Wednesday, April 4, 2018
It took about 7 years to prove my opinion about the Facebook. Look into my old article about the cyber weapons.
In my article, I have noted:
"For instance, with over 350 million users (!) of Facebook, this social networking web site becomes a prime target for cyber-gangsters. I have no doubts that the FSB (former KGB) has a copy of all Facebook accounts coupled with scientific analysis software to filter down the most useful intelligence data on citizens of many countries, and especially, United States. Hey, it's almost free database with people who have no clue that their opinions, personal information, employment, personal preferences, and pictures are being thoroughly analyzed and stored in the mainframe computer. I would be surprised if China is not following the same plan, or, perhaps, Russians share their intelligence data with their partner? Thank you, Facebook!"
Will the latest news (and the stock market reaction to it) become the trigger for people to think about their Facebook accounts? Will they finally realize that the social networking = no privacy protection?
On April 3rd, 2018 Facebook has announced that the majority of its 2 billion users very likely have had their public profile information "scraped by outsiders without their explicit permission" not to mention previous announcement that information from the profiles of 87 million people may have been “improperly shared” by Cambridge Analytica, the company that is described as an “arsenal of weapons” in a culture war.
The CTO at Facebook, Mike Schroepfer, wrote that he wanted to update users on the recent changes the company made to protect their personal information, like strengthening the process for approving third-party applications with access to the site.
“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped,” he wrote.
This is the case when I hate to be right but I was. 7 years ago.
If people would share their pictures only (like family's or friends') it would be not so painful (not to mention that your name is identified with your picture and reveals your friends).
However, every "like" or "not-like" is being recorded, every post or reply to the post is being stored, and all of it, including the history and the links you have clicked -- is being added to your PROFILE. By the way, if any of your friends has certain political views, it would be linked to your profile. Did you know it? How many friends do you have that you have no clue about who they actually are? Or what the web sites they do browse?
Now, if you would work for any adversaries mentioned in my 2010 article, you would want to merge the Facebook info with Google info. It would be very useful. In that case, your life will be shown like the blood test from the medical lab after visiting your physician.
The profile can be potentially used by the government in a very unpredictable way, or by the adversaries in a predictable way (your profile would reveal your political and social views that could be potentially used to achieve the long-term goals against your company or even country).
If I did sound paranoid in 2010, perhaps now you may agree that I have the point, especially considering the Russians who have used social media to influence people for or against some political figures. #DeleteFacebook hash-tag is a good start.
The story about Facebook may finally trigger the process of hardening the privacy information like it was done within HIPAA regulations to protect the private health information.
Truly, I don't believe it will happen on the same scale when those who violate the privacy could be penalized with a sizable amount of money or even get prisoned. Perhaps, something will be done. Mark Zuckerberg is expected to appear before multiple congressional committees, and his company is under investigation by the Federal Trade Commission on suspicion of violating an agreement in 2011 to protect its users’ privacy.
It is time, right?
No matter what will be done, one thing that cannot be changed: scrapping the FSB database on Facebook users.
And, hey, don't exclude Google and Twitter and the fake news!
Friday, February 2, 2018
My life experience is a base for my statement. Yes, my friends, there are too many villains in this world - more than truly honest people.
I don’t have any hard proof and statistics. Just anecdotal evidence and experience. When you’ve been around as long as I have, you see a lot of things.
You can get in trouble because you trusted the wrong people.
That’s on the extreme end of course. But you might be surprised at how often people get cheated or misled – even in a minor way.
Thankfully, it doesn’t take much to arm yourself with the right tools. Most are just common sense.
Rule number one: Watch out for anything that sounds too cheap.
Here is my recent experience buying a new laptop. For years, I have been building my own PC from the part that I have been obtaining from computer shows. But when my "big daddy" - the PC in a case of a file server - began hikkin' up, I have decided that it is time to switch to a high-end laptop.
I have done some research, and have stopped on Samsung 15" laptop with the latest i7 processor from Intel.
The Best Buy and Amazon prices were similar: about $1,400 with taxes.
While I have been waiting for better price on Black Friday, I did searching other web sites. To my big surprise, I found better price on Discountsuperstore.com.
Would you be happy to see the $850 tag on the same laptop?
I honestly was excited at first, so I have filled out the required info about my login name, home delivery address, etc.
Proceeding to the shopping cart, I was ready to pay but something "from above" stopped me. I have decided to initiate a chat and verify if they still have that laptop in stock.
The guy have answered the chat and confirmed that I can order it. To tell you more, he promised another 10% discount if I pay through PayPal.
Wow, 10% discount? Something smelled not right...
So, I have asked why the price is so low? The rep answered: we have a special promotion from the manufacturer. Sounds familiar?
Since I was not sure if I have enough money on my PayPal account, I said, hold on, let me check my account.
I found that I could pay with PayPal considering even lower price with a promised discount.
I still remember my excitement while processing this information in a spite of clear warning.
So, using the chat, I have asked how to pay with a PayPal because the web site did not have the PayPal payment option. The rep has answered, just use the "send money to friends and relatives" that is not a subject to 3% PayPal fee.
Wow, the second warning!
At this moment, I have realized that there is something wrong with this picture...
I have decided to check that site with Whois tool.
I found that the site is legitimate but the owner hides his identity. The site was registered by the owner from Panama. The site's location was somewhere in Arizona.
I have continued my chat and asked where the company is located since I found Panama and Arizona? The guy has answered: that is correct about owner but they are operating from the New York City.
What is the address? It is shown on the site's main page.
Punching the address in the Google maps revealed that that address does not exist! Gotcha!
I send a chat message that I cannot find the address on the Google maps.
As you may guess, I did not receive any reply.
Needless to say, I did not proceed with a payment.
After all, I was able to buy the laptop in the Best Buy store for $100 discount before Cyber Monday.
The moral? Be vigilant, careful, and do not let be fooled by the villains.
This short story from my experience just proves my statement in the beginning of this article. I hope you can learn the lesson from somebody's mistakes.
Just be careful out there.
Friday, October 21, 2016
1. You don’t personally manage the cloud hosting and know nothing about how they are protected;
2. The world-wide hackers are very sophisticated on finding the holes in the security systems, and they have been successful in their attempts to break the security not only in the average-protected systems but also in the government and large corporations networks that have enough resources for protection;
3. When you use the local (at home) storage, perhaps if you are security-aware, you have protected home network and know what secures your PCs and storage;
4. Your home network is a very small target to distort money because the large companies will pay more and, therefore, are more desirable targets for hackers.
If you think that your stored in the cloud images or documents are not important and you don’t care if you lose them, think again.
The cloud storages and services serve thousands of people and companies, so you will become one of many victims who had to pay a ransom to the hackers because by compromising the cloud they can also gain an access to your home PC and cause you a major headache.
Recent news: Microsoft’s OneDrive for Business was recently exploited by cybercriminals. Although it’s unclear how the accounts were compromised, this new series of hacks allows cybercriminals access to sensitive business information. Cybersecurity experts advised businesses to take actions and secure their accounts.
Here are few suggestions:
1. Consider keeping your data and images locally instead of could-based. Yes, I know your arguments regarding free services and convenience to share the data. Still, it is a fact that cloud can be compromised.
2. Remember that the Facebook is also a cloud-based service. In addition, almost every smartphone application communicates thousand times per day with Amazon-based cloud storage (I have personally seen it on my smartphone when I have installed the software firewall on my Note IV).
3. Think about your home network as your asset and a part of your belonging (like furniture, electronics, clothe, and jewelry). Would you let anyone steel or damage it? You would probably install the home security sensors on every door and window.
4. Start with your home cable modem/router. Check with the vendor if the firmware of your router has the latest updates. Apply them as soon as possible.
5. Replace your passwords with passphrases.
6. Install software firewalls on each PC in addition to anti-malware software. Spend some time on reading the articles about the best protection software today. Replace your existing antimalware software if it is in the bottom of the list vs. competitors. I have recently replaced my Viper and even Avast (still not bad) with the licensed copy of Bitdefender (good for 3 computers).
7, Create regular user accounts on your PCs or laptops that have no administrator's privileges. Login with those new user names. Switch to Administrator's account only as needed.
You may want to spend time reading my article (March 2015) about protecting your home network and smartphone.
Now, read below the latest information (the most important statements from the article) about compromised cloud hosting services.
Homeland Security News Wire | October 19, 2016
A study of twenty major cloud hosting services has found that as many as 10 percent of the repositories hosted by them had been compromised — with several hundred of the “buckets” actively providing malware. Such bad content could be challenging to find, however, because it can be rapidly assembled from stored components that individually may not appear to be malicious.
In the cloud, malicious actors take advantage of how difficult it can be to scan so much storage. Operators of cloud hosting services may not have the resources to do the deep scans that may be necessary to find the Bars - and their monitoring of repositories may be limited by service-level agreements.
Overall, the researchers scanned more than 140,000 sites on twenty cloud hosting sites and found about 700 active repositories for malicious content. In total, about 10 percent of cloud repositories the team studied had been compromised in some way. The researchers notified the cloud hosting companies of their findings before publication of the study.
“It’s pervasive in the cloud,” said Beyah. “We found problems in every last one of the hosting services we studied. We believe this is a significant problem for the cloud hosting industry.”
In some cases, the bad actors simply opened an inexpensive account and began hosting their software. In other cases, the malicious content was hidden in the cloud-based domains of well-known brands. Intermingling the bad content with good content in the brand domains protected the malware from blacklisting of the domain.
Beyah and Liao saw a wide range of attacks in the cloud hosted repositories, ranging from phishing and common drive-by downloads to fake antivirus and computer update sites. “They can attack you directly from these buckets, or they can redirect you to other malicious buckets or a series of malicious buckets,” he said. “It can be difficult to see where the code is redirecting you.”
Tags: cloud hosting, hacking, compromised data, storage
Tuesday, March 17, 2015
from Malwarebytes.org. They complement each other’s capabilities very well without the danger of “fighting” when they run. Both companies offer free or paid versions. Paid versions offer more protection including identity protection, ability to run on your own schedule during night hours, and few extras. I usually recommend to have configured ZoneAlarm in auto scan mode and run the MalwareBytes manually once a week while updating the antivirus signatures before every scan.
The beauty of MalwareBytes licensed copy ($25.00) is the ability to run as a resident in a PC memory. When you hit the malicious web site, the software will block the site and popup the warning message. Just yesterday, I have mistyped the name of the bank in the address field and hit the Enter key. The browser went to the Chinese –owned, infected web site that was immediately blocked. Another great feature of this software is ability to work in the Windows’ Safe mode (used for Windows troubleshooting) and removing the malware that cannot be removed in the full mode.
In spite of being a "must have" on each computing device, the antivirus software takes plenty of resources when activated. This is a reason why I despise licensed McAfee, Symantec, and many free programs like AVG, Avira, and others not only because they are weak on filtering the malware comparing to leaders but also because they take plenty of computer resources and slow the PC down. I always uninstall pre-installed programs from Symantec and MacAfee and replace them with the mentioned above software.
- Applications' patches (updates)
The broadly available hacking software (that can be downloaded for free or purchased for few dollars) can scan your applications for known vulnerabilities, and then exploit them to hack your device. While you may have automatic updated of Windows operating system, the other programs on your PC or laptop are not being updated automatically. It is your job to verify and update religiously. For instance, the Adobe Flash Player is the main "open door" for hackers to your computer if you do not update it regularly.
Having 5-10 programs or 25-30 (as I have), the updates could become a cumbersome job. What you can do is to install the Secunia Personal Inspector (PSI). The program starts right when you power your computer and it scans your hard drive for all versions of the programs. If you have the outdated programs, the popup window will inform you. The final report provides the links to the upgrade sites. It is not the most reliable program as it has some glitches running on Windows 8.1 but it is the best one (and free) that I know.
- Separate browsing
It makes perfect sense to separate the sensitive information including PII from the web sites that are being hacked periodically, like Facebook, DropBox, e-mail sites, and any questionable sites that offer hot news, free pictures, free books or movies, etc.
If you are really sensitive to protecting your privacy, I would not recommend using IE and Google Chrome browser because they are proprietary companies that have their own interest, the companies that often bend under the government pressure and reveals the collected information to the government organizations. Instead, use Firefox – the Open Source software. Uninstall everything from Google.
It is essential to note that when you use the Internet browser you should never open suspicions emails (including unexpected e-mails from your contact list). The most common form of social engineering is through email - very effective method for cybercriminals - because, according to the Verizon report, "at least 8% of users will visit a link in a phishing email."
- Security add-ons
My own experience suggests that while it is a good plug-in to have, it slows down the browser. So, do not wonder why your Internet browsing is slightly slower than usual, it could be because of plug-in. If you did not install any plug-in but the browsing is slower, I would not also exclude that your browser is infected with Adware (advertising malware) or some other type of malware. Run the MalwareBytes to verify.
- Scheduled Backup is a king
You may use Windows built-in backup programs but better use one of the additional programs like the one that came with your external hard drive from Seagate or Western Digital. Put your regular backup on auto-schedule.
I have lost data due to my negligence few times due to a failed hard drive. Now, I have the automated and scheduled backup to the external hard drive that collects data from 3 different computing devices. You may also use the high capacity USB sticks instead of hard drives.
- Wireless network at home.
There are multiple hacking tools and mobile applications that designed to break through your password protection within minutes. You can download them for free or buy on the Internet. So, you can imagine what can be done to your mobile phone if you are using any public wireless network with NO password protection and no security.
What to do? Perhaps you can take three basic steps to limit the danger. The first thing is to use the strongest available wireless network security at your router or cable modem. Use the 802.11g security specification. There are WPA (older), WEP, and WPA2 technologies. WPA2 (Wireless Protected Access 2) is a security technology commonly used today on Wi-Fi wireless networks – the one you should activate.
The second step is to identify the home computing devices to be connected through the wireless network and find out their MAC addresses (the manufacturer's uniquely assigned address of a network interface) . If you are not very sure how to find it, you have to ask IT professional to assist you. Add the MAC addresses to the table of devices that allowed access to your network and deny all others. It will make the hacker’s life more difficult (but still will not entirely protect you).
The last step is to use the complicated password or phrase to login to your wireless network. Use special characters, lower and upper-case, and, of course, some numbers.
When the newer and more secure technology will be available, spend money on it -it really worth. Since we can’t predict the future, the best option is to be as secure as technology allows.
- How to protect the smartphone
- Never use the public wireless access points that offer no security. If you disregard this requirement alone, your phone can be hacked within few minutes. What if you must use the public Wi-Fi in special situations? Then, there is a way to encrypt your Internet traffic using VPN (Virtual Private Networking) that creates the secured channel for your communication through a special gateway. Use the free or very-low fee VPN clients for Android or iOS that can be downloaded from Google and Apple.
- Install one of the best possible anti-malware programs like Avast or Lookout for Android (I believe Avast is good for iPhones, too). Activate the identity protection, backup, application locking (like Facebook, Twitter, and any important programs), firewall, anti-theft, and antivirus.
- Do not install the games or programs that require special access privileges to your personal data, location, contact list, and more. Perhaps, if you must, keep the mentioned programs to the minimum. For instance, I have removed from my phone the WBAL program (news and weather) due to access to everything on my phone including my wireless data, contact list, phone calls, etc. Outrageous!
- Do not install questionable programs. Before installing, read the users’ comments. Disregard "sugary" comments as they could be posted by the designers. Look more on negative comments as they can reveal the truth.
- Do not use your phone without password protection (use the PIN with at least 6 characters or digits). The fingerprint-enabled login is helpful (if available) but is not 100% proof. Do not store any password in a clear text. There are good password manager programs available. Make password invisible (see your phone settings).
- Use the third-party browsers (perhaps for Android) like Dolphin that does not collect your personal information or tracks the web sites you accessed.
- Backup your data, pictures, and setup settings.
- Disable installation of the programs from unknown sources.
- If you must access the banks online, bring it to the minimum. Better use the home PC.
- Use the Bluetooth technology carefully. I usually disable it when I am out of my home or my car because anyone within 80-100 feet can hack your phone (when the Bluetooth is enabled) with the right tool.
- Finally, if you have a serious concern about security of your smartphone, buy the new Blackphone 2 that is all about privacy over all usual fanfare features (should be available by the end of a year). Encrypt external SD card (if any). Your phone should have a special setting for it. Setup SIM card lock.
If you store valuable data on SD card, and if it’s lost, without the decryption password the data will not be accessible. Also, encrypt your entire mobile phone (it will require the password every time you boot it). The new versions of the iOS and Android (5.1) allow locking your phone if a case it is lost or stolen. So, the perpetrator won’t be able to use it without knowing the password to unlock the phone.
8. What if you are not the computer professional?
First of all, know your enemy: try on the shoes of a hacker. What is easier of all to steal? Exactly! Something that is not secured or secured poorly. Did you leave your mobile phone in the car seat? Did your put your luggage or purse in the airport on the floor while looking out in the opposite direction? You are in a trouble.
The hacker tries to hack what is easier to hack with minimum of efforts. If you have no password protection it is an invitation to hack. If you are not security conscious and open unexpected emails or click on infected attachments, you are a good target for hacker. If you are browsing the web without basic antimalware protection, you are the next hacker’s victim.
Windows continues to be compromised more frequently than other platforms primarily because most of the world's computers run Windows. Criminals figured out long ago that the biggest targets offer the best return (which explains why hacking the companies is better and more rewarding objective).
Hackers intend to break what is the easiest, so if you take recommended precautions, your computer system will not be an easy target, and the hacker might consider looking for easier one and leaving your PC along.
Competently managed, a Windows system that's kept behind a firewall, has fully up-to-date virus protection, is run with non-administrative user accounts, and is operated by someone who doesn't click on weird e-mail attachments or installs obviously disreputable software, is the best approach that perhaps if not guarantees complete protection but eliminates large part of the threats from hackers. The same can be said about your Android, Windows, or iOS - powered mobile phones and tablets.
9. Useful resources
Beyond mentioned above programs and methods to protect your data and networks, I want to refer to a few more. They are especially useful to those who are IT professionals.
Once your home network was configured and protected, there is a good and free program to test your guards. It’s called Nessus Home.The program offers free security scanner that scans your network including all attached wired and mobile devices. The reports will reveal the configuration problems, missed patches, malware, etc.
Sometimes you need to download the file from the Internet from not very familiar site. How to ensure it is not infected BEFORE you run it? There is a very useful web site – free online service – to test the files against 50 antimalware programs at once. Virus Total is your friend! It can detect not only the malware in the file but also can scan your PC for any known malware.
Recently, I found one useful web site that works similarly to Nessus Home but it has one single purpose: to test your firewall from outside. Try ShieldsUp! It can be found under Services menu. Beyond the ShieldsUp, there are few other good programs to explore. Similar online program that checks the PC's open ports is HackerWatch probe.
I have already mentioned MalwareBytes as a program that covers what ZoneAlarm misses. One more similar program is HijackThis. The program can be installed along with others but you can run it manually or schedule through the Task Scheduler.
When you boot your PC and open the Task Manager, you'd be surprised how many processes are running on your PC. In fact, many of them are not essential to your daily activities and slow down your PC by consuming the memory and CPU cycles. The solution is to disable them or even to remove completely. Make sure you know what you are doing.
Microsoft offers the Autoruns tool (formerly Sysinternals). The tool contains many other useful utilities. It is a free program. Install this tool and disable “autorun on start” for the programs you found not being essentials (like background updaters, speed boosters, pre-loaders).
There are 3 more useful programs on my list that I did not try myself but want to recommend.
- Pandora Recovery – to recover deleted files by mistake
- CCleaner – to delete unneeded temporary files and pieces of old programs from your PC. I personally prefer spend time and delete the files myself, so I have better control over my PC.
- WDO – Microsoft Windows Defender Offline – your last resource. Download the program and keep it on your USB stick.
Here is the last thing I want to mention. If you want to improve your employability and appeal to the potential employers, the known IT certifications will not only enhance your knowledge but will improve your chances to be hired. Here are few resources I personally used: