February 14, 2018

posted on Wednesday, February 14, 2018 at 7:01 AM

Would you allow Facebook into your home?

By Maria Varmazis

If you believe some of the more speculative stories on the internet right now, this question won’t be hypothetical for long.

There are a number of stories circulating that later this year Facebook will announce the Portal, its camera-enabled premiere foray into the world of home smart devices, akin to Amazon Echo and Google Home.

Of course, this being a device from Facebook, it’s going to leverage its huge library of knowledge about all its users, and what those users look like. After all, Facebook has been using facial recognition technology to scan photos uploaded to its service for years to match those faces to its users.

The rumored Facebook Portal device would take advantage of Facebook’s massive database of knowledge about its users, their behavior, and their faces for everything from identity verification to detect moods for targeted advertisements, or to glean any trends about user emotional health over time.

The rumored Portal is still firmly in the realm of Silicon Valley whispers – though we’ll find out in May at the F8 Developer’s conference if it’s real or not – but it raises larger questions about welcoming smart devices into our home.

Read more at https://nakedsecurity.sophos.com/2018/02/13/would-you-allow-facebook-into-your-home/

Did the NSA really use Twitter to send coded messages to a Russian?

By John E Dunn

On June 20 last year, the official Twitter account for the US National Security Agency (NSA) issued the following innocent-looking tweet:

Samuel Morse patented the telegraph 177 years ago. Did you know you can still send telegrams? Faster than post & pay only if it’s delivered.

On August 17, the same theme was taken up again:

The 1st telegraph communications exchange occurred between Queen Victoria and President Buchanan in 1858.

At the time, only a handful of people responded to either message. The tweets might have rested in obscurity indefinitely had the New York Times and The Intercept not alleged last weekend that the messages had an extraordinary purpose unconnected to remarking on telegraphic history. Explains The Intercept:

Each tweet looked completely benign but was in fact a message to the Russians.

As part of a sequence of 12, the tweets are now claimed to be a coded back-channel used to communicate with a Russian who was negotiating to sell to the NSA a set of cyberweapons stolen from it in 2016 by a group calling itself The Shadow Brokers.

These tools were leaked to the world and used by cybercriminals to launch attacks, such as May 2017’s WannaCry ransomware attack (later blamed by the US on North Korea).

Assuming the latest account stands up, it suggests that as recently as a few months ago, the NSA was still keen to find out precisely how much was lost in the incident and was willing to pay for the privilege.

But, surely sending coded messages on a public system is a strange way to communicate something this sensitive?

Read more at https://nakedsecurity.sophos.com/2018/02/13/did-the-nsa-really-use-twitter-to-send-coded-messages-to-a-russian/

Facebook’s privacy settings are illegal, says court

By Lisa Vaas

Facebook tucks default privacy settings away where you have to go dig for them – not exactly what you’d consider a way to get informed consent, the Berlin Regional Court in Germany has decided. And what’s up with that real-name policy that doesn’t allow users to be anonymous?

Illegal, illegal, illegal: that’s what the court has decreed on those and five of Facebook’s terms of service.

According to a judgment (PDF; in German) handed down by the Berlin court in mid-January and publicly revealed on Monday, Facebook collects and uses personal data without providing enough information to users to constitute meaningful consent. The Guardian reports that the case against Facebook was brought by the federation of German consumer organizations (VZBV), which argued that Facebook force-opts users by default into features it shouldn’t.

The VZBV’s press release quotes the group’s legal officer, Heiko Dünkel:

Facebook hides data protection-unfriendly presets in its privacy center, without sufficiently informing [users] during registration. That’s not enough for informed consent.

According to Germany’s Federal Data Protection Act, companies can only collect and use personal data with the consent of those affected. How can users make informed consent if they don’t know what’s going on?

They can’t, the VZBV said:

In order for them to make informed choices, providers must provide clear and understandable information about the nature, extent and purpose of the use of the data.

The VZBV pointed out these shortcomings in Facebook’s privacy settings:

  • Location service for mobile phones is activated by default. This reveals locations of people who use chat.
  • Search engines get a link to the participants’ activity history by default, making it easy for anybody online to stumble across things like profiles and account photos.

In all, the VZBV complained about five of Facebook’s privacy presets. The Berlin judges agreed with the privacy group about all of them: the presets are “ineffective,” the VZBV said, and there’s no guarantee that a user would even take note of their existence.

Read more at https://nakedsecurity.sophos.com/2018/02/13/facebooks-privacy-settings-are-illegal-says-court/

Beware the ‘celebrities’ offering you free cryptocoins on Twitter

By Lisa Vaas

Consider @Eilon_Musk, @ElonMuski, @EloonMusk, @Elonn_Musk, @Alon_Musk, @DoonaldTrump65, and @justtinsun_tron: what a generous clutch of almost-celebrities!

All have been popping up on Twitter within the past few weeks, all of them bearing handles that are passingly close to those of legitimately famous people like Elon Musk, Donald Trump, Justin Sun, other tech CEOs, or other big names in cryptocurrency – and all of them claiming that they’re showering cryptocurrency onto the first comers.

All you have to do to receive it is first send some cryptocoin to an online wallet (please don’t!), and you’ll get double – triple! – quadruple! – decuple! – your money back (fat chance!).

Here’s one sample of these scammers’ come-ons:

https://sophosnews.files.wordpress.com/2018/02/justtinsun.jpg?w=640&h=214

The scammer in this case has ripped off a picture of Justin Sun, founder of the Tron Foundation. TRON is a blockchain-based open source global digital entertainment protocol. As this particular scam shows, not only are the scammers ripping off well known people’s photos and typosquatting their handles; they’re also plopping their scam come-ons down in the prime real estate of the comment section of their targeted celebrities’ posts.

Read more at https://nakedsecurity.sophos.com/2018/02/13/beware-the-celebrities-offering-you-free-cryptocoins-on-twitter/

Google-Nest merger reawakens privacy worries

By Lisa Vaas

Four years ago, Google paid $3.2 billion for Nest, a fancy smart-home thermostat and smoke alarm maker.

Privacy advocates found this a daunting marriage, but Google wound up running the business at arm’s length, over in its Alphabet division.

Nest co-founder and former CEO Tony Fadell told the BBC at the time of the acquisition that consumers could relax. Nest data wouldn’t be mixed with all the other information Google gathers:

When you work with Nest and use Nest products, that data does not go into the greater Google or any of [its] other business units. We have a certain set of terms and policies and things that are governed. So, just when you say we may be owned by Google, it doesn’t mean that the data is open to everyone inside the company or even any other business group – and vice versa. We have to be very clear on that.

Whew! What a relief, eh?

After all, on the one hand, we had Google, with its already vast knowledge of us. On the other hand, there was Nest, maker of Internet of Things (IoT) thermostats that learn, tracking customers’ daily usage to automatically set heating and cooling temperatures, and of smoke alarms that communicate via Wi-Fi with the company’s other devices or with your smartphone or tablet to send smoke or carbon monoxide alarms.

Put them together, and what do you get? Google’s hardware entrance into the IoT. Such a merger could have meant that Big Google Brother would be able to know even more intimate things about us than it already did at the time, such as whether we were home or not. Then, it easily could have connected that information with our mobile phone data to form ever-more-deep portraits of us for ever-more-targeted advertising or other profit-rich ventures.

Well, it turns out that Fadell’s “let’s be clear on that” promises on data privacy have gotten a bit muddy.

Read more at https://nakedsecurity.sophos.com/2018/02/12/google-nest-merger-reawakens-privacy-worries/

ACS

Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880
863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation