Pete Recommends – Weekly highlights on cyber security issues April 28, 2019

Subject: Huawei: Chinese spies or trustworthy 5G industry partner?
Source: Special to USA Today
https://www.usatoday.com/story/tech/2019/04/19/huawei-chinese-spies-trustworthy-5-g-industry-partner/3522340002/SHENZHEN, China – Depending on whom you believe, Huawei is either a key provider of cellular equipment and a critical partner in the transition to 5G. Or an agent of the Chinese government, wittingly or unwittingly building out the global power’s next-generation intelligence and cyber-warfare network.So which is it?There’s little doubt as to the first claim. Huawei, headquartered here, is the biggest cellular equipment supplier, nearly as large as the next two providers, Nokia and Ericsson, combined. The company’s gear is integral to many 4G and emerging 5G networks around the globe. Which means industry leaders’ aggressive timetable for outfitting the world with 5G simply isn’t possible if Huawei (pronounced WAH-way) doesn’t participate.


Subject: Cyberspies Hijacked the Internet Domains of Entire Countries
Source: WIRED
https://www.wired.com/story/sea-turtle-dns-hijacking/

The discovery of a new, sophisticated team of hackers spying on dozens of government targets is never good news. But one team of cyberspies has pulled off that scale of espionage with a rare and troubling trick, exploiting a weak link in the internet’s cybersecurity that experts have warned about for years: DNS hijacking, a technique that meddles with the fundamental address book of the internet.

Researchers at Cisco’s Talos security division on Wednesday revealed that a hacker group it’s calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the process, they went so far as to compromise multiple country-code top-level domains—the suffixes like .co.uk or .ru that end a foreign web address—putting all the traffic of every domain in multiple countries at risk.

filed under Security: https://www.wired.com/category/security/
RSS: https://www.wired.com/feed/security/rss


Subject: Lawmakers Want To Protect People From Smart Home Security Breaches
Source: Digital Trends
https://www.digitaltrends.com/home/smart-home-security-breach-protection-oregon-california/

As internet-connected devices are getting more and more popular, lawmakers are looking at new ways to help protect consumers — and ensure their data isn’t being put at risk by the companies that hold it.

At the federal level, there have been a number of attempts to add regulations that would protect owners of internet of things devices. The , introduced last month by Senator Mark Warner of Virginia, would create new requirements for internet-connected devices. The details of the bill are a bit sparse, but it would require the National Institute of Standards and Technology to develop new recommendations for device makers to follow. Those rules would aim to shore up some of the cybersecurity shortcomings that currently plague internet-connected devices, like easy-to-guess default passwords that put millions of products and the households that have them at risk.

“The IoT Cybersecurity Improvement Act attempts to … provide light-touch guidance and security requirements for IoT devices to protect the industry and ultimately the consumer,” wrote North Carolina Rep. Ted Budd, a co-sponsor.

filed under https://www.digitaltrends.com/home/
RSS: https://www.digitaltrends.com/home/feed/


Subject: How to Detect Hidden Surveillance Cameras With Your Phone
Source: How-to-Geek
https://www.howtogeek.com/411095/how-to-detect-hidden-surveillance-cameras-with-your-phone/

A family recently discovered a rude surprise at their Airbnb: a hidden camera disguised as a smoke detector in the living room. Here are two ways to check for cameras—in an Airbnb or elsewhere—using only an iPhone or Android phone.

Manufacturers design cameras disguised as other everyday objects, like smoke detectors, clocks, USB hubs, even wireless chargers. These can be used for legitimate reasons in your own home—for example, to hide a camera a burglar can’t find or to monitor a nanny with that person’s consent. But how do you ensure someone isn’t targeting you with a hidden camera? With a single app and your phone’s camera, you can do a sweep for hidden cameras when you check in.

There are two ways to scan for cameras with your phone. First, if you have access, you can scan the Wi-Fi network for devices that look like cameras. But this will only find cameras connected to the network. Second, you can search for night vision cameras using your phone’s camera. If a hidden camera isn’t connected to the network and doesn’t have night-vision capabilities, neither method will spot it—but these tricks should spot most cameras.


Subject: These are the most commonly hacked passwords – is one of them yours?
Source: ZDNet
https://www.zdnet.com/article/these-are-the-most-commonly-hacked-passwords-and-theyre-embarrassingly-weak/

By far the most commonly used password revealed in data breaches is ‘123456’, with 23.2 million accounts using this password – made up of the first six numerical keys across the top of a keyboard; 7.7 million users went the whole hog and used almost all the numerical keys, opting to use ‘123456789’ as their password.

The remainder of the top five most commonly used passwords are each used by over 3 million users who’ve fallen data breaches – ‘qwerty’ appears 3.8m times, ‘password’ appears 3.6m times and ‘111111’ appears 3.1 million times.

Many of the top 50 most used passwords – almost all of which are used by over half a million people – are based around basic ideas, like being made up a simple series of numbers, or the same number repeated six or seven times.

Passwords ‘iloveyou’, ‘monkey’ and ‘dragon’ are among the top 20 most used, while ‘myspace1’ is ranked 26th on the list with 735,980 users selecting it as their password – it’s likely that they selected this as their password for MySpace, even if many have long forgotten about their account on the early social network.

RSS feed for security: https://www.zdnet.com/topic/security/rss.xml


Subject: Why You Should Use a Password Manager
Source: Fortune via beSpacific
https://www.bespacific.com/why-you-should-use-a-password-manager/

Fortune: “…Some popular products include LastPass, 1Password, Dashlane, RoboForm, Keeper Security, KeePass, and Sticky Password. Most of these work similarly. You use the software to generate a secure password for specific websites. That password and your username are stored in the program’s vault or database on your computer and potentially in the cloud. When you need to open a site,

beSpacific Subjects: Cybercrime, Cybersecurity, E-Mail, Internet
Fortune topics: http://fortune.com/tag/password-managers/

[shh, don’t tell Fortune about RSS 😉 /pmw1]


Subject: ‘They think they are above the law’: the firms that own America’s voting system
Source: US news | The Guardian
https://www.theguardian.com/us-news/2019/apr/22/us-voting-machine-private-companies-voter-registration

In the second of a two-part series: How a few private companies that have little oversight and keep information secret run US elections

A corner of the computer security world has been sounding the alarm since voting machines were adopted after the punch-card disaster of the 2000 election recount in Florida. Now lawmakers, election officials and national security experts are joining in on the clamor after Russian agents probed voting systems in all 50 states, and successfully breached the voter registration systems of Arizona and Illinois in 2016.

Topics

RSS https://www.theguardian.com/us-news/us-politics


Subject: FBI Releases the Internet Crime Complaint Center 2018 Internet Crime Report
Source:  FBI’s Internet Crime Complaint Center (IC3) via beSpacific
https://www.bespacific.com/fbi-releases-the-internet-crime-complaint-center-2018-internet-crime-report/

The FBI Alerts the Public to Trends in Internet Crime and Offers Prevention Tips – “The FBI’s Internet Crime Complaint Center (IC3) 2018 Internet Crime Report includes information from 351,936 complaints of suspected Internet crime, with reported losses in excess of $2.7 billion. The top three crime types reported by victims in 2018 were non-payment/non-delivery, extortion, and personal data breach. In addition to the 2018 statistics, the report contains information about the IC3, the FBI’s work in combating Internet crime, and the most prevalent scams. The IC3 provides the public with a reliable and convenient mechanism to report Internet crime. The IC3 categorizes and analyzes the data to identify and forecast trends to promote public awareness of emerging and ongoing cyber threats. Since its inception in 2000, the IC3 has received a total of 4,415,870 complaints. The quality of the data is a direct reflection of the information the public provides through the IC3 website…”

beSpacific Subjects: Cybercrime, Cybersecurity, Internet, Legal Research

ICS News RSS (doesn’t appear to have much news PR):
https://www.ic3.gov/rss/news.xml

NB


Subject: How Big Tech’s cozy relationship with Ireland threatens data privacy around the world
Source: Politico
https://www.politico.com/story/2019/04/24/ireland-data-privacy-1270123

How Big Tech’s cozy relationship with Ireland threatens data privacy around the world. The GDPR is the world’s toughest standard for data privacy. But nearly a year later, its chief enforcer has yet to take a single action against major tech firms like Facebook and Google.

Last May, Europe imposed new data privacy guidelines that carry the hopes of hundreds of millions of people around the world — including in the United States — to rein in abuses by big tech companies.

Almost a year later, it’s apparent that the new rules have a significant loophole: The designated lead regulator — the tiny nation of Ireland — has yet to bring an enforcement action against a big tech firm.

Now, data-privacy experts and regulators in other countries alike are questioning Ireland’s commitment to policing imminent privacy concerns like Facebook’s reintroduction of facial recognition software and data sharing with its recently purchased subsidiary WhatsApp, and Google’s sharing of information across its burgeoning number of platforms.

This article tagged under:


Subject: Privacy settings can help ease suspicion of recommendation-making sites and apps
Source: Penn State University News Release
https://news.psu.edu/story/571234/2019/04/25/research/privacy-settings-can-help-ease-suspicion-recommendation-making

UNIVERSITY PARK, Pa. — When people see that they can control their privacy settings on websites and apps that offer entertainment or product recommendations, they tend to be more trusting of those sites, according to researchers.

In a study, a mock-up of an online movie recommendation system that merely suggested that users could customize privacy settings tended to boost their sense of control, which eased their privacy concerns about the site. The participants did not have to physically make those adjustments to feel that sense of control, said S. Shyam Sundar, James P. Jimirro Professor of Media Effects, co-director of the Media Effects Research Laboratory in the Donald P. Bellisario College of Communications and affiliate of Penn State’s Institute for CyberScience (ICS).

“This cue, itself, is actually quite powerful in providing a sense of control and lowering privacy concerns,” said Sundar.

While these cues could be used ethically by companies that want to improve user experience, Sundar said that people should be aware that malicious organizations might exploit the bias to lower a person’s guard in order to extract personal data.

While this study focused on how privacy settings affected users on online movie recommendation sites, future research could look at recommendation systems for other content types and services.

Topics
Research, Science and Technology, Society, Arts and Humanities

Tags
media, media effects, online privacy

Posted in: Cybersecurity, Mobile Technology, Privacy, Spyware, Technology Trends
CLOSE
CLOSE