Thursday, December 17, 2015

I get a false tagging in someone's pornographic image on Facebook (for the first time)

There’s a first time for everything, and I guess that includes getting “tagged” on Facebook.

Today, after someone had been confirmed as a Friend, I got a bizarre email warning me that I had been tagged on a particular pornographic (adult, heterosexual) image.  Indeed, the image and post was in my timeline.  I wrote a comment “That’s not me, not even close.”  The item disappeared from my Timeline in about ten minutes, as well as from my Activity Log.

This was a case of tagging an image that was not one of me.  People are sometimes sensitive to the idea that real images can be tagged when they are photographed in certain places, like bars.

Here is Facebook’s Help Center entry that covers the issue.

Monday, December 14, 2015

Search engines can report possibility that a site is hacked

Lately Google search results have been reporting sites that may have been hacked or that might contain drive-by downloads.  Underneath the search result you see a little “This site may be hacked” or “This site may harm your computer.”

Google’s support page for webmasters whose sites show this message is quite detailed and demands a lot of technical expertise to follow (especially in shell scripting).  Webmasters using shared hosting would normally expect their hosting companies to assist with this.  There is a possibility that all the sites on a particular shared hosting server could be affected.

I saw this on a popular site yesterday (will not identify), and visited the site on a device I don’t use for critical purposes.  The site looked normal.  It was a blog, and it could have been that the somewhat unusual verbiage and site organization fooled the engine.  I don’t see the result with Bing on that site, only Google.

A few months ago, one  of my two Wordpress sites had an issue when a spam comment loaded on top of the web page.  I have Askimet but somehow the service missed this one.  The problem went away when I, as administrator, merely deleted and marked the comment as spam. The site did not get flagged by Google.
Sites that are not frequently updated might be more vulnerable.  The possibility of illegal content could be a legal risk for some webmasters.  But around the country, news media show scattered reports of sites hacked with radical religious propaganda.

In 2002 two flat files on an old Apache legacy site (one file discussing nuclear terror) were hacked.

Monday, December 07, 2015

Social media companies have to assess how identify violent or terror-promoting content

Social networking sites, especially Facebook, Twitter and Instagram, are coming under increased pressure to screen material for terror-inciting content, according a Wall Street Article Monday by Deepa Seergaraman, Alistair Barr and Yoree Koh.

Until recently, companies have allowed posts that depicted past terror acts on the theory that they are important news.  Now, the companies have to consider whether they were posted just for enticement. Computerized algorithms have a hard time doing this.
It's easier to identify child pornography, since there is a database with NCMEC of known images with digital footprints.  But no such system exists for terrorism.  Screening for these issues could extend eventually to private cloud storage.
The service most under pressure seems to be Twitter.  (Facebook removed a post by Tashfeen Malik quickly after the attacks.)  Twitter also has to deal with the way users interpret the dynamics of its service, as some people now consider certain reply behavior by unrequited followers as “stalking” or at least rude, while others don’t.  I discussed this on my main blog Friday (Dc. 4).

Thursday, December 03, 2015

US CERT issues advisory about "Dorkbot"

US Cert (United States Computer Emergency Readiness Team) has issued a major bulletin about the “Dorkbot”, a botnet that is used for several illegal purposes, including stealing online payment information and participating in DDOS (denial of service) attacks, link here . The alert is called “TA15-337A”.  It affects Windows systems.

CERT believes modern anti-virus companies are keeping up with this particular item.
One of the best defenses against payment fraud or bank attacks is regular inspection of all one’s financial accounts online.  It may be easier to have fewer of these so it is easier to check them frequently. Accounts should be checked every week during normal business hours (as some systems might have weekend maintenance, and it is possible to call immediately and get attention when catching a problem in a business day).
Private or small-business websites could be jeopardized by DDOS. But better hosting companies can detect attempts and blacklist or block access (even for public sites without logon) from specific IP addresses or ranges (by HTL-Access) automatically.  Some hosts (like FourSquare) send warnings to website owners, or may even post incidents on WHOIS.   Some website owners (hosting their own servers) might learn the server-side programming to do this themselves.