There has been lots going on recently, so let’s jump right into the news…
Please Patch Your Microsoft Systems With The Latest Security Updates Asap
The Microsoft Security Response Center is strongly urging users to patch their operating systems as soon as possible. The vulnerability, which lies in the Windows Remote Desktop Protocol (RDP), can be exploited without you doing anything at all, as long as your systems is online, and can be used to spread self-replicating malware.
So please patch ASAP…
Google Has A Ton Of Ways Of Tracking You – Here’s How To Stop It
This is something we touch on quite a bit in the cyber security training modules, which is that Google keeps a LOT of tabs on what you’re up to when using its Android phones, various apps such as Chrome, as well as its many services e.g. Maps, Gmail etc. Here is a valuable article by @Wired that goes into detail on the various ways you can stop all of this tracking, in its tracks, so to speak 🙂
Google Has A Secret Page That Records All The Things You’ve Bought Online
Speaking of Google and its omnipotent tracking abilities, @Buzzfeed has uncovered a very hidden page in one’s Google account profile, where they will see that Google has been tracking all the purchases
Buzzfeed says “Google also raids your Gmail account for signs of transactions, and collects them all on a separate webpage for your account. It includes Amazon purchases, subscriptions, tickets, really anything for which you got an emailed receipt. There’s no easy way to delete that history, other than deleting receipts from your email or ticking through them one at a time on your Purchase page. Check out the article here:
Quest Diagnostics Announced They Were Part Of A Huge Data Breach
Quest Diagnostics, an American clinical testing lab that handles many patients lab testing and results, has said they were part of a massive data breach that occurred through a third-party billing service, the American Medical Collection Agency, that has affected up to 12 million patient billing records. According to them, they believe the information potentially stolen by the hackers includes “personal information, including certain financial data, Social Security numbers, and medical information, but not laboratory test results.” The investigation is in its early stages right now, but more information can be found here:
Apple Unveils Privacy-Focused Authentication System
Apple announced a new “Sign in With Apple” service, which allows one to log into 3rd party apps and websites using their Apple ID, as opposed to using a Google or Facebook ID (which, as we cover in Module 22 Internet Data Privacy, opens you up to a security and privacy issues). You can sign in using your Face ID, and if “apps request the user’s name and email address, the new sign-in system allows them to hide the real email address and instead provide a randomly-generated address from where emails are forwarded to the user.” Pretty cool if this rolls out nicely later this year. Read more info here:
Facebook Says The 5% Of All Their Accounts Are Fake
Facebook said it recently disabled billions of fake accounts set up by what they call “bad actors” and that 5% of all FB accounts are likely fakes. They also said they removed 2.19 billion accounts in the first quarter of this year, which is an insane number when you think about how many accounts “bad actors” are trying to create. Remember, these accounts are being created so they can either social engineer us into doing something dangerous, or hack our minds so that they can change our political discourse for instance.
CloudFlare’s 188.8.131.52 App Will Prevent Your ISP/Mobile Carrier From Tracking And Selling Your Web History To 3rd Parties
For the past few years, Congress has allowed ISPs to collect data about customer traffic for marketing purposes. Basically they can see all the websites you visit, push ads at you, or even sell that data to 3rd party companies. But you can block this snooping by either
A) using a VPN service (which we discuss in the Encryption Module 22)
B) use CloudFlare’s free 184.108.40.206 DNS service (DNS stands for Domain Name Systems, and it is the protocol your browser uses to find the website you are trying to visit).
By using this service, you’re basically using CloudFlare’s DNS service, rather than your own ISPs, and CloudFlare is not known for selling your data to these 3rd party firms. Moreover, changing your DNS is actually pretty easy. On your mobile device simply download and run their official 220.127.116.11 app and you’ll keep more of your web-browsing data out of your ISP or mobile provider’s prying eyes. You can also set up your computer to use CloudFlare’s 18.104.22.168 DNS service. The steps can be found here for Mac and Windows:
Facebook’s Co-Founder Says Its Time To Break Up Facebook
There has been a LOT of talk lately in government and industry, about Facebook being too big and powerful for its own good, and that it really should be broken up. Remember, Facebook also owns Instagram and WhatsApp, and altogether has insights into billions of profiles, communications, likes, interests etc. And because of the horrendous number of security and privacy debacles Facebook has endured in the past year, more sand more people are saying it’s time to break top and regulate. This includes Facebook’s co-founder Chris Hughes that says he is “disappointed in myself and the early Facebook team for not thinking more about how the News Feed algorithm could change our culture, influence elections and empower nationalist leaders. And I’m worried that Mark has surrounded himself with a team that reinforces his beliefs instead of challenging them. He has too much power.”
He goes on to say “Mark’s influence is staggering, far beyond that of anyone else in the private sector or in government. He controls three core communications platforms – Facebook, Instagram and WhatsApp – that billions of people use every day. Facebook’s board works more like an advisory committee than an overseer, because Mark controls around 60 percent of voting shares. Mark alone can decide how to configure Facebook’s algorithms to determine what people see in their News Feeds, what privacy settings they can use and even which messages get delivered. He sets the rules for how to distinguish violent and incendiary speech from the merely offensive, and he can choose to shut down a competitor by acquiring, blocking or copying it.”
Its a very interesting read over at @Wired, so check it out:
4 Of The Best Password Managers Explained
@Wired also has a great write up of the 4 most popular password managers, as well as the pros and cons of each. As we discuss in Module 19 Password Management, using a solid password manager is one of the most best cyber security practices you can follow! It’s well worth the read:
Apple iOS Is So Locked Down, It’s Close To Impossible For A Regular User To Figure Out If Their iPhone Has Been Hacked
@Vice has an eye-opening article that explains that because Apple’s iOS operating system is so locked down, that “as of today, there is no specific tool that an iPhone user can download to analyze their phone and figure out if it has been compromised. Moreover, iOS is so locked down that without hacking or jailbreaking it first, even a talented security researcher can do very little analysis on it”. Jailbreaking is the term used when someone goes around the protections Apple has put in place to prevent us from running ‘unapproved’ apps and code on their devices. But there are a number of things you can still do to determine if you phone might have malicious code running on it.
Please be safe out there everyone.