Posted on

Facebook Facing Scrutiny After User Accounts Hacked

 

OCTOBER 16, 2018 – MIKE WOOLSEY

Facebook Facing Scrutiny After User accounts Hacked

If you haven’t heard about the massive security breach within Facebook recently, then perhaps it may be time to read this article. Back on September 14th Facebook began to get attacked by a large-scale hacking operation that affected some 30 million users. Although, this attack was not detected until September 25th.

Hackers used upwards of 400,000 Facebook accounts to help gain sensitive information form users including their names, address, phone numbers, gender, email and more. Worse yet, they also were able to gain access to Facebook security tokens that are used by users to sign into the popular social networking site, without the use of passwords. In a recent statement, Facebook’s Guy Rosen said, “We are still looking at other ways the people behind these attacks may have used Facebook, and we haven’t ruled out the possibility of smaller scale, low-level access attempts,” Facebook vice president of product management, adding that the company had also notified the U.S. Federal Trade Commission and the Irish Data Protection Commission. In addition, Rosen followed up with a statement, “People’s privacy and security are incredibly important, and we are sorry this happened.” 

Facebook recently has been under fire for much of 2018 for security and SPAM related incidents that has led the social media giant to remove some 800 plus accounts, in hopes of getting a handle on their service. Too, Facebook has been investigated by the FBI in response to its service, while Facebook has been working to aid the FBI in this investigation. Meanwhile, Facebook stocks have recently plummeted, falling to a low of $151.30 per share, yet is beginning to climb back up slowly.

For more information on if you were affected by this attack Facebook has published a Security site that you can go to for additional information.

Posted on

Police Told Not To Look At iPhone Screens

OCTOBER 15, 2018 – MIKE WOOLSEY

There has been a recent rise in the need for law enforcement to gain access to Apple devices, particularly the iPhone. As of late, Apple has been approached by the courts to order access to these devices, but Apple promptly declined to do so, in order to protect its companies’ image as the #1 secured device on the market. Apple believes a person’s data or information stored on a device should remain private, and has since added new security features to devices to stomp out access.

iPhone has always been known for its security, with features like a passcode, two-step verification, three-step verification, fingerprint reader and most recently, facial recognition in addition to the other previously mentioned security features. With all these stronghold features, Elcomsoft has one more piece of advice for law enforcement…” Stop looking at the iPhone screen.” 

Law enforcement has been trying to find ways into an iPhone without court order, or just in general to aid in their investigations of owners of the devices. However, there is a lot more to it, by looking at the iPhone screen to try and gain access to the device, police are using one of 5 attempts overall to gain access to the device. By using up these attempts, what happens is, eventually this will generate a passcode lock on the device, locking the device down until the owner puts the passcode in. It’s kind of a game of cat and mouse.

As Motherboard reports, “that’s the advice being given to US law enforcement by forensics company Elcomsoft. Slides obtained and since verified as real by Elcomsoft explain how looking at the screen of an iPhone, for example, is ill-advised when the phone is handled. Motherboard also points out that a passcode can be considered as “Testimonial Evidence” and therefore is protected, but the same is not true of fingerprints or faces. At least, it isn’t yet. The law will eventually catch up with the technology and better protect the individual. However, a warrant can still compel a suspect to unlock a device.”

The game of cat and mouse continues, yet at what point does the law win overall? As mentioned above, a passcode can be considered “Testimonial Evidence” it’s harder to extract from a suspect. Too, as I have worked for Apple, the amount of people out there that have forgotten their passcode to unlock their device, once it has been passcode locked is kind of alarming. In this case when it comes to evidence, there is a process that takes place once a device has been passcode locked and the passcode has been forgotten. The process is verifying three security answers to account questions, in addition to having proof of purchase of the device. Once Apple has obtained the proof of purchase and the security questions are answered properly, only then does the SOP (Standard Operating Procedure) allow a device to be unlocked.

Maybe the advice is sound… “Stop looking at the iPhone screen!” I personally am for the security of the iPhone, too I can‘t help but get a chuckle when the question in court or by authorities comes up…

What is the passcode to your device?

I don’t recall…

Posted on

Facebook Admits Hackers Accessed Data of 29 Million Users – RT

OCTOBER 12, 2018 – RT.com

Facebook has admitted that hackers accessed the data of 29 million users on the social network by using people’s friends lists to steal access tokens.

The social network addressed the September attack on Friday, saying in a statement that it is cooperating with the FBI, which is “actively investigating.” Facebook added that the bureau has asked it not to discuss who may be behind the attack.

It explained that 50 million people’s access tokens are believed to have been affected, and that 30 million of those actually had their tokens stolen.

“First, the attackers already controlled a set of accounts, which were connected to Facebook friends. They used an automated technique to move from account to account so they could steal the access tokens of those friends, and for friends of those friends, and so on, totaling about 400,000 people,” Facebook wrote.

Posted on

Android Creator Is Building an AI Phone That Texts People For You

OCTOBER 12, 2018 – MIKE WOOLSEY

Alright Android lovers, here is a bit of interesting news! The creator of Android, Andy Rubin is putting most other projects on hold for the development of an Android phone that automatically texts people for you. The phone will try and mimic the user, responding to texts automatically. How is this any different from automatic responses sent by email when you just don’t want to reply because you’re on that “business trip”?

Well…The design of the new mobile device isn’t like a standard smartphone. It would have a small screen and requires users to interact mainly using voice commands, in connection with Essential’s artificial-intelligence software. The idea is for the product to book appointments or respond to emails and text messages on its own, according to the people familiar with the plans. Users would also be able to make phone calls from the planned device.

“If I can get to the point where your phone is a virtual version of you, you can be off enjoying your life, having that dinner, without touching your phone, and you can trust your phone to do things on your behalf,” Rubin said. “I think I can solve part of the addictive behavior.” Put that in your pipe and smoke it Apple! Regardless of how Rubin goes about trying to make a virtual version of the user, it still will remain addictive and most will still be attached to their devices. Yet for many, an AI type device could come in handy! But any user that has spent time with Siri, Alexa or Cortana will tell you there are limits to having a virtual assistant.

So, there you have it, it’s a bit different than the typical automatic email response that is sent when you’re playing hookie! Seems there is a vision and Rubin is working hard to not only compete with others, he’s trying to shape who we are as people and revolutionize the industry as a whole.

Posted on

Microsoft pulls Windows 10 October Update (version 1809) – What To Know Before You Update

OCTOBER 11, 2018 – MIKE WOOLSEY

Remember back in the 80’s when Guns N’ Roses said “Where do we go now”? This is the question plaguing many Windows 10 users, “Where do we go now”? Released on July 29, 2015, Windows 10 was the predecessor to its love child Windows 8.1, which was mostly a cross between the highly popular Windows 7 and what would later become Windows 10.

Since its release, Windows 10 had several updates which also had many hot fixes to the operating system. One of the most stable releases of Windows 10 was 1803, which many of us have already updated to, and had very minimal issues. Now it’s time for another feature update coded as Redstone 5 (Version 1809). Due out in October 2018, Windows finally released this new feature update on October 4th.

Some key points about Redstone 5 (Version 1809), you will need to have enough hard disk space before installing this update! One of the most common problems during an in-place upgrade to a new version of Windows 10 is not enough storage space available to complete the upgrade, which triggers at least three error messages, including 0x80070070 – 0x50011, 0x80070070 – 0x50012, or 0x80070070 – 0x60000. This also often results in the dreaded “Blue Screen” that is also referred to as “The Blue Screen of Death” and so nicely decorated with a smiley.

How to avoid these issues, it is best to always perform a backup of your operating system before you upgrade to any new release. A recovery plan is the most important step before an upgrade. You should always spend some extra time to create a full backup of your device with the installation, settings, apps, and files in case you need to go back to the previous version.

Since the release of (Version 1809), many users were immediately faced with a long 3 hour install / upgrade time. Yet, that was only half the battle! Some users had data loss once the update was installed, a bug Microsoft missed along the way. One user, Robert Ziko said, “I have just updated my windows using the October update (10, version 1809). It deleted all my files of 23 years in the amount of 220GB. This is unbelievable”. This, among many other complaints, led Microsoft to pull the 1809 update almost immediately after its release, on October 6th. Microsoft stated, “We have paused the rollout of the Windows 10 October 2018 Update (version 1809) for all users as we investigate isolated reports of users missing some files after updating”. However, clever Microsoft technicians and engineers were able to locate the bug and release a fix that would no longer plague further users from losing valuable data like Robert Ziko. For now, the 1809 update has been put on hold until further notice, yet Microsoft plans to roll out gradual updates in the wake of Redstone 5.

“Where do we go now”? Well Sweet Child O’ Mine, for the time being if you were wanting this major feature update to Windows 10, you will have to wait a little longer for it. In the meantime, those users affected by its recent release will be faced with either having to wipe their system if it doesn’t recover from a bad install or, they will be faced with trying to replace all the lost data during the upgrade. Either way, I for one will be staying with (Version 1803).


 

Posted on

The True Cost Of Cybercrime For Businesses

The True Cost Of Cybercrime For Businesses

POST WRITTEN BY

Nick Eubanks

Nick is a Partner at TrafficSafetyStore.com and the Founder of I’m From The Future.

It’s estimated that cybercrime will cost approximately $6 trillion per year on average through 2021. That’s a massive figure, one that is almost impossible for most people to imagine.

But more concerning than the number itself is what it means for modern businesses. Everywhere, companies are upping their cybersecurity budgets in an attempt to lower the catastrophic costs of a potential data breach.

The average cost of a breach tallies into the millions, but the dollars lost only account for the direct cost of a breach. That figure is quantifiable for businesses, but the true costs cut even deeper.

When investigating the collateral effects of a cyberattack, the outlook for businesses in the aftermath becomes bleak. Dollars and cents aside, some businesses never fully recover from a data breach, and there can be some potentially disastrous consequences.

Damaged Shareholder And Investor Perception

Even with a proactive security posture and preventative measures in place, a breach can still happen. Businesses in some industries are more vulnerable to attacks, and shareholders are usually aware of these risks. But once a breach occurs, a precipitous drop in a company’s perceived value may follow.

YOU MAY ALSO LIKE

Negative press can fuel the “sell now” groupthink, and once that train gets rolling, it’s hard to keep it on the rails. This is especially true for smaller companies that don’t have the corporate infrastructure or brand recognition to keep things afloat in the wake of an attack.

In 2017, one estimate places 85% of business assets in digital form, so it should come as no surprise that market perception is directly linked to how company security is managed.

Investors and shareholders want their money to be safe with a company they feel can be trusted, and trust is all about perception. Simple logic will tell you that bad press from a data breach equals public mistrust, at least in the short-term. If that short-term blow is large enough, it can weaken a company in the long-term.

Luckily, the damage is not always irreversible. LinkedIn, for example, lost 117 million user passwords, and still remains the most popular business networking site.

Yahoo, on the other hand, has been through three data breaches in recent years, where nearly two billion accounts were compromised in total. Those breaches may be behind why Verizon is now paying about $4 billion less to purchase the company than was offered just over a year ago.

The lesson here is that crisis management can be effective if you get the chance to do it. But unfortunately, a large percentage of businesses that suffer a major data breach never recover their value.

Loss Of Data

According to recently collected data on cybersecurity, over 159 million sensitive records were compromised in 2015 alone. The loss of this information racks up larger bills than just the initial data recovery and added security measures. A breach can lead to potential fines, penalties and litigation for a business.

In May 2017, Target paid out a $18.7 million settlement over a large-scale data breach that took place in 2013. The company said that the total cost of the breach was over $202 million.

The even bigger issue is that a large percentage of sensitive records taken are usually filled with customer data. When a company has a data breach, it undermines a customer’s trust in the company and their confidence in the company’s ability to keep their financial information out of the wrong hands.

It’s a big enough red flag when a company loses its own data, but customer data is a different ball game. Identity theft is a real concern for consumers, and customers may feel less inclined to shop with companies that could mishandle their information.

Read Full Article: