Tuesday, July 07, 2020

Let's start paying attention to security with contact tracing

The Federal Trade Commission warns the public to be vary of spam SMS text messages purporting to be contact tracers, and of fake calls.  Local health departments will announce how their calls will be identified on smart phones.  The same goes for email. 

Soon we will need a discussion of security for voluntary apps (mandatory in many Asian countries) advising you when you have been proximate to a suspected infected person.

Friday, June 26, 2020

Russian hackers could target "work from home", especially tech support companies handling users

A hacking group from Russia calling itself “Evil Corp” is targeting major companies with workforces at home, sometimes with ransomware attacks, the New York Times reported (David Sanger and Nicole Perlworth).  

There are also concerns the group will attack election systems.

The problem is complicated by the fact that in some companies, employees use their own computers at home, and home networks may be less secure (although some innovative employees may actually have better security).

This would be particularly worrisome for tech companies where support at home works with user-generated content, or with hosting companies.

Working from home must continue for a long time, as many states are having surges in their new coronavirus infections.

Thursday, June 25, 2020

Surveillance "self-defense" for protesters

Protesters are learning that tech companies are collecting data on their demographics (in detail), by picking up their smart phone signals and scraping other databases, as Caroline Haskins reports for BuzzfeedNews. 

One of these companies, Mobilewalla, produced a detailed report with all kinds of pie charts, link. A large proportion of protesters for Black Lives Matter are actually young adult white males. 

Electronic Frontier Foundation has two recent papers on surveillance for protesters:  "SurveillanceSelf-Defense" (June 2, 2020) and Cooper Quintin’s “Quick and Dirty Guide for CellPhone Surveillance at Protests

Saturday, June 20, 2020

Mozilla Firefox warns of social media tracking even when logging on to hosting sites; SMS bank spam does exist

I got a warning from Mozilla Firefox today that it had protected me from tracking by a social media account when I logged on to a hosting account, on a different browser without a saved password where I wanted to prove to myself I had recorded it correctly in my own notes.

I’ve never seen this warning before.  The social media site was apparently Facebook (link).

I also got what looked like a spam SMS message today claiming that a debit card transaction had been rejected.  The bank website did not confirm that such an event had happened.  I’ve not seen this much on my phone as in email.

Thursday, June 18, 2020

Many chrome extensions were compromised this spring by hackers registering fake domains in Israel with no oversight

Hackers may have stolen personal information from over 32 million users (along with passwords or banking information) though fake Chrome extensions that linked to malicious websites supposedly registered in Israel.

This time, home computers may have been at more risk than corporate networks, who might have separate security.

Occasionally (maybe once a month or so), Trend Micro reports blocking a suspicious website, often when visiting a main news outlet.

Joseph Menn provided the story to Reuters.  

Awake Security has a more detailed report.    Here is a report on the Chrome extensions.  They probably didn’t include the most common ones.

Picture above: some typical Chrome extensions (not the ones that were compromised). 

Wednesday, June 10, 2020

Wordpress protects bloggers when you try to link "new tab" and the URL is malicious

I’ve notice that now Blogger offers automatic newtab in putting in links.  I don’t see that Wordpress does;  you have to code (after URL)  [target=”_blank”>  by yourself in text mode.

The Wordpress inserts [rel=”noopener”} right afterward.  The purpose is to protect visitors from the possibility of malicious javascript in the linked-to URL.

All rather interesting, as explained in WPBeginner.

Update:  I see that if you use the wheel to the right of the link space WP will ask you if you want new tab. I had not noticed this. 

Picture: Lafaytte Park, during protests, Washington DC (my picture). 

Tuesday, June 02, 2020

Lifehacker gives smartphone security advice for protesters

George Floyd Memorial at Chicago Avenue & 38th Street (49952803788)

David Murphy writes in “Lifehacker”, “The Phone Settings YouNeed to Know Before Protesting.”

Yet he gets scolded in the comments as having written a manual for criminal insurgents.

Interesting is the discussion of airplane mode.  It is not that easy to get out of very determined surveillance, even if you turn the phone off.

Wikipedia picture of George Floyd street memorial, click for CCSA attribution.