Pete Recommends – Weekly highlights on cyber security issues November 11 2018

Subject: Guide to Privacy Resources 2019
Source: Marcus P. Zillman via LLRX

This guide is a comprehensive listing of free privacy applications, tools and services that users may implement across multiple devices. These applications are from a range of sources that include small and large tech companies as well as subject matter specific websites. The focus of this article is on the latest technology and information that allows users to: (1) target privacy issues and (2) implement various types of privacy protection that span email, phone calls, chats, text messages, web browsing, computer drives and files, networks, collaboration spaces, and your photos.

It is critical that users remain vigilant regarding privacy issues and to understand that it is increasingly the responsibility of the user/customer to actively identify and exercise controls (and to follow those controls applied in the workplace) to limit, block or otherwise curtail access to your organization’s network, as well as to your personal data, email, social media, personal identifying information (PII), search histories, IM/chats, e-commerce transactions, and identity management actions.

Each of us must take the time to determine the risks that are present in our use of the web, and proactively implement services to add requisite layers of defense against malicious actors as well as organizations that are aggregating our data outside the scope of our knowledge. The uses of aggregated data include: marketing and sales, spam, phishing, and to undermine legitimate communications between individuals, teams, groups, organizations. The resources in this guide are in a sense a pick-list from which you may choose based on whether online privacy is a matter that is important enough to spend time exploring your options from among the many tools available. In addition, you must determine whether you will accept a certain level of inconvenience to implement security protections that may in some measure slow down the speed of your internet connection.

Posted in: Computer Security, Cybersecurity, Email Security, Encryption, Privacy, Social Media, Viruses & Hoaxes

RSS feed example for the PRIVACY category:

Subject: Truth decay, fake news, disinformation, Russian propaganda, science, misinformation, Facebook, business
Source: Homeland Security Newswire

Truth decay – Mathematicians to help solve the fake news voting conundrum. Published 2 November 2018.

With the American midterm elections around the corner, rumors of a U.K. general election in the winter, and a potential second referendum on Brexit, mathematicians have produced a mathematical model that details the impact of fake news on voting behavior.

In a paper posted to arXiv, Professor Dorje Brody and Dr David Meier reveal a mathematical definition of fake news which they hope will give lawmakers the clarity needed to combat it. The researchers have also introduced a model for fake news that can be used to conduct comprehensive scenario analysis and impact studies.

Brody and Meier present approaches for modelling and categorizing different types of voters based on how they handle fake news. Perhaps the most striking result is that a degree of awareness and sophistication is enough to mitigate the impact of fake news, even if people cannot say precisely which pieces of news are fake.

The spreading of deliberate disinformation (fake news) can best be understood in the context of communication theory. Surrey says that Brody and Meier realized that fake news can be modelled in the form of biased noise – in contrast to noise in conventional communication channels, which is unbiased. With their model, it is now possible to ask quantitative questions such as: What is the likelihood of flipping the election outcome if false stories are released with a given frequency?

Other CyberSecurity articles:

Subject: Two botnets are fighting over control of thousands of unsecured Android devices
Source: ZDNet

Researchers spot Trinity and Fbot botnets trying to infect Android devices via the ADB interface.

Two botnet gangs are fighting to take control over as many unsecured Android devices as they can to use their resources and mine cryptocurrency behind owners’ backs.

The turf war between these two botnets –one named Fbot and the other named Trinity– has been going on for at least a month if we’re to combine the various clues from reports published by different cyber-security firms.

Both are in direct competition and are going after the same targets, namely Android devices on which vendors or owners have left the diagnostics port exposed online.

This port is 5555, and it hosts a standard Android feature called the Android Debug Bridge (ADB). All Android devices support it but most come with it disabled.

But while ADB is disabled on hundreds of millions of devices, there are tens of thousands where this feature has been left enabled, either by accident during the device’s assembly and testing process or by the user after he used the ADB to debug or customize his phone.

Making matters worse, in its default configuration, the ADB interface also doesn’t use a password. Once the ADB port is enabled and the device is connected to the internet, the ADB feature acts as a permanent wide-open backdoor to vulnerable devices.

Related coverage:

RSS feed for ZDNet Security:

Subject: Paper – Browser history re :visited
Source: via beSpacific

Browser history re:visited. [13-page PDF] Michael Smith, Craig Disselkoen. Shravan Narayan, Fraser Brown, Deian Stefan.

Abstract  – “We present four new history sniffing attacks. Our attacks fit into two classical categories—visited-link attacks and cache-based attacks—but abuse new, modern browser features (e.g., the CSS Paint API and JavaScript bytecode cache) that do not account for privacy when handling cross-origin URL data. We evaluate the attacks against four major browsers

Subject: Chrome 71 Will Block Ads on Sites With ‘Abusive Experiences’
Source: Digital Trends

Google is looking to foil ads that trick, deceive, and hoodwink web users by blocking them entirely. Starting with the Chrome 71 release slated for December, the browser will automatically remove any ads on certain sites which deliver “consistent abusive experiences.” Website owners concerned that they might be caught up in this ad-blocking program can use Google’s new Abusive Experiences tool to determine if their sites will trigger it.

Such protections will not extend to those using alternative browsers, of which there are a few. Mozilla’s Firefox recently introduced better tracking protection of its own, targeting adverts that use trackers to glean information from web users that they might not otherwise be happy sharing.

Subject: Powerful Data Privacy Legislation Drafted by Oregon Senator Ron Wyden
Source: Digital Trends

Data privacy has been a hot topic this year, with the introduction of the General Data Protection Regulation (GDPR) legislation in Europe. The GDPR obliged tech companies to be more transparent about what user data they were collecting, and to give users options to view or delete their data. But legislation in the U.S. has not kept pace, with a lack of political will to crack down on data abuses by big tech companies.

Now, one Democratic senator from Oregon, Ron Wyden, wants to change that. He has drafted a data privacy bill for the U.S. that proposes sweeping changes to data laws to make data use more transparent and accessible to customers. Called the Consumer Data Protection Act, the bill aims to protect Americans’ privacy by giving customers more control over the sharing or selling of their data, and by giving the Federal Trade Commission (FTC) the power to set privacy and security standards and to impose fines on companies that fail to protect data.

Editors’ Recommendations

Digital Trends RSS feed for Computing:

Subject: U.S. Bancorp used dark web experts to beat back cyberattack
Source: Minneapolis / St. Paul Business Journal

Banks face all sorts of threats from the so-called dark web, the portion of the Internet that’s largely anonymous and invisible to most users. But now financial companies are bringing dark-web resources on their side.

The Wall Street Journal reports on the growing use of undercover researchers, sometimes posing as cybercriminals, as a way to spot computer network attacks and malware threats ahead of time. The story specifically calls out Minneapolis-based U.S. Bancorp (NYSE: USB) and San Francisco-based Wells Fargo & Co. (NYSE: WFC) — though presumably others are using these vendors, too.

Other Banking & Fin. Serv. articles:

Subject: Watch Out for This New Banking Scam
Source: LifeHacker

Receive a text from your bank letting you know your account’s been locked? You might want to think twice before following its instructions.

That’s because scammers are using a combination of fake texts and cardless ATMs to steal thousands of dollars from unsuspecting people, according to Krebs on Security. The scam’s made them a killing in a fairly short window of time: Per Krebs, scammers have stolen $68,000 from around 125 Fifth Third Bank customers in Illinois, Michigan and Ohio in fewer than two weeks.

Subject: Midterms 2018: Who paid for that Facebook ad? It’s not always clear
Source: USA Today Politics

After ads on the social network were used to spread disinformation and divisive Russian propaganda during and after the 2016 presidential election, Facebook tightened its policies around political ad buying.

Any people or groups who want to buy political ads on Facebook are required to verify their identities and prove they have a mailing address in the U.S. The ads, whether they are targeted at political campaigns or discuss issues of national importance, are kept in a searchable database for seven years, offering a rare glimpse into how political campaigns target Facebook users.

Subject: Browser Extensions: How to Stay Safe
Source: Consumer Reports

Hacked Facebook messages should remind people to use caution when downloading and using extensions, experts say.

A recent leak of private Facebook messages, primarily in Europe, should remind consumers to be cautious when downloading and using web browser extensions, security experts say.

That’s because Facebook says the data loss didn’t stem from a security breach of the social platform itself but rather from an extension people had loaded onto their computers.

“We believe this information was obtained through malicious browser extensions installed off of Facebook,” Guy Rosen, Facebook vice president of product management, tells Consumer Reports. “We have contacted browser makers to ensure that known malicious extensions are no longer available to download in their stores and to share information that could help identify additional extensions that may be related.”

Subject: Billions of Robocalls – Industry & Regulatory Solution
Source: Consumer Reports

The number of robocalls Americans receive has reached epidemic proportions. A record 5 billion-plus robocalls were placed in the month of October alone, according to the latest tally by YouMail, a robocall blocking and tracking company—a significant increase from just the month before.

At the rate they are growing, the total number of robocalls placed in 2018 could reach 50 billion, eclipsing 2017’s record—by 20 billion calls, YouMail says.

“Every time we think the robocall epidemic has peaked, it turns out it hasn’t,” says YouMail CEO Alex Quilici.

More On Robocalls:

Relief From Spoofed Robocalls Is on the Way
Scam Alert: Fake Calls From Social Security
State Attorneys General Push for Faster Action to Fight Robocalls
Robocalls and Scams Are Now One-Third of All Calls, Report Says
Consumers Union Campaign to End Robocalls

Posted in: Congress, Cybercrime, Cybersecurity, KM, Privacy, Social Media