Internal documents show that the social network gave Microsoft, Amazon, Spotify and others far greater access to people’s data than it has disclosed.Source: As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants
In this New York Times article they discuss FaceBook sharing your personal information with 3rd parties. This is probably not a surprise to anyone in IT, but you may not realize how much data they share and with whom. Two of the companies have links to the Russian and Chinese government. You may not care if Microsoft has your info or Apple, but how do you feel about a Russian search engine being able to tell who & what you like, where you are and even possibly information in private messages. All while trying to effect the outcome of a presidential election. In their research the NYT finds that permissions were given above what was needed and they weren’t monitored or rescinded when there was no longer a need. I encourage you to read more on the link below.
Your (Fill in name of device here) is Not immune from attack. Even the iPhone. There are many vectors for attacking an iPhone. One that uses WiFi (scary) was recently patched. Update your iOS Device now. The iPhone is still my phone of choice and is much less susceptible to attack than say Android. But it like any other platform is still subject to attack. So the saying “semper vigilans” is a good rule where technology is concerned. Don’t trust unknown sources, networks, people, devices, cables, etc. This means Don’t let people play with your phone, don’t give out your pin, don’t connect to that Free hotspot, don’t plug into some unknown charging cable/port and ALWAYS stay up to date on your patches. If you don’t patch the holes that the experts work so hard to plug just become a bullseye for those looking for a weakness. Each flaw gets published and when it’s not repaired it’s almost a road map of how to compromise your device. Here are a few articles to get you started. the Register: No one still things iOS is invulnerable to malware, right? CBSNews about the WiFi Exploit: If you use Wi-Fi on your iPhone or iPad, get this security update
If you are viewing a post from a mobile device pay close attention to the URL. A new(ish) exploit method simply uses a bunch of — (Dashes) to obscure part of the address. The article specifies Facebook but this same technique would work with other sites as well. The key is to be ever vigilant. Read more here: https://www.techworm.net/2017/06/facebooks-new-phishing-scam-pads-urls-hyphens.html
A Bug allows a malicious website or link to crash Windows 7 and 8.1 computers. The Temporary Solution? Use Chrome to Browse the net, not Internet Explorer (IE) or FireFox as both are susceptible. Read more below on the Register. Master File Table Exploit
I remember way back to the Nimda virus. I had a client get infected within a minute of connecting it to the internet. He had an unpatched system and was connecting it to download the service pack that eliminated this particular exploit. Rather than download the patch to a system that was already safe, he thought he’d save time and download it directly to the unpatched system. The issue in his case was he was leaving shiny new bike unlocked while going into the store to buy a lock. You might be lucky, but on the internet everywhere is a bad neighborhood. In short, DO NOT connect ANY device to the internet before you at least change it’s default password. DO NOT connect it directly unless it itself is a firewall/router, do it behind a firewall and if you are unfamiliar with any of this call the company’s toll free support number just to be safe. Or call us of course. Read more on this story on NetworkWorld below: IoT security camera infected within 98 seconds of plugging it in
Permit me a slight rant.. Knowledge is very important to make informed decisions on your life. What products to buy, what roads to take, how to keep your family safe, what politicians to vote for, etc. Knowledge is important to your daily life and your ability to make informed decisions effects everything you do. Now enter companies like Disinfomedia. A company specifically formed to lie to you. To provide realistic stories that are false. Not opinion pieces/Editorials, Not satire like TheOnion.com, but lies intended to deceive the public. This company registered domain names similar to trusted organizations like USAToday.com and WashingtonPost.com by adding a .co at the end. Then proceeded to make stories look official while deceiving those reading them. These sites got millions of views, posted completely false stories and were believed by who knows how many people. Possibly effecting public policy (he brags about laws passed based on his misinformation) and possibly even the presidential election. My opinion? He should be prosecuted. These aren’t opinion pieces he published, they are Libelous, Slander, or Defamation cases (my opinion), at best he is spoofing the good names of sites like USAToday, etc and they should sue him for that. Judge for yourself. You can read more on NPR.org: We Tracked Down A Fake-News Creator In The Suburbs. Here’s What We Learned
What does a Linux Security Hole look like? Well, something like this. Never drop to a command shell when you have an error. This is a debugging technique ONLY and should never end up in production code. Especially with Root level access. Read More here: ZDNet: Major Linux security hole gapes open Security Doc Info Here: CVE-2016-4484
A zero day hack has been used against a human rights activist. In this case it was unsuccessful because rather than clicking on the link, he did what you should do, he forwarded it to security experts that uncovered the exploit. Read more about it on Network World here: NetworkWorld iOS Zero Day Hack Found
Wondering about Padlock? You should! It’s touted as a “Serious Flaw” in SMB variations of which are used in Linux, Windows and yes even Mac. What does the flaw exactly do? We don’t know that yet. But the company that discovered the flaw has also been writing the effected code for the last decade. So the question is… Are they just finding one of their own mistakes now and using it as a marketing tool to draw more business. Either way, we won’t know until the details are released on April 12th. No word on wether or not software manufactures will have the patch available by then though. Read more on Wired Below.
A web site and logo created to draw attention to the mysterious bug is instead drawing criticism for the people who discovered the flaw.Source: Hype Around the Mysterious ‘Badlock’ Bug Raises Criticism