Facebook Add On TimeHop Has Been Pwned By Hackers…. But They Are Handling The Pwnage Better Than Most

Posted in Commentary with tags , on July 9, 2018 by itnerd

First the bad news. TimeHop has reported it has had a breach affecting its entire user base of 21 million users worldwide. The “security incident” happened on July 4th when they had a “network intrusion”  which was interrupted by internal security teams. Which is good. But clearly it was not interrupted quick enough which is bad.

Here’s the good news. The statement that they put out regarding this is the best one that I’ve seen. They go into a great amount of detail about what happened, what the company is doing about it, and what’s the go forward plan. On top of that, they also even have a glossary to explain terms that users might not be familiar with. I’m very impressed by this and other companies should use this as a template for how to communicate about a “security incident” like this because this is straight from the top shelf.

So, if you’re a user of this add on, I’d go to the statement that I linked to and see what you have to do to protect yourself. Like I said, it’s very clear and well written and you should have no issue following their directions.

Advertisements

TCS Named HP Enterprise Global Hybrid IT Solutions Partner Of The Year

Posted in Commentary with tags on July 7, 2018 by itnerd

Tata Consultancy Services which a leading global IT services, consulting and business solutions organization, was presented with Hewlett Packard Enterprise (HPE) Global Hybrid IT Solutions Partner of the Year Award.

TCS has been selected for its work as a Global System Integrator partner for HPE, helping to facilitate successful go-to-market motions and joint go-to-market solutions by increasing revenue and minimizing competition. TCS has also engaged with HPE in creating meaningful, solutions and offerings on Aruba, Synergy and HANA as a Service, among others.

TCS has been a HPE partner for more than three decades, and has made significant investments with HPE including Centers of Excellence for IT infrastructure management, assurance, security, and converged systems, to ensure employee skills and competencies are aligned to market drivers and technology trends. HPE’s technology leadership is complemented by TCS’ deep domain experience, contextual knowledge, delivery process quality, investments in R&D, repeatable solution assets, and a flexible global resource base.

Hewlett Packard Enterprise (HPE) announced winners of the 2018 HPE Partner of the Year Awards at its annual Global Partner Summit in Las Vegas. Winners were recognized for outstanding performance and accomplishments, and for driving meaningful business results for shared customers.

Guest Post: NordVPN Discusses The EU’s Proposed Copyright Directive

Posted in Commentary with tags on July 6, 2018 by itnerd

EU lawmakers are planning to pass an obscure Copyright Directive that might have a massive impact on how Europeans use the internet. There are many objections against the directive, including Spanish and Italian Wikipedia’s that blacked out on Tuesday in protest. The online encyclopedia says the Copyright Directive will severely restrict internet freedom.

The Copyright Directive claims to protect intellectual property and includes regulating the illegal streaming and downloading of pirated movies and music.

“The general intention of the directive is well meaning. However, the vague wording of the law means that it may be applied to an extremely broad range of cases,” said Ruby Gonzales, Communications Director at NordVPN. “For instance, the Copyright Directive may extend the rights of publishers to charge for the snippets of news articles that appear under search results. It is also going to force websites to scan all content being uploaded – to YouTube and elsewhere – and automatically block anything that might infringe copyright.”

AI filters that all websites will have to implement are very bad at detecting the nuanced difference between plagiarism and the concept of fair use, satire, or derivative works.

“If this Directive passes, we may lose the ability to share an article on Facebook or find it via Google. In fact, Wikipedia might have to close down,” said Ruby Gonzalez.

NordVPN encourages internet users to visit savetheinternet.info to sign their petition and see what the next step could be in defeating this proposal.

 

#PSA: Do You Have A Browser Extension Called Stylish Installed In Chrome Or Firefox? Uninstall It NOW!

Posted in Commentary with tags on July 5, 2018 by itnerd

There’s a popular extension called Stylish which was once a great way to remove annoying features from websites—trending topics on Facebook, say, or that annoying bar that follows you as you scroll on Medium. To do this Stylish, the browser extension, needs access to every website you visit. But it also trolls and steals your browser history. In short, it’s spyware. And here’s what  Robert Heaton has to say about it on his personal blog:

Unfortunately, since January 2017, Stylish has been augmented with bonus spyware that records every single website that I and its 2 million other users visit. Stylish sends our complete browsing activity back to its servers, together with a unique identifier. This allows it’s new owner, SimilarWeb, to connect all of an individual’s actions into a single profile. And for users like me who have created a Stylish account on userstyles.org, this unique identifier can easily be linked to a login cookie. This means that not only does SimilarWeb own a copy of our complete browsing histories, they also own enough other data to theoretically tie these histories to email addresses and real-world identities.

As a result, Firefox has taken steps to ban the extension from its addons site and prompt all users to disable it. Google has done the same thing. Now the data that this addon shares is anonymized, but that’s still scary.

I try not to use browser add ons as I am always afraid of this sort of thing happening. Now it looks like my paranoia isn’t paranoia after all.

Google Confirms That Third Party Apps Can Read Your Gmail…. And They Say You Shouldn’t Worry…. Sure

Posted in Commentary with tags on July 4, 2018 by itnerd

I’m not the least bit reassured by Google’s response to this story on the fact that third party apps have the ability to read your Gmail. In a blog post that was clearly meant as an attempt at damage control, Google among other things said this:

A vibrant ecosystem of non-Google apps gives you choice and helps you get the most out of your email. However, before a published, non-Google app can access your Gmail messages, it goes through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does.

So in short, it’s saying that apps do have the ability to read your Gmail. But there’s nothing to worry about because Google is out to protect you. Okay. That’s nice on paper. But it doesn’t make me feel better as they haven’t addressed the core issue. As in why do these apps have the right to read your email in the first place? And by not directly addressing it, it makes Google look no better than Facebook who as we all know has “issues” with third parties accessing user data. Thus I would strongly suggest that Google needs to come up with a much better answer to that question and come up with it now.

aLTEr LTE Based Attack Is In The Wild And Is Unpatchable

Posted in Commentary with tags on July 3, 2018 by itnerd

If you use a smartphone on an LTE network, which means that I’m talking about everyone who is reading this, there is an upatchable flaw in the LTE standard that can allow an attacker to snoop on your browsing habits and redirect you to spoofing sites that could snatch your login credentials among other things.

The attack is called aLTEr and it was discovered by David Rupprecht, Katharina Kohls, Thorsten Holz and Christina Pöpper from Ruhr-Universität Bochum and New York University Abu Dhabi. Rather than explain this attack to you, you should watch this video instead:

The attack may be out there. But it isn’t likely to be widespread for the following reasons:

  1. You need about $4000 worth of gear to build yourself a fake cell tower to pull this off. That means the average 12 won’t be doing this. But an intelligence agency would try this.
  2. You have to be within a mile of the intended victim. Again an intelligence agency targeting a specific victim would try something like this.

There’s no way to stop it because fixing it requires the LTE standard to be overhauled. Which isn’t going to happen with 5G networks on the horizon which apparently protect one from this sort of attack. The best you might be able to do is to only surf to https encrypted sites. But that may not be a guarantee. Thus you might want to double check and triple check what you’re surfing on LTE to so that you stay safe.

Feds Ramp Up Probe Of Facebook

Posted in Commentary with tags on July 3, 2018 by itnerd

The Department of Justice along with several other federal agencies are combining forces to investigate Facebook in relation to the Cambridge Analytica scandal.  The Washington Post reported that the following agencies are involved:

  • The Securities and Exchange Commission
  • Federal Trade Commission
  • Federal Bureau of Investigation

This can only be bad news for Zuckerberg and company as the feds don’t just investigate stuff for fun. And they rarely walk away empty handed. And the fact that this many agencies are looking at the social network should set off alarm bells at Facebook HQ. What’s going to really worry Zuckerberg is that the investigation is being broadened to focus on Facebook’s statements following the scandal and whether its disclosures to both the public and its investors were “sufficiently complete and timely,” according to the Post. Not good if you’re Zuck as that could include stuff he said, or didn’t say to Congress.

Perhaps the world won’t have to decide to #DeleteFacebook. The feds may take care of that for the planet.