer. The FBI believes 350 women were lead in to “sextortion”.

The FBI is urging all women who believe they might be a victim to contact the Los Angeles Field Office at +1-(310) 477-6565.

Feds Requiring All Vehicles to have Black Boxes

Federal regulators are proposing that new automobiles sold in the United States after September 2014 come equipped with black boxes, so-called “event data recorders” that chronicle everything from how fast a vehicle was traveling, the number of passengers and even a car’s location.

While many automakers have voluntarily installed the devices already, the National Transportation Safety Agency wants to hear your comments by February 11 on its proposal mandating them in all vehicles. Congress has empowered the agency to set motor-vehicle-safety rules.

Clearly, regulators’ intentions are about safety, as the devices would trigger — for about 30 seconds — during so-called “events” such as during sudden breaking, acceleration, swerving or other types of driving that might lead to an accident. The data, which can either be downloaded remotely or by a physical connection, depending upon a vehicle’s model, is to be used by manufacturers and regulators “primarily for the purpose of post-crash assessment of vehicle safety system performance,” according to an announcement in the Federal Register. (.pdf)

Read more on Wired.com

%d bloggers like this: